Portable consumer device verification system

US 8,489,506 B2
Filed: 09/15/2010
Issued: 07/16/2013
Est. Priority Date: 06/19/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving an authorization request message associated with a payment transaction, by a server computer, wherein the authorization request message is generated after an interaction between a portable consumer device and an access device, wherein as a result of the interaction, the access device reads an account number and an expiration date associated with the portable consumer device;

after receiving the authorization request message, selecting an algorithm from among a plurality of algorithms associated with different types of portable consumer device fingerprinting systems using an algorithm identifier stored on a non-transitory computer readable medium of the server computer, wherein different types of portable consumer device fingerprinting systems are associated with different companies that each use their own proprietary algorithm in the access device to alter a fingerprint of a portable consumer device;

analyzing the authorization request message, using the server computer, for one or more characteristics of the portable consumer device or the access device to determine when a confidence threshold associated with the payment transaction is met or exceeded; and

when the confidence threshold is not exceeded, performing additional authentication processing, by the server computer, to authenticate the portable consumer device for the payment transaction.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for verifying a portable consumer device. The method includes receiving an authorization request message associated with a transaction conducted using a portable consumer device. The portable consumer device includes a portable consumer device fingerprint. The authorization request message includes an altered portable consumer device fingerprint and an algorithm identifier. The method also includes selecting an algorithm from among a plurality of algorithms using the algorithm identifier, determining the portable consumer device fingerprint using selected algorithm and the altered portable consumer device fingerprint, determining if the portable consumer device fingerprint matches a stored portable consumer device fingerprint, and sending an authorization response message after determining if the portable consumer device fingerprint matches the stored portable consumer device fingerprint.

263 Citations

26 Claims

1. A computer-implemented method comprising:
- receiving an authorization request message associated with a payment transaction, by a server computer, wherein the authorization request message is generated after an interaction between a portable consumer device and an access device, wherein as a result of the interaction, the access device reads an account number and an expiration date associated with the portable consumer device;
  
  after receiving the authorization request message, selecting an algorithm from among a plurality of algorithms associated with different types of portable consumer device fingerprinting systems using an algorithm identifier stored on a non-transitory computer readable medium of the server computer, wherein different types of portable consumer device fingerprinting systems are associated with different companies that each use their own proprietary algorithm in the access device to alter a fingerprint of a portable consumer device;
  
  analyzing the authorization request message, using the server computer, for one or more characteristics of the portable consumer device or the access device to determine when a confidence threshold associated with the payment transaction is met or exceeded; and
  
  when the confidence threshold is not exceeded, performing additional authentication processing, by the server computer, to authenticate the portable consumer device for the payment transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein the one or more characteristics of the portable consumer device include a particular portable consumer device used.
  - 3. The method of claim 1 wherein the one or more characteristics of the access device include a particular algorithm used to alter a portable consumer device fingerprint associated with the portable consumer device.
  - 4. The method of claim 3 wherein analyzing the authorization request message comprises analyzing at least one characteristic of the access device and at least one characteristic of the portable consumer device to determine when the confidence threshold is met or exceeded.
  - 5. The method of claim 4 wherein the one or more characteristics of the access device include a particular algorithm present in the access device.
  - 6. The method of claim 4 wherein the portable consumer device is a payment card.
  - 7. The method of claim 4 wherein the portable consumer device is a phone.
  - 8. The method of claim 4, wherein the method further comprises:
    - sending an authorization response message to a consumer without performing additional authentication processing when the confidence threshold is met.
  - 9. The method of claim 1 wherein the additional authentication processing comprises sending a consumer a message to a phone operated by the consumer or to an access device used to conduct the payment transaction, wherein the message indicates that the payment transaction is occurring.
  - 10. The method of claim 1, further comprises determining whether the profile of the payment transaction is deemed to be risky.
  - 11. The method of claim 1, wherein analyzing the authorization request message for the one or more characteristics of the portable consumer device further comprises determining whether there has been any recent suspicious payment transaction associated with the portable consumer device.
  - 12. The method of independent claim 1, wherein the authorization request message contains a particular algorithm identification associated with a Point of Sale terminal.
  - 13. The method of independent claim 1, wherein the authorization request message contains a particular algorithm identification associated with an altered portable consumer device fingerprint.
  - 14. The method of claim 1, wherein analyzing the authorization request message, using the server computer, encompasses one or more characteristics of the portable consumer device or the access device to determine when the confidence threshold associated with the payment transaction is met or exceeded is performed by a confidence assessment module stored on the computer.
  - 15. The method of claim 14, wherein the confidence assessment module generates a confidence assessment from type of the portable consumer device and type of algorithm used to encrypt the portable consumer device fingerprint.

