Cardless challenge systems and methods

US 8,121,956 B2
Filed: 06/20/2008
Issued: 02/21/2012
Est. Priority Date: 06/25/2007
Status: Active Grant

First Claim

Patent Images

1. A method for authorizing a transaction between a consumer and a merchant, the method comprising:

receiving, at a server of a non-merchant entity, a consumer message directly from an access device used by the consumer, wherein the consumer message includes account information of an account of the consumer to be used for the transaction;

determining whether to send a challenge question to the consumer based on information collected from and about the access device;

providing, to a merchant server from the non-merchant server, code that is incorporated into an application page that is sent from the merchant to the consumer before the non-merchant server receives the consumer message, wherein the code sends the information about the access device to the non-merchant server;

subsequent to receiving the consumer message, sending, to the consumer from the non-merchant server, a challenge question;

receiving, at the non-merchant server from the consumer, a challenge answer to the challenge question; and

sending, to the merchant server from the non-merchant server, a funding message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and apparatus for handling and/or authorizing payment requests by a consumer for a transaction are provided. Challenge questions may be presented from the non-merchant to the consumer after receiving the payment information, thereby allowing a judicious determination of when to ask such challenge questions and allowing complex and probative questions. The time limit for such challenge questions may advantageously be unconstrained, while still preserving security. Also, a risk analysis may be started prior to the consumer submitting payment information, thus allowing an efficient and complex risk analysis. Information about an access device used by the consumer may be obtained at the non-merchant from the access device with code sent to the access device from the merchant, and the device information may be used in the risk analysis.

397 Citations

25 Claims

1. A method for authorizing a transaction between a consumer and a merchant, the method comprising:
- receiving, at a server of a non-merchant entity, a consumer message directly from an access device used by the consumer, wherein the consumer message includes account information of an account of the consumer to be used for the transaction;
  
  determining whether to send a challenge question to the consumer based on information collected from and about the access device;
  
  providing, to a merchant server from the non-merchant server, code that is incorporated into an application page that is sent from the merchant to the consumer before the non-merchant server receives the consumer message, wherein the code sends the information about the access device to the non-merchant server;
  
  subsequent to receiving the consumer message, sending, to the consumer from the non-merchant server, a challenge question;
  
  receiving, at the non-merchant server from the consumer, a challenge answer to the challenge question; and
  
  sending, to the merchant server from the non-merchant server, a funding message.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 3. The method of claim 1, wherein the challenge question is sent to a consumer device that is not the access device.
  - 4. The method of claim 3, wherein the consumer device is a mobile phone of the consumer and the access device is a point of sale terminal at a retail location associated with the merchant.
  - 5. The method of claim 1, further comprising:
    - sending an authorization request to an issuer of the account; and
      
      prior to sending the authorization request to the issuer of the account, sending the challenge question to the consumer.
  - 6. The method of claim 1 further comprising:
    - receiving transaction information about at least one of;
      
      the access device being used by the consumer to initiate the transaction, an amount of the transaction, and one or more items to be purchased in the transaction; and
      
      determining the challenge question based on the transaction information.
  - 7. The method of claim 1, further comprising:
    - after receiving the consumer message, selecting, by the non-merchant server, the challenge question to send to the consumer.
  - 8. The method of claim 1, wherein the information about the access device is received before the consumer message.
  - 9. The method of claim 1, further comprising:
    - initiating, at the non-merchant server, a risk analysis using the information about the access device;
      
      calculating a risk score based on the risk analysis; and
      
      using the risk score to determine whether to send the challenge question to the consumer.
  - 10. The method of claim 9, further comprising determining whether to deny the transaction based on the risk score.
  - 11. The method of claim 1, wherein the information about the access device includes at least one of:
    - a geographical location of the access device, an operating system of the access device, and a processor type of the access device.
  - 12. The method of claim 1, wherein the application page contains a plurality of payment mechanism options for the transaction, wherein a first subset of the payment mechanism options includes one or more first payment mechanisms, and wherein the code sends the information about the access device in response to one of the first payment mechanisms being selected by the consumer.

2. A system for authorizing a transaction between a consumer and a merchant, the system comprising:
- a server having an external interface that receives a consumer message directly from an access device used by the consumer, wherein the consumer message includes account information of an account of the consumer to be used for the transaction, and wherein the server is associated with a non-merchant entity;
  
  one or more processors; and
  
  one or more memory devices containing instructions that when executed by the one or more processors direct the one or more processors to;
  
  determine whether to send a challenge question to the consumer based on information collected from and about the access device;
  
  provide, to a merchant server from the non-merchant server, code that is incorporated into an application page that is sent from the merchant to the consumer before the non-merchant server receives the consumer message, wherein the code sends the information about the access device to the non-merchant server;
  
  send, to the consumer from the non-merchant server, a challenge question, wherein the challenge question is sent subsequent to receiving the consumer message at the non-merchant server;
  
  receive, at the non-merchant server from the consumer, a challenge answer to the challenge question; and
  
  send, to the merchant server from the non-merchant server, a funding message.

