Office Action Predictor
Last updated: April 16, 2026
Application No. 18/425,203

System and Method for Processing Card Not Present Transactions

Final Rejection §103
Filed
Jan 29, 2024
Examiner
QAYYUM, ZESHAN
Art Unit
3697
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Visa International Service Association
OA Round
4 (Final)
40%
Grant Probability
Moderate
5-6
OA Rounds
5y 2m
To Grant
66%
With Interview

Examiner Intelligence

Grants 40% of resolved cases
40%
Career Allow Rate
172 granted / 429 resolved
-11.9% vs TC avg
Strong +26% interview lift
Without
With
+26.3%
Interview Lift
resolved cases with interview
Typical timeline
5y 2m
Avg Prosecution
30 currently pending
Career history
459
Total Applications
across all art units

Statute-Specific Performance

§101
25.8%
-14.2% vs TC avg
§103
32.8%
-7.2% vs TC avg
§102
8.9%
-31.1% vs TC avg
§112
29.3%
-10.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 429 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed on 11/24/2025 have been fully considered but they are not persuasive. With respect to U.S.C. 103 rejection, Applicant is of the opinion that prior art fails to teach specific type of browser data comprising: a browser accept header, data indicating whether the browser is Java-enabled, browser language, browser color depth, browser screen depth, browser screen height, browser screen width, browser time zone, browser user agent, or any combination thereof and the specific type of browser data is not nonfunctional descriptive material. Further, prior art fails to teach “generating by the authentication system, an authentication score based on the browser data by comparing browser data to authentication transaction data associated with the user stored in an authentication transaction database. Additionally, it would not have been obvious because in Smith an authentication of the transaction is performed, but it is performed by communicating with a mobile phone of the user to confirm that the transaction is not fraudulent. The authentication by any other means would have been duplicative unnecessary, and not obvious. However, Examiner respectfully disagrees. Liu discloses: browser data (See paragraph 0034 i.e. IP address, browser data). Smith in view Liu and in further view of Hammad does not explicitly disclose specific type of browser data such as a browser accept header, data indicating whether the browser is Java-enabled, browser language, browser color depth, browser screen depth, browser screen height, browser screen width, browser time zone, browser user agent, or any combination thereof. However, the difference is type of data contain in browser data is only found in the nonfunctional descriptive material and are not functionally involved in the steps/functions recited. The receiving, collecting, generating, transmitting, matching, and generating steps/functions would be performed the same regardless of the descriptive material since none of the steps explicitly interact therewith. Limitations that are not functionally interrelated with the useful acts, structure, or properties of the claimed invention carry little or no patentable weight. Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Ngai, 70 USPQ2d 1862 (CAFC 2004); In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would also have been obvious to one of ordinary skill in the art at the time of applicant’s invention was filed to collect any type of data related to browser data and generate authentication score because data contain in the browser data does not functionally relate to the steps/functions in the method/system claimed and because the subjective interpretation of data does not patentably distinguish the claimed invention. Liu discloses: generating by the authentication system, an authentication score based on the browser data by comparing browser data to authentication transaction data associated with the user stored in an authentication transaction database (See paragraph 0081-0085). In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case, Smith discloses user providing his credential i.e., phone number to the merchant website (i.e., merchant server 113) and merchant website forward user credential to the authentication system (i.e., interchange 101) (See paragraphs 0050-0052). Hammad reference discloses user ready to provide his credential (i.e. credit card information) to the merchant website. In order to provide security to user credential not being shared with merchant, authentication system controls the communication frame so credential goes directly to authentication system (See paragraph 0042). The Smith and Hammad references are analogues references. Therefore, it would have been obvious to one of the ordinary skills in the art at the time invention was made to modify the Smith reference by adding technique disclosed by the Hammad reference in order to secure user credential to avoid sharing with the merchant. Claim Objections Claims 21-22 are objected to under 37 CFR 1.75 as being a substantial duplicate of claims 1 and 11 respectively. When two claims in an application are duplicates or else are so close in content that they both cover the same thing, despite a slight difference in wording, it is proper after allowing one claim to object to the other as being a substantial duplicate of the allowed claim. See MPEP § 608.01(m). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-3, 10-13 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over SMITH (US 20110022484) in view of Liu (US 20140344155) in further view of Hammad (US 20120018506). With respect to claims 1, 11 and 21-22 SMITH discloses: receiving, by an authentication system, a transaction request associated with a CNP transaction between a user and a merchant initiated with a computing device of the user during a browser session on the computing device, the CNP transaction initiated by the computing device communicating with a merchant system of the merchant through a website of the merchant; (See paragraph 0050, 0104-0105 and 0188-0193) receiving, by the authentication system from the computing device during the browser session, a first request comprising an authentication transaction request including authentication transaction data (See paragraph 0050, 0104-0105 and 0188-0193); matching, a portion of the authorization transaction data to the authentication transaction data; (See paragraph 0050, 0104-0105 and 0188-0193). SMITH does not explicitly disclose: receiving control by the authentication system of the browser session from the merchant system; during the browser session, collecting, by the authentication system and from the computing device, browser data representing a feature of the browser session being executed on the computing device, the browser data comprising at least one of the following: a browser accept header, data indicating whether the browser is Java-enabled, browser language, browser color depth, browser screen depth, browser screen height, browser screen width, browser time zone, browser user agent, or any combination thereof; generating, by the authentication system, an authentication score based on the browser data by comparing the browser data to authentication transaction data associated with the user stored in an authentication transaction database; transmitting, by the authentication system to an authorization system, at least a portion of the browser data and the authentication score to cause the authorization system to: match at least a portion of authorization transaction data received in an authorization transaction request from the merchant system with at least a portion of the browser data; generate an authorization decision for the CNP transaction based at least partially on both the authorization transaction data and the authentication score; and in response to the authorization transaction request, generate and transmit an authorization transaction response comprising at least one data field containing the authorization decision. Liu discloses: during the browser session, collecting, by the authentication system and from the computing