Multi-device transaction verification
First Claim
1. A method comprising:
- receiving, by a server computer, device information and a resource provider identifier from a portable communication device of a user, wherein the resource provider identifier was received by the portable communication device from a base station at a resource provider location identified by the resource provider identifier;
receiving, by the server computer and from an access device in a transaction, an authorization request message comprising a credential or a token; and
analyzing, by the server computer, the authorization request message to determine that the user of the portable communication device is also conducting the transaction at the access device,wherein the credential or the token is received by the access device from a portable transaction device, wherein the portable transaction device, the access device and the portable communication device are all at the resource provider location, and wherein the method further comprises after receiving the device information and the resource provider identifier, and before receiving from the access device the authorization request message;
electronically searching a database for the credential or the token using the device information;
hashing at least the resource provider identifier, and the credential or token, to form a cryptographic pattern; and
transmitting the cryptographic pattern to the portable communication device, which transfers the cryptographic pattern to the base station, and then to the access device.
1 Assignment
0 Petitions
Accused Products
Abstract
When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user'"'"'s portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.
68 Citations
14 Claims
-
1. A method comprising:
-
receiving, by a server computer, device information and a resource provider identifier from a portable communication device of a user, wherein the resource provider identifier was received by the portable communication device from a base station at a resource provider location identified by the resource provider identifier; receiving, by the server computer and from an access device in a transaction, an authorization request message comprising a credential or a token; and analyzing, by the server computer, the authorization request message to determine that the user of the portable communication device is also conducting the transaction at the access device, wherein the credential or the token is received by the access device from a portable transaction device, wherein the portable transaction device, the access device and the portable communication device are all at the resource provider location, and wherein the method further comprises after receiving the device information and the resource provider identifier, and before receiving from the access device the authorization request message; electronically searching a database for the credential or the token using the device information; hashing at least the resource provider identifier, and the credential or token, to form a cryptographic pattern; and transmitting the cryptographic pattern to the portable communication device, which transfers the cryptographic pattern to the base station, and then to the access device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A server computer comprising:
-
a processor; and a computer readable medium comprising code, executable by the processor, for implementing a method comprising; receiving device information and a resource provider identifier from a portable communication device of a user, wherein the resource provider identifier was received by the portable communication device from a base station at a resource provider location identified by the resource provider identifier; receiving from an access device in a transaction, an authorization request message comprising a credential or a token; and analyzing the authorization request message to determine that the user of the portable communication device is also conducting the transaction at the access device, wherein the credential or the token is received by the access device from a portable transaction device, wherein the portable transaction device, the access device and the portable communication device are all at the resource provider location, and wherein the method further comprises after receiving the device information and the resource provider identifier, and before receiving from the access device the authorization request message; electronically searching a database for the credential or the token using the device information; hashing at least the resource provider identifier, and the credential or token, to form a cryptographic pattern; and transmitting the cryptographic pattern to the portable communication device, which transfers the cryptographic pattern to the base station, and then to the access device. - View Dependent Claims (11, 12, 13, 14)
-
Specification