13. A system for authorizing a transaction between a consumer and a merchant, the system comprising:
- a server having an external interface that receives a consumer message directly from an access device used by the consumer, wherein the consumer message includes account information of an account of the consumer to be used for the transaction, and wherein the server is associated with a non-merchant entity;
  
  one or more processors; and
  
  one or more memory devices containing instructions that when executed by the one or more processors direct the one or more processors to;
  
  send, to the consumer from the non-merchant server, a challenge question, wherein the challenge question is sent subsequent to receiving the consumer message at the non-merchant server;
  
  determine whether to send a challenge question to the consumer based on information collected from and about the access device;
  
  receive, at the non-merchant server from the consumer, a challenge answer to the challenge question; and
  
  send, to a merchant server from the non-merchant server, a funding message.

14. A computer program product comprising a non-transitory computer readable medium storing a plurality of instructions that when executed by one or more processors direct the one or more processors to perform an operation for authorizing a transaction between a consumer and a merchant, the instructions comprising:
- receiving, at a server of a non-merchant entity, a consumer message directly from an access device used by the consumer, wherein the consumer message includes account information of an account of the consumer to be used for the transaction;
  
  determining whether to send a challenge question to the consumer based on information collected from and about the access device;
  
  providing, to a merchant server from the non-merchant server, code that is incorporated into an application page that is sent from the merchant to the consumer before the non-merchant server receives the consumer message, wherein the code sends the information about the access device to the non-merchant server;
  
  subsequent to receiving the consumer message, sending, to the consumer from the non-merchant server, a challenge question;
  
  receiving, at the non-merchant server from the consumer, a challenge answer to the challenge question; and
  
  sending, to the merchant server from the non-merchant server, a funding message.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The computer program product of claim 14, wherein the instructions further comprise repeating sending at least one challenge question and receiving at least one challenge answer.
  - 16. The computer program product of claim 14, wherein the challenge question is sent to a consumer device that is not the access device.
  - 17. The computer program product of claim 16, wherein the consumer device is a mobile phone of the consumer and the access device is a point of sale terminal at a retail location associated with the merchant.
  - 18. The computer program product of claim 14, wherein the instructions further comprise:
    - sending an authorization request to an issuer of the account; and
      
      prior to sending the authorization request to the issuer of the account, sending the challenge question to the consumer.
  - 19. The computer program product of claim 14 wherein the instructions further comprise:
    - receiving transaction information about at least one of;
      
      the access device being used by the consumer to initiate the transaction, an amount of the transaction, and one or more items to be purchased in the transaction; and
      
      determining the challenge question based on the transaction information.
  - 20. The computer program product of claim 14, wherein the instructions further comprise:
    - after receiving the consumer message, selecting, by the non-merchant server, the challenge question to send to the consumer.
  - 21. The computer program product of claim 14, wherein the information about the access device is received before the consumer message.
  - 22. The computer program product of claim 14, wherein the instructions further comprise:
    - initiating, at the non-merchant server, a risk analysis using the information about the access device;
      
      calculating a risk score based on the risk analysis; and
      
      using the risk score to determine whether to send the challenge question to the consumer.
  - 23. The computer program product of claim 22, wherein the instructions further comprise determining whether to deny the transaction based on the risk score.
  - 24. The computer program product of claim 14, wherein the information about the access device includes at least one of:
    - a geographical location of the access device, an operating system of the access device, and a processor type of the access device.
  - 25. The computer program product of claim 14, wherein the application page contains a plurality of payment mechanism options for the transaction, wherein a first subset of the payment mechanism options includes one or more first payment mechanisms, and wherein the code sends the information about the access device in response to one of the first payment mechanisms being selected by the consumer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Carlson, Mark, Keshan, Surendra, Faith, Patrick
Primary Examiner(s)
KUCAB, JAMIE R

Application Number

US12/143,394
Publication Number

US 20080319896A1
Time in Patent Office

1,341 Days
Field of Search

None
US Class Current

705/67
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/027   involving a payment switch ...

G06Q 20/10   specially adapted for elect...

G06Q 20/12   specially adapted for elect...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3227   using secure elements embed...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/4016   involving fraud or risk lev...

G06Q 30/06   Buying, selling or leasing ...

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 30/0613   Third-party assisted

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/03   Credit; Loans; Processing t...

Cardless challenge systems and methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

397 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Cardless challenge systems and methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

397 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links