Adaptive authentication options
First Claim
1. A method comprising:
- receiving, by a server computer, a transaction message relating to a request by a consumer to conduct a transaction using a portable consumer device associated with a payment account number;
determining, by the server computer, that the portable consumer device is enrolled in an authentication program that provides greater security for the consumer when the consumer conducts transactions using the portable consumer device, by contacting a directory server which sends a request to an access control server operated by an issuer of the payment account number to determine if the portable consumer device is enrolled in the authentication program and receives a response from the access control server;
analyzing, by the server computer, the transaction message to determine if the transaction is a specialized transaction, wherein the specialized transaction is a purchase transaction and involves a recurring payment, a micro-payment, or a one-step online payment;
determining that the transaction is the specialized transaction;
analyzing the transaction message, using the server computer, to determine if a re-authentication event has taken place or has not taken place by analyzing data in the transaction message against re-authentication events in a re-authentication event database;
determining that the re-authentication event has not taken place; and
in response to determining that the re-authentication event has not taken place, initiating an authorization request message comprising the payment account number and an amount of the transaction to the issuer of the payment account number for approval, using the server computer, without sending a re-authentication message to the consumer.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating a consumer for a portable consumer device is disclosed. One embodiment of the invention includes receiving a transaction message relating to a request by a consumer to conduct a transaction using a portable consumer device, wherein the consumer was previously enrolled in an authentication program and the consumer was previously authenticated, analyzing the transaction message to determine if a re-authentication event has taken place, causing a re-authentication message to be sent to the consumer before initiating an authorization request message to the issuer if the re-authentication event has taken place, and initiating the authorization request message to the issuer without sending the re-authentication message to the consumer if the re-authentication event has not taken place.
-
Citations
14 Claims
-
1. A method comprising:
-
receiving, by a server computer, a transaction message relating to a request by a consumer to conduct a transaction using a portable consumer device associated with a payment account number; determining, by the server computer, that the portable consumer device is enrolled in an authentication program that provides greater security for the consumer when the consumer conducts transactions using the portable consumer device, by contacting a directory server which sends a request to an access control server operated by an issuer of the payment account number to determine if the portable consumer device is enrolled in the authentication program and receives a response from the access control server; analyzing, by the server computer, the transaction message to determine if the transaction is a specialized transaction, wherein the specialized transaction is a purchase transaction and involves a recurring payment, a micro-payment, or a one-step online payment; determining that the transaction is the specialized transaction; analyzing the transaction message, using the server computer, to determine if a re-authentication event has taken place or has not taken place by analyzing data in the transaction message against re-authentication events in a re-authentication event database; determining that the re-authentication event has not taken place; and in response to determining that the re-authentication event has not taken place, initiating an authorization request message comprising the payment account number and an amount of the transaction to the issuer of the payment account number for approval, using the server computer, without sending a re-authentication message to the consumer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A server computer comprising a non-transitory computer readable medium storing a computer program containing instructions thereon for instructing the server computer to perform a method comprising the steps of:
-
receiving a transaction message relating to a request by a consumer to conduct a transaction using a portable consumer device associated with a payment account number; determining that the portable consumer device is enrolled in an authentication program that provides greater security for the consumer when the consumer conducts transactions using the portable consumer device, by contacting a directory server which sends a request to an access control server operated by an issuer of the payment account number to determine if the portable consumer device is enrolled in the authentication program and receives a response from the access control server; analyzing the transaction message to determine if the transaction is a specialized transaction, wherein the specialized transaction is a purchase transaction and involves a recurring payment, a micro-payment, or a one-step online payment; determining that the transaction is the specialized transaction; analyzing the transaction message to determine if a re-authentication event has not taken place by analyzing data in the transaction message against re-authentication events in a re-authentication event database; determining that the re-authentication event has taken place or has not taken place; and in response to determining that the re-authentication event has not taken place, initiating an authorization request message comprising the payment account number and an amount of the transaction to the issuer of the payment account number for approval, using the server computer, without sending a re-authentication message to the consumer. - View Dependent Claims (10, 11)
-
-
12. A system comprising:
-
(a) a server computer comprising a non-transitory computer readable medium storing a computer program containing instructions thereon for instructing the server computer to perform the steps of receiving a transaction message relating to a request by a consumer to conduct a transaction using a portable consumer device associated with payment account number, determining that the portable consumer device is enrolled in an authentication program that provides greater security for the consumer when the consumer conducts transactions using the portable consumer device, by contacting a directory server which sends a request to an access control server operated by an issuer of the payment account number to determine if the portable consumer device is enrolled in the authentication program and receives a response from the access control server, analyzing the transaction message to determine if the transaction is a specialized transaction, wherein the specialized transaction is a purchase transaction and involves a recurring payment, a micro-payment, or a one-step online payment, determining that the transaction is the specialized transaction, analyzing the transaction message to determine if a re-authentication event has taken place or has not taken place by analyzing data in the transaction message against re-authentication events in a re-authentication event database, determining that the re-authentication event has not taken place, and in response to determining that the re-authentication event has not taken place, initiating an authorization request message comprising the payment account number and an amount of the transaction to the issuer of the payment account number for approval, using the server computer, without sending a re-authentication message to the consumer; and (b) a client computer coupled to the server computer. - View Dependent Claims (13, 14)
-
Specification