1. Field of the Invention
The invention relates to fraud prevention and fraud “early warning” notifications for transactions, in particular remote and/or electronic transactions such as “e-commerce” and “m-commerce” transactions wherein it is desirable to authenticate and verify one or more parties' identities and intentions before the transaction is concluded and/or to notify one or more parties of the occurrence of the transaction.
2. Description of the Related Art
In a transaction in which security is a concern, such as an electronically conducted transaction involving a funds transfer or a purchase or payment, there are three basic questions which must be satisfied:                1. Are the parties to the transaction who they say they are? (Do they own the goods, services, or funds or financial accounts that they represent they do?)        2. Do they have the necessary authority or authorization to approve the transaction?        3. Is the environment in which the transaction occurs secure? That is, can other parties gain access to the private information being exchanged during such a transaction?        
Regarding question 1, the payments industry has devoted considerable attention to methods and systems designed to a) verify the identity of a purchaser, b) assess the risk of any given transaction, and c) take follow-on action in high-risk cases, either by subsequently inquiring of the payer whether the transaction was proper, or by denying funds or credit at the time of the transaction subject to later manual contact with the payer.
For more complex or higher-value transactions, per question 2 a buyer may be subject to a set of audit and control procedures designed to limit his/her purchasing authority. In most consumer purchasing cases, the buyer and authority-holder are usually the same person. In many organizational purchasing situations, the buyer(s) and authority-holder(s) are not the same. The payments industry has one primary tool for limiting purchasing authority, which is the spending limit or credit limit associated with the buyer's account. Attempted solutions to question 1 also help address question 2, since verifying identity helps address cases wherein a buyer is suborning the purchasing authority of another party by use of a stolen credit card number or other private information.
As regards question 3, the most relatively secure environment for purchase transactions remains a merchant's store, in which a buyer and seller can interact face to face, multiple forms of identification can be reviewed, and the opportunities for theft of private information are generally limited. At the other extreme are telephone, mail, and electronic commerce, in which the buyer is represented merely by his/her account information as supplied by phone, on a mailed form, or by data entry via a computer or other electronic device. Here, the opportunities for fraud and the theft of private information are relatively high. Further, there is a prevailing public perception that electronic purchasing environments (for example, virtual storefronts or Internet auctions) are inherently insecure in regard to the transmission and/or storage of private information.
The above factors are reflected in the relative “discount rate” (price) charged to merchants by credit card processors for in-store transactions vs. “card not present” transactions, for example. Typically, merchants pay 60% more per sales dollar in a “card not present” transaction than when a credit card is physically presented for swiping.
These differences in risk also apply when accounts themselves are opened, closed, and modified remotely, as via mail, telephone, wire, or other electronic means.
Current transaction-verification systems and methods, such as for credit, debit, and purchase-card purchases and payments, Automated Teller Machine (ATM) interactions, e-ticket redemption, and the like, may be grouped into four broad categories: 1) physical identification of the purchasing party or of a difficult-to-mimic characteristic of the purchasing party, such as by signature comparison or biometric scanning, 2) data entry of passwords or other identification codes, such as the Personal Identification Number (PIN) codes used with ATMs and calling cards, 3) validation of embedded digital authenticating information, such as is found in “smart cards”, and 4) verifying private knowledge presumed known only to the account holder, such as the account holder's billing address or Social Security Number (SSN), prior to approving a transaction, including opening, closing, and modifying an account. A fifth category, devoted to limiting the exposure of sensitive private information such as credit card numbers to insecure or weakly secure environments subject to high levels of electronic theft or hacking, such as the Internet, is the substitution of dummy information for the actual private information, which dummy information is reconciled with the actual private information after its receipt by the payment processing organization.
Additional systems and methods have been employed by credit reporting agencies, which agencies already monitor the status of individuals' credit accounts. Such organizations may offer their customers regular monthly communications by mail or electronic mail identifying new accounts established in the customer's name or with the customer's federal tax identification number since the last such communication.
