The field of the invention relates generally to authenticating a user of a computing device, and more particularly, to a network-based system and method for authenticating a user of a first computing device using authentication information provided through a second computing device that is paired with the first computing device.
Merchants and retailers are often on the front lines of managing payment card fraud. At least some online businesses or merchants that offer sales online face a unique challenge because at least some purchases initiated with these merchants are referred to as “card-not-present” transactions. In other words, at least some purchases are made without a merchant being able to inspect a payment card being used in the purchase and without a merchant physically swiping the payment card. Today, most card-not-present fraud takes place on the Internet, although some criminals perpetrate the fraud through call center operations, the mail system, and the like.
In a card-not-present transaction, the merchant releases the items purchased with an understanding that the actual cardholder initiated the purchase and that the actual cardholder will make the necessary payment. In this case, because the cardholder is not present at the merchant when making the purchase, the items purchased are often delivered to an address selected by the cardholder at the time of the transaction. Due to the anonymity of a purchaser during such an online transaction, fraud may occur. That is, unauthorized users may purchase items online using a victim's account information. In some cases, a thief only needs the card number itself to make an online purchase. However, because the payment card information input by the thief is drawn to a valid account, a merchant is typically unaware of the fraud until after the fact.
In an attempt to increase security, online merchants may request additional information about the payment card (e.g., CSC, CVC, CVV codes) or additional information from the cardholder such as an address, phone number, email, answers to previously asked security questions, and the like. However, card information and personal information about a cardholder are also susceptible to being obtained by a thief. For example, criminals may infiltrate legitimate corporations and user their employment as a means for accessing customer and credit card information and subsequently use this information to commit fraud. This type of fraud, referred to as skimming, usually occurs when the credit card information is obtained by a dishonest employee or agent of a legitimate merchant. Skimming often takes place in restaurants and bars where the skimmer has possession of the victim's credit card outside of their view.
Phishing is another criminal activity whereby fraudsters attempt to acquire sensitive information, such as credit card numbers, addresses, social security numbers, drivers' license numbers, usernames, and passwords by appearing as a trustworthy organization in an electronic communication. Phishing is typically carried out by email or instant messaging, and often directs users to provide the sensitive information on a website monitored by the criminals, although phone contact may also be used.
Spyware or malware may also be used by criminals to obtain payment card information about a cardholder. Spyware is often attached to trusted data downloaded by a person, such as emails, files, and the like. Spyware covertly gathers cardholder information without the cardholder's knowledge. Typically, the software monitors a user's activity online while remaining in the background and transmits information about the user's activity to another device controlled by the thief. Any kind of data a user enters online including an email address, username, password, credit card number, and the like, may be gathered and used by a third party criminal.
Therefore, an authentication system is needed which is capable of verifying that a user of a computing device that is initiating a purchase with a payment card is the actual cardholder of the payment card, and is in possession of the payment card at the time of the purchase.