T 2277/11 () of 12.7.2016

Summary of Facts and Submissions

I. The appeal concerns the decision of the examining division refusing the European patent application No. 01201056 for lack of inventive step (Article 56 EPC 1973).

II. At the oral proceedings the appellant (applicant) requested that the decision under appeal be set aside, and a patent be granted on the basis of Claims 1-28 of the Main Request or on the basis of Claims 1-26 of the Auxiliary Request, both filed with letter dated 10 June 2016.

III. Reference is made to the following document:

D3: US 5,500,513 A.

IV. The wording of claim 1 of the main request and of claim 1 of the auxiliary request is as follows (board's labelling "(i)" and "(ii)"):

Main request:

"1. A method for implementing a limited-use credit card system, the method comprising:

allocating (202) a limited-use credit card number (126);

associating the limited-use credit card number (126) with a customer account number and a set of conditions;

issuing the limited-use credit card number (126);

detecting a transaction using the limited-use credit card number (126);

processing the transaction in accordance with the set of conditions associated with limited-use credit card number (126);

authorising (706) or denying (712) the transaction by comparing the transaction to the set of condi­tions associated with the limited-use credit card number (126);

characterised in that, processing the transaction further comprises:

(i) determining (718) whether a limited-use event has occurred; and

(ii) invalidating the limited-use credit card number (126) for all future transactions except refunds based on the limited-use event and/or the set of conditions associated with the limited use credit card number (126), which invalidation is additional to authorisation of the use which caused the use-triggered conditions subsequent."

Auxiliary request:

Claim 1 of the auxiliary request differs from claim 1 of the main request in that the asso­cia­tion step further comprises the following feature: "the limited use credit card number being associated with a master credit card number with identical formatting to the master credit card number".

V. With respect to inventive step the appellant argued essentially as follows:

The claimed method did not relate to a business method and the features of the claims were not inherently non-technical. The claimed method went beyond the application of limited-use credit cards and was applicable to numerous technologies. In particular, the claimed method could be applied to any device that required the use of a coded security step to gain access to the device. The invention related thus to a security method and method applicable over a large range of fields and devices and was as such technical in nature.

Moreover, standard credit card systems were configured to process transactions in an end-to-end fashion and to conform to the four party model. A transaction request was routed from the point of sale via the merchant's acquiring bank and the card scheme system to the cardholder's issuing bank, where a determination of available funds was made and an authorisation or decline message was passed back to the point of sale using the reverse routing of the message. The parallel processing of the authorisation request and the invalidation allowed for real-time invalidation of the limited-use credit card and provided the necessary security to the limited-use credit card. Furthermore, the validity of the limi­ted-use credit card could be checked at the card scheme system or even at the merchant's acquiring bank. It was therefore not necessary to have a transaction request routed to the cardholder's issuing bank. Hence, the communication traffic of the network infra­struc­tures and the response time to the transaction request was reduced. The claimed invention addressed thus more than an administrative problem. In this respect decision T 1901/08 provided clear guidance of the limited scope of what constituted an administrative element of a claim.

Regarding the claimed invention as merely an obvious implementation of a desired method constituted an ex-post-facto analysis and had no basis in fact.

Document D3 contained nothing extending beyond conventional authorisation request processing and there was nothing in D3 to teach or suggest the parallel processing of an authorisation request and the invalidation of a limited use credit card number.

Accordingly, claim 1 of the main request involved an inventive step over the prior art of a standard payment network and also over document D3. The same reasoning applied to claim 1 of the auxiliary request.

Reasons for the Decision

2. Main request - inventive step

2.1 Closest state of the art

In the decision under appeal the examining division started from a data processing system for processing credit card related data, which was considered well-known at the priority date of the application (see point 10.3 of the decision). In a communication pur­suant to Article 15(1) RPBA the board also raised the objection of lack of inventive step of the claimed subject-matter over document D3. The appellant argued inventive step in relation to both document D3 and a standard credit card system as the closest prior art.

The board considers that document D3 discloses subject-matter that is conceived for the same purpose as the invention, namely for pro­viding a method for implemen­ting a limited-use credit card system, and has many relevant technical features in common with it, as de­tailed below. Furthermore, it describes the implemen­tation of authorisation pro­cessing that is based on the use of the credit card, which is related to the objec­tive technical problem of the present invention, as indicated below.

Document D3 is therefore regarded as the closest state of the art.

