Systems and methods for providing risk based decisioning service to a merchant

US 10,614,452 B2
Filed: 05/22/2015
Issued: 04/07/2020
Est. Priority Date: 09/16/2014
Status: Active Grant

First Claim

Patent Images

1. A transaction processing service (TPS) computing device for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, said TPS computing device comprising a processor communicatively coupled to a memory, said TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, said TPS computing device programmed to:

receive, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction;

provide, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes;

transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder;

receiving, from the RBD computing device, the authentication risk score for the online payment card transaction;

determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within the memory;

when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and

when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, andwherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device;

receive, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option;

determine whether the authentication risk score is within the first risk score tier or the second risk score tier; and

process the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device for providing risk-based decisioning to a merchant during payment card transactions is provided herein. The computing device is programmed to receive, from the merchant, transaction data associated with a payment card transaction. The computing device is further programmed to compute a risk score for the payment card transaction based at least in part on the transaction data and infrastructure data associated with the payment card transaction. The computing device is also programmed transmit an indication of acceptable risk to the merchant if the risk score satisfies a first pre-defined threshold. The computing device is still further programmed to initiate an authentication challenge of the suspect consumer if the risk score satisfies a second pre-defined threshold.

110 Citations

View as Search Results

20 Claims

1. A transaction processing service (TPS) computing device for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, said TPS computing device comprising a processor communicatively coupled to a memory, said TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, said TPS computing device programmed to:
- receive, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction;
  
  provide, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes;
  
  transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder;
  
  receiving, from the RBD computing device, the authentication risk score for the online payment card transaction;
  
  determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within the memory;
  
  when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and
  
  when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, andwherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device;
  
  receive, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option;
  
  determine whether the authentication risk score is within the first risk score tier or the second risk score tier; and
  
  process the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination.
- View Dependent Claims (2, 3, 4, 5, 16, 19, 20)
- - 2. The TPS computing device of claim 1 further programmed to:
    - receive, from the merchant computing device, one or more additional risk scoring configuration parameters; and
      
      transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
  - 3. The TPS computing device of claim 2, wherein the one or more additional risk scoring configuration parameters include a first additional risk scoring configuration parameter defining the lower risk level, and a second additional risk scoring configuration parameter defining the higher risk level.
  - 4. The TPS computing device of claim 1, wherein the first checkout option further includes storing an indication of merchant liability for the online payment card transaction, and wherein the second checkout option further includes storing an indication of issuer liability for the online payment card transaction.
  - 5. The TPS computing device of claim 1 further programmed to:
    - receive, from an issuer of the payment card from the digital wallet, one or more additional risk scoring configuration parameters when the merchant selects the second checkout option; and
      
      transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
  - 16. The TPS computing device of claim 1, wherein the ACS computing device is associated with an issuer of the payment card from the digital wallet, and wherein said TPS computing device is associated with a payment transaction processing system that processes the online payment card transactions.
  - 19. The TPS computing device of claim 1 further programmed to receive, from the merchant computing device, one or more additional risk scoring configuration parameters including a transaction type parameter indicating whether to process each of a plurality of transaction types using the first checkout option or the second checkout option.
  - 20. The TPS computing device of claim 1, wherein when the authentication risk score indicates the higher risk level, the TPS computing device is further configured to:
    - receive, from the ACS computing device, an authentication challenge response including an indication of successful authentication of the suspect consumer and at least a portion of authentication data provided to the ACS computing device by the suspect consumer in response to the step-up challenge; and
      
      transmit, to the merchant computing device, an authentication response message including the indication of successful authentication of the suspect consumer and the portion of the authentication data provided to the ACS computing device by the suspect consumer, for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction.

6. A computer-based method for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, the method implemented using a transaction processing service (TPS) computer device including a processor and a memory, the TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, said method comprising:
- receiving, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction;
  
  providing, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes;
  
  transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder;
  
  receiving, from the RBD computing device, the authentication risk score for the online payment card transaction;
  
  determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within the memory;
  
  when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and
  
  when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, andwherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device;
  
  receiving, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option;
  
  determining whether the authentication risk score is within the first risk score tier or the second risk score tier; and
  
  processing the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination.
- View Dependent Claims (7, 8, 9, 10, 17)
- - 7. The method of claim 6 further comprising:
    - receiving, from the merchant computing device, one or more additional risk scoring configuration parameters; and
      
      transmitting the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
  - 8. The method of claim 7, wherein the one or more additional risk scoring configuration parameters include a first additional risk scoring configuration parameter defining the lower risk level and a second additional risk scoring configuration parameter defining the higher risk level.
  - 9. The method of claim 6, wherein the first checkout option further includes storing an indication of merchant liability for the online payment card transaction, and wherein the second checkout option further includes storing an indication of issuer liability for the online payment card transaction.
  - 10. The method of claim 6 further comprising:
    - receiving, from an issuer of the payment card from the digital wallet, one or more additional risk scoring configuration parameters when the merchant selects the second checkout option; and
      
      transmitting the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
  - 17. The method of claim 6, wherein the ACS computing device is associated with an issuer of the payment card from the digital wallet, and wherein the TPS computing device is associated with a payment transaction processing system that processes the online payment card transactions.