Especially in categories (2) (3) and (4) above, transaction approval by a bank or other merchant processing or payment processing organization or network is often coupled with an automated risk detection processes and human follow-up, as when a credit card issuer's risk assessment system determines that an unexpectedly large, out-of-state purchase is “high risk” for a given account holder, and then provides that information to a customer service representative who may call the account holder's telephone to attempt to confirm the transaction's validity, typically after the fact, or to leave a message for the account holder that the card account is suspended pending the account holder's reply. It is often the case that the account holder's ability to judge what constitutes a fraudulent transaction conducted in his/her name considerably exceeds that of said risk assessment system and customer service representative. Despite this judgment-gap, today's account holders have, at best, only after-the-fact means available to them from their financial institutions, or from merchants, to audit transactions occurring in their name, including the opening, closing, and modification of accounts, or at-the-time means which involve significant new technologies and new processes to implement, learn, and use. In some cases the burden of implementing, learning and using falls on the merchant or other provider of goods, services, or funds, as well as the account holder.
Merchants subjected to fraudulent transactions are informed after the fact as well, when the true account holder disputes a transaction with his/her payments organization. In the case of credit card transactions, the merchant is then charged back for the value of the disputed transaction and may also be charged a dispute investigation fee, resulting in a loss of profits and goods.
Additional research and development in the payments industry has focused on adding encrypted identifying codes or digital certificates to credit cards via an embedded microprocessor (as in “smart cards”) or via software on a personal computer (“e-wallets”); and on physically printing unique numeric identification numbers or numeric passwords (such as CVV2/CVC2/CID codes) on credit cards. Said codes are a relatively recent security feature for use in “card-not-present” transactions and now appear on, for example, Visa, MasterCard, American Express and Discover cards. As of this writing, these codes are comprised of a three- or four-digit number which provides a cryptographic check of the information embossed on the card, called CVV2 (Visa, 3-digit), CVC2 (MasterCard, 3-digit), and CID (American Express, 4-digit, and Discover, 3-digit). These code values help validate two things: a) the customer has the physical credit card in his/her possession, and b) the card account is legitimate. CVV2/CVC2/CID data are printed only on the card; they are not contained in the magnetic stripe information per se, nor do they appear on sales receipts or statements. The use of these codes attempts to make it more difficult for a person who has stolen a credit card number, but not the actual card, to enter into fraudulent transactions, provided the other party or parties to such transactions have also invested in the requisite changes to their systems and processes to support the use of these codes.
The prior art attempts, with mixed results, to solve the common problem of how to authenticate and verify a transaction, such as purchase, funds transfer, account opening or closing or modification, etc., particularly when conducted remotely or electronically; how to authenticate and verify the relevant party or parties, and how to provide the earliest possible warning of fraud, with a high degree of accuracy and completeness and near-zero delay.
U.S. Pat. No. 6,182,894 to Hackett describes systems and methods to use CVV2/CVC2/CID values, in lieu of PIN codes, to verify that a consumer engaged in a point-of-sale (POS) transaction possesses the transaction card at the time of purchase and/or is the true card owner. The CVV2/CVC2/CID information is provided to the POS system as an additional authenticating datum, and if said datum matches what is stored in the relevant authorization system for the applicable card account number, and authorizing parameters are satisfied, authorization proceeds. If not, authorization is denied. Such systems and methods do not protect against card theft or hacking (should such CVV2/CVC2/CID data flow from the consumer to the merchant or card processor electronically, or are stored on an intermediate system), because they authenticate only that certain data from the physical card match data stored in the authorization system, without authenticating the identity of the card holder/user, and without verifying the intentions of the true card owner or other co-authorizing party (if different). Further, they do not provide the advantage of notification of the true card owner or other co-authorizing or auditing parties of the occurrence of a transaction, and in particular a high-risk transaction. Finally, such systems and methods also fail to provide for any additional automated data gathering, authentication, and verification for and by the party regarding the opening, closing, or modification of an account remotely.
