Risk-based transaction authentication

US 9,171,306 B1
Filed: 03/29/2010
Issued: 10/27/2015
Est. Priority Date: 03/29/2010
Status: Active Grant

First Claim

Patent Images

1. Apparatus for authenticating a customer in a banking transaction between the customer and a banking services provider, the apparatus comprising:

an electronic processor module configured to;

calculate a plurality of channel-specific customer reference profile values for a customer, each channel-specific customer reference profile value being (1) associated with a different customer reference information channel and (2) based on one or more event variables from a plurality of banking transactions conducted via the customer reference information channel, wherein;

one of the customer reference information channels comprises an online banking services channel;

a channel-specific customer reference profile associated with the online banking services channel is based in part on;

a first event variable from a transaction conducted via the online banking services channel comprising an Internet Protocol address identifier, a device identifier or a cookie identifier; and

a second event variable from a transaction conducted via the online banking services channel comprising a dollar value of transaction, percentage of balance or transaction location;

determine a first prospective transaction profile value, wherein the first prospective transaction profile value is based on one or more event variables from a prospective banking transaction initiated in the name of the customer via one of the customer reference information channels,identify a first channel-specific customer reference profile value, the first channel-specific customer reference profile value corresponding to the customer reference information channel from the prospective banking transaction;

determine a difference between the first prospective transaction profile value and the first channel-specific customer reference profile value; and

generate a first risk score based on the difference between the first prospective transaction profile value and the first channel-specific customer reference profile value; and

an output device configured to output authentication test information, the authentication test information based on the first risk score and a threshold score, wherein the threshold score quantitatively corresponds to the likelihood of a fraudulent act;

wherein, when the first risk score exceeds the threshold score, the authentication test information is further configured to;

identify a second prospective transaction profile with a second risk score, the second risk score based on a difference between the second prospective transaction profile and a second channel-specific customer reference profile value, wherein the second risk score does not exceed the threshold score, wherein the customer reference information channel that corresponds to the second channel-specific customer reference profile value is not the same as the customer reference information channel that corresponds to the first channel-specific customer reference profile value; and

based on the second prospective transaction profile value, authenticate the transaction via the customer reference information channel that corresponds to the second channel-specific customer reference profile value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods for authorizing an exchange between a customer and a services provider. The apparatus may include an electronic processor that is configured to: (1) calculate a reference event profile; and (2) determine a difference between a prospective transaction profile and the reference event profile. The prospective transaction profile may be based on the initiation of a prospective transaction by an individual whose identity has not been verified. The reference event profile may be based on a plurality of customer events that correspond to one or many different customers. The apparatus may include an output device that is configured to output authentication test information that corresponds to the difference. The authentication test information may support a revised prospective transaction profile that is more similar to the reference event profile than is the initial prospective event profile.

73 Citations

View as Search Results

21 Claims

1. Apparatus for authenticating a customer in a banking transaction between the customer and a banking services provider, the apparatus comprising:
- an electronic processor module configured to;
  
  calculate a plurality of channel-specific customer reference profile values for a customer, each channel-specific customer reference profile value being (1) associated with a different customer reference information channel and (2) based on one or more event variables from a plurality of banking transactions conducted via the customer reference information channel, wherein;
  
  one of the customer reference information channels comprises an online banking services channel;
  
  a channel-specific customer reference profile associated with the online banking services channel is based in part on;
  
  a first event variable from a transaction conducted via the online banking services channel comprising an Internet Protocol address identifier, a device identifier or a cookie identifier; and
  
  a second event variable from a transaction conducted via the online banking services channel comprising a dollar value of transaction, percentage of balance or transaction location;
  
  determine a first prospective transaction profile value, wherein the first prospective transaction profile value is based on one or more event variables from a prospective banking transaction initiated in the name of the customer via one of the customer reference information channels,identify a first channel-specific customer reference profile value, the first channel-specific customer reference profile value corresponding to the customer reference information channel from the prospective banking transaction;
  
