System and method for preventing unauthorized access to financial accounts

US 10,296,874 B1
Filed: 12/23/2008
Issued: 05/21/2019
Est. Priority Date: 12/17/2007
Status: Active Grant

First Claim

Patent Images

1. A payment processor system comprising:

a processor; and

a tangible, non-transitory memory configured to communicate with the processor, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising;

receiving, by the payment processor system and from the vendor system, a funding account code and a request for a global external code,wherein the funding account code corresponds to the global external code and a vendor identifier,wherein the vendor system received the funding account code from a customer,wherein the vendor system does not retain the funding account code;

determining, by the payment processor system, the global external code based on the funding account code;

transmitting, by the payment processor system and to the vendor system, the global external code in response to the request;

receiving, by the payment processor system and from the vendor system, a transaction settlement request including transaction information and the global external code;

determining, by the payment processor system, an IP address of the vendor system based on the vendor identifier;

determining, by the payment processor system, that the IP address is on a list of authorized IP addresses;

authorizing, by the payment processor system, the transaction settlement request based on the IP address being on the list of authorized IP addresses and based on the global external code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system are provided for preventing unauthorized access to financial accounts. A financial services system creates and stores a global external number corresponding to a funding account number that is associated with a financial account. A vendor system requests the corresponding global external number from the financial services system, which returns the corresponding global external number. The vendor system stores the global external number with customer identification information and/or transaction records. The vendor system requests payments for transactions by supplying the global external number stored in a transaction record to the financial services system. The financial services system authenticates the vendor system, and returns the corresponding funding account number. The vendor system generates a transaction settlement request using the funding account number. If the vendor system is compromised, no financial accounts can be accessed, since the vendor system does not store funding account numbers.

92 Citations

View as Search Results

21 Claims

1. A payment processor system comprising:
- a processor; and
  
  a tangible, non-transitory memory configured to communicate with the processor, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising;
  
  receiving, by the payment processor system and from the vendor system, a funding account code and a request for a global external code,wherein the funding account code corresponds to the global external code and a vendor identifier,wherein the vendor system received the funding account code from a customer,wherein the vendor system does not retain the funding account code;
  
  determining, by the payment processor system, the global external code based on the funding account code;
  
  transmitting, by the payment processor system and to the vendor system, the global external code in response to the request;
  
  receiving, by the payment processor system and from the vendor system, a transaction settlement request including transaction information and the global external code;
  
  determining, by the payment processor system, an IP address of the vendor system based on the vendor identifier;
  
  determining, by the payment processor system, that the IP address is on a list of authorized IP addresses;
  
  authorizing, by the payment processor system, the transaction settlement request based on the IP address being on the list of authorized IP addresses and based on the global external code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system according to claim 1, wherein the payment processor system performs additional operations comprising:
    - establishing the funding account code as an authorized code that accesses funds from the financial account, andestablishing the global external code that is restricted from accessing the funds from the financial account.
  - 3. The system according to claim 1, wherein the payment processor system performs additional operations comprising receiving an encrypted file that includes the funding account code, and decrypting, by the processor, the encrypted file.
  - 4. The system according to claim 1, further comprising:
    - receiving, by the payment processor system and from the vendor system, a request for the funding account code to include with the transaction settlement request; and
      
      transmitting, by the payment processor system and to the vendor system, the funding account code.
  - 5. The system according to claim 1, wherein the payment processor system performs settlement operations comprising:
    - receiving the global external code as part of the transaction settlement request to obtain the funding account code associated with the global external code;
      
      transmitting the funding account code associated with the global external code;
      
      receiving, as part of the transaction settlement request, the transaction information that includes the funding account code and an amount; and
      
      charging the financial account associated with the funding account code based on the amount.
  - 6. The system according to claim 1, wherein the payment processor system performs settlement operations comprising:
    - receiving the global external code as part of the transaction settlement request to obtain the funding account code associated with the global external code;
      
      transmitting, by the processor, the funding account code associated with the global external code;
      
      receiving the transaction information that includes the funding account code and an amount; and
      
      crediting, as part of the transaction settlement request, the financial account associated with the funding account code based on the amount of the transaction information.
  - 7. The system according to claim 1, wherein the payment processor system performs additional operations comprising:
    - receiving a request for the funding account code associated with the global external code;
      
      receiving the transaction information that includes the funding account code, identification information, and an amount;
      
      accessing funding account information associated with the funding account code;
      
      determining whether the identification information is included in the funding account information associated with the funding account code;
      
      charging a funding account associated with the funding account code; and
      
      providing, by the processor, payment in the amount included in the transaction information if the identification information is included in the funding account information associated with the funding account code.
  - 8. The system of claim 1, further comprising:
    - associating, by the payment processor system, the global external code with the funding account code that corresponds to the financial account; and
      
      storing, by the payment processor system, the global external code in association with the funding account code,wherein the funding account code accesses funds from the financial account;
      
      wherein the global external code is restricted from accessing funds from the financial account.
  - 9. The system of claim 1, wherein the vendor system stores the global external code, without storing the funding account code.
  - 10. The system of claim 1, further comprising rejecting, by the payment processor system, an authorization of the funding account code, in response to the global external code being unauthorized.
  - 11. The system of claim 1, wherein the global external code is prevented from accessing the financial account due to the global external code having an invalid checksum appended to the global external code.
  - 12. The system of claim 1, wherein the global external code is prevented from accessing the financial account due to the global external code being restricted from being used based on the global external code being matched to a list of restricted numbers.
  - 13. The system of claim 1, wherein the global external code is prevented from accessing the financial account due to a number of digits in the global external code being recognized by the processor as incompatible with a transaction standard.
  - 14. The system of claim 1, wherein the global external code is prevented from accessing the financial account due to an arrangement of digits in the global external code being recognized by the processor as incompatible with a transaction standard.

