Traditionally, a person must directly possess a man-made personalized token whenever attempting authorization for an electronic financial transaction. Tokens such as magnetic ink encoded paper checks, smart cards, magnetic swipe cards, identification cards or even a personal computer programmed with resident user-specific account data, are "personalized" because they are each programmed or encoded with data that is unique and personalized to the authorized user. For examples: at a retail point of sale, the user directly possesses and physically presents personalized checks or cards encoded with his unique account data to the merchant; or, over the internet, the user directly possesses and electronically presents his personal computer's resident user-unique account data to the remote merchant. By contrast, as the disclosed invention is completely tokenless, it does not require the user to directly possess, carry or remember any personalized token that can be lost, stolen or damaged.
Of all such personalized man-made tokens, magnetic ink encoded paper checks have long been used as the token of choice in financial transactions. Currently, around 65 billion paper checks are written annually in the United States. These paper checks are time-consuming to write, costly for both consumers and businesses to handle and process, and prone to fraud. It is currently estimated that these inefficiencies annually cost consumers and businesses over $10 billion in fraud losses and over $40 billion in processing time and personnel resource costs. For example, paper checks are particularly vulnerable to fraud. Because they do not require the use of a personal identification number ("PIN"), a lost or forged paper check can easily be turned into cash by a fraud perpetrator. Counterfeit checks can readily be created by acquiring an accountholder's valid account number and bank routing code, then encoding those numbers as printed magnetic numerical characters on a blank check template. Valid paper checks that are stolen can be selectively moistened with solvents to retain authorized signatures and erase designated financial amounts in order to over-write them with a higher denomination value. These resultant fraudulent checks can then be presented to payees or businesses, with the transaction being charged to the rightful checking account. Check fraud may also be committed by authorized checkholders themselves, whereby they use a check of their own to make purchases, and subsequently claim the check had been lost or stolen, and used without their knowledge.
Of all payment modes, checks take the longest amount of time to complete, authenticate and process. They require additional time to process for deposit, and cost more money for banks to clear and settle. At the retail point of sale, submission of paper checks is often accompanied by a secondary token used for identification, such as a plastic driver's license card, requiring more time and cost. All of these charges are paid by merchants or businesses, and are ultimately borne by the consumer.
Both at a retail site and over the internet, paper checks are presented for real-time remote access to financial accounts via magnetic ink character readers, with magnetic stripe or bar code readers sometimes being used to also automatically read identification cards like a driver's license. In some instances on the Internet, the user's personal checking account data is stored resident within the user's personal computer. In this manner, a PC is the personalized man-made memory token that the user is required directly possessed each time he seeks to authorize an electronic check via the Internet.
Therefore, whether buying services or products, a consumer or a business must rely on the money transfer to be enabled by the consumer directly using personalized man-made memory tokens. The sole functions of such tokens are to attempt to identify both the user and the financial account being accessed to pay for the transaction. However, these tokens can be easily exchanged, either knowingly or unknowingly, between users, thereby de-coupling them from the original intended user. Because these encoded paper checks, identification cards or personal computers storing resident user data are ubiquitous in today's consumer and business transactions as verification of the submitter's check writing authority, and the attendant inconveniences and security vulnerabilities of such tokens are widespread.
Various token-based biometric technologies have been suggested in the prior art, using smart cards, magnetic swipe cards, or paper checks in conjunction with fingerprints, hand prints, voice prints, retinal images, facial scans or handwriting samples. However, because the biometrics are generally either: a) stored in electronic and reproducible form on the token itself, whereby a significant risk of fraud still exists because the comparison and verification process is not isolated from the hardware and software directly used by the payor attempting access, or; b) used in tandem with the user directly using magnetic swipe cards, paper checks or a PC with the user's financial data stored resident therein. Examples of this approach to system security are described in U.S. Pat. Nos. 4,821,118 to Lafreniere; 4,993,068 to Piosenka et al.; 4,995,086 to Lilley et al.; 5,054,089 to Uchida et al.; 5,095,194 to Barbanell; 5,109,427 to Yang; 5,109,428 to Igaki et al.; 5,144,680 to Kobayashi et al.; 5,146,102 to Higuchi et al.; 5,180,901 to Hiramatsu; 5,210,588 to Lee; 5,210,797 to Usui et al.; 5,222,152 to Fishbine et al.; 5,230,025 to Fishbine et al.; 5,241,606 to Horie; 5,265,162 to Bush et al.; 5,321,242 to Heath, Jr.; 5,325,442 to Knapp; 5,351,303 to Willmore; 5,832,464 to Houvener et al, all of which are incorporated herein by reference.
Uniformly, the above patents disclose financial systems that require the user's presentation of personalized tokens to authorize each transaction, thereby teaching away from tokenless biometric financial transactions. To date, the consumer financial transaction industry has had a simple equation to balance: in order to reduce fraud, the cost and complexity of the personalized token directly possessed by the user must increase.
As a result, there is a need for a new electronic financial transactions system that is highly fraud-resistant, practical, convenient for the consumer, and yet cost-effective to deploy. More specifically, there is a need for an electronic check financial transaction system that relies solely on a payor's biometric for transaction authorization, and does not require the payor to directly possess any personalized man-made memory tokens such as smart cards, magnetic swipe cards, encoded paper checks or personal computers for identification.
Lastly, such a system must be affordable and flexible enough to be operatively compatible with existing networks having a variety of electronic transaction devices and system configurations.
Accordingly, it is the objective of the present invention to provide a new system and method of tokenless biometric financial transactions for electronic checks.
As such, it is an objective of the invention to provide an electronic check financial transaction system and method that eliminates the need for a payor to directly possess any personalized man-made token which is encoded or programmed with data personal to or customized for a single authorized user. Further, it is an objective of the invention to provide an electronic financial transaction system that is capable of verifying a user's identity based on one or more unique characteristics physically personal to the user, as opposed to verifying mere possession of personalized objectives and information.
Another objective of the invention is to provide an electronic financial transaction system that is practical, convenient, and easy to use, where payors no longer need to remember personal identification numbers to access their financial accounts.
Another objective of the invention is to provide increased security in a very cost-effective manner, by completely eliminating the need for the payor to directly use ever more complicated and expensive personalized tokens.
Another objective of the invention is to provide an electronic financial transaction system that is highly resistant to fraudulent access attempts by unauthorized users.
Another objective of the invention is to authenticate the system to the payor once the electronic financial transaction is complete, so the payor can detect any attempt by criminals to steal their authentication information.
Another objective of the invention is that the payee be identified by an electronic third party identicator, wherein the payee's identification is verified. Therefore, the payee would register with the electronic third party identicator payee identification data, which optionally comprises, a payee hardware ID code, a payee phone number, a payee email address, a payee digital certificate code, a payee financial account number, a payee biometric, or a payee biometric and PIN combination.
Still, another objective of the invention is to be added in a simple and cost-effective manner to existing terminals currently installed at points of sale and used over the Internet around the world.
Yet another objective of the invention is to be efficiently and effectively operative with existing financial transactions systems and protocols, specifically as these systems and protocols pertain to processing of electronic checks.