U.S. Pat. No. 5,727,163 to Bezos describes a system and method for concluding a transaction by telephone that was initiated over the Internet. The purchaser dials a special telephone number associated with the transaction and provides his/her credit card number in full by dialing it on his/her touch-tone keypad (that is, using DTMF tones). Such a system and method have the advantage of partially isolating private payment information across two different communication links, but do not address the problem of notification or authentication of the legitimate account holders or other parties having a potential interest in the transaction, nor verification of the intent and approval of said legitimate account holders or other parties having approval authority for the transaction. Instead, they provide assurance solely to the purchaser that his/her private financial information need not be communicated in full through a network perceived to be insecure (that is, through the Internet). Such a system and method, which require purchasers to take additional proactive steps to complete remote transactions, have had limited adoption by consumers and merchants due to the complexity they add to all affected transactions. This system and method are further limited to collecting payment data, such as a credit card number, for processing by the merchant's point-of-sale or ordering system, under the purchasing party's control. They do not provide for any additional data gathering, authentication, and verification for and by the party attempting to collect payment or open, close, or modify an account remotely, nor for and by any third party whose approval is normally required to conclude the transaction.
U.S. Pat. No. 6,324,526 to D'Agostino describes a system and method for providing a transaction code, supplied case by case by the purchaser's financial institution, in lieu of a credit card number for a purchase transaction. As has been noted, systems and methods based on dummy transaction or account number codes have had limited consumer acceptance because of the complexity to set up and use them. Such systems and methods attempt to address only the security of the purchaser's account information, by eliminating exposure thereof to a third party over a network perceived to be insecure (that is, over the Internet). Nor do such systems and methods provide for any additional data gathering, authentication, and verification for and by the party attempting to collect payment or open, close, or modify an account remotely; nor for and by any third party whose approval is normally required to conclude the transaction.
U.S. Pat. No. 6,270,011 to Gottfried describes a system and method for coupling a fingerprint recognition device to a credit card scanner. As has been noted, systems and methods of this type have extremely narrow application because of the need for the affected parties' physical presence, the associated cost of implementation and on-going support, and general public concerns over personal privacy when biometric devices are employed. Systems and methods of this type attempt to address only authentication of a purchaser's identity, and ignore notification of a party or parties who may be subject to identity fraud or fraudulent transactions.
U.S. Pat. No. 6,341,724 to Campisano describes a system and method for using the telephone number of a credit card owner, plus a PIN code, as an alias for the actual card number in a credit card transaction. This system and method replace the account number with another sequence of digits which is not printed or encoded on the credit card itself. Systems and methods of this type are a variation on the concept of a dummy account number, per U.S. Pat. No. 6,324,526 to D'Agostino, and provide the benefit of allowing a purchaser to make a credit card purchase without having to remember his/her card number. However, such systems and methods do not provide protection against the use of stolen account information, nor against the use of stolen dummy account information such as said telephone number and PIN. They further require credit card users to learn a new process for making credit card purchases, and require system and rule changes by merchants to allow the purchaser's telephone number and PIN to be used in lieu of a card account number. For debit card transactions, the purchasers would further have to supply two PIN values, one for the debit card account, the other for encryption purposes. Nor do such systems and methods provide for any additional data gathering, authentication, and verification for and by the party attempting to collect payment or open, close, or modify an account remotely; nor for and by any third party whose approval is normally required to conclude the transaction.
