The subject invention relates to a system for approving authorization requests made by a merchant regarding the credit worthiness or solvency of a holder of a payment card. More particularly, a new system is disclosed in which the issuer of payment cards can monitor the quality of service provided to the payment card user when a request for authorization is transmitted from a merchant's point-of-sale terminal to the issuer for approval. The new system enables the issuer to monitor the network of computers that provides the transaction authorization system, to identify the weaknesses in the system that cause a lost, delayed, or erroneous response to a request for authorization of a transaction, and to correct those weaknesses.
In recent years, the use of payment cards to facilitate purchases without cash has been widespread. In a typical payment card system, a potential cardholder applies to an institution, often a bank, for a card. The institution, called the issuer, will provide a payment card to the potential cardholder if he/she meets certain financial requirements. The issuer then opens a file having account information on the cardholder. This file is continually updated and supplied with data concerning recent purchases and payments. As will be discussed below, the file kept on each cardholder is used to determine whether a particular transaction should be approved. The payment card can be used as a means for extending credit (credit card), or for debiting a deposit account funded by the cardholder (debit card).
The cardholder may purchase goods in any establishment which accepts the cardholder's particular card. Each establishment, which will be referred to as the merchant, is generally associated with an intermediate institution. The intermediate institution, which will be referred to as the merchant member bank, is responsible for enlisting various merchants to accept the particular credit card for purchases.
In use, the cardholder presents the card to the merchant for payment of either goods or services. The merchant forwards a draft of the transaction to the merchant member bank for payment, less a service charge. The merchant member bank in turn, presents the draft to the issuer bank for payment, less a service charge. The issuer bank then bills the cardholder for the transaction amount. Alternatively, the cardholder can maintain an account at the issuer bank, and can have a debit card arrangement whereby the account can be debited by the issuer either at the time of the transaction or when the merchant member bank supplies the draft for payment.
Typically, the presentation of the draft and the payment by the issuer is accomplished electronically through a linked computer network. A data control center is used to transfer funds electronically. The data control center is electronically connected to a plurality of issuers and also to a plurality of merchant member banks. Information passing between merchant member banks and issuers is routed through the data control center.
As can be appreciated, any funds transfer system must be protected in a variety of ways from credit and fraud losses. Thus, safeguards are typically provided to limit the use of lost or stolen payment cards. Further, the system usually includes methods for limiting the amount of purchases a cardholder is allowed to make in a given period of time. Even with protection, credit and fraud losses amount to hundreds of millions of dollars per year to the parties involved in the system.
Although some older loss prevention systems, such as the printed bulletin, in which the merchant checks the cardholder's account number against a printed list, and the voice authorization, in which the merchant calls the member merchant bank and asks for approval to charge the transaction amount to the cardholder's account, are still in use, more than 70% of payment card transactions in the United States originate from an electronic point-of-sale terminal. The merchant enters the payment card number, the transaction type and the transaction amount and other required data into the point-of-sale terminal. More commonly, the point-of-sale terminal reads the payment card number directly from the payment card. The point-of-sale terminal then electronically forwards a message requesting authorization to the merchant member bank.
If the merchant member bank is, in fact, the issuer of the particular bank card, the message requesting authorization can be handled internally. More particularly, the merchant member bank's computer checks its account file for the cardholder and decides to grant or deny authorization of the transaction. In most cases however, the issuer of the card is different from the merchant member bank. In this situation, the merchant member bank computer electronically routes the request for authorization to the data control center. The data control center then forwards the message to the issuer of the payment card. The remote issuer's computer checks its account file on the cardholder to determine if the card has been reported lost or stolen, or if the customer has exceeded his/her credit limits, or has depleted the funds in his/her deposit account. The issuer then transmits a return message, either granting or denying authorization of the transaction, back to the merchant through the data control center and the merchant's merchant member bank.
