Detection of fraudulent attempts to initiate transactions using modified display objects
First Claim
Patent Images
1. A method of detecting fraudulent associate-based transactions, the method comprising:
- receiving a request for a display object from a browser of a user, said request identifying an item, an associate, and the user, and corresponding to a reference contained in an associate web page loaded by the browser;
responding to the request for the display object by at least (1) generating a token that corresponds to the associate, the user, and the item, wherein the correspondence between the token and said associate, user and item is not ascertainable by viewing the token, (2) generating an instance of the display object that provides a user-selectable link for performing a transaction associated with the item, wherein selection of the link causes a transaction request to be transmitted with the token and with identifiers of the item, the associate, and the user, and (3) sending the instance of the display object to the browser of the user for display within, or in conjunction with, the associate web page, said instance of the display object including said token, wherein generating a token that corresponds to the associate, user and item comprises at least one of the following;
(a) applying a one-way hash algorithm to identifiers of the item, user, and associate;
(b) encoding identifiers of the item, user, and associate within the token using a two-way encryption algorithm; and
(c) creating a lookup table entry that mares the token to the associate, item and user specified by the request for the display object;
receiving, from the browser of the user, a transaction request that includes a token and that identifies a user, item and associate; and
in response to receiving the transaction request from the browser of the user, determining whether the transaction request is valid at least in-part by determining, via execution of instructions by a computing device, whether the token received with the transaction request corresponds to the user, item and associate identified within the transaction request, said determination of whether the received token corresponds to the identified user, item and associate reflecting whether the instance of the display object has been fraudulently modified by changing the associate identifier, user identifier and/or item identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
A network-based payment service provides various features for facilitating online, user-to-user payments and item purchases. One feature involves methods for validating transaction requests initiated during browsing of third party web sites, including web sites of associates.
105 Citations
33 Claims
-
1. A method of detecting fraudulent associate-based transactions, the method comprising:
-
receiving a request for a display object from a browser of a user, said request identifying an item, an associate, and the user, and corresponding to a reference contained in an associate web page loaded by the browser; responding to the request for the display object by at least (1) generating a token that corresponds to the associate, the user, and the item, wherein the correspondence between the token and said associate, user and item is not ascertainable by viewing the token, (2) generating an instance of the display object that provides a user-selectable link for performing a transaction associated with the item, wherein selection of the link causes a transaction request to be transmitted with the token and with identifiers of the item, the associate, and the user, and (3) sending the instance of the display object to the browser of the user for display within, or in conjunction with, the associate web page, said instance of the display object including said token, wherein generating a token that corresponds to the associate, user and item comprises at least one of the following; (a) applying a one-way hash algorithm to identifiers of the item, user, and associate; (b) encoding identifiers of the item, user, and associate within the token using a two-way encryption algorithm; and (c) creating a lookup table entry that mares the token to the associate, item and user specified by the request for the display object; receiving, from the browser of the user, a transaction request that includes a token and that identifies a user, item and associate; and in response to receiving the transaction request from the browser of the user, determining whether the transaction request is valid at least in-part by determining, via execution of instructions by a computing device, whether the token received with the transaction request corresponds to the user, item and associate identified within the transaction request, said determination of whether the received token corresponds to the identified user, item and associate reflecting whether the instance of the display object has been fraudulently modified by changing the associate identifier, user identifier and/or item identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for enabling a user to conduct a transaction with a first web site operated by a first entity during browsing of a second web site operated by a second entity, said transaction being specific to an item, the system comprising:
-
an object generation system that is responsive to an object request from a computing device of the user by generating, and sending to the computing device, a display object for presentation to the user within, or in conjunction with, a web page of the second web site, said display object including encrypted information that corresponds to the second entity, the user, and the item, said display object being selectable by the user to cause a transaction request containing said encrypted information to be transmitted from the computing device of the user to the first web site, said object generation system comprising computer hardware; and a transaction request processing system that is responsive to the transaction request by using at least the encrypted information corresponding to the second entity, the user, and the item to determine whether the transaction request is valid, said transaction request processing system being part of the first web site; wherein the object generation system is operative to generate the encrypted information, at least in part, by applying a one-way hash function or a two-way encryption algorithm to identifiers of the second entity, user, and item, and the transaction request processing system is operative to perform a comparison to determine whether the encrypted information corresponds to said identifiers of the second entity, user, and item, said transaction request processing system thereby capable of detecting attempts by users to generate fraudulent transaction requests using modified versions of the display object. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification