Systems and methods for providing risk based decisioning service to a merchant
First Claim
1. A transaction processing service (TPS) computing device for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, said TPS computing device comprising a processor communicatively coupled to a memory, said TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, said TPS computing device programmed to:
- receive, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction;
provide, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes;
transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder;
receiving, from the RBD computing device, the authentication risk score for the online payment card transaction;
determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within the memory;
when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and
when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, andwherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device;
receive, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option;
determine whether the authentication risk score is within the first risk score tier or the second risk score tier; and
process the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing device for providing risk-based decisioning to a merchant during payment card transactions is provided herein. The computing device is programmed to receive, from the merchant, transaction data associated with a payment card transaction. The computing device is further programmed to compute a risk score for the payment card transaction based at least in part on the transaction data and infrastructure data associated with the payment card transaction. The computing device is also programmed transmit an indication of acceptable risk to the merchant if the risk score satisfies a first pre-defined threshold. The computing device is still further programmed to initiate an authentication challenge of the suspect consumer if the risk score satisfies a second pre-defined threshold.
110 Citations
20 Claims
-
1. A transaction processing service (TPS) computing device for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, said TPS computing device comprising a processor communicatively coupled to a memory, said TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, said TPS computing device programmed to:
-
receive, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction; provide, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes; transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder; receiving, from the RBD computing device, the authentication risk score for the online payment card transaction; determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within the memory; when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, and wherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device; receive, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option; determine whether the authentication risk score is within the first risk score tier or the second risk score tier; and process the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination. - View Dependent Claims (2, 3, 4, 5, 16, 19, 20)
-
-
6. A computer-based method for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, the method implemented using a transaction processing service (TPS) computer device including a processor and a memory, the TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, said method comprising:
-
receiving, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction; providing, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes; transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder; receiving, from the RBD computing device, the authentication risk score for the online payment card transaction; determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within the memory; when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, and wherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device; receiving, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option; determining whether the authentication risk score is within the first risk score tier or the second risk score tier; and processing the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination. - View Dependent Claims (7, 8, 9, 10, 17)
-
-
11. At least one non-transitory computer-readable storage media having computer-executable instructions embodied thereon for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, wherein when executed by at least one processor of a transaction processing service (TPS) computing device, the TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, the computer-executable instructions cause the at least one processor to:
-
receive, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction; provide, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes; transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder; receiving, from the RBD computing device, the authentication risk score for the online payment card transaction; determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within a memory communicatively coupled to the at least one processor; when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, and wherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device; receive, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option; determine whether the authentication risk score is within the first risk score tier or the second risk score tier; and process the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination. - View Dependent Claims (12, 13, 14, 15, 18)
-
Specification