U.S. Pat. No. 6,023,682 to Checchio describes a system and method for communicating a credit card number to a payment-authorizing computer system from a point-of-sale credit card terminal, using encryption where the key is a personal identification code (“PIC”) belonging to the card owner, and then verifying that the personal identification code matches that stored in the payment-authorizing computer system's memory. This system and method introduce the advantage of using personal information (such as a PIN code) to verify a card-user's identity, but also require changes to payment authorization systems and merchant's order-taking or payment-processing systems to implement, further require the purchaser to supply his/her personal identification code to the merchant, and have utility only at a physical point-of-sale, that is, in a non-remote transaction. Because the PIC is communicated through the same process and media as the transaction itself, said personal identification code, particularly for e-commerce transactions, is vulnerable to theft via hacking of the merchant's systems or interception of the merchant's communications to the payment-processing bank or applicable credit card processing network. Such systems and methods also fail to provide for any additional data gathering, authentication, and verification for and by any third party whose approval is normally required to conclude the transaction.
U.S. Pat. No. 6,088,683 to Jalili describes a method for customers to order goods from merchants on one network, such as the Internet, and then complete the purchase via a second network, such as the telephone network, using “Caller ID” service or a call-back to check the customer's telephone number as a form of proof of the customer's identity, and involving an independent processing center that receives the customer's financial information over the second network in advance and stores it for future reference. The merchant uses the second network to deliver transaction details and the customer's ID to the processing center, which then uses the second network to receive or initiate contact from/to to the customer to check his/her identity and his/her purchase intentions. Said method revises the method described in U.S. Pat. No. 5,727,163 to Bezos, by moving responsibility for the exchange of the customer's financial information from between the customer and merchant over a second network at the time of the transaction, as per Bezos, to between the customer and processing center over a second network in advance of the transaction. In Jalili, the processing center also performs the step of debiting and crediting the accounts of the customer and merchant, respectively. Therefore, the utility of this method is limited to cases wherein both a purchaser and a merchant are independently willing and able to establish an advance relationship with, exchange private information (such as account information for the purchaser and merchant processing information for the merchant) with, and allow debiting/crediting of their accounts by, such a processing center prior to entering into a purchase transaction between themselves. The method is also limited to purchases, and particularly to purchases involving a single customer and a single merchant. The need for a preparatory process occurring over the second network, the need to use the second network to perform all steps to prepare and conclude a transaction other than the step of the customer's placing of his/her order, and the need to establish a processing center, also limit the utility of this method. Because the purchaser does not actually supply his/her payment information to the merchant, the method further creates an opportunity for fraud perpetrated within processing center, stemming from its unique position of trust between the two other parties. If, however, the processing center is not independent of the merchant, then any utility derived from the separation of the processing center from the merchant, such as the assurance to the customer that his/her private account information need never be transmitted directly to the merchant, is lost. The method also adds the complication of the merchant having to provide a new and additional or alternative form of customer identification information to the processing center in order to receive a customer's payment. The method also fails to provide for any additional automated data gathering, authentication, and verification for and by a party regarding non-purchase transactions, such as the opening, closing, or modification of an account remotely; nor for and by any third party whose approval is normally required to conclude a purchase transaction. The method also fails to address purchases or non-purchase transactions initiated other than via a network. Lastly, the method requires a new sort of account to be established, namely, the customer's registration with the processing center.
Additional weaknesses and limitations of the prior art in general include:
Systems and methods of physical recognition: Such systems and methods require deployment, training, and support of a new purchaser and/or merchant transaction-processing infrastructure on a wide scale (such as deployment of biometric scanners and related interfaces to payment systems) and require the physical presence of purchaser to interact with that infrastructure to complete a transaction. This solution is therefore highly limited in the scope of its application.
Systems and methods using passwords and ID codes: Generally effective for ATM and debit card transactions, such systems and methods are not used widely for credit card transactions. Passwords and codes (such as PIN codes) remain subject to theft (as by Internet hacking, card “skimming”, identity theft, etc.). Once a password or ID code is compromised, no further safeguards are possible, and entirely new customer accounts must be created. Passwords and ID codes are not commonly used, supported and enforced by merchants for credit card purchases.
Systems and methods using CVV2/CVC2/CID codes: Systems and methods utilizing such codes are presently limited to credit card accounts only, do not protect against the loss or theft, such as by hacking, of credit or debit-and-credit cards or card account numbers along with such codes, and do not prevent the fraudulent creation or subsequent modification of an account.
