Electronic transactions are those that are approved or denied based on the exchange of electronic information. However, such information can be fraudulently obtained, duplicated and used to the benefit of the fraudster. For example, purchases made over the Internet can often be completed successfully simply by providing the number of a valid credit card account and corresponding account information (such as a billing address of the legitimate account holder). If the purchase involves goods that can be shipped and collected before the legitimate account holder realizes what has transpired, then fraud will have taken place. Similarly, on-site purchases can be made using debit or credit cards that have been cloned from their originals. In the case of cards requiring a Personal Identification Number (PIN), such information is also sometimes not difficult to obtain. Thus, fraudsters have ample opportunity to purchase goods or withdraw cash before fraud will be noticed and declared by the legitimate account holder.
Aside from user inconvenience, one of the main commercial issues with fraud committed in these and other circumstances is the cost to the transaction guarantor, who typically has a policy of reimbursing the legitimate account holder for the financial loss that occurred between the first fraudulent transaction and the time when fraud was reported. This can amount to millions, if not billions, of dollars annually in reimbursements by financial institutions throughout the world. Also, certain merchants who have the misfortune of being the vehicle of fraudulent activity may be blacklisted by various financial institutions and may therefore lose out on many important future transactions.
One commonality in the above scenarios that facilitates the act of fraud is the lack of transaction validation. That is to say, very little can be done by a financial institution to ensure that the account information presented by a prospective purchaser is authentic and has been issued to him or her. Aside from verifying whether a card associated with the account information has been reported lost or stolen and checking transaction limits and patterns, the financial institution is at the mercy of the merchant to perform additional inspection of names, signatures, holograms and the like. However, these measures tend to be inconsistently applied by various merchants, if they are applied at all. In an Internet commerce context, an electronic merchant may request a comparison between the geographic location of the would-be purchaser and certain authorized locations associated with the account information. However, such measures have little effect when the account holder has authorized nomadic transactions, i.e., transactions that have the potential to be made from multiple candidate locations. As such, it may be impossible to tell if a purchase being attempted from, e.g., a mobile hotspot, is being made by the legitimate account holder or a fraudster.
Against this background, there is a need in the industry for an improved transaction validation paradigm.