2.2 Distinguishing features

2.2.1 Document D3 discloses (see column 5, line 34 - column 8, line 16; figures 7-10) computer systems for the auto­matic purchasing control, in particular using credit cards. A corporate card processor system 70 comprises a CPU 72 having data storage divided up into individual company accounts 74, 76, 78. The credit card number 54 of a company account is composed of a BIN number 56 and the account number 58 of the company account. The corporate card pro­cessor 70 is connected to a network, such as a VisaNet network 94, which in turn is connected to a merchant processing network 96. The latter is linked to indi­vidual point-of-sale devices 98, which are situated at individual merchant locations and are configured to receive a corporate card and to transmit encoded card information along with merchant identifying information to the VisaNet network 94. A credit card authorisation request for a corporate card received by the VisaNet network 94 is identified from the BIN number as relating to a corporate card, and the authorisation request is transmitted to corporate card processor 70 for authorisation. The corporate account number can be determined from the credit card number. The corresponding account record is examined to determine if there are any test routines to be performed for authorisation purposes and report generation. For example, a first test may be performed to determine if the account is blocked. If yes, a negative authorisa­tion response 114 is generated. Other tests could be a country test 124 limiting the cardholder to particular countries, a merchant test 126 limiting the cardholder to particular vendors, a single transaction value test 136 limiting the value of a single trans­action. If all tests are passed an approval message is generated.

2.2.2 Using the wording of claim 1 document D3 discloses a method for implementing a limited-use credit card system (since various tests have to be passed for authorisation), the method comprising:

allocating a limited-use credit card number;

associating the limited-use credit card number (corporate credit card number 54) with a customer account number (account number 58 of the company account) and a set of conditions (authorisation tests associated with the company account);

issuing the limited-use credit card number (to the cardholder of the company account);

detecting a transaction using the limited-use credit card number (at a point-of-sale device 98);

processing the transaction in accordance with the set of conditions associated with limited-use credit card number (performing the authorisation tests);

authorising or denying the transaction (generating an approval message or a negative authorisation response) by comparing the transaction to the set of condi­tions (authorisation tests) associated with the limited-use credit card number.

The subject-matter of claim 1 of the main request differs from the method of document D3 in comprising features (i) and (ii) (see point IV. above). This appraisal of document D3 is not contested by the appellant.

2.3 Objective technical problem

2.3.1 The appellant argued that the claimed method went beyond the application of limited-use credit cards and could be applied to any device that required the use of a coded security step to gain access to the device.

Moreover, standard credit card systems were configured to conform to the four party model. The parallel processing of the authorisation request and the invalidation allowed for real-time invalidation of the limited-use credit card and provided the necessary security to that credit card. Furthermore, the validity of the limi­ted-use credit card could be checked at the card scheme system, so that it was not necessary to have a transaction request routed to the cardholder's issuing bank. Hence, the communication traffic of the network infra­struc­tures and the response time to the transaction request was reduced. Reference was made in this respect to the decision T 1901/08.

2.3.2 The board considers that it is explicitly stated in claim 1 of the main request that the claimed method concerns a "method for implementing a limited-use credit card system" comprising in particular the asso­ciation of the credit card number with a customer account number, the processing of a credit card trans­action and the step of autho­rising or denying that transaction. Hence, there is no doubt that the claimed invention relates to a credit card method and not more generally to a method of gaining access to a device by means of a coded security step.

2.3.3 It is noted that claim 1 of the main request does not specify a step of checking of the validity of the limited-use credit card number subsequent to the claimed step of invalidating the limited-use credit card number for all future transactions except refunds. In partic­ular, there is no indication that such checking is performed at the card scheme system or at the mer­chant's acquiring bank rather than at the cardholder's issuing bank.

It is not even disclosed in the description and figures of the application that validity checking is carried out in the manner as alleged by the appellant. The passages cited in this respect (page 11, lines 17-22; page 20, lines 16-21) merely relate in the most general terms to data handling and routing performed in the present invention without any reference to checking the validity of the limited-use credit card after its invalidation.

In view of the above, the claimed invention cannot be considered as having the alleged advantages of the invention in relation to the communication traffic of the network infra­struc­tures and the response time. Hence, these advantages cannot be taken into consideration for the inventive step assessment.

2.3.4 In fact, the concern to be addressed by the present invention relates to preventing fraudulent use of the credit card by an unauthorised person. It emerges from the description of the application (see the last paragraph on page 7 and the paragraph bridging pages 12 and 13) that in order to prevent fraud the limited-use credit card is envisaged to be invalidated when the limited-use credit card is utilised only once, when the accrued charges are greater than a prescribed monetary amount, or when the frequency of use is above or below a given threshold. Moreover, the invalidation can be based on the geo­graphical region or the purpose of use or on some combination of these separate criteria.