11. At least one non-transitory computer-readable storage media having computer-executable instructions embodied thereon for providing risk-based decisioning to a merchant for online payment card transactions initiated using a merchant website hosted by a merchant computing device associated with the merchant, wherein when executed by at least one processor of a transaction processing service (TPS) computing device, the TPS computing device in communication with the merchant computing device, a risk-based decisioning (RBD) computing device, and an access control server (ACS) computing device, the computer-executable instructions cause the at least one processor to:
- receive, from the merchant computing device, an authentication request including transaction data and infrastructure data, the transaction data associated with an online payment card transaction initiated by a suspect consumer accessing the merchant website with a user computing device, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, the infrastructure data including digital wallet data indicating characteristics of the accessing of the merchant website with the user computing device and whether a payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data for one or more historical payment card transactions, or had been used with the user computing device in one or more historical payment card transactions, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction, the authentication request generated by the merchant computing device in response to initiation of the online payment card transaction and generated by the merchant computing device to authenticate the suspect consumer as the privileged cardholder to the merchant for the purpose of the online payment card transaction, the authorization of the online payment card transaction being part of an authorization process, the authorization process being different from the authentication process, the authorization process used to confirm whether an account associated with the payment card has sufficient funds or credit to cover a transaction amount of the online payment card transaction;
  
  provide, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, wherein the first checkout option includes;
  
  transmitting the transaction data and the infrastructure data to the RBD computing device, the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data, the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of the payment card used from the digital wallet, wherein if the payment card stored in the digital wallet and used to initiate the online payment card transaction included cardholder authentication data or had been used with the user computing device in the one or more historical payment card transactions, the authentication risk score indicates a greater likelihood that the suspect consumer is the privileged cardholder;
  
  receiving, from the RBD computing device, the authentication risk score for the online payment card transaction;
  
  determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction by comparing the authentication risk score to a threshold level stored within a memory communicatively coupled to the at least one processor;
  
  when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; and
  
  when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, including transmitting a challenge request message to the ACS computing device, wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, andwherein the second checkout option includes authenticating the online payment card transaction using the ACS computing device;
  
  receive, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option;
  
  determine whether the authentication risk score is within the first risk score tier or the second risk score tier; and
  
  process the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination.
- View Dependent Claims (12, 13, 14, 15, 18)
- - 12. The computer-readable storage media of claim 11, wherein the computer-executable instructions further cause the at least one processor to:
    - receive, from the merchant computing device, one or more additional risk scoring configuration parameters; and
      
      transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
  - 13. The computer-readable storage media of claim 12, wherein the one or more additional risk scoring configuration parameters include a first additional risk scoring configuration parameter defining the lower risk level and a second additional risk scoring configuration parameter defining the higher risk level.
  - 14. The computer-readable storage media of claim 11, wherein the first checkout option further includes storing an indication of merchant liability for the online payment card transaction, and wherein the second checkout option further includes storing an indication of issuer liability for the online payment card transaction.
  - 15. The computer-readable storage media of claim 11, wherein the computer-executable instructions further cause the at least one processor to:
    - receive, from an issuer of the payment card from the digital wallet, one or more additional risk scoring configuration parameters when the merchant selects the second checkout option; and
      
      transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
  - 18. The computer-readable storage media of claim 11, wherein the ACS computing device is associated with an issuer of the payment card from the digital wallet, and wherein said TPS computing device is associated with a payment transaction processing system that processes the online payment card transactions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Tomasofsky, Christian P., Hubbard, Steve E., da Silva, Luis Felipe de Almeida Ferreira, Gerber, Johan, Salazar, Clara, Hafner, Michelle
Primary Examiner(s)
Vyas, Abhishek
Assistant Examiner(s)
Bianco, Dario

Application Number

US14/720,309
Publication Number

US 20160078436A1
Time in Patent Office

1,782 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2221/2103   Challenge-response

G06Q 10/0635   Risk analysis of enterprise...

G06Q 20/36   using electronic wallets or...

G06Q 20/363   with the personal data of a...

G06Q 20/3674   involving authentication

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/405   Establishing or using trans...

G06Q 20/407   Cancellation of a transaction

G06Q 20/409   Device specific authenticat...

G06Q 30/0229   Multi-merchant loyalty card...

Systems and methods for providing risk based decisioning service to a merchant

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

110 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing risk based decisioning service to a merchant

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links