The present application is generally related to payment transactions, and more specifically to the use of challenge questions in authorizing a transaction.
It is desirable to have mechanisms that ensure that a consumer who is using a portable consumer device such as a credit card is really the consumer who is associated with the credit card. Fraudulent activity can be very costly to merchants, issuers of portable consumer devices, and others.
A number of consumer authentication mechanisms are known. In one example of a conventional consumer authentication process, a consumer may purchase gas at a gas station using his credit card. Before the consumer is allowed to buy the gas and before the authorization request message is sent to the issuer of the portable consumer device, the gas pump may request that the consumer supply his zip code. The answer supplied by the consumer is then compared against a zip code obtained, for example, from the records of the issuer of the credit card or records from some other third party.
This authentication request may be provided by the merchant as a way to ensure that the consumer is in fact the consumer associated with the credit card. The gas station wants to verify that the consumer is authentic, since the gas station may bear some of the risk for any fraudulent activity that results from purchases made at the gas station.
While such conventional authentication methods have some effectiveness, there are still problems. For example, conventional authentication requests typically reuse the same questions. If someone has stolen a consumer's portable consumer device and knows the consumer's zip code (possibly obtained from the same third party), for example, that person could still conduct fraudulent transactions using the authentic portable consumer device. As there may be limited number of known data that can be used as a correct answer to a question posed to the consumer, it may not be hard for a thief to obtain such information. The data may be public (e.g., in a phone listing or on the Internet) or obtainable for purchase from a third party if requested under false pretenses.
Better ways to authenticate consumers using portable consumer devices are desirable. Embodiments of the invention address the above problems, and other problems, individually and collectively.