Systems and methods using verification of private knowledge: Such systems and methods are vulnerable to theft of private information via hacking, and identity theft. This is particularly troublesome internationally, where the most common type of private knowledge checking in the U.S. for credit card transactions, namely, an account's billing addresses, is rarely possible today abroad.
Systems and methods using smart cards: While smart cards add password (PIN) features and can also create dummy credit card numbers usable for one transaction only, systems and methods utilizing smart cards require the installation and use of a smart card reader by the user, and have thus had limited adoption by consumers. These special features are further available only when purchases are made via the computing device where the smart card reader is installed.
Systems and methods using digital signature information (“E-Wallets”): As with smart cards, systems and methods for e-wallets require specialized software to be installed on the computing device of the e-wallet's owner, and therefore have not been widely adopted by consumers. Their features are likewise only available for purchases made via the computing device where such software is installed.
Other limitations and weaknesses in the prior art: Notification of a transaction, and any interaction with the actual party or parties who are truly authorized to conclude and approve it, as opposed to interaction with parties who are perpetrating fraud by representing themselves as said actual, authorized parties, is generally left unaddressed by the prior art. Notification or interaction which does occur in the prior art is typically after the fact, either by the actual, authorized party's reviewing his/her billing or account statements, by consulting his/her credit report via a credit reporting agency, or, if the payment processor (for example, the relevant credit card processor or bank) so determines, through a follow-up telephone call from a customer service representative of such credit card processor or bank, or through other messages delivered after the fact through a variety of basic communications media. These inherently after-the-fact processes do not interrupt or halt a fraudulent remote transaction before it is completed, nor can they halt additional fraudulent transactions (which may fit within a purchaser's normal risk profile) made quickly thereafter using the same account number or other identifying information. Prior art which attempts to address the objective of verification of a transaction before it is concluded adds prohibitive requirements for the establishment, registration with, and use of intermediaries such as processing centers between customers and merchants, fails to address the objectives of notification and approval of or by third-parties, and fails to address the class of transactions comprising the opening, closing, and modification of accounts.
It is desirable to verify and authenticate a transaction, and in particular a potentially risky transaction, without relying on the installation and use of new equipment by one or more of the parties having an interest in, involved in, or represented to be involved in, said transaction, nor requiring substantial alterations to existing processes or additional education and training for conducting such transactions, nor requiring new intermediary entities to be established. It is further desirable to do so in a manner that thwarts any potential party to such a transaction who attempts to authorize or enter into it fraudulently. It is further desirable for such verification and authentication to work even when the mechanisms, systems and methods described in the prior art may already be in use but still fail to protect fully against fraud, especially when fraud is perpetrated as a result of the theft of private information. This is especially important in the area of transactions conducted remotely, and in particular electronically. It is also desirable to notify automatically the actual party or parties having legitimate authority to approve or audit a transaction, whether directly engaged in such transaction or not, of the occurrence and/or details of said transaction. It is also desirable to be determine the behavior of any embodiment of a system and method for such notification, verification and authentication, through the use of stored profiles of parties and transaction types and other parameters, and also through profile information and other parameters which may be provided with and as part of an individual transaction.
The invention described herein provides a method and system for verifying, authenticating, and providing notification of a transaction, such as a commercial or financial transaction, with and/or to at least one party represented or identified as engaging in said transaction or having a potential interest in said transaction or type of transaction, in particular a remote or electronic transaction, while it occurs and/or after it occurs, via one or more of a plurality of communication links and communication addresses associated with said at least one party, so as to create a higher degree of certainty that the transaction is non-fraudulent than is possible using any of the prior art, without introducing significant delay in the completion of legitimate transactions, and without requiring implementation of new equipment or software, or learning of unfamiliar processes or technologies, or establishment and use of separate processing centers or other intermediaries.