Computer systems have evolved to the point where it is possible for a user to remotely access personal information via a computer. For example, one can check account balances, purchase securities, purchase goods and check the status of goods, and the like, through the use of a personal computer by using, for example, an Internet browser.
In providing services such as those listed above, it is desirable that certain types of information be accessible only by authorized users. For example, only the account holder should be able to access information regarding a bank account, be able to perform certain activities (e.g., transfers and withdrawals) on said bank account, or be able to purchase goods.
In the past, such security has typically been provided in the form of the combination of a user id and a password. For example, an account at a bank may be protected by having a user “log in” to the banking application by providing a user id and password. However, such a security system may not be as secure as desired. For example, if an unauthorized user were to become aware of the user id and password, the unauthorized user would then be able to access information and perform tasks that should be limited to a select group of people.
There are several problems with the above-described scenario. The association between a user ID and an account may become broken, resulting in a loss of on-line services.
For example, a user named John Smith may select, as a user ID, JSMITH1 and an associated password for use with a bank account. His brother, Joe Smith may select, as a user ID, JSMITH2 and an associated password for use with a brokerage account. After a few months of non-use, Joe Smith attempts to log-in to his brokerage account. Not remembering his user ID, he thinks his user ID is JSMITH1. After unsuccessful log-in attempts, he contacts customer service.
In the prior art, the typical method of customer service verifying the user would be to verify ownership of the account. After verifying several pieces of information with Joe Smith (e.g., social security number, mailing address, etc.), the customer service representative is convinced that Joe Smith is who he says he is and grants him access to his brokerage account using the name JSMITH1. When John Smith later tries to log-in, the same scenario may occur, as John Smith is no longer to use the JSMITH1 name that he established and contacts customer service to change the password. The result is that the JSMITH1 user ID becomes associated with both the accounts of John Smith and Joe Smith and customer service needs to intervene in order to grant the users their desired authorization level.
There is thus no system that accurately associates customer relationship and validates the ongoing integrity of the customer relationship. In particular, the prior art was solely concerned with verifying the ownership of the account, and not verifying the relationship between the user ID and the account. Such a problem may be exacerbated It is desirable to have a more robust method of managing user identities in a computerized system.