Method and system for mitigating risk of fraud in internet banking
First Claim
Patent Images
1. A method, comprising:
- receiving from a remote site a request for access to an online banking site associated with a financial institution, said request having satisfied a first authentication requirement associated with a customer of the financial institution and said request having two or more attributes, wherein the attributes comprise at least a browser ID of the remote site;
employing a processor associated with a site to calculate, based at least in part on the two or more attributes, a plurality of scores, wherein the plurality of scores comprises two or more of a network score, a browser score, a time of day score, or a frequency score;
employing the processor associated with the site to calculate a composite score based at least in part on a weighted improbability measure for each of the plurality of scores or an average of the plurality of scores;
employing the processor associated with the site to calculate a custom-configured score, wherein the custom-configured score indicates an amount and a type of identity risk specified by the financial institution; and
mitigating the risk of fraud in online banking based at least in part on conditioning approval of the request on satisfaction of a second authentication requirement on whether the composite score exceeds the custom-configured score based at least in part on a report generated in real-time.
10 Assignments
0 Petitions
Accused Products
Abstract
A method and system are provided for mitigating the risk of fraud in Internet banking. In an embodiment comprising an end user seeking access to the Internet banking site of a financial institution, the end user having already satisfied a first authentication requirement (such as providing a valid user ID and password), the end user is required to satisfy a second authentication test when a measure of improbability associated with the login exceeds a threshold. The measure of improbability, in an embodiment, is based on the improbability of a combination of session statistics such as IP address, browser ID, hour of day, and time since the user'"'"'s last valid login.
38 Citations
20 Claims
-
1. A method, comprising:
-
receiving from a remote site a request for access to an online banking site associated with a financial institution, said request having satisfied a first authentication requirement associated with a customer of the financial institution and said request having two or more attributes, wherein the attributes comprise at least a browser ID of the remote site; employing a processor associated with a site to calculate, based at least in part on the two or more attributes, a plurality of scores, wherein the plurality of scores comprises two or more of a network score, a browser score, a time of day score, or a frequency score; employing the processor associated with the site to calculate a composite score based at least in part on a weighted improbability measure for each of the plurality of scores or an average of the plurality of scores; employing the processor associated with the site to calculate a custom-configured score, wherein the custom-configured score indicates an amount and a type of identity risk specified by the financial institution; and mitigating the risk of fraud in online banking based at least in part on conditioning approval of the request on satisfaction of a second authentication requirement on whether the composite score exceeds the custom-configured score based at least in part on a report generated in real-time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving from a remote site a request for access to an online banking site associated with a financial institution; employing a processor associated with a site to determine that the request is unusual based on the improbability of occurrence of a plurality of attributes of the request, wherein the plurality of attributes comprise at least a browser ID of the remote site, wherein determining that the request is unusual comprises; calculating, based at least in part on the plurality of attributes, a plurality of scores, wherein the plurality of scores comprises two or more of a network score, a browser score, a time of day score, or a frequency score, and calculating an improbability measure for each one of the network score, the browser score, the time of day score, and the frequency score, and wherein a composite score is calculated based at least in part on a weighted improbability measure for each of the plurality of scores or an average of the plurality of scores; and reporting the request to the financial institution; employing the processor associated with the site to calculate a custom-configured score, wherein the custom-configured score indicates an amount and a type of identity risk specified by the financial institution; and mitigating the risk of fraud in online banking based at least in part on conditioning approval of the request on whether the composite score exceeds the custom-configured score based at least in part on a report generated in real-time. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system, comprising:
a server comprising an authentication module wherein the authentication module includes instructions for; receiving from a remote site a request for access to an online banking site associated with a financial institution; mitigating the risk of fraud in online banking based at least in part on determining that the request is unusual based on the improbability of occurrence of a plurality of attributes of the request, wherein the plurality of attributes comprise at least a browser ID of the remote site, wherein determining that the request is unusual comprises; calculating, based at least in part on the plurality of attributes, a plurality of scores, wherein the plurality of scores comprises two or more of a network score, a browser score, a time of day score, and a frequency score, calculating a composite score based at least in part on a weighted improbability measure for each of the plurality of scores or an average of the plurality of scores, calculating a custom-configured score, wherein the custom-configured score indicates an amount and a type of identity risk specified by the financial institution, and conditioning approval of the request on whether the composite score exceeds the custom-configured score based at least in part on a report generated in real-time; and reporting the request to the financial institution. - View Dependent Claims (16)
-
17. A system, comprising:
-
a session statistics module that computes a plurality of scores based at least in part on session attributes associated with a request for access to an online banking web site associated with a financial institution, wherein the session attributes comprise at least a browser ID of a remote site, and the session statistics module further computes the plurality of scores, wherein the plurality of scores comprise two or more of a network score, a browser score, a time of day score, or a frequency score, a composite score based at least in part on a weighted improbability measure for each of the plurality of scores or an average of the plurality of scores, and a custom-configured score, wherein the custom-configured score indicates an amount and a type of identity risk specified by the financial institution; and an additional authorization module for mitigating the risk of fraud in online banking that requires satisfaction of two or more authentication requirements before allowing access to the online banking site, wherein at least one of the two or more authentication requirements comprises conditioning approval of the request on whether the composite score exceeds the custom-configured score based at least in part on a report generated in real-time. - View Dependent Claims (18)
-
-
19. A system, comprising:
-
a server comprising; a processor; and a memory containing instructions that are executed by the processor for; receiving from a remote site a request for access to an online banking site associated with a financial institution, said request having satisfied a first authentication requirement associated with a customer of the financial institution and said request having a plurality of attributes, wherein the plurality of attributes comprise at least a browser ID of the remote site; calculating a plurality of scores based at least in part on the plurality of attributes, wherein the plurality of scores comprises two or more of a network score, a browser score, a time of day score, or a frequency score; calculating a composite score based at least in part on a weighted improbability measure for each of the plurality of scores or an average of the plurality of scores; calculating a custom-configured score, wherein the custom-configured score indicates an amount and a type of risk specified by the financial institution; and mitigating the risk of fraud in online banking based at least in part on conditioning approval of the request on satisfaction of a second authentication requirement on whether the composite score exceeds the custom-configured score based at least in part on a report generated in real-time.
-
-
20. A computer readable storage medium comprising instructions for:
-
receiving from a remote site a request for access to an online banking site associated with a financial institution, said request having satisfied a first authentication requirement associated with a customer of the financial institution and said request having a plurality of attributes, wherein the plurality of attributes comprise at least a browser ID of the remote site; calculating a plurality of scores based at least in part on the plurality of attributes, wherein the plurality of scores comprises two or more of a network score, a browser score, a time of day score, or a frequency score; calculating a composite score, wherein the composite score is calculated based at least in part on a weighted improbability measure for each of the plurality of scores or an average of the plurality of scores; calculating a custom-configured score, wherein the custom-configured score indicates an amount and type of identity risk specified by the financial institution; and mitigating the risk of fraud in online banking based at least in part on conditioning approval of the request on satisfaction of a second authentication requirement on whether the composite score exceeds the custom-configured score based at least in part on a report generated in real-time.
-
Specification