Many sellers offer products or services without requiring the physical presence of the buyer. Buyers usually contact such sellers by phone, fax, Short Message Service (SMS), email, or through the seller's website.
In order to pay the seller, the remote buyer will often provide an identifier of a chargeable account, such as a credit card number, debit card number, checking account number, bank account identifier or phone number. The seller then uses this identifier to charge the account.
Fraudsters who gain access to an account identifier could contact a seller, provide the identifier to the seller, and cause the true owner of the account to be charged.
In order to prevent such fraudulent transactions, sellers deploy various methods to verify that an account belongs to the buyer. One such method is requiring the buyer to provide personal details of the account owner, which are then compared with information associated with the account at a trustable third party, such as the organization administering the account (the ‘account issuer’) or a transaction processing service, which receives account information from multiple sellers.
For example, sellers often require buyers to provide a mailing address of a credit card account owner (usually the address where the owner receives his credit card bills, known as the billing address), and compare this mailing address to addresses stored on the databases of the bank that issued the card. The seller may of course do the same with any other personal details of the account owner, such as a name, a phone number, a government-issued identifier (e.g. driver's license number), an email address etc.
Sellers use a variety of methods to contact the issuer when performing such a comparison, such as speaking with a representative of the account issuer over the phone, exchanging faxes with the issuer, or using the issuer's IVR (Interactive Voice Response) system.
Additionally, banks in the United States, Canada and the United Kingdom offer an automatic service for verifying billing addresses called AVS (Address Verification System). To use AVS, the seller sends to the bank, over the credit card data network, an AVS request containing the numeric portion of the billing address (house number+zip code) and the card number, and receives a response that describes which of the elements in the AVS request match the bank's records. Furthermore, some banks allow cardholders to add an additional address to the account, so the cardholders could provide sellers with this address without causing AVS to fail. United States published patent application 2003/0023541, the entirety of which is herein incorporated by reference, discloses methods and systems for verifying billing addresses and additional addresses.
By requiring buyers to present personal details at the time of transaction, and by comparing these presented personal details with previously obtained and stored personal details, sellers expect to decrease the incidence of fraud, as fraudsters are less likely to know specific personal details than the legitimate account owner. In practice, fraudsters have found simple ways to gain access to these personal details and thus this method is now considered ineffective.
Sellers may complicate fraud attempts by performing some action based on the personal details, such as shipping goods only to the verified billing address, calling the verified phone number to check that the account owner is aware of the transaction, or sending an email to the verified email account. The first two methods (shipping to the billing address and calling the account owner) are currently used by many sellers, whereas the last method (sending an email) is not, since banks do not usually have account owners' email addresses and do not usually provide means for verifying them. U.S. Pat. Nos. 5,757,917 and 5,826,241 the entirety of which is herein incorporated by reference, and PCT Applications WO03/017049 and WO01/69549 the entirety of which is herein incorporated by reference describe methods for verifying payments by email, in which buyers need to register their account identifiers and email addresses in advance.
Nevertheless, fraudsters could still circumvent such measures by contacting the issuer, impersonating the legitimate account owner and requesting that the issuer update stored personal details. For example, credit card issuers in the United States often verify callers by requiring the Social Security Number (SSN) of the cardholder. A fraudster who gains access to the SSN can thus change the billing address (or add an alternate address) to an address where he can receive merchandise, or change the phone number to a number where he can receive calls. In another example, a fraudster may use stolen information of another person to open a new credit card account, and provide any additional personal details he wants.
There is an ongoing need for techniques for assessing the reliability of transactions submitted by buyers. Furthermore, there is a recognized need for methods and systems for verifying and assessing the reliability of personal details presented in transactions of remote buyers, particularly in the context of e-commerce.