1. Field of the Invention
The present invention relates generally to credit card verification processes, and specifically to an improved automated system and process for detecting and preventing the fraudulent use of credit cards by unauthorized users.
2. Description of Related Art
Credit cards have conventionally been used for financial transactions for reasons of public convenience and economy. Typically, a purchaser merely needs to present the credit card to a vendor to complete a transaction, where all information necessary to complete the financial transaction is contained on the credit card. Credit cards inherently possess a certain degree of risk for fraudulent use, since the credit card information necessary for the financial transaction appears on the face of the credit card. Thus, if a credit card is lost or stolen, an unauthorized user of the credit card may complete financial transactions by merely presenting the credit card number to a vendor. In order to prevent unauthorized use of a credit card, vendors have conventionally asked for picture identification or compared the purchaser""s signature with a signature on the card to ensure the purchaser is an unauthorized user of the card. However, such authorization techniques can only be performed when the purchaser is in the presence of the vendor. Recently, there has been a trend toward performing credit card transactions electronically over computer networks via the xe2x80x9cInternetxe2x80x9d or phone lines via audiotext systems. In such electronic credit card transactions, the purchase inputs the credit card information from a remote terminal, such as a computer terminal or telephone keypad, and this information is transmitted to the vendor. Prior authorization techniques for in-person transactions can not be used with electronic credit card transactions, so new security measures are required to prevent fraudulent and unauthorized electronic credit card transactions.
One type of security measure developed for electronic credit card transactions is the verification of the billing address of the credit card holder. The purchaser is required to input his billing address along with his credit card information through the remote terminal. The financial institution issuing the credit card has the billing address for each of its credit card holders stored along with the associated credit card information in a database of credit card holders"" accounts. When the credit card information is presented to the financial institution from the vendor for authorization, the stored billing address associated with the credit card number submitted for authorization is compared with the billing address input by the purchaser to ensure they match. If the addresses do not correlate, then the purchaser is deemed to be an unauthorized user and the credit card transaction is denied. However, address verification systems of this type are not entirely effective in preventing unauthorized use. Individuals usually carry their credit cards in their wallets along with other personal identification, such as the individual""s driver""s license. A thief who steals the individual""s wallet will have access to the individual""s personal identification as well as their credit card, so that the thief will know the credit card holder""s address and will be able to satisfy the address verification test during the authorization procedure. Thus, address verification systems have not been successful in entirely eliminating fraudulent usage of credit cards.
Another security measure developed to prevent fraudulent electronic credit card transactions is the use of automated number identification (ANI) blocking. Since almost all electronic credit card transactions are performed from remote terminals connected through telephone lines, the vendor automatically collects the telephone number associated with the telephone line of the remote device from the telephone carrier. The vendor possesses a stored list of telephone numbers associated with a pattern of fraudulent use, wherein the ANI collected is compared with the stored list to determine if a match exists. If the ANI collected is on the stored list, then that telephone line is blocked from further use. ANI blocking is effective in preventing continued fraudulent usage of a credit card from a particular phone number. However, ANI blocking is also of limited usefulness, because it correlates a telephone number used on one occasion for a fraudulent credit card transaction as a blocked phone number. Even though the telephone number and credit card are not interrelated, the telephone number will be blocked from any further credit card transactions. The next electronic credit card transaction attempted using that telephone number may be a valid transaction, but the transaction will be denied since the telephone number has been blocked by ANI blocking. Thus, remotely terminals frequently having a plurality of different users, such as hotel room telephones or pay phones, will be blocked by ANI blocking by one fraudulent use, preventing subsequent valid credit card transactions from being performed from that remote terminal. While ANI blocking is effective in preventing repeated fraudulent credit card transactions from occurring from the same remote terminal, it also has the detrimental effect of preventing subsequent valid credit card transactions from being performed from the same remote terminal.
Clearly, there is a need for a method for preventing fraudulent electronic credit card transactions which does not also incidentally prevent subsequent valid credit card transactions from being performed. Moreover, there is a need for a more secure method for preventing fraudulent electronic credit card transactions by requiring identifying data that is not easily attainable by a fraudulent user.
It is a primary object of the present invention to overcome the aforementioned shortcomings associated with the prior art.
Another object of the present invention is to provide a more effective system and method for detecting fraud in automated electronic credit card processing.
Yet another object of the present invention is to provide a system and method for enhanced fraud detection in automated electronic credit card processing which reduces the number of fraudulent electronic credit card transaction while minimizing the number of valid credit card transactions incidentally prevented from being performed.
A further object of the present invention is to provide a system and method for enhanced fraud detection in automated electronic credit card processing which minimizes fraudulent use of a credit card by utilizing identifying data that is not readily attainable by a fraudulent user.
These as well as additional objects and advantages of the present invention are achieved by providing a method and system for authorizing an electronic credit card transaction having enhanced measures for detecting fraudulent transaction. A user at a remote terminal, such as a telephone or personal computer, attempting to conduct an electronic credit card transaction is prompted by the automated electronic credit card processing system to input the user""s credit card information, address, and social security number. The information input by the user is retrieved and used for identification purposes. Initially, the input credit card information is communicated to an issuer of the user""s credit card to determine whether the input credit card information is valid. Once the credit card information is validated by the issuer, the social security number input by the user is checked to determine if it corresponds to the user.
A database having a stored list of social security numbers is accessed, wherein each of the stored social security numbers includes at least one address stored therewith corresponding to an address of an individual identified by the respective social security number. The input social security number is compared with the stored list to confirm that the input social security number is an actual social security number appearing on the stored list. The addresses stored in association with the input social security number are then retrieved, and the input address is compared with the retrieved stored address to determine if the input address corresponds to any of the retrieved stored addresses. If the input credit card information has been confirmed by the issuer as being valid and the address input by the user matches any of the retrieved addresses stored in association with the input social security number, the electronic credit card transaction is authorized and allowed to transpire. The electronic credit card transaction is denied when any of the tests performed are not satisfied, and the user is notified the reason for which the credit card transaction is refused. The social security number database is stored and accessed separately from the issuer""s credit card information database to provide an added measure of protection against a person fraudulently gaining access to one of the databases, since access to the information in both databases is required to complete the financial transaction.
As a further fraud detecting measure, the electronic credit card processing system may collect the phone number from which the remote terminal is communicating. The collected phone number is compared with a stored list of blocked phone numbers which are not authorized to perform electronic credit card transactions. The electronic credit card transaction could then be rejected if the collected phone number matches any of the blocked phone numbers on the stored list.