15. A method comprising:
- receiving, by a payment processor system and from the vendor system, a funding account code and a request for a global external code,wherein the funding account code corresponds to the global external code and a vendor identifier,wherein the vendor system received the funding account code from a customer,wherein the vendor system does not retain the funding account code;
  
  determining, by the payment processor system, the global external code based on the funding account code;
  
  transmitting, by the payment processor system and to the vendor system, the global external code in response to the request;
  
  receiving, by the payment processor system and from the vendor system, a transaction settlement request including transaction information and the global external code;
  
  determining, by the payment processor system, an IP address of the vendor system based on the vendor identifier;
  
  determining, by the payment processor system, that the IP address is on a list of authorized IP addresses;
  
  authorizing, by the payment processor system, the transaction settlement request based on the IP address being on the list of authorized IP addresses and based on the global external code.
- View Dependent Claims (16)
- - 16. The method according to claim 15, further comprising:
    - establishing, by the payment processor system, the funding account code as an authorized code that accesses funds from the financial account;
      
      establishing, by the payment processor system, the global external code that is restricted from accessing the funds from the financial account via at least one of a checksum;
      
      storing, by payment processor system, the global external code in a list of numbers that are unauthorized for accessing the financial account or having at least one of a number of digits, a number of characters, an arrangement of the digits or an arrangement of the characters that prevents use of the global external code from accessing the financial account.

17. An article of manufacture including a non-transitory, tangible computer readable storage medium having instructions stored thereon that, in response to execution by a payment processor system, cause the payment processor system to perform operations comprising:
- receiving, by the payment processor system and from the vendor system, a funding account code and a request for a global external code,wherein the funding account code corresponds to the global external code and a vendor identifier,wherein the vendor system received the funding account code from a customer,wherein the vendor system does not retain the funding account code;
  
  determining, by the payment processor system, the global external code based on the funding account code;
  
  transmitting, by the payment processor system and to the vendor system, the global external code in response to the request;
  
  receiving, by the payment processor system and from the vendor system, a transaction settlement request including transaction information and the global external code;
  
  determining, by the payment processor system, an IP address of the vendor system based on the vendor identifier;
  
  determining, by the payment processor system, that the IP address is on a list of authorized IP addresses;
  
  authorizing, by the payment processor system, the transaction settlement request based on the IP address being on the list of authorized IP addresses and based on the global external code.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The article according to claim 17, further comprising:
    - receiving, by the payment processor system, the request from a vendor; and
      
      transmitting, by the payment processor system, the global external code to the vendor.
  - 19. The article according to claim 17, further comprising:
    - receiving, by the payment processor system, the global external code as part of the transaction settlement request to obtain the funding account code associated with the global external code;
      
      transmitting, by the payment processor system, the funding account code associated with the global external code;
      
      receiving, by the payment processor system and as part of the transaction settlement request, the transaction information that includes the funding account code and an amount; and
      
      charging, by the payment processor system, the financial account associated with the funding account code based on the amount.
  - 20. The article according to claim 17, further comprising:
    - receiving, by the payment processor system, the global external code as part of the transaction settlement request to obtain the funding account code associated with the global external code;
      
      transmitting, by the payment processor system, the funding account code associated with the global external code;
      
      receiving, by the payment processor system and as part of the transaction settlement request, the transaction information that includes the funding account code and an amount; and
      
      crediting, by the payment processor system, the financial account associated with the funding account code based on the amount of the transaction information.
  - 21. The article according to claim 17, further comprising:
    - receiving, by the payment processor system, a request for the funding account code associated with the global external code;
      
      receiving, by the payment processor system, the transaction information that includes a funding account code, identification information, and an amount;
      
      accessing, by the payment processor system, funding account information associated with the funding account code;
      
      determining, by the payment processor system, whether the identification information is included in the funding account information associated with the funding account code;
      
      charging, by the payment processor system, a funding account associated with the funding account code; and
      
      providing, by the payment processor system, payment in the amount included in the transaction information in response to the identification information being included in the funding account information associated with funding account code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Orth, Richard, Morgan, Priscilla M., Perez, Rafael T., Peart, Lee J.
Primary Examiner(s)
Baird, Edward J

Application Number

US12/343,178
Time in Patent Office

3,801 Days
Field of Search

705 35- 45
US Class Current
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/04   Payment circuits

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3821   Electronic credentials

G06Q 20/409   Device specific authenticat...

System and method for preventing unauthorized access to financial accounts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

92 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for preventing unauthorized access to financial accounts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links