System and method for verification, authentication, and notification of transactions

Abstract

A system and method for verifying, authenticating, and providing notification of a transaction, such as a commercial or financial transaction, with and / or to at least one party identified as engaging in the transaction and / or identified as having a potential interest in the transaction or type of transaction, are provided. A central system accepts information regarding a transaction, including information about at least one party identified as engaging in the transaction, such as by a credit account number or Social Security number or merchant account number, and / or identified as having a potential interest in the transaction. Based on the information regarding the transaction and any supplemental information the central system determines, the central system communicates with and / or to at least one party and / or additional or alternative parties, via at least one communications device or system having a communications address, such as a telephone number or Short Message Service address, predetermined as belonging to the at least one party and / or additional or alternative parties. Via said communications, at least one party having an interest or a potential interest in the transaction may be notified of it, and may further be enabled or required to supply additional verifying or authenticating information to the central system. If the transaction was initiated or engaged in via a communications link, such as via the Internet, said communications preferably occur over at least one different communications link and / or protocol, such as via a wireless voice network. The central system may then compute a result based on the outcomes of said communications, and may then transmit the result to the user and / or to a second system or device.

Description

PARENT CASE TEST[0001]This application is a continuation (CON) application of U.S. patent application Ser. No. 10 / 354,609, filed Jan. 30, 2003, entitled “System and Method for Verification, Authentication, and Notification of a transaction,” which claims priority to U.S. Provisional No. 60 / 354,275 with filing date Feb. 4, 2002, both of which are incorporated herein by reference in their entireties.BACKGROUND OF THE INVENTION[0002]1. Field of the Invention[0003]The invention relates to fraud prevention and fraud “early warning” notifications for transactions, in particular remote and / or electronic transactions such as “e-commerce” and “m commerce” transactions wherein it is desirable to authenticate and verify one or more parties' identities and intentions before the transaction is concluded and / or to notify one or more parties of the occurrence of the transaction.[0004]2. Description of the Related Art[0005]In a transaction in which security is a concern, such as an electronically c...

AI Technical Summary

Benefits of technology

[0041]It is also an object of the invention to allow said communications to occur over a plurality of communications media and / or communications links, to increase the likelihood of successful and secure communication with and / or to said one or more parties;

[0049]In the preferred embodiment of the invention, the occurrence of communications with said at least one party and at least one of a plurality of communications devices and associated predetermined communications addresses known to belong to said at least one party, using at least one communications link other than the communications link used to initiate the transaction itself, isolates the transaction medium or environment from the notification and / or verification medium or environment, such that a very high degree of accuracy and completeness of authentication and verification can be achieved with a minimum of delay, and without requiring any new authentication / verification technologies to be implemented or learned by the transacting party or parties.

[0060]10. Avoiding intrusiveness in the consummation of the transaction, by eliminating the need to install and proactively use any new or unfamiliar equipment, software, processes, or purchasing methods by the party or parties having an interest in, involved in, or represented to be involved in the transaction;

[0065]Because each such interaction occurs with the actual owner / user of the communication device at a known and predefined communications address (such as his / her pre-verified wireless SIP address), if any party engaged in the transaction is not the owner / user of said predefined communications address, then 1) the interaction by definition alerts the actual owner / user to a fraudulent transaction in progress, and 2) the fraudulent owner / user is thwarted, because he / she will be physically unable to authenticate him / herself using the communications device found at said communications address. Further, even if the fraudulent party is able to obtain such a communications device belonging to the true owning / using party, the fraudulent party must still supply further authenticating information presumed to be known only to the actual owning using party. Preferably, the communications linkage employed for such interaction is different from the communications linkage used to initiate the transaction, thereby further limiting the potential for fraud and for the theft of private information.

[0066]Additional utility may be derived when the user of the invention is in the role of a financial services organization, such as a credit card issuer, payments-processing network, merchant processor or acquirer, employing the invention alongside or within its transaction-authorization and / or account-management processes and systems to reduce transactional risk for its merchant and / or consumer customers. Such financial services organizations already have, in the normal course of their business, advance knowledge of potential parties to transactions, including identifying information and other parameters about such parties which may include their account numbers and their contact information, such as home telephone numbers, e-mail addresses, and wireless device addresses; knowledge of transactions relating to their customers as they occur; and a presumed relationship of trust with said potential parties to transactions. Their advance knowledge and existing trust relationships minimize their effort to implement and widely deploy the invention for maximum utility. In addition to the fraud-reducing and fraud “early warning” benefit of the invention, financial services organizations may also benefit from improved customer relationships through increased value-adding contacts occurring as a result of the use of the invention, and from the resulting higher level of service provided, Financial service organizations that employ the invention may also benefit from the utility of a reduced perception by their consumer and merchant customers of the risks of conducting transactions electronically or remotely. Note that the additional utility to entities in the role of financial services organizations is not inherently limited to such entities, nor is it the only additional utility they may obtain. This and other additional utility may be also be obtained by other users, whether utilizing a similar or alternative embodiment of the invention.

Problems solved by technology

As regards question 3, the most relatively secure environment for purchase transactions remains a merchant's store, in which a buyer and seller can interact face to face, multiple forms of identification can be reviewed, and the opportunities for theft of private information are generally limited.

Here, the opportunities for fraud and the theft of private information are relatively high.

Further, there is a prevailing public perception that electronic purchasing environments (for example, virtual storefronts or Internet auctions) are inherently insecure in regard to the transmission and / or storage of private information.

In some cases the burden of implementing, learning and using falls on the merchant or other provider of goods, services, or funds, as well as the account holder.

In the case of credit card transactions, the merchant is then charged back for the value of the disputed transaction and may also be charged a dispute investigation fee, resulting in a loss of profits and goods.