device, browser data representing a feature of the browser session being executed on the computing device (See paragraph 0006, 0008, 0034 and 0101); generating, by the authentication system, an authentication score based on the browser data by comparing the browser data to authentication transaction data associated with the user stored in an authentication transaction database; transmitting, by the authentication system to an authorization system, at least a portion of the browser data and the authentication score (See paragraphs 0006, 0067, 0081-0085 and 0101); match at least a portion of authorization transaction data received in an authorization transaction request from the merchant system with at least a portion of the browser data; generate an authorization decision for the CNP transaction based at least partially on both the authorization transaction data and the authentication score; and in response to the authorization transaction request, generate and transmit an authorization transaction response comprising at least one data field containing the authorization decision (See paragraphs 0105-0106). Therefore, it would have been obvious to one of the ordinary skills in the art at the time invention was filed to modify the SMITH reference with Liu reference in order to provide more secure transaction processing (See Liu paragraph 0003). SMITH in view of Liu does not explicitly disclose: receiving control by the authentication system of the browser session from the merchant system. Hammad discloses: receiving control by the authentication system of the browser session from the merchant system. (See paragraph 0042). Therefore, it would have been obvious to one of the ordinary skills in the art at the time invention was filed to modify the combination of SMITH and Liu references with Hammad reference in order to provide extra credential security to a transaction by utilizing 3-D secure protocol. Liu discloses: browser data (See paragraph 0034 i.e. IP address browser data) Smith in view Liu and in further view of Hammad does not explicitly disclose where the browser data comprising at least one of the following: a browser accept header, data indicating whether the browser is Java-enabled, browser language, browser color depth, browser screen depth, browser screen height, browser screen width, browser time zone, browser user agent, or any combination thereof. However, the difference is data contain in browser data is only found in the nonfunctional descriptive material and are not functionally involved in the steps/functions recited. The receiving, collecting, generating, transmitting, matching, and generating steps/functions would be performed the same regardless of the descriptive material since none of the steps explicitly interact therewith. Limitations that are not functionally interrelated with the useful acts, structure, or properties of the claimed invention carry little or no patentable weight. Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Ngai, 70 USPQ2d 1862 (CAFC 2004); In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would also have been obvious to one of ordinary skill in the art at the time of applicant’s invention was filed to collect any type of data related to browser data and generate authentication score because data contain in the browser data does not functionally relate to the steps/functions in the method/system claimed and because the subjective interpretation of data does not patentably distinguish the claimed invention. With respect to “to cause the authorization system to: match at least a portion of authorization transaction data received in an authorization transaction request from the merchant system with at least a portion of the browser data; generate an authorization decision for the CNP transaction based at least partially on both the authorization transaction data and the authentication score; and in response to the authorization transaction request, generate and transmit an authorization transaction response comprising at least one data field containing the authorization decision” this limitation considered outside of the scope of the claim because Claims 1 and 11 directed to method performed by the authentication system and a system comprising an authentication system. Therefore, while authorizing system is not part of the claims, therefore, functions performed by the authorizing system are outside the scope of claim and does not have any patentable weight. Further, with respect to “to cause the authorization system to: match at least a portion of authorization transaction data received in an authorization transaction request from the merchant system with at least a portion of the browser data; generate an authorization decision for the CNP transaction based at least partially on both the authorization transaction data and the authentication score; and in response to the authorization transaction request, generate and transmit an authorization transaction response comprising at least one data field containing the authorization decision” recite the intended result of positively recited step/function of transmitting. It has been held “clause in claim is not given weight when it simply expresses the intended result of a process step positively recited.’" Id. (quoting Minton v. Nat’l Ass’n of Securities Dealers, Inc., 336 F.3d 1373, 1381, 67 USPQ2d 1614, 1620 (Fed. Cir. 2003)), MPEP 21114.04 I. Additionally, Dillon (US20120137210) discloses: browser data comprising at least one of the following: a browser accept header, data indicating whether the browser is Java-enabled, browser language, browser color depth, browser screen depth, browser screen height, browser screen width, browser time zone, browser user agent, or any combination thereof (See paragraph 0165). With respect to claims 2 and 12 SMITH in view of Liu and in further view of Hammad discloses all the limitations as described above. Liu further discloses: wherein the authentication system components of an issuer system that issued a portable financial device to the user (See Fig 1 and paragraph 0028 and 0044). With respect to “authorization system” it does not have any patentable weight because authorization system outside the scope of the claim. In addition, with respect to claim 1, description of structure component does not have any patentable weight, in order to be entitled to weight in method claims, a structural limitation therein must affect the method in a manipulative sense and not to an amount to the mere claiming of a use of a particular structure (Ex parte Pfeiffer, 135 USPQ 31 (BdPatApp&Int 1961)). With respect to claims 3 and 13 SMITH in view of Liu and in further view of Hammad discloses all the limitations as described above. Hammad further discloses: wherein the authentication system receiving control of the browser session from the merchant system is initiated by a merchant plug-in installed on the merchant system. (See paragraph 0042). Therefore, it would have been obvious to one of the ordinary skills in the art at the time invention was filed to modify the combination of SMITH and Liu references with Hammad reference in order to provide extra security to a transaction by utilizing 3-D secure protocol. With respect to claims 10 and 20 SMITH in view of Liu and in further view of Hammad discloses all the limitations as described above. Liu further discloses: wherein the authorization transaction data comprises at least one data field specified by ISO 8583 (See paragraph 00337). Therefore, it would have been obvious to one of the ordinary skills in the art at the time invention was filed to modify the SMITH reference with Liu reference in order to provide more secure transaction processing (See Liu paragraph 0003). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZESHAN QAYYUM whose telephone number is (571)270-3323. The examiner can normally be reached Monday-Friday 9:00AM-6:00PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached at (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ZESHAN QAYYUM/Primary Examiner, Art Unit 3697
Read full office action