  determine a difference between the first prospective transaction profile value and the first channel-specific customer reference profile value; and
  
  generate a first risk score based on the difference between the first prospective transaction profile value and the first channel-specific customer reference profile value; and
  
  an output device configured to output authentication test information, the authentication test information based on the first risk score and a threshold score, wherein the threshold score quantitatively corresponds to the likelihood of a fraudulent act;
  
  wherein, when the first risk score exceeds the threshold score, the authentication test information is further configured to;
  
  identify a second prospective transaction profile with a second risk score, the second risk score based on a difference between the second prospective transaction profile and a second channel-specific customer reference profile value, wherein the second risk score does not exceed the threshold score, wherein the customer reference information channel that corresponds to the second channel-specific customer reference profile value is not the same as the customer reference information channel that corresponds to the first channel-specific customer reference profile value; and
  
  based on the second prospective transaction profile value, authenticate the transaction via the customer reference information channel that corresponds to the second channel-specific customer reference profile value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1 wherein the authentication test information corresponds to the customer reference information channel.
  - 3. The apparatus of claim 2 wherein:
    - the first prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via a banking center channel; and
      
      the second prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via a call center channel.
  - 4. The apparatus of claim 3 wherein the authentication test information identifies a call center authentication approach.
  - 5. The apparatus of claim 4 wherein the call center identification approach is selected based on the channel-specific customer reference profile value.
  - 6. The apparatus of claim 2 wherein:
    - the first prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via an online banking channel; and
      
      the second prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via a banking center channel.
  - 7. The apparatus of claim 6 wherein the banking center channel authentication approach is selected based on the channel-specific customer reference profile value.
  - 8. The apparatus of claim 7 wherein the authentication test information identifies a banking center channel authentication approach.
  - 9. The apparatus of claim 1 wherein, when the customer reference information channel is a primary customer reference information channel, the authentication test information identifies a secondary customer reference information channel for authentication of the customer.

10. One or more non-transitory computer-readable storage media storing computer-executable instructions which, when executed by a processor on a computer system, perform a method for authenticating a customer in a transaction between the customer and a banking services provider, the instructions comprising:
- a first set of instructions for using an electronic processor module to calculate a plurality of channel-specific customer reference profile values for a customer, each channel-specific customer reference profile value being (1) associated with a different customer reference information channel and (2) based on one or more event variables from a plurality of banking transactions conducted via the customer reference information channel, wherein;
  
  one of the customer reference information channels comprises an online banking services channel;
  
  a first event variable from a transaction conducted via the online banking services channel comprises an Internet Protocol address identifier, a device identifier or a cookie identifier; and
  
  a second event variable from a transaction conducted via the online banking services channel comprises a dollar value of transaction, percentage of balance or transaction location;
  
  a second set of instructions for using the electronic processor module to determine a first prospective transaction profile value, wherein the first prospective transaction profile value is based on one or more event variables from a prospective banking transaction initiated in the name of the customer via one of the customer reference information channels, wherein;
  
  a third set of instructions for using the electronic processor module to identify a first channel-specific customer reference profile value, the first channel-specific customer reference profile value corresponding to the customer reference information channel from the prospective banking transaction, and determine a difference between the first prospective transaction profile value and the first channel-specific customer reference profile value;
  
  a fourth set of instructions for using the electronic processor module to generate a first risk score based on the difference between the first prospective transaction profile value and the first customer reference profile value; and
  
  a fifth set of instructions for using an output device to output authentication test information that is based on the first risk score and a threshold score, wherein the threshold score quantitatively corresponds to the likelihood of a fraudulent act;
  
  wherein, when the first risk score exceeds the threshold score, the authentication test information is further configured to;
  
  identify a second prospective transaction profile value with a second risk score, the second risk score based on a difference between the second prospective transaction profile value and a second channel-specific customer reference profile value, wherein the second risk score does not exceed the threshold score, wherein the customer reference information channel that corresponds to the second channel-specific customer reference profile value is not the same as the customer reference information channel that corresponds to the first channel-specific customer reference profile value; and
  
