There presently exists a number of transaction card networks which issue a particular type of transaction card to their customers. Each of these types of card bear a common trademark of the network, such as Visa or Mastercard. Nonetheless, it is the individual financial institutions (issuers) which maintain the accounts of the customers. Accordingly, in order to authorize a transaction, it is often necessary to contact the issuer so that information about a particular account can be accessed.
When a transaction card is presented for a purchase, some form of authorization is typically sought to minimize the risk of loss to the merchant. Historically, the earliest method of authorization consisted of consulting a list of bad account numbers. This list is distributed by the network operator based on information obtained from the card issuers. The account numbers in the list represent cards which should not be accepted. These cards may have been reported lost or stolen or simply represent accounts where the credit limit has been exceeded. If the account number of the card is not present on the list, the merchant can accept the card for the purchase.
More recently, there have been developed relatively sophisticated electronic authorization networks. In these communication networks, the merchant is provided with an intelligent terminal which can read account information encoded on the magnetic stripe of the transaction card. The terminal will then automatically call a central processor, operated by the network which will analyze the authorization request. The call from the terminal is typically routed through a local financial institution, associated with the merchant.
Once the central processor receives the call, it will then initiate an electronic data link to the processor operated by the card issuer to determine if the transaction should be approved. The processor at the issuer will check the status of the account within its data base and generate a response. This electronic response is then routed back to the merchant's terminal. In some cases, where the issuer's computer is not available, the central processor itself can act on the authorization request and perform what is known as stand-in processing. This process occurs electronically without human intervention. A more complete description of this type of electronic authorization system is described in U.S. Pat. No. 4,485,300.
Most requests for transaction authorizations can be completed electronically within the network system outlined above. However, in a small percentage of the cases, the limited information which is transmitted to the issuer's computer is deemed insufficient to complete the authorization process. In these cases, rather than approving or declining the transaction, the issuer's computer will generate a "referral" message. A referral message signals the merchant that more information is necessary to complete the authorization procedure.
Presently, the steps which must be taken by the merchant in response to a referral message are time consuming and cumbersome. More specifically, the merchant must first make a standard telephone call to an operator at his local financial institution to initiate the inquiry. The operator there will then determine the identity of the issuer of the card and call an operator at that issuer. The operator at the issuer will inform the operator at the acquirer what additional authorization information is necessary to confirm the identity of the customer. This information could include, for example, a request for a driver's license number of the customer. The operator at the acquirer will then call back the merchant and request the desired information. When the information is received, the operator will then supply the information to the operator at the issuer. The issuer will then decide if the transaction can be approved and provide a response to the operator at the acquirer. The operator at the acquirer will then relay the response to the merchant.
The above described process often requires four separate telephone calls and generally takes from 8-12 minutes. As can be appreciated, this delay at the point of sale is unacceptable for both the merchant and the customer. It is hardly surprising that in about half of all cases where a "referral" message is generated in domestic transactions, merchants will not go through with the referral procedure. It is far simpler for the merchant to ask the customer to provide another form of payment, such as a check or another credit card. As can be appreciated, each time a merchant switches to another form of payment, the sale through the network generating the response is lost.
While referral responses are generated in only about one percent of all authorization requests, in absolute terms the number is quite high. At the present time, there are over 600,000 referral requests generated per month in one nationally prominent network. It has been found that of the fifty percent of domestic transactions where the merchant does not carry out the referral procedure, upwards of ninety percent of the transactions would have been approved by the issuer. Also significant is the fact that the referral responses typically are generated on transaction having a high dollar amount. Based on the above statistics, it has been estimated that the present system which discourages handling referrals, creates a loss of about one billion dollars per year in transactions for the network. Therefore, it will be apparent that an improvement in security of credit and debit card transactions would meet an outstanding need of significant magnitude.
Above identified parent application Ser. No. 08/322,133 (680-108) described an improved system and method for assuring added security in the use of credit or debit cards using a unique methodology adapted to be implemented by largely existing facilities in a public switched telephone network having an advanced intelligent signaling network and one or more intelligent peripheral platforms. According to one version of the system there described, the credit card holder subscribes to a security service in return for an incentive such as may be provided by the credit card issuing entity, such as offering a reduction of interest rate or a percentage rebate on purchases for use of the new system. The credit card holder was permitted to subscribe to the new service through his residence telephone to set up a Personal Identification Number (PIN) and/or a voice print or template to control his credit card use. Having subscribed to the service and established such a PIN and voice template the card holder could utilize the credit card security procedure. Prior to use of the card the card holder accessed the security system by telephone, preferably but not necessarily his residence telephone, and effected verification by the preestablished PIN or voice template or both. Following such verification the card holder established or set at least one- and preferably two or more of the following parameters:
1. A stated time frame during which the card will be activated, for example, for the next three hours.
2. A dollar limit on the purchasing power of the card during that time.
3. A geographical area or location wherein the card will be activated. This may be a central office or NXX area, a county, city, state or zip code area, or the like.
4. A temporary PIN which the subscriber desires to have applicable under the restrictions set under 1, 2 and 3 above.
5. A voice verification using the preestablished template.
Following the establishment or setting of these parameters the point-of-sale authorization or usability of the credit card is then subject to those restrictions and will be activated only if all such restrictions are satisfied. The system and method can be accomplished using elements which are for the most part found in modern public switched telephone networks or at least in those which possess an Advanced Intelligent Network (AIN). This includes such features as common channel signaling, such as SS7 or the like, and one or more intelligent peripheral platforms. The location of attempted use of the credit card, usually a point-of-sale, was identified by the incoming call from the merchant presenting signals in the telephone network, such as ICLID, DNIC, or ANI. That system also provides for further verification by permitting a sales clerk at the point-of-sale terminal to mandatorily or optionally request the temporary PIN and confirmation of identify by voice authentication using the prestored voice template. A telephone station is normally available at the point-of-sale verification device.