1. Field of the Invention
The present invention relates generally to schemes for authorizing remote access to secure information through computer network communications. More specifically, the invention relates to a method and system for providing customer notification and authorization of remote requests for access to customer account information.
2. Description of the Related Art
As online banking and electronic financial transactions become more common, the risk of fraudulent transactions rises, and the incidence of external fraud, i.e. fraudulent transactions committed by persons outside the financial institution, becomes more prevalent. The most recent FBI reports on this subject indicate that during the late 1980s and early 1990s, approximately 60 percent of the fraud reported by financial institutions related to bank insider abuse. Since then, external fraud schemes have replaced bank insider abuse as the dominant source of financial institution fraud.
Various security measures for mitigating fraudulent transactions have been implemented to ensure that an authentic user communicates with an authentic financial site. The most effective of these are proactive measures that are implemented at the point of access. Common point-of-access security measures include requirements for verifying user authenticity, such as user entry of a PIN number, user ID, or password, and requirements for verifying site authenticity, such as user recognition of a predetermined image or phrase displayed on the site in response to a user entry. While these measures have been effective, unscrupulous persons continue to develop more creative ways to perpetrate online fraud. A consistent weakness in all of these security measures is that they are only effective so long as a user takes care to maintain her passwords confidential. What is needed is a security scheme that is better insulated from user carelessness.
However, some conventional security measures may be too restrictive. For example, a conventional security measure may indicate that there is fraudulent activity when in fact the user herself is the one requesting access to the customer account information. Such false positives may be extremely inconvenient for the user as the conventional security measure may prevent all access to the user's customer account information, unless the user performs some action such as calling in and speaking to a live attendant or visiting a branch in person. This may be detrimental to the user if she needs to access the customer account information quickly or from afar.
Thus, there is a need for an improved method and system for authorizing remote access to customer account information.