The present invention relates to authenticating and processing transactions, and more specifically, to comparing actions performed on merchant and purchaser devices to authenticate a transaction generated at a point of sale (POS) system.
To initiate a transaction at a POS system, a user generally swipes a payment card (e.g., a credit or debit card) at the POS system. The POS system generally prompts a user for input to authenticate the transaction. For example, the POS system may prompt the user to sign for the transaction or input a personal identification number (PIN) associated with the payment card to authenticate the transaction. Using a PIN may be insecure, however, as malicious actors can record payment card information and a user's PIN (e.g., using video recording, card skimmers, and so on). Because a PIN is generally static, malicious actors can incur unauthorized charges on a payment account using payment card information and a recorded PIN until the account owner notices the unauthorized charges and changes the PIN associated with the payment card.
To add security to transaction authentication systems, additional methods may be used to verify that the user is attempting to complete a transaction. For example, a transaction system can request entry of a one-time-use code from the owner of a payment card. The user can receive the one-time-use code, for example, via a short messaging service (SMS) text message and enter the received code at the POS system. If the code entered into the POS system matches the one-time-use code, the POS system can authorize the transaction. In another example, a transaction authentication system can use geolocation data (e.g., from a satellite positioning system, such as GPS, GALILEO, or GLONASS) to determine if a user is at the same location as the POS system. If the user and POS system are substantially co-located (e.g., within a threshold distance, accounting for positioning errors in the reported geolocation data), the POS system can authorize the transaction.