Fraud protection for card transactions

US 5,311,594 A
Filed: 03/26/1993
Issued: 05/10/1994
Est. Priority Date: 03/26/1993
Status: Expired due to Term

First Claim

Patent Images

1. A method for use in authorizing a card transaction for a particular card, comprising the steps of:

prestoring a plurality of pieces of information supplied by a person authorized to charge card transactions for said particular card;

requesting, from a person engaged in a card transaction using said particular card, a piece of information, selected at random from one of said pieces of prestored information, said information being requested being indicated in said request by a description of its nature so that the correct response can not be deduced from the request without knowing the selected prestored piece of information; and

completing said transaction only if said requested information is correctly supplied.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The problems of fraud in card transactions can be reduced by, after requiring the person engaged in the card transaction to initially identify himself, such as by supplying a card number, a) requesting, the person to supply as authentication information either 1) a randomly selected piece of prestored information or 2) information derived from a randomly selected piece of prestored information; and b) completing the transaction only if the authentication information requested is correctly supplied. The authentication information requested is described in terms of its nature, i.e., what it represents, so that one can not deduce from the request the correct response without knowing the selected prestored piece of information. Since the authentication information is randomly determined for each card transaction, a thief will rarely, if ever, be able to successfully complete a card transaction simply by supplying, in response to a request, the same piece of authentication information last supplied by the authorized person. Each authorized person already knows the particular pieces of information that are prestored for him, e.g., birthdate of spouse, year of school graduation, and mother'"'"'s telephone number. Thus, he need exert no extra effort to remember them. If the pieces of prestored authentication information are various numbers they may be transmitted over a telephone network from a caller to the authorization system using currently available dial pads and DTMF signaling.

538 Citations

18 Claims

1. A method for use in authorizing a card transaction for a particular card, comprising the steps of:
- prestoring a plurality of pieces of information supplied by a person authorized to charge card transactions for said particular card;
  
  requesting, from a person engaged in a card transaction using said particular card, a piece of information, selected at random from one of said pieces of prestored information, said information being requested being indicated in said request by a description of its nature so that the correct response can not be deduced from the request without knowing the selected prestored piece of information; and
  
  completing said transaction only if said requested information is correctly supplied.
- View Dependent Claims (2, 3)
- - 2. The invention as defined in claim 1 wherein said request is secretly made to said person.
  - 3. The invention as defined in claim 1 wherein said randomly selected piece of information is selected so that the same piece of information is not selected for two successive requests.

4. A method for use in authorizing a card transaction to be charged to a particular card, comprising the steps of:
- prestoring a plurality of pieces of information supplied by a person authorized to charge card transactions for said particular card;
  
  requesting, from a person engaged in a card transaction using said card, authentication information that is derived from a randomly selected one of said prestored pieces of information, said randomly selected information from which said authentication information is derived being indicated in said request by a description of its nature so that the correct response can not be deduced from the request without knowing the selected prestored piece of information; and
  
  completing said transaction only if said requested information is correctly supplied.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 5. The invention as defined in claim 4 wherein said authentication information requested is the entirety of said randomly selected one of said prestored pieces of information.
  - 6. The invention as defined in claim 4 wherein said randomly selected piece of information is selected so that the same piece of information is not selected for two successive requests.
  - 7. The invention as defined in claim 4 wherein said authentication information is derived so that the same authentication information is not requested for two successive requests.
  - 8. The invention as defined in claim 4 wherein said request is secretly made to said person whereby said request is not detectable by any person other than said person.
  - 9. The invention as defined in claim 4 wherein said person engaged in said card transaction supplies said requested information as dual tone multi-frequency signals.
  - 10. The invention as defined in claim 4 wherein said person engaged in said card transaction supplies said requested information by speaking it.
  - 11. The invention as defined in claim 4 wherein each of said plurality of pieces of information supplied by said authorized person are sets of characters representing a particular item known to said person.
  - 12. The invention as defined in claim 11 wherein said authentication information derived from a randomly selected one of the stored pieces of information is a subset of a randomly selected one of said sets of characters.
  - 13. The invention as defined in claim 11 wherein said characters are digits.
  - 14. The invention as defined in claim 11 wherein said characters are representable by designated keys on a telephone dial pad.

15. A method for use in authenticating a requester who is requesting access to a resource, the method comprising the steps of:
- initially identifying said requester as a particular person; and
  
  completing the verification by(i) requesting that said requester supply a randomly selected piece of information from among a plurality of pieces of information that were prestored for said particular person, said information being requested being indicated in said request by a description of its nature so that the correct response can not be deduced from the request without knowing the selected prestored piece of information,(ii) comparing information supplied by said requester in response to said request with said randomly selected piece of information.
- View Dependent Claims (16, 17)
- - 16. The invention as defined in claim 15 including the further step of granting access to said resource if said information supplied by said requester matches said randomly selected piece of information.
  - 17. The invention as defined in claim 15 wherein said randomly selected piece of information is selected so that the same piece of information is not selected for two successive requests in which said particular person is initially identified.

18. A method for use in authorizing a card transaction for a particular card, comprising:
- storing a plurality of pieces of information supplied by a person authorized to charge card transactions for said particular card, said pieces of information being stored prior to any card transactions;
  
  requesting, from a person engaged in a card transaction using said card, a value derived from the value of a randomly selected one of the pieces of prestored information without indicating said requested value or said value of said randomly selected one of the pieces of prestored information to said person; and
  
  means for completing said transaction only if said requested information is correctly supplied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Telephone & Telegraph Company (AT&T, Inc.)
Original Assignee
AT&T, Inc.
Inventors
Penzias, Arno A.
Primary Examiner(s)
Cain, David C.

Application Number

US08/037,787
Time in Patent Office

410 Days
Field of Search

380/23, 380/24, 380/25
US Class Current

713/183
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G07C 9/21   having a variable access code

G07F 7/10   together with a coded signa...

G07F 7/1008   Active credit-cards provide...

Y10S 379/903   Password

Fraud protection for card transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

538 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Fraud protection for card transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

538 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others