ONLINE CHALLENGE-RESPONSE
First Claim
1. A system for authenticating a consumer conducting a transaction, the system comprising:
- a challenge-response server computer, the challenge response server computer comprising modules capable of executing on the challenge-response server, the modules comprising;
a risk analyzer module configured to obtain a risk score for the transaction; and
a challenge optimizer module configured to generate an authentication challenge using the risk score, and configured to compare a response received from the consumer to an expected response, wherein the challenge-response server computer is configured to receive an enrollment request message and is configured to send an enrollment response message.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention enable cardholders conducting an online transaction to be authenticated in real-time using a challenge-response application. The challenge-response application can be administered by an issuer or by a third party on-behalf-of an issuer. A challenge question can be presented to the cardholder, and the cardholder'"'"'s response can be verified. The challenge question presented can be selected based on an analysis of the risk of the transaction and potentially other factors. A variety of dynamic challenge questions can be used without the need for the cardholder to enroll into the program. Additionally, there are many flexible implementation options of the challenge-response application that can be adjusted based on factors such as the location of the merchant or the location of the consumer.
458 Citations
21 Claims
-
1. A system for authenticating a consumer conducting a transaction, the system comprising:
a challenge-response server computer, the challenge response server computer comprising modules capable of executing on the challenge-response server, the modules comprising; a risk analyzer module configured to obtain a risk score for the transaction; and a challenge optimizer module configured to generate an authentication challenge using the risk score, and configured to compare a response received from the consumer to an expected response, wherein the challenge-response server computer is configured to receive an enrollment request message and is configured to send an enrollment response message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A computer implemented method of authenticating a consumer conducting a transaction with a merchant, the method comprising:
-
a) receiving a request for consumer authentication at a server computer, the request including information about the transaction being conducted and information on an account being used to conduct the transaction, wherein the server computer sends an authentication message to the merchant if the account can be authenticated; b) determining a risk score for the transaction at the server computer; c) if the account can be authenticated, sending an authentication challenge to the consumer when the risk score exceeds a threshold, the authentication challenge comprising a question whose response is static, dynamic or semi-dynamic; d) receiving a consumer response to the authentication challenge; e) comparing the consumer response to an expected response; and f) authenticating the consumer conducting the transaction when the expected response and the consumer response are substantially the same. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification