System and method of fraud reduction

US 8,781,975 B2
Filed: 05/23/2005
Issued: 07/15/2014
Est. Priority Date: 05/21/2004
Status: Active Grant

First Claim

Patent Images

1. A computerized method of authenticating a user participating in an electronic transaction, the method comprising:

receiving, by a first computer, a request by a user on a second computer to participate in an electronic transaction;

obtaining, by the first computer, a transaction risk level related to the transaction;

comparing, by the first computer, the transaction risk level of the transaction to the obtained threshold risk level;

determining, by the first computer, whether the obtained transaction risk level of the transaction is less than the received threshold risk level or greater than the received threshold risk level;

based on the determining that the obtained transaction risk level of the transaction is less than the received threshold risk level, completing the user requested transaction;

based on the determining that the obtained transaction risk level of the transaction is greater than the received threshold risk level, the method further comprises;

generating a data element;

transmitting, by the first computer, the data element to said user via a first electronic communication channel;

receiving, by the first computer, the data element from the user via a second electronic communication channel;

determining, by the first computer, that the data element transmitted via the first communication channel matches the data element received via the second communication channel;

completing the electronic transaction by the user;

storing, by the first computer, a list of user IDs in a cookie;

sending, by the first computer, the cookie to the second computer;

determining, by the first computer, a successive login attempt by the user; and

based on the determining of successive login attempt, reading the cookie and checking a user ID of the user against the list of user IDs stored in the cookie.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method may allow for extending authentication to a two factor, out of band form, requiring an additional data element or code via a channel different from the channel used for the primary transaction, where the different channel has the attribute that it is difficult or costly to achieve many access points to it, and it is possible to limit the number of users associated with a particular access point to it.

244 Citations

19 Claims

1. A computerized method of authenticating a user participating in an electronic transaction, the method comprising:
- receiving, by a first computer, a request by a user on a second computer to participate in an electronic transaction;
  
  obtaining, by the first computer, a transaction risk level related to the transaction;
  
  comparing, by the first computer, the transaction risk level of the transaction to the obtained threshold risk level;
  
  determining, by the first computer, whether the obtained transaction risk level of the transaction is less than the received threshold risk level or greater than the received threshold risk level;
  
  based on the determining that the obtained transaction risk level of the transaction is less than the received threshold risk level, completing the user requested transaction;
  
  based on the determining that the obtained transaction risk level of the transaction is greater than the received threshold risk level, the method further comprises;
  
  generating a data element;
  
  transmitting, by the first computer, the data element to said user via a first electronic communication channel;
  
  receiving, by the first computer, the data element from the user via a second electronic communication channel;
  
  determining, by the first computer, that the data element transmitted via the first communication channel matches the data element received via the second communication channel;
  
  completing the electronic transaction by the user;
  
  storing, by the first computer, a list of user IDs in a cookie;
  
  sending, by the first computer, the cookie to the second computer;
  
  determining, by the first computer, a successive login attempt by the user; and
  
  based on the determining of successive login attempt, reading the cookie and checking a user ID of the user against the list of user IDs stored in the cookie.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 17, 18, 19)
- - 2. The method of claim 1, wherein the data element is a code.
  - 3. The method of claim 1, wherein one of the communication channels is the Internet.
  - 4. The method of claim 1, wherein the identity of one of the communication channels is provided by the user.
  - 5. The method of claim 1, wherein the one of the communication channels is a telephone connection.
  - 6. The method of claim 1, wherein one of the communication channels is an email connection.
  - 7. The method of claim 1, wherein transaction is a financial transaction.
  - 8. The method of claim 1, wherein one communication channel is the Internet and the other communication channel is a telephone connection.
  - 9. The method of claim 1, wherein the one of the communication channels is used to perform the transaction.
  - 10. The method of claim 1, comprising initiating contact with the user via the one of the communication channels.
  - 17. The method of claim 1, further comprising, prior to completing the electronic transaction:
    - checking whether an access point to the second communication channel is younger than a predetermined number of days; and
      
      invalidating the access point to the second communication channel in response to the access point being younger than the predetermined number of days.
  - 18. The method of claim 1, further comprising, on one of the successive login attempts, completing the requested transaction without using the second electronic communication channel after determining that the transaction risk level of the transaction is greater than the threshold risk level when the user ID of the user is found in the cookie.
  - 19. The method of claim 18, further comprising, on another of the successive login attempts, completing the requested transaction without using the second electronic communication channel after determining that the transaction risk level of the transaction is greater than the threshold risk level when the user of the second computer has successfully authenticated from the second computer in the recent past.

11. A system for authenticating an electronic transaction with a user, the system comprising:
- a first computer having a processor;
  
  computer readable instructions stored on a non-transitory medium, which, when executed by the processor, causes the processor to perform the acts of;
  
  receiving, by the first computer, a request by a user on a second computer to participate in an electronic transaction;
  
  obtaining, by the first computer, a transaction risk level related to the transaction;
  
  comparing, by the first computer, the transaction risk level of the transaction to the obtained threshold risk level;
  
  determining, by the first computer, whether the obtained transaction risk level of the transaction is less than the received threshold risk level or greater than the received threshold risk level;
  
  based on the determining that the obtained transaction risk level of the transaction is less than the received threshold risk level, completing the user requested transaction;
  
  based on the determining that the obtained transaction risk level of the transaction is greater than the received threshold risk level, the method further comprises;
  
  generating a data element;
  
  transmitting, by the first computer, the data element to said user via a first electronic communication channel;
  
  receiving, by the first computer, the data element from the user via a second electronic communication channel;
  
  determining, by the first computer, that the data element transmitted via the first communication channel matches the data element received via the second communication channel;
  
  completing the electronic transaction by the user;
  
  storing, by the first computer, a list of user IDs in a cookie;
  
  sending, by the first computer, the cookie to the second computer;
  
  determining, by the first computer, a successive login attempt by the user; and
  
  based on the determining of successive login attempt, reading the cookie and checking a user ID of the user against the list of user IDs stored in the cookie.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system of claim 11, wherein the data element is a code.
  - 13. The system of claim 11, wherein one communication channel is the Internet.
  - 14. The system of claim 11, wherein the identity of one of the communication channels is provided by the user.
  - 15. The system of claim 11, wherein one communication channel is a telephone connection.
  - 16. The system in claim 11, wherein the processor further performs the acts of limiting the number of users enabled to use a specific access point to one of the communication channels.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cyoia Inc., Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Bennett, Naftali, Golan, Lior, Rivner, Nira
Primary Examiner(s)
Hewitt, II, Calvin L

Application Number

US11/134,479
Publication Number

US 20050273442A1
Time in Patent Office

3,340 Days
Field of Search

705/67, 705/16, 705/21, 705/59, 705/71, 380/44, 380/262, 380/278, 380/279
US Class Current

705/67
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 2209/56   Financial cryptography, e.g...

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04L 9/3215   using a plurality of channe...

System and method of fraud reduction

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

244 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of fraud reduction

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

244 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links