The corresponding considerations do not concern any tech­nical aspects of the credit card system to be implemen­ted but relate to retail banking and law, in particular the prevention of offences in relation to credit cards. They involve an assessment of what kind of utilisations of the credit card could be a sign of fraudulent use. For example, a stolen credit card number might be used with an unusually high frequency for its maximum exploitation by the fraudster before the credit card number is blocked. Or else the stolen credit card number might be used in speci­fic geographical regions where the fraudster might escape detection or prosecution.

Allowing refund transactions even after the invalida­tion of the limited-use credit card number and arranging invalidation to be performed in addition to authorisation does not concern any technical issues, either, but follows from administrative considerations by the retail banker.

2.3.5 This is in contrast to the decision T 1901/08. In that case the invention related to a self-service terminal 10 comprising a card reader 28 associated with one or more sensors for detecting potentially fraudulent acti­vities and a com­ponent agent 34 for generating a war­ning signal in the event that such activities are detec­ted. The in­vention addressed a particular type of fraud, namely tampering with the card-reader. Hence, in contrast to the present case, the detection of the fraud scenario relied on technical considerations. In par­ticular, the recognition that card reader jamming, which was detected by a detector associated with the card reader 28, in combination with another condition signal of a com­ponent of the terminal 10 (such as a request for the dispense of a large sum of money) was indicative of a tamper attempt, relied on a technical understanding of the operation of the terminal and its respective com­ponents. According­ly, the board of T 1901/08 held that improving the tampering detec­tion was­ the objective technical prob­lem to be solved (see points 3.1.3 to 3.1.5 of the Reasons).

2.3.6 On the other hand, in the present invention technical aspects first come into play with the technical implemen­tation of the desired features of the credit card method. The objective technical problem is therefore to implement the limited-use credit card system in such a way as to allow invalidation of the limited-use credit card number for all future trans­actions except refunds based on criteria related to the use of the credit card number, which invalidation is additional to authorisation of the use of the credit card.

The skilled person, a software expert with particular knowledge of implementing credit card systems, receives knowledge of the specific invalidation concept and the use-related criteria as part of the task information given to him when asked to provide a solution to the stated objective technical problem.

Formulating the technical problem in this manner is not based on hindsight, but merely applies the principles of decision T 641/00, according to which, in case a claim refers to an aim to be achieved in a non-technical field, this aim may legitimately appear in the formulation of the problem as part of the framework of the technical problem that is to be solved, in particular as a constraint that has to be met.

2.4 Obviousness

Given the stated objective technical problem, the skilled person would modify the limited-use credit card method known from document D3 in such a way as to comprise features (i) and (ii). In particular, it follows immediately from the fact that use-related criteria are employed for the invalidation of the credit card number that the occurrence of a particular event related to the use of the credit card number must be determined (feature (i)). Moreover, the technical implementation as stated in feature (ii) relating to the invalidation of the credit card number follows immediately from the statement of the objective tech­nical problem. This is particularly the case since, in relation to an authorisation request, the implementa­tion of a response which is based on criteria related to the use of the credit card number, namely the frequency of its use, is already known from document D3 (see for example column 11, lines 37-63).

Therefore, the subject-matter of claim 1 of the main request does not involve an inventive step (Article 52(1) EPC and Article 56 EPC 1973).

3. Auxiliary request - inventive step

3.1 Claim 1 of the auxiliary request differs from claim 1 of the main request in that the asso­cia­tion step further comprises the following feature: "the limited use credit card number being associated with a master credit card number with identical formatting to the master credit card number".

3.2 As indicated under point 2.2.1 above, the various credit card numbers of the individual company accounts 74, 76, 78 disclosed in document D3 have the same structure and are associated with each other in that they belong to the same company and have common billing accounts. More­over, a particular account may be designated as a "VIP account", for which authorisations are given without further authorisation testing (see document D3, column 7, lines 48-53). The credit card numbers belonging to such an account is considered a "master credit card number". Therefore, the addi­tional feature of claim 1 of the auxiliary request mentioned under point 3.1 above has already been disclosed in document D3, as well.

Consequently, the subject-matter of claim 1 of the auxiliary request differs from the method of document D3 in comprising features (i) and (ii) and does not involve an inventive step for the reasons provided under points 2.3 and 2.4 above (Article 52(1) EPC and Article 56 EPC 1973).

4. Conclusion

Since neither the main request nor the auxiliary request is allowable the appeal has to be dismissed.

Order

For these reasons it is decided that:

The appeal is dismissed.