The network just described is an over simplification: present commercial networks typically include additional computers, such as a computer in the store, a computer in the store's data processing center, and various switching and distribution computers between the store and the member merchant bank's computer, between the member merchant bank's computer and the data control center, and between the data control center and the issuer's computer. The various computers are often separated by thousands of miles and are interconnected by dial-up or dedicated communication links.
Card issuers desire to approve as many payment transactions as possible, given the amount of available credit, and to provide approval of a transaction within a few seconds. The card holder also wants to have the transaction approved quickly. Yet, the long and complicated paths through which the message requesting authorization flows offer many opportunities for error, loss, and delay. For instance, it takes several seconds to establish a dial-up communication link, and there may be insufficient dial-up or dedicated circuits to handle the load at peak hours, which adds additional delays. Each computer through which the message passes adds several seconds processing time, and the processing time increases at peak times as the computers reach their capacity limits. The computers in the network are subject to hardware failures, and are subject to software errors.
The transaction authorization network is set up to prevent the merchant and cardholder from waiting for approval for more than a specified time by providing some of the computers in the network with a time-out facility. If such a computer transmits a message requesting authorization towards the issuer's computer and does not receive a message in response within a certain time, the computer generates its own response that it transmits back towards the point-of-sale terminal. Such a response is less satisfactory than a response generated by the issuer's computer: the response may falsely deny authorization of the transaction, which is unsatisfactory to the merchant and the cardholder, or it may falsely grant authorization of the transaction, which is unsatisfactory because it increases the risk to the merchant and to the issuer. Alternatively, it may ask the merchant to telephone the merchant member bank, which further delays authorization of the transaction. The merchant can also impose its own time-out by cancelling the request for authorization and trying again. This adds to the load on the transaction authorization network.
The ability of the transaction authorization network to provide timely and accurate responses can be improved by adding necessary capacity to the network, or by, for instance, changing from a dial-up communications link to a dedicated link, but such improvements are expensive and should be added only where they are necessary. The invention is concerned with providing a system for monitoring the quality of service provided by the transaction authorization network from the point of view of the point of sale, i.e., the cardholder and the merchant, to determine where in the network the messages requesting authorization become delayed, lost or erroneous.
The part of the transaction authorization network between the data control center and the issuers' computers is already fitted with a quality monitoring system. Each request for approval message includes the number of the payment card. The computer in the data control center logs the payment card number and the time at which data control center computer transmits the message requesting authorization to the issuer's computer. The data control center computer monitors the return messages coming in from the issuers, identifies the payment card number, and logs the time at which the message pertaining to that payment card was received from its issuer. The log of transmit and receive times stored in the data control center can be later analyzed to determine which issuers are tardy in responding to the data control center. The data control center computer also monitors the log so that it can provide a response to the point-of-sale terminal if the issuer does not respond within a specified time.
The present monitoring system only monitors part of the network and so cannot give an accurate picture of how well the transaction authorization network works from the point of view of the point of sale. Moreover, the present monitoring system cannot account for messages that originate at the point of sale but, due to a network defect, never reach the data control center. At present, the issuers' only view of the network from the point of sale is obtained indirectly through the complaints of cardholders. This is unsatisfactory in several respects. Cardholder complaints allow problems to go undetected. A problem may affect the transactions of several issuers, but since each issuer has no knowledge of another issuer's problems, the issuer may dismiss the complaints as unrelated events, and not worthy of corrective action. Cardholder complaints provide no consistent basis for diagnosing problems. The cardholder who receives an incorrect denial of authorization is much more likely to complain than the cardholder who receives an incorrect grant of authorization, or whose grant of authorization is merely delayed. Cardholder complaints provide no way of quantifying the performance of the transaction authorization network from the point of sale. Issuers may desire that 99% of all transactions be completed at the point of sale within 25 seconds with a 99.9% accuracy, but there is no way of determining whether this goal is being met. Without knowledge of how well the network is performing, the need for improvements is hard to determine.