With the proliferation of computers has come a proliferation of uses for those computers. These include a myriad of electronic commerce services as well as a myriad of electronic commerce service providers. One electronic commerce service is the service of making payments and other financial transactions on behalf of computer users by an electronic commerce service provider.
For example, CheckFree, the assignee of the present application and a pioneer in the electronic commerce services field, provides, among its electronic commerce service offerings, customer-initiated electronic bill payment, automatic electronic bill payment of received electronic bills, person-to-person electronic payment, also known as e-mail payment, payment-on-delivery electronic payment, as well as electronic account transfer services, to computer users, known as subscribers. In providing each of these services, CheckFree accesses an account associated with a subscriber to obtain funds. These accounts typically are demand deposit accounts (DDAs) such as checking accounts maintained at financial institutions not associated with CheckFree, though other types of accounts maintained at financial institutions are also utilized.
To provide electronic commerce services in which a service provider accesses a subscriber's account, the subscriber must enroll with the service provider. The enrollment process conventionally includes the subscriber providing account information to the service provider via a paper form. This also often includes the subscriber providing a voided check when the subscriber's account is a checking account.
A service provider in turn often performs various checks to determine if an account identified by an enrolling subscriber is an existing account, as a measure of fraud prevention. For CheckFree, this includes determining if the routing and transit number (RTN) of the subscriber's account is valid. Also, CheckFree verifies that the pattern (scheme) of the account number is appropriate for the RTN. Additionally, CheckFree also often confirms if an account can be reached electronically. In the past this has included issuing a pre-note to the account. A pre-note is an electronic transaction via the ACH network directed to a subscriber's DDA in which funds are not transferred. If the ACH network does not send back the pre-note (for such reason as because the subscriber's account is not located/not reachable electronically), CheckFree knows that the account exists and can be reached electronically. More recently, CheckFree has begun utilizing proprietary databases including information indicating financial institutes which can be reached electronically.
This processing is inefficient, as a paper form and check must be delivered to a service provider, which are in turn processed. All electronic enrollment processing has been proposed to alleviate the delay in enrollment, as well much of the costs of paper-enrollment. In the proposed all-electronic enrollment a subscriber provides account information electronically, typically on-line, to a service provider, who in turn validates the account's existence, or at least validates that the provided account information meets certain criteria (i.e., that a routing and transit number is valid, and that an account number is valid, and that an account number pattern is valid for that routing and transit number). One all-electronic enrollment technique is disclosed in U.S. patent application Ser. No. 09/820,803, which is assigned to the assignee of the present application.
Typically, in both paper and all-electronic enrollment processing, a service provider does not actually confirm that the account is associated with the subscriber. Upon successful completion of the pre-note process, or upon completion of the alternative database processing, all the service provider knows is that the account exists and is reachable electronically. Thus, the service provider is still in a position of risk because the service provider has not actually confirmed that the account is associated with, i.e., belongs to, the subscriber.
To overcome this risk it has been proposed to use commercially available databases containing information concerning account existence, standing, and association with subscribers. Use of these databases is costly to the service provider. Furthermore, their usefulness is limited to accounts/subscribers included in the databases.
A more recently imposed technique to overcome this risk includes the service provider making one or more transactions using a subscriber's account, typically via the ACH network, upon receipt of information identifying the account during enrollment. One or more selected details which vary from transaction to transaction, including the number of transactions performed, the amount of a transaction, the type of transaction (e.g. credit, debit, deposit and/or withdrawal), the merchant name or account used for the transaction, are stored by the service provider. The subscriber determines these same details [then], based upon a bank statement or banking information available in person, on-line, or via telephone from the financial institution maintaining the account. The subscriber then informs the service provider of the determined details. If the subscriber correctly confirms the detail(s), the service provider can have a high level of confidence that the account is actually associated with the subscriber. Upon successful confirmation of the correct detail(s), the service provider completes the subscriber's enrollment, enabling the subscriber to utilize the service(s) of the service provider.
This recently proposed technique, however, has several drawbacks. One drawback is that the subscriber cannot avail himself or herself of the electronic commerce services offered by the service provider until that subscriber correctly determines and informs the service provider of the selected detail(s). Thus, while risk to the service provider is reduced, there is still a delay in the subscriber being able to use the service, or services, offered by the service provider.
Another drawback of the proposed technique is that the technique contemplates a net credit to the subscriber's account, from funds of the service provider. Although the transactions are proposed to be of small amounts, when considering the use of the proposed technique for millions and millions of subscribers, and perhaps multiple accounts per subscriber, the cost of the technique can be quite high. Hence, if the net amount for multiple transactions to a single subscribers account is a $1.00 US credit, and if 100 million accounts were to be verified, the cost would be on the order of $100 million. Even if the net credit is $0.10 US, the cost would be on the order of $10 million, which is not insignificant.
Still another drawback of the proposed technique is the quality of the verification itself. As proposed, verification is based on details of individual transactions, including the amount of the transaction, the type of transaction (e.g. credit, debit, deposit or withdrawal), the merchant name or account number used for the transaction in conjunction with the subscriber designated account, or the number of the last of a series of transactions, which will also represent the total number of transactions performed. The probability of a fraudulent subscriber guessing one or more of these details could be quite high unless the implementation included a burdensome number of transactions or details which are difficult for a subscriber to remember and thus proffer back to the service provider.
For example, if one of only a small set of option, e.g. 1 to 5 transactions, were routinely performed, there is a very high probability that a fraudulent subscriber could guess this detail. The quality of the verification using the proposed technique will increase, and may even be satisfactory, if implemented such that the number of options to choose from is relatively large in comparison to the number of retry attempts allowed, and there is variability from one verification to the next verification. However, such implementations make the process difficult for subscribers and hence impractical from a business perspective.
Accordingly, a need exists for a technique to verify an association between a subscriber and an account without the above noted deficiencies. It would also be beneficial if a subscriber designated account could be verified in a manner that was less burdensome or even beneficial to the subscriber.