1. Field of the Invention
The present invention relates generally to credit card verification processes, and specifically to an improved automated system and process for detecting and preventing the fraudulent use of credit cards by unauthorized users.
2. Description of Related Art
Credit cards have conventionally been used for financial transactions for reasons of public convenience and economy. Typically, a purchaser merely needs to present the credit card to a vendor to complete a transaction, where all information necessary to complete the financial transaction is contained on the credit card. Credit cards inherently possess a certain degree of risk for fraudulent use, since the credit card information necessary for the financial transaction appears on the face of the credit card. Thus, if a credit card is lost or stolen, an unauthorized user of the credit card may complete financial transactions by merely presenting the credit card number to a vendor. In order to prevent unauthorized use of a credit card, vendors have conventionally asked for picture identification or compared the purchaser""s signature with a signature on the card to ensure the purchaser is an authorized user of the card. However, such authorization techniques can only be performed when the purchaser is in the presence of the vendor. Recently, there has been a trend toward performing credit card transactions electronically over computer networks via the xe2x80x9cInternetxe2x80x9d or phone lines via audiotext systems or from remote communication devices. In such electronic credit card transactions, the purchaser inputs the credit card information from a remote terminal, such as a computer terminal or telephone keypad, and this information is transmitted to the vendor. Prior authorization techniques used for in-person transactions can not be used with electronic credit card transactions, so new security measures are required to prevent fraudulent and unauthorized electronic credit card transactions.
One type of security measure developed for electronic credit card transactions is the verification of the billing address of the credit card bolder. The purchaser is required to input his billing address along with his credit card information through the remote terminal. The financial institution issuing the credit card has the billing address for each of its credit card holders stored along with the associated credit card information in a database of credit card holders"" accounts. When the credit card information is presented to the financial institution from the vendor for authorization, the stored billing address associated with the credit card number submitted for authorization is compared with the billing address input by the purchaser to ensure they match. If the addresses do not correlate, then the purchaser is deemed to be an unauthorized user and the credit card transaction is denied. However, address verification systems of this type are not entirely effective in preventing unauthorized use. Individuals usually carry their credit cards in their wallets along with other personal identification, such as the individual""s driver""s license. A thief who steals the individual""s wallet will have access to the individual""s personal identification as well as their credit card, so that the thief will know the credit card holder""s address and will be able to satisfy the address verification test during the authorization procedure. Thus, address verification systems have not been successful in entirely eliminating fraudulent usage of credit cards.
Another security measure developed to prevent fraudulent electronic credit card transactions is the use of automated number identification (ANI) blocking. Since almost all electronic credit card transactions are performed from remote terminals connected through telephone lines, the vendor automatically collects the telephone number associated with the telephone line of the remote device from the telephone carrier. The vendor possesses a stored list of telephone numbers associated with a pattern of fraudulent use, wherein the ANI collected is compared with the stored list to determine if a match exists. If the ANI collected is on the stored list, then that telephone line is blocked from further use. ANI blocking is effective in preventing continued fraudulent usage of a credit card from a particular phone number. However, ANI blocking is also of limited usefulness, because it correlates a telephone number used on one occasion for a fraudulent credit card transaction as a blocked phone number. Even though the telephone number and credit card are not interrelated, the telephone number will be blocked from any further credit card transactions. The next electronic credit card transaction attempted using that telephone number may be a valid transaction, but the transaction will be denied since the telephone number has been blocked by ANI blocking. Thus, remote terminals frequently having a plurality of different users, such as hotel room telephones or pay phones, will be blocked by ANI blocking by one fraudulent use, preventing subsequent valid credit card transactions from being performed from that remote terminal. While ANI blocking is effective in preventing repeated fraudulent credit card transactions from occurring from the same remote terminal, it also has the detrimental effect of preventing subsequent valid credit card transactions from being performed from the same remote terminal.