  based on the second prospective transaction profile value, authenticate the transaction via the customer reference information channel that corresponds to the second channel-specific customer reference profile value.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The media of claim 10 wherein, in the method, the authentication test information corresponds to the customer reference information channel.
  - 12. The media of claim 11 wherein, in the method:
    - the first prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via a banking center channel; and
      
      the second prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via a call center channel.
  - 13. The media of claim 12 wherein, in the method, the authentication test information includes a customer telephone number from the call center channel.
  - 14. The media of claim 11 wherein, in the method:
    - the first prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via an online banking channel; and
      
      the second prospective transaction profile is based on an event variable from a prospective banking transaction initiated in the name of the customer via a banking center channel.
  - 15. The media of claim 14 wherein, in the method, the authentication test information includes a driver'"'"'s license number from the banking center channel.

16. A method for authenticating a customer in a transaction between the customer and a banking services provider, the method comprising:
- using an electronic processor module;
  
  calculating a plurality of channel-specific customer reference profile values for a customer, each channel-specific customer reference profile value being (1) associated with a different customer reference information channel and (2) based on one or more event variables from a plurality of banking transactions conducted via the customer reference information channel, a customer reference profile based on an event variable from a banking transaction conducted via a customer reference information channel, wherein;
  
  one of the customer reference information channels comprises an online banking services channel;
  
  a first event variable from a transaction conducted via the online banking services channel comprises an Internet Protocol address identifier, a device identifier or a cookie identifier; and
  
  a second event variable from a transaction conducted via the online banking services channel comprises a dollar value of transaction, percentage of balance or transaction location;
  
  determining a first prospective transaction profile value, wherein the first prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via one of the customer reference information channelsidentifying a first channel-specific customer reference profile value, the first channel-specific customer reference profile value corresponding to the customer reference information channel from the prospective banking transaction;
  
  determining a difference between the first prospective transaction profile value and the first channel-specific customer reference profile value; and
  
  ,generating a first risk score based on the difference between the first prospective transaction profile value and the first channel-specific customer reference profile value; and
  
  using an output device, outputting authentication test information that is based on the first risk score and a threshold score, wherein the threshold score quantitatively corresponds to the likelihood of a fraudulent act;
  
  wherein, when the risk score exceeds the threshold score, the authentication test information is further configured to;
  
  identify a second prospective transaction profile value with a second risk score, the second risk score based on a difference between the second prospective transaction profile value and a second channel-specific customer reference profile value, wherein the second risk score does not exceed the threshold score; and
  
  based on the second prospective transaction profile value, authenticate the transaction via the customer reference information channel that corresponds to the second channel-specific customer reference profile value.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16 wherein the authentication test information corresponds to the customer reference information channel.
  - 18. The method of claim 17 wherein:
    - the first prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via a banking center channel; and
      
      the second prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via a call center channel.
  - 19. The method of claim 18 wherein the authentication test information includes a customer telephone number from the call center channel.
  - 20. The method of claim 17 wherein:
    - the first prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via an online banking channel; and
      
      the second prospective transaction profile value is based on an event variable from a prospective banking transaction initiated in the name of the customer via a banking center channel.
  - 21. The method of claim 20 wherein the authentication test information includes a driver'"'"'s license number from the banking center channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
He, Xu, Leedy, Robert Timothy Jr., Inskeep, Todd, Shroyer, David, Schroth, George C.
Primary Examiner(s)
OUELLETTE, JONATHAN P

Application Number

US12/748,667
Time in Patent Office

2,038 Days
Field of Search

705/44, 705 11-912, 455/558, 235/380
US Class Current

1/1
CPC Class Codes

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/405   Establishing or using trans...

G06Q 30/0185   Product, service or busines...

Risk-based transaction authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

73 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Risk-based transaction authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links