Prosecution Timeline

Jan 29, 2024
Application Filed
Sep 25, 2024
Non-Final Rejection — §103
Nov 18, 2024
Interview Requested
Nov 20, 2024
Examiner Interview Summary
Nov 20, 2024
Applicant Interview (Telephonic)
Dec 19, 2024
Response Filed
Mar 28, 2025
Final Rejection — §103
May 15, 2025
Interview Requested
May 27, 2025
Applicant Interview (Telephonic)
May 27, 2025
Examiner Interview Summary
Jun 09, 2025
Response after Non-Final Action
Jun 24, 2025
Request for Continued Examination
Jul 01, 2025
Response after Non-Final Action
Aug 23, 2025
Non-Final Rejection — §103
Oct 09, 2025
Interview Requested
Oct 15, 2025
Applicant Interview (Telephonic)
Oct 15, 2025
Examiner Interview Summary
Nov 24, 2025
Response Filed
Feb 05, 2026
Final Rejection — §103
Mar 06, 2026
Interview Requested
Mar 17, 2026
Applicant Interview (Telephonic)
Mar 17, 2026
Examiner Interview Summary
Apr 09, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12561672
COMPUTING SYSTEM IMPLEMENTING AUTOMATED TRANSACTION EXECUTION BASED ON MESSAGING TRIGGERS
2y 5m to grant Granted Feb 24, 2026
Patent 12555108
ANALYTICS RULES ENGINE FOR CREDIT TRANSACTION STACKING IDENTIFICATION
2y 5m to grant Granted Feb 17, 2026
Patent 12548023
METHODS AND SYSTEMS FOR BLOCKING MULTI-RAIL CONTACTLESS FRAUD
2y 5m to grant Granted Feb 10, 2026
Patent 12542939
SYSTEMS AND METHODS FOR GENERATING NON-FUNGIBLE TOKENS CORRESPONDING TO RECORDINGS OF LIVE EVENTS
2y 5m to grant Granted Feb 03, 2026
Patent 12536602
Systems methods and user interface for navigating media playback using scrollable text
2y 5m to grant Granted Jan 27, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
40%
Grant Probability
66%
With Interview (+26.3%)
5y 2m
Median Time to Grant
High
PTA Risk
Based on 429 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month