Embodiments of the present invention are directed to systems, apparatuses and methods for enabling electronic payments and the processing of payment transaction data, and more specifically, to identifying consumer devices that may be the source of fraudulent transactions and preventing the authorization of future transactions initiated by consumers using those devices.
Consumer payment devices such as debit cards or credit cards are used by millions of people worldwide to facilitate various types of commercial transactions. In a typical transaction involving the purchase of a product or service at a merchant location, the payment device is presented at a point of sale terminal (“POS terminal”) located at a merchant's place of business. The POS terminal may be a card reader or similar device that is capable of accessing data stored on the payment device, where this data may include identification or authentication data, for example. Some or all of the data read from the payment device is provided to the merchant's transaction processing system and then to the Acquirer, which is typically a bank or other institution that manages the merchant's account. The data provided to the Acquirer may then be provided to a payment processing network (e.g., a payment processor) which processes the data to determine if the transaction should be authorized by the network, and assists in the clearance and account settlement functions of the transaction. The authorization decision and clearance and settlement portions of the overall transaction may also involve communication and/or data transfer between the payment processing network and the bank or institution that issued the payment device to the consumer (the Issuer). Transactions in which a consumer payment device is presented to a merchant or accessed by a point of sale terminal are termed “card present” transactions since the payment device is in the same physical location as the merchant or terminal.
In addition to card present transactions, a consumer may also initiate a transaction in a situation in which the payment device is not in the same physical location as the merchant or terminal and instead the relevant data is provided over a communications network to the merchant (termed a “card not present” transaction). For example, a transaction involving the purchase of a product or service may be initiated by a consumer by providing payment data from a remote location to a merchant over a network such as the Internet. Transactions of this type are typically initiated using a computing device such as a personal computer or laptop computer. Transactions may also be initiated by using a mobile device such as a cell phone or personal data assistant (PDA) that communicates with a merchant or service provider directly or indirectly over a wireless network (which may be configured to enable data transfer between the wireless network and the Internet). Thus, payment information for a transaction may be provided using a payment device and point of sale terminal, remotely located computing device, or mobile device capable of wireless communications, among other methods.
Given the large number of transactions and amounts of money involved, the detection and prevention of fraud is an important consideration of any transaction processing system. However, this function is made more difficult in the case of transactions that are conducted using remote devices such as computers or mobile phones. This is because the same device might be used by different users, each having a separate account. In addition, the same user might have different accounts but use a common device for purchases, or the same user might make purchases from multiple merchants on the same account using the same device. In each of these situations, an account or a specific device used to initiate transactions might be determined to be the source of fraud, but this information would typically only be known to the merchant that was involved in the fraudulent transaction. Each merchant is in the position of having to identify fraudulent transactions by themselves, usually through notice of a chargeback or non payment for goods, and as a result determine that the account or device was not trustworthy. Since information about fraudulent transactions is typically not shared between merchants, there can be delays in identifying fraudulently used accounts or devices. This can result in increased risk and greater losses to merchants and the overall transaction processing network.
What is desired is a system, apparatus and method for reducing fraud in electronic payment transactions by more rapidly identifying devices that are used in potentially fraudulent transactions and preventing use of those devices in subsequent transactions. Embodiments of the invention address these problems and other problems individually and collectively.