It is desirable to have mechanisms that ensure that a consumer who is using a portable consumer device such as a credit card is really the consumer who is associated with the credit card. Fraudulent activity can be very costly to merchants, issuers of portable consumer devices, and others.
A number of consumer authentication mechanisms are known. In one example of a conventional consumer authentication process, a consumer may purchase gas at a gas station using his credit card. Before the consumer is allowed to buy the gas and before the authorization request message is sent to the issuer of the portable consumer device, the gas pump may request that the consumer supply his zip code. This authentication request may be provided by the merchant as a way to ensure that the consumer is in fact the consumer associated with the credit card. The gas station wants to verify that the consumer is authentic, since the gas station may bear some of the risk for any fraudulent activity that results from purchases made at the gas station.
While such conventional authentication methods are effective, a number of improvements can be made. For example, conventional authentication requests are typically static. If someone has stolen a consumer's portable consumer device and knows the consumer's zip code, for example, that person could still conduct fraudulent transactions using the authentic portable consumer device. Moreover, merchants have limited information about the consumer, and the types of challenges that can be provided at the consumer are limited.
Better ways to authenticate consumers using portable consumer devices are desirable. Embodiments of the invention address the above problems, and other problems, individually and collectively.