Such systems and methods do not protect against card theft or hacking (should such CVV2 / CVC2 / CID data flow from the consumer to the merchant or card processor electronically, or are stored on an intermediate system), because they authenticate only that certain data from the physical card match data stored in the authorization system, without authenticating the identity of the card holder / user, and without verifying the intentions of the true card owner or other co-authorizing party (if different).

Further, they do not provide the advantage of notification of the true card owner or other co-authorizing or auditing parties of the occurrence of a transaction, and in particular a high-risk transaction.

Finally, such systems and methods also fail to provide for any additional automated data gathering, authentication, and verification for and by the party regarding the opening, closing, or modification of an account remotely.

Such a system and method have the advantage of partially isolating private payment information across two different communication links, but do not address the problem of notification or authentication of the legitimate account holders or other parties having a potential interest in the transaction, nor verification of the intent and approval of said legitimate account holders or other parties having approval authority for the transaction.

Such a system and method, which require purchasers to take additional proactive steps to complete remote transactions, have had limited adoption by consumers and merchants due to the complexity they add to all affected transactions.

This system and method are further limited to collecting payment data, such as a credit card number, for processing by the merchant's point-of-sale or ordering system, under the purchasing party's control.

They do not provide for any additional data gathering, authentication, and verification for and by the party attempting to collect payment or open, close, or modify an account remotely, nor for and by any third party whose approval is normally required to conclude the transaction.

As has been noted, systems and methods based on dummy transaction or account number codes have had limited consumer acceptance because of the complexity to set up and use them.

Nor do such systems and methods provide for any additional data gathering, authentication, and verification for and by the party attempting to collect payment or open, close, or modify an account remotely, nor for and by any third party whose approval is normally required to conclude the transaction.

As has been noted, systems and methods of this type have extremely narrow application because of the need for the affected parties' physical presence, the associated cost of implementation and on-going support, and general public concerns over personal privacy when biometric devices are employed.

However, such systems and methods do not provide protection against the use of stolen account information, nor against the use of stolen dummy account information such as said telephone number and PIN.

Nor do such systems and methods provide for any additional data gathering, authentication, and verification for and by the party attempting to collect payment or open, close, or modify an account remotely; nor for and by any third party whose approval is normally required to conclude the transaction.

Because the PIC is communicated through the same process and media as the transaction itself, said personal identification code, particularly for e-commerce transactions, is vulnerable to theft via hacking of the merchant's systems or interception of the merchant's communications to the payment-processing bank or applicable credit card processing network.

Such systems and methods also fail to provide for any additional data gathering, authentication, and verification for and by any third party whose approval is normally required to conclude the transaction.

Therefore, the utility of this method is limited to cases wherein both a purchaser and a merchant are independently willing and able to establish an advance relationship with, exchange private information (such as account information for the purchaser and merchant processing information for the merchant) with, and allow debiting / crediting of their accounts by, such a processing center prior to entering into a purchase transaction between themselves.

The method is also limited to purchases, and particularly to purchases involving a single customer and a single merchant.

The need for a preparatory process occurring over the second network, the need to use the second network to perform all steps to prepare and conclude a transaction other than the step of the customer's placing of his / her order, and the need to establish a processing center, also limit the utility of this method.

Because the purchaser does not actually supply his / her payment information to the merchant, the method further creates an opportunity for fraud perpetrated within processing center, stemming from its unique position of trust between the two other parties.

If, however, the processing center is not independent of the merchant, then any utility derived from the separation of the processing center from the merchant, such as the assurance to the customer that his / her private account information need never be transmitted directly to the merchant, is lost.

The method also adds the complication of the merchant having to provide a new and additional or alternative form of customer identification information to the processing center in order to receive a customer's payment.

The method also fails to provide for any additional automated data gathering, authentication, and verification for and by a party regarding non-purchase transactions, such as the opening, closing, or modification of an account remotely; nor for and by any third party whose approval is normally required to conclude a purchase transaction.

The method also fails to address purchases or non-purchase transactions initiated other than via a network.

Additional weaknesses and limitations of the prior art in general include:

This solution is therefore highly limited in the scope of its application.

Systems and methods using CVV2 / CVC2 / CID codes: Systems and methods utilizing such codes are presently limited to credit card accounts only, do not protect against the loss or theft, such as by hacking, of credit or debit-and-credit cards or card account numbers along with such codes, and do not prevent the fraudulent creation or subsequent modification of an account.

Systems and methods using verification of private knowledge: Such systems and methods are vulnerable to theft of private information via hacking, and identity theft.

This is particularly troublesome internationally, where the most common type of private knowledge checking in the U.S. for credit card transactions, namely, an account's billing addresses, is rarely possible today abroad.

Systems and methods using smart cards: While smart cards add password (PIN) features and can also create dummy credit card numbers usable for one transaction only, systems and methods utilizing smart cards require the installation and use of a smart card reader by the user, and have thus had limited adoption by consumers.

Systems and methods using digital signature information (“E-Wallets”): As with smart cards, systems and methods for e-wallets require specialized software to be installed on the computing device of the e-wallet's owner, and therefore have not been widely adopted by consumers.

Other limitations and weaknesses in the prior art: Notification of a transaction, and any interaction with the actual party or parties who are truly authorized to conclude and approve it, as opposed to interaction with parties who are perpetrating fraud by representing themselves as said actual, authorized parties, is generally left unaddressed by the prior art.

Prior art which attempts to address the objective of verification of a transaction before it is concluded adds prohibitive requirements for the establishment, registration with, and use of intermediaries such as processing centers between customers and merchants, fails to address the objectives of notification and approval of or by third-parties, and fails to address the class of transactions comprising the opening, closing, and modification of accounts.

Images