System and method of fraud reduction
First Claim
Patent Images
1. A computerized method of authenticating a user participating in an electronic transaction, the method comprising:
- receiving, by a first computer, a request by a user on a second computer to participate in an electronic transaction;
obtaining, by the first computer, a transaction risk level related to the transaction;
comparing, by the first computer, the transaction risk level of the transaction to the obtained threshold risk level;
determining, by the first computer, whether the obtained transaction risk level of the transaction is less than the received threshold risk level or greater than the received threshold risk level;
based on the determining that the obtained transaction risk level of the transaction is less than the received threshold risk level, completing the user requested transaction;
based on the determining that the obtained transaction risk level of the transaction is greater than the received threshold risk level, the method further comprises;
generating a data element;
transmitting, by the first computer, the data element to said user via a first electronic communication channel;
receiving, by the first computer, the data element from the user via a second electronic communication channel;
determining, by the first computer, that the data element transmitted via the first communication channel matches the data element received via the second communication channel;
completing the electronic transaction by the user;
storing, by the first computer, a list of user IDs in a cookie;
sending, by the first computer, the cookie to the second computer;
determining, by the first computer, a successive login attempt by the user; and
based on the determining of successive login attempt, reading the cookie and checking a user ID of the user against the list of user IDs stored in the cookie.
15 Assignments
0 Petitions
Accused Products
Abstract
A system and method may allow for extending authentication to a two factor, out of band form, requiring an additional data element or code via a channel different from the channel used for the primary transaction, where the different channel has the attribute that it is difficult or costly to achieve many access points to it, and it is possible to limit the number of users associated with a particular access point to it.
244 Citations
19 Claims
-
1. A computerized method of authenticating a user participating in an electronic transaction, the method comprising:
-
receiving, by a first computer, a request by a user on a second computer to participate in an electronic transaction; obtaining, by the first computer, a transaction risk level related to the transaction; comparing, by the first computer, the transaction risk level of the transaction to the obtained threshold risk level; determining, by the first computer, whether the obtained transaction risk level of the transaction is less than the received threshold risk level or greater than the received threshold risk level; based on the determining that the obtained transaction risk level of the transaction is less than the received threshold risk level, completing the user requested transaction; based on the determining that the obtained transaction risk level of the transaction is greater than the received threshold risk level, the method further comprises; generating a data element; transmitting, by the first computer, the data element to said user via a first electronic communication channel; receiving, by the first computer, the data element from the user via a second electronic communication channel; determining, by the first computer, that the data element transmitted via the first communication channel matches the data element received via the second communication channel; completing the electronic transaction by the user; storing, by the first computer, a list of user IDs in a cookie; sending, by the first computer, the cookie to the second computer; determining, by the first computer, a successive login attempt by the user; and based on the determining of successive login attempt, reading the cookie and checking a user ID of the user against the list of user IDs stored in the cookie. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 17, 18, 19)
-
-
11. A system for authenticating an electronic transaction with a user, the system comprising:
-
a first computer having a processor; computer readable instructions stored on a non-transitory medium, which, when executed by the processor, causes the processor to perform the acts of; receiving, by the first computer, a request by a user on a second computer to participate in an electronic transaction; obtaining, by the first computer, a transaction risk level related to the transaction; comparing, by the first computer, the transaction risk level of the transaction to the obtained threshold risk level; determining, by the first computer, whether the obtained transaction risk level of the transaction is less than the received threshold risk level or greater than the received threshold risk level; based on the determining that the obtained transaction risk level of the transaction is less than the received threshold risk level, completing the user requested transaction; based on the determining that the obtained transaction risk level of the transaction is greater than the received threshold risk level, the method further comprises; generating a data element; transmitting, by the first computer, the data element to said user via a first electronic communication channel; receiving, by the first computer, the data element from the user via a second electronic communication channel; determining, by the first computer, that the data element transmitted via the first communication channel matches the data element received via the second communication channel; completing the electronic transaction by the user; storing, by the first computer, a list of user IDs in a cookie; sending, by the first computer, the cookie to the second computer; determining, by the first computer, a successive login attempt by the user; and based on the determining of successive login attempt, reading the cookie and checking a user ID of the user against the list of user IDs stored in the cookie. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification