Personal computer systems are well known in the art. They have attained widespread use for providing computer power to many segments of today's modern society. Personal computers (PCs) may be defined as a desktop, floor standing, or portable microcomputer that includes a system unit having a central processing unit (CPU) and associated volatile and non-volatile memory, including random access memory (RAM) and basic input/output system read only memory (BIOS ROM), a system monitor, a keyboard, one or more flexible diskette drives, a CD-ROM or DVD-ROM drive, a fixed disk storage drive (also known as a “hard drive”), a pointing device such as a mouse, and an optional network interface adapter. One of the distinguishing characteristics of these systems is the use of a motherboard or system planar to electrically connect these components together. The use of mobile computing devices, such as notebook PCs, personal digital assistants (PDAs), sophisticated wireless phones, etc., has also become widespread. Mobile computing devices typically exchange some functionality or performance when compared to traditional PCs in exchange for smaller size, portable power, and mobility.
The widespread use of PCs and mobile computing devices in various segments of society has resulted in a reliance on computer systems both at work and at home, such as for telecommuting, news, stock market information and trading, banking, shopping, shipping, communication in the form of hypertext transfer protocol (http) and e-mail, as well as other services. Many of these functions take advantage of the communication abilities offered by the Internet or other networks, such as local area networks. One function that continues to grow in importance is Internet-based commerce (also known as e-commerce or on-line commerce) where consumers purchase goods or services from businesses via an Internet connection. Typically, a consumer may utilize a browser or other interface on their PC or other device to select a product or service for purchase from a website (i.e., e-commerce site) operated by the business. While Internet commerce continues to dramatically rise in importance to both businesses and consumers, fraudulent behavior slows adoption of Internet commerce and costs both businesses and consumers time, money, and other resources. Hackers conduct Internet fraud by hijacking accounts (i.e., stealing account information) and performing tasks with the stolen account information, improperly acquiring goods, services, or money. Hackers can hijack accounts by many methods, including “phishing” (fraudulently acquiring account information by pretending to be a trustworthy source), spyware, insider information, compromised data sources at the commerce location, or other methodologies. Automated programs also exist that try to replicate the actions of users for fraudulent or other improper purposes.
Many solutions have been developed to detect and combat Internet commerce fraud by businesses, browser developers, and others, but all have failed to provide an effective and efficient solution. One solution is to require authentication is to require a user id and password to complete a transaction, but such authentication by itself is subject to hijacking by the means described previously. One known solution is to require a security code (a three or four digit non-imprinted number on a credit card) with every on-line purchase in addition to password authentication, but this solution provides no protection for phishing as the code will typically be entered during the phishing process along with other account information. Another solution is to also require operator ‘call back’ to authenticate the purchaser, but phone numbers can be quickly setup and taken down with no audit trail with Voice over Internet Protocol (VOIP) accounts, especially if a VoIP account is hijacked. Moreover, this solution significantly increases the expense to businesses as it requires a live person to make phone calls. Customer satisfaction is also reduced with this solution as the customer must be near a phone to receive a call back and, for purchased goods, is not treated to the instant satisfaction of their purchase.
Automated programs present additional challenges of authentication and for Internet commerce fraud. In addition to the previous solutions, one solution to prevent automated programs from improperly interacting with websites is to use CAPTCHA (“Complete Automated Public Turing test to tell Computers and Humans Apart”) technology which presents users with an image of distorted, obscured letters and requires them to type those letters before they are allowed to continue. Because the text is obscured, it prevents simple character recognition programs from decoding the image into letters and prevents automated programs from proceeding. However, advanced algorithms can now defeat CAPTCHA systems in the vast majority of cases (some reports indicate that the system can now be defeated 90% of the time or more). There is, therefore, a need for an efficient and effective system to detect fraud by either humans or automated programs during Internet commerce sessions.