16. A system comprising:
- means for receiving an authorization request message associated with a payment transaction, wherein the authorization request message is generated after an interaction between a portable consumer device and an access device, wherein as a result of the interaction, the access device reads an account number and an expiration date associated with the portable consumer device;
  
  means for selecting an algorithm, after receiving the authorization request message, from among a plurality of algorithms associated with different types of portable consumer device fingerprinting systems using an algorithm identifier, wherein different types of portable consumer device fingerprinting systems are associated with different companies that each use their own proprietary algorithm in the access device to alter a portable consumer device fingerprint;
  
  means for analyzing the authorization request message for one or more characteristics of the portable consumer device or the access device to determine when a confidence threshold associated with the payment transaction is met or exceeded; and
  
  means for performing additional authentication processing when the confidence threshold is not exceeded to authenticate the portable consumer device for the payment transaction.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16 wherein the one or more characteristics of the portable consumer device include a particular portable consumer device.
  - 18. The system of claim 16 wherein the one or more characteristics of the access device include a particular algorithm in the access device.
  - 19. The system of claim 16 wherein the means for analyzing the authorization request message comprises means for analyzing at least one characteristic of the access device and at least one characteristic of the portable consumer device.
  - 20. The system of claim 16 wherein the portable consumer device is a payment card.

21. A system comprising:
- a server computer comprising a processor; and
  
  a non-transitory computer readable medium coupled to the non-transitory computer readable medium, the non-transitory computer readable medium having computer readable program codes embodies therein for;
  
  receiving an authorization request message associated with a payment transaction, wherein the authorization request message is generated after an interaction between a portable consumer device and an access device;
  
  wherein as a result of the interaction, the access device reads an account number and an expiration date associated with the portable consumer device;
  
  after receiving the authorization request message, selecting an algorithm from among a plurality of algorithms associated with different types of portable consumer device fingerprinting systems using an algorithm identifier, wherein different types of portable consumer device fingerprinting systems are associated with different companies that each use their own proprietary algorithm in the access device to alter a fingerprint of a portable consumer device;
  
  analyzing the authentication request message for one or more characteristics of the portable consumer device or the access device to determine when a confidence threshold associated with the payment transaction is met or exceeded, andperforming additional authentication processing when the confidence threshold is not exceeded to authenticate the portable consumer device for the payment transaction.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The system of claim 21 further comprising the access device in operative communication with the server computer.
  - 23. The system of claim 22 wherein the access device is a POS terminal.
  - 24. The system of claim 21 wherein the one or more characteristics of the access device includes a particular algorithm that is used by the access device to encrypt data from the portable consumer device.
  - 25. The system of claim 21 wherein the one or more characteristics of the portable consumer device includes a particular portable consumer device.
  - 26. The system of claim 21, wherein the system further comprises an algorithm database including a plurality of algorithm identifications and a plurality of algorithms associated with one or more access devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Hammad, Ayman, Faith, Patrick
Primary Examiner(s)
Colbert, Ella
Assistant Examiner(s)
GREGG, MARY M

Application Number

US12/882,716
Publication Number

US 20110004526A1
Time in Patent Office

1,035 Days
Field of Search

705/44, 235/449, 235/380, 324/662, 324/690, 324/663
US Class Current

705/44
CPC Class Codes

G06Q 20/085   involving remote charge det...

G06Q 20/105   involving programming of a ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/204   comprising interface for re...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 2220/00   Business processing using c...

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3271   using challenge-response

Portable consumer device verification system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

263 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Portable consumer device verification system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

263 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links