Fraud protection for card transactions
First Claim
1. A method for use in authorizing a card transaction for a particular card, comprising the steps of:
- prestoring a plurality of pieces of information supplied by a person authorized to charge card transactions for said particular card;
requesting, from a person engaged in a card transaction using said particular card, a piece of information, selected at random from one of said pieces of prestored information, said information being requested being indicated in said request by a description of its nature so that the correct response can not be deduced from the request without knowing the selected prestored piece of information; and
completing said transaction only if said requested information is correctly supplied.
1 Assignment
0 Petitions
Accused Products
Abstract
The problems of fraud in card transactions can be reduced by, after requiring the person engaged in the card transaction to initially identify himself, such as by supplying a card number, a) requesting, the person to supply as authentication information either 1) a randomly selected piece of prestored information or 2) information derived from a randomly selected piece of prestored information; and b) completing the transaction only if the authentication information requested is correctly supplied. The authentication information requested is described in terms of its nature, i.e., what it represents, so that one can not deduce from the request the correct response without knowing the selected prestored piece of information. Since the authentication information is randomly determined for each card transaction, a thief will rarely, if ever, be able to successfully complete a card transaction simply by supplying, in response to a request, the same piece of authentication information last supplied by the authorized person. Each authorized person already knows the particular pieces of information that are prestored for him, e.g., birthdate of spouse, year of school graduation, and mother'"'"'s telephone number. Thus, he need exert no extra effort to remember them. If the pieces of prestored authentication information are various numbers they may be transmitted over a telephone network from a caller to the authorization system using currently available dial pads and DTMF signaling.
538 Citations
18 Claims
-
1. A method for use in authorizing a card transaction for a particular card, comprising the steps of:
-
prestoring a plurality of pieces of information supplied by a person authorized to charge card transactions for said particular card; requesting, from a person engaged in a card transaction using said particular card, a piece of information, selected at random from one of said pieces of prestored information, said information being requested being indicated in said request by a description of its nature so that the correct response can not be deduced from the request without knowing the selected prestored piece of information; and completing said transaction only if said requested information is correctly supplied. - View Dependent Claims (2, 3)
-
-
4. A method for use in authorizing a card transaction to be charged to a particular card, comprising the steps of:
-
prestoring a plurality of pieces of information supplied by a person authorized to charge card transactions for said particular card; requesting, from a person engaged in a card transaction using said card, authentication information that is derived from a randomly selected one of said prestored pieces of information, said randomly selected information from which said authentication information is derived being indicated in said request by a description of its nature so that the correct response can not be deduced from the request without knowing the selected prestored piece of information; and completing said transaction only if said requested information is correctly supplied. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for use in authenticating a requester who is requesting access to a resource, the method comprising the steps of:
-
initially identifying said requester as a particular person; and completing the verification by (i) requesting that said requester supply a randomly selected piece of information from among a plurality of pieces of information that were prestored for said particular person, said information being requested being indicated in said request by a description of its nature so that the correct response can not be deduced from the request without knowing the selected prestored piece of information, (ii) comparing information supplied by said requester in response to said request with said randomly selected piece of information. - View Dependent Claims (16, 17)
-
-
18. A method for use in authorizing a card transaction for a particular card, comprising:
-
storing a plurality of pieces of information supplied by a person authorized to charge card transactions for said particular card, said pieces of information being stored prior to any card transactions; requesting, from a person engaged in a card transaction using said card, a value derived from the value of a randomly selected one of the pieces of prestored information without indicating said requested value or said value of said randomly selected one of the pieces of prestored information to said person; and means for completing said transaction only if said requested information is correctly supplied.
-
Specification