Fraud analyst smart cookie

US 20070073630A1
Filed: 08/24/2006
Published: 03/29/2007
Est. Priority Date: 09/17/2004
Status: Active Grant

First Claim

Patent Images

1-15. -15. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A fraudulent business transaction application (FBTA) is provided in embodiments of the present invention for monitoring fraudulent transactions. When a consumer supplies account access information in order to carry out an Internet business transaction, the FBTA uses an online fraud mitigation engine to detect phishing intrusions and identity theft. Embodiments are also provided for calculating travel velocity and transaction frequency, which are useful for determining a fraudulent transaction. Further embodiments are provided for authenticating a transcation using a cookie stored on a client device and a behavior profile stored on a server.

262 Citations

25 Claims

1-15. -15. (canceled)

16. A method for authenticating a transaction performed by a user operating a client device which contains a cookie, the cookie including at least a first identifier associated with the client device, and wherein a behavior profile is associated with the user and stored on a server, the method comprising the steps of:
- a. performing a first comparison between one or more factors derived from the transaction and one or more factors stored in the behavior profile;
  
  b. performing a second comparison between the first device identifier and a second device identifier derived from the transaction;
  
  c. performing a third comparison between an IP address derived from the transaction and a plurality of IP addresses stored in the cookie; and
  
  d. authenticating the transaction based on the first comparison, the second comparison, and the third comparison.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The method of claim 16, wherein a factor is at least one of an access location, access date, access time, geographical location, domain information, network Id, connection type, one or more IP addresses, user name, email address, debit card number, credit card number, bank account number, social security number, HTTP header information, travel velocity, telephone number, area code, transaction frequency, operating system, processor identification number, natural language, host type, demographic information, or advertising information.
  - 18. The method of claim 16, wherein the behavior profile further comprises a unique identifier associated with the user.
  - 19. The method of claim 18, wherein the unique identifier is one of a user name, debit card number, credit card number, bank account number, or social security number.
  - 20. The method of claim 16, wherein the first device identifier and the second device identifier each comprise HTTP header information.
  - 21. The method of claim 16, wherein the contents of the cookie are encrypted.
  - 22. The method of claim 21, wherein a key to decrypt the cookie is stored in the behavior profile.
  - 23. The method of claim 22, further comprising the step of decrypting the contents of the cookie using the key.

24. A computer program product encoded in a computer readable medium, the program product for authenticating a transaction performed by a user operating a client device which contains a cookie, the cookie including at least a first identifier associated with the client device, and wherein a behavior profile is associated with the user and stored on a server, the program product encoded to perform the steps of:
- a. performing a first comparison between one or more factors derived from the transaction and one or more factors stored in the behavior profile;
  
  b. performing a second comparison between the first device identifier and a second device identifier derived from the transaction;
  
  c. performing a third comparison between an IP address derived from the transaction and a plurality of IP addresses stored in the cookie; and
  
  d. authenticating the transaction based on the first comparison, the second comparison, and the third comparison.

25. A system for authenticating a transaction, the system comprising:
- a. a client device operated by a user conducting a transaction with the client device, with one or more factors being derived from the transaction, an IP address being derived from the transaction, and wherein a second transaction identifier is derived from the transaction;
  
  b. a cookie stored on the client device, wherein the cookie includes at least a first identifier associated with the client device, and wherein the cookie includes a plurality of IP addresses; and
  
  c. a behavior profile stored on a server, the behavior profile including one or more factors associated with the user, wherein the transaction is authenticated by comparing the one or more factors derived from the transaction with the one or more factors in the behavior profile, comparing the first device identifier with the second device identifier, and comparing the IP address-derived from the transaction with the plurality of IP addresses stored in the cookie.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
David Helsper, Todd Greene
Original Assignee
David Helsper, Todd Greene
Inventors
Helsper, David, Greene, Todd

Granted Patent

US 7,673,793 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/80
CPC Class Codes

G06Q 20/102   Bill distribution or payments

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4016   involving fraud or risk lev...

G06Q 30/06   Buying, selling or leasing ...

G06Q 30/0603   Catalogue ordering

G06Q 40/08   Insurance

G06Q 50/188   Electronic negotiation

Fraud analyst smart cookie

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

262 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Fraud analyst smart cookie

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

262 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links