Method, system and program product for authenticating a user seeking to perform an electronic service request
First Claim
1. A processor-implemented method for authenticating a user seeking to perform at least one electronic service request, said method comprising the steps of:
- verifying, by a processor, user identity data received from a user requesting at least one electronic service from a plurality of electronic services;
identifying, by the processor, a risk level for said at least one electronic service requested by said user, wherein identification of said risk level is based on a set of user profile data associated with said user;
storing, by the processor, a static challenge that comprises at least one of a plurality of subjective questions for said user, wherein said at least one subjective question requests a subjective answer that is based on a subjective opinion, about said user, from said user;
storing, by the processor, a dynamic challenge that comprises at least one of a plurality of objective questions for said user, wherein said at least one of said plurality of objective questions requests an objective answer that is based on a past financial transaction between said user and a financial institution;
issuing to said user, using a customer relationship management system, a challenge corresponding to said risk level identified for said at least one electronic service requested, wherein said challenge is either said static challenge if said risk level is determined to be low or said dynamic challenge if said risk level is determined to be high, wherein only one of said static challenge or said dynamic challenge is issued based on said risk level of said user, and wherein said issuing further comprises;
checking a set of user profile data associated with said user;
detecting whether or not any variances are found based on said set of user profile data associated with said user; and
identifying a risk level for said at least one electronic service request received based on whether or not said any variances are found; and
authorizing said at least one electronic service requested only if a correct response is received to either said static challenge or said dynamic challenge.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, system and program product for authenticating a user seeking to perform an electronic service request is provided. The method includes verifying user identity data received from a user requesting an electronic service, detecting whether or not any variances are found based on the set of user profile data associated with the user seeking to perform the electronic service requested, identifying the risk level for the electronic service based on whether or not any variances are found and any characteristics thereof, if any variances are found, applying one or more business policies or rules for handling any variances that are found. The method further includes issuing to the user, using a customer relationship management system, a challenge corresponding to the risk level identified for the electronic service requested, and authorizing the user to perform the electronic service requested only if a correct response is received to the challenge issued.
-
Citations
22 Claims
-
1. A processor-implemented method for authenticating a user seeking to perform at least one electronic service request, said method comprising the steps of:
-
verifying, by a processor, user identity data received from a user requesting at least one electronic service from a plurality of electronic services; identifying, by the processor, a risk level for said at least one electronic service requested by said user, wherein identification of said risk level is based on a set of user profile data associated with said user; storing, by the processor, a static challenge that comprises at least one of a plurality of subjective questions for said user, wherein said at least one subjective question requests a subjective answer that is based on a subjective opinion, about said user, from said user; storing, by the processor, a dynamic challenge that comprises at least one of a plurality of objective questions for said user, wherein said at least one of said plurality of objective questions requests an objective answer that is based on a past financial transaction between said user and a financial institution; issuing to said user, using a customer relationship management system, a challenge corresponding to said risk level identified for said at least one electronic service requested, wherein said challenge is either said static challenge if said risk level is determined to be low or said dynamic challenge if said risk level is determined to be high, wherein only one of said static challenge or said dynamic challenge is issued based on said risk level of said user, and wherein said issuing further comprises; checking a set of user profile data associated with said user; detecting whether or not any variances are found based on said set of user profile data associated with said user; and identifying a risk level for said at least one electronic service request received based on whether or not said any variances are found; and authorizing said at least one electronic service requested only if a correct response is received to either said static challenge or said dynamic challenge. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for authorizing a user to execute one or more electronic service requests, comprising:
an authentication module configured to authenticate user identity data received from a user seeking access to a host for executing one or more electronic service requests, said authentication module being configured to grant access to said host upon authentication of said user identity data; and a fraud detection module configured to monitor each electronic service request of said one or more electronic service requests received from said user having access granted to said host, said fraud detection module being configured to identify a risk level for said each electronic service request received from said user and to generate a challenge for said each electronic service request received from said user, said challenge corresponding to said risk level identified and corresponding to any associated business policies that may apply, such that said challenge generated is issued to said user by said authentication module, which authorizes said user to perform said each electronic service request if a correct response is received to said challenge issued, wherein said issuing comprises checking a set of user profile data associated with said user;
detecting whether or not any variances are found based on said set of user profile data associated with said user; and
identifying a risk level for said each electronic service request received based on whether or not said any variances are found, wherein said challenge is a static challenge if said risk level is determined to be low, wherein said challenge is a dynamic challenge if said risk level is determined to be high, wherein said static challenge comprises at least one of a plurality of subjective questions for said user, wherein said at least one of said plurality of subjective questions requests a subjective answer that is based on a subjective opinion, about said user, from said user, and wherein only one of said static challenge and said dynamic challenge is issued based on said risk level of said user.- View Dependent Claims (9, 10, 11, 12)
-
13. A computer program product for authenticating a user, said computer program product comprising:
-
a non-transitory computer readable medium; first program instructions to verify user identity data received from a user requesting at least one of a plurality of electronic services; second program instructions to identify a risk level for said at least one of said plurality of electronic services requested by said user, wherein identification of said risk level is based on a set of user profile data associated with said user; third program instructions to establish a static challenge that comprises at least one of a plurality of subjective questions for said user, wherein said at least one subjective question requests a subjective answer that is based on a subjective opinion, about said user, from said user; fourth program instructions to establish a dynamic challenge that comprises at least one of a plurality of objective questions for said user, wherein said at least one objective question requests an objective answer that is based on a past financial transaction between said user and a financial institution; fifth program instructions to issue to said user, using a customer relationship management system, a challenge corresponding to said risk level identified for said at least one electronic service requested, wherein said challenge is either said static challenge if said risk level is determined to be low or said dynamic challenge if said risk level is determined to be high, wherein only one of said static challenge and said dynamic challenge is issued based on said risk level of said user, and wherein said fifth program instructions further comprise instructions to check a set of user profile data associated with said user;
detect whether or not any variances are found based on said set of user profile data associated with said user; and
identify a risk level for said at least one electronic service request received based on whether or not said any variances are found; andsixth program instructions to authorize said at least one electronic service requested only if a correct response is received to either said static challenge or said dynamic challenge; and
wherein said first, second, third, fourth, fifth, and sixth program instructions are stored on said non-transitory computer readable medium. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A process for deploying computing infrastructure comprising integrating computer-readable code into a computing system, wherein said code in combination with said computing system is capable of performing a process for authenticating a user seeking access to a server for executing at least one electronic service, said process comprising:
-
authenticating, by a processor, user identity data received from a user seeking access to a host server to execute at least one electronic service; receiving, by the processor, a request from said user for said at least one electronic service; issuing, by the processor, to said user at least a first challenge corresponding to said at least one electronic service request received, said first challenge being selected from either a user-preset challenge group or a customer relationship management challenge group, wherein said first challenge is a static challenge if a risk level for accessing said at least one electronic service is determined to be low, and wherein said first challenge is a dynamic challenge if said risk level for accessing said at least one electronic service is determined to be high, wherein said static challenge comprises at least one of a plurality of subjective questions for said user, wherein said at least one subjective question requests a subjective answer that is based on a subjective opinion, about said user, from said user, and wherein only one of said static challenge or said dynamic challenge is issued based on said risk level of said user, and wherein said issuing further comprises; checking a set of user profile data associated with said user; detecting whether or not any variances are found based on said set of user profile data associated with said user; and identifying a risk level for said at least one electronic service request received based on whether or not said any variances are found; and authorizing, by the processor, said at least one electronic service request if a correct response is received to said at least first challenge issued. - View Dependent Claims (19, 20, 21, 22)
-
Specification