There has been a need for a method for preventing fraudulent electronic credit card transactions which does not also incidentally prevent subsequent valid credit card transactions from being performed. Moreover, there was a need for a more secure method for preventing fraudulent electronic credit card transactions by requiring identifying data that is not easily attainable by a fraudulent user. In order to accomplish these needs, U.S. Pat. No. 6,095,413, issued to the same inventors as the present invention and assigned to common assignees as the present invention, provides a system for authorizing a credit card transaction which requires a person attempting a credit card transaction to provide certain credit card information as well as their social security number. After verifying the credit information provided is correct, this system then accesses a separate social security number database which contains a list of social security numbers and respective addresses associated with the stored social security numbers. The addresses stored in associated with the social security number provided by the user are retrieved from the social security number database and compared with the address provided by the user. Authorization of the credit card transaction is then authorized if the information provided by the purchaser is corroborated by the information in the social security number database In this manner, personally identifying information about an individual which is not readily ascertainable by another person is required to complete the credit card transaction.
While the credit card authorization system described in U.S. Pat. No. 6,095,413 has proven to be very effective in preventing fraudulent credit card transactions, the inventors of the present invention have found this type of credit card authorization system to also deter individuals from making otherwise valid purchases due to their reluctance to provide their social security number. A social security number particularly identifies an individual for their lifetime, where an individual""s social security number is typically only known by the individual himself. Therefore, various entities will often utilize social security numbers as a type of secret identifying information for the individual, such as a password, student loan account number, etc. Due to the personal and highly secretive nature of social security numbers, individuals are reluctant to reveal their social security number to complete a purchase, especially when the credit card transaction is being attempted with a remote party via the Internet. This can cause reluctant individuals to decide against making the purchase in order to maintain the secrecy of their social security number. Thus, this type of system has the detrimental effect of deterring otherwise valid credit card transactions from occurring.
Clearly, there is a need for an effective method of preventing fraudulent electronic credit card transactions which does not also incidentally deter otherwise valid credit card transactions from being performed.
The present invention provides a system and method for enhanced fraud detection in automated electronic credit card processing which minimizes the number of fraudulent electronic credit card transactions without deterring otherwise valid credit card transactions from being performed. A user at a remote terminal, such as a telephone or personal computer, attempting to conduct an electronic credit card transaction is prompted by the automated electronic credit card processing system of the present invention to input the user""s credit card information and personal information about the user, such as the user""s name, address, or a portion of their social security number. The information input by the user is retrieved and used for identification purposes. Initially, the input credit card information is communicated to an issuer of the user""s credit card to determine whether the input credit card information is valid. Once the credit card information is validated by the issuer, the other information input by the user is checked against a second independent information database to corroborate the information input by the user and the information contained in the database maintained by the credit card issuer.
The independent information database contains a list of individuals along with at least one address stored along with each respective individual. The name input by the user is compared with the names of the individuals contained in the independent information database to determine if a match exists. When a match is found, the addresses stored in association with this name in the independent information database are retrieved. The input address is then compared with the retrieved stored addresses to determine if the input address corresponds to any of the retrieved stored addresses. If the input credit card information has been confirmed by the issuer as being valid and the address input by the user matches any of the retrieved addresses stored in association with the user""s name in the independent information database, the electronic credit card transaction is authorized and allowed to transpire. The electronic credit card transaction is denied when any of the tests performed are not satisfied, and the user is notified the reason for which the credit card transaction is refused. The independent information database is stored and accessed separately from the issuer""s credit card information database to provide an added measure of protection by corroborating the information stored in both databases.
In an alternative embodiment of the present invention, the independent information database contains social security number information stored in association with the list of individuals stored therein. The social security number information input by the user, i.e., the last four digits or other portion of the user""s social security number, is used either alone or in conjunction with the name input by the user to determine whether these pieces of user input information correspond to an individual stored in the independent information database. If a match is found to exist, the addresses stored in association with the input social security number information are then retrieved. The input address is compared with the retrieved stored addresses to determine if the input address corresponds to any of the retrieved stored addresses. If the address input by the user matches any of the retrieved addresses stored in association with the input social security number information, the electronic credit card transaction is authorized for use.
As a further fraud detecting measure, the electronic credit card processing system may collect the phone number from which the remote terminal is communicating. The collected phone number is compared with a stored list of blocked phone numbers which are not authorized to perform electronic credit card transactions. The electronic credit card transaction could then be rejected if the collected phone number matches any of the blocked phone numbers on the stored list.