As technology evolves, a large majority of everyday customer affairs are conducted over different channels of communication and media. For example, many financial institutions offer online-banking services where the institution's customers can access their accounts, pay bills, and transfer money to other parties over the Internet. A similar example in a different channel of communication is telephone or mobile banking where customers make account inquiries and transactions, etc., over their phone or other handheld communications device. Another example that most people encounter is using “bank cards” (e.g., check cards, credit cards, ATM/debit cards, etc.) or other payment devices to purchase goods, withdraw money or access a personal bank account from an Automated Teller Machine (ATM), a Point-of-Sale (POS) terminal, or other electronic terminal/kiosk. As a result, in today's mobile world, companies are issuing login IDs and passwords so that customers can access goods and services at their own convenience.
As the number and types of different business channels increase, the threat of misrepresentation and identity theft increases as well. It is more difficult to authenticate and verify customers when many customer transactions are not in-store as before. Even in-store transactions are difficult to verify as bank cards may be misappropriated or misused.
For example, if a customer loses his or her account number, login ID, password, bank card, etc., or if any of these are misappropriated, then another person may be able to gain access to that customer's accounts for their own personal gain. This problem even presents itself when another party makes purchases directly at a store since a merchant does not always request additional identification or proof that the purchaser is actually the card holder.
In another example, in a conventional financial institution setting, if a customer's bank card is misappropriated, an individual only needs to misappropriate the customer's personal identification number (PIN) or password in order to access the customer's banking account over an ATM. In addition, the thief could log-on to the customer's banking account over a telephone network or the Internet through mobile banking or online banking and transfer funds to other accounts, send checks, etc. Also, the thief could easily use the bank card at retail POS devices to purchase goods and services.
Some credit card companies have attempted to combat this problem by presenting authentication questions or queries to the user such as “Out-of-Wallet” (OOW) questions in order to attempt to verify that the card holder is indeed the person listed on the card. OOW questions are generally questions where the answers to the questions are not typically listed on the debit or credit card, or carried in the cardholder's wallet. In the past, OOW questions have been static and semi-static, where the answers do not change often. An example of a static question is “What is your birthday?” The answer to this question will always remain the same. An example of a semi-static question is “What is your address?” The answer can change, but remains the same for typically a long period of time and is, therefore, often readily available to members of the public. Although asking these types of questions provides an added layer of security, it is still often not very effective because the answers may be easy to figure out, since the questions and the answers remain the same for long periods of time and/or may be readily available to others besides the cardholder.
Furthermore, many individuals engage in an attempt to gather information from a customer that the customer uses for authentication, such as account numbers, social security numbers, usernames, passwords, personal identification numbers, and other personal information that may be the subject of an OOW question or other authentication question, such as the customer's mother's maiden name, the customer's birthdate, customer's zip code, etc.
Further, OOW questions are currently expensive to implement. There are several third-party OOW question generation services that cost per question. For all these reasons, customers and merchants alike desire more effective and efficient systems and methods for customer authentication.