Patent Application
20210056554
Authenticating customers for financial uses is too susceptible to fraud and/or is a cumbersome process. Oftentimes it is reliant on just a password that must be memorized by the customer and stored by the financial institution. Identity thieves are able to obtain the password and use them knowing the financial institution do not have another way to confirm a customer's identity. Further, trusting customers can be a cumbersome process for the financial institution. The financial institution may rely on costly background checks or the like. Such methods are inefficient and unreliable.
The following presents a simplified summary of the innovation in order to provide a basic understanding of some aspects of the innovation. This summary is not an extensive overview of the innovation. It is not intended to identify key/critical elements of the innovation or to delineate the scope of the innovation. Its sole purpose is to present some concepts of the innovation in a simplified form as a prelude to the more detailed description that is presented later.
The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of authenticating customers of a financial institution. A customer, e.g. a general banking customer or and officer, e.g., CEO (Chief Executive Officer) of a company involved in a financial transaction, may be authenticated, e.g. identity verified and known as a trusted customer, before consummation of a financial transaction.
In aspects of the innovation, a person to person concept is contemplated where a financial institution brokers a relationship with the customer, e.g. a client, or a friend to friend relationship. Multiple factors result in seamless authentication without use of a password. The factors can be grouped in, for example, three groupings: customer identity (e.g. as identified through social media), customer device, and geographic location. For example, a financial institution is able to identify the customer present in the room with his broker affiliated or associated with the financial institution. The customer could be authenticated based on identity and geographic location. The broker can be a distinct trusted broker or part of grouping of trusted persons, or other trusted entity, who is bound by a mobile device and/or close to an ATM/branch/store. Further identification aspects can include physical cameras and image recognition along with device location. It is to be understood that other biometric or contextual factors can be employed in alternative aspects. The amount of information that could be collected in the different identifying information categories for the one transaction or type of activity the customer is trying to perform can eliminate or otherwise alleviate a requirement of password or additional authentication requirements. Authentication can be based on past behavior, based on a combination of social media e.g. Facebook, LinkedIn, E-mail, and/or image recognition (e.g., biometrics) or the like.
In one exemplary aspect of the innovation, a method for authenticating a customer of a financial institution is provided. The method includes receiving an authentication request to authenticate a customer and receiving connections information relating to a customer. The method can further include generating a connections graph of the connections between the customer and a plurality of parties; identifying the customer; and authenticating the customer based at least in part on the connections graph and the identification.
In another example embodiment of the innovation, an authentication device for authenticating a customer for a financial institution is provided. The authentication device includes a connections component that receives connections and connections information relating to a customer. The authentication device further includes a graphing component that generates a connections graph of connections between the customer and a plurality of parties or entities. The authentication device includes a verification component that identifies the customer; and an authorization component that authenticates the customer based at least in part on the connections graph.
In yet another example embodiment, a computer readable medium having instructions to control one or more processors is provided. The processors are configured to receive an authentication request to authenticate a customer; identify a relationship between the customer and a broker employed by a financial institution using a first mobile device that is associated with the customer; determine the first mobile device is located near a second mobile device that is associated with a broker employed by a financial institution; and authenticate the customer based on the identified relationship and the determined nearness of the first mobile device to the second mobile device. The processors identify the relationship between the customer and the financial institution by being further configured to receive connections information relating to the customer; generate a connections graph of the connections information between the customer and a plurality of parties; and identify the broker as one party of the plurality of parties. The processors are further configured to determine the type of relationship between the customer and the broker; and identify the relationship as a trusted relationship. While a customer and broker are specifically used in the scenario described herein, it is to be understood and appreciated that most any two parties or entities can be used without departing from the spirit and/or scope of the innovation described herein.
In aspects, the subject innovation provides substantial benefits in terms of authentication and transactional security. One advantage resides in a more secure knowledge of the identity of a customer. Another advantage resides in the lack of need for a password to authenticate a customer.
To the accomplishment of the foregoing and related ends, certain illustrative aspects of the innovation are described herein in connection with the following description and the annexed drawings. These aspects are indicative, however, of but a few of the various ways in which the principles of the innovation can be employed and the subject innovation is intended to include all such aspects and their equivalents. Other advantages and novel features of the innovation will become apparent from the following detailed description of the innovation when considered in conjunction with the drawings.
Aspects of the disclosure are understood from the following detailed description when read with the accompanying drawings. It will be appreciated that elements, structures, etc. of the drawings are not necessarily drawn to scale. Accordingly, the dimensions of the same may be arbitrarily increased or reduced for clarity of discussion, for example.
The innovation is now described with reference to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the subject innovation. It may be evident, however, that the innovation can be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate describing the innovation.
As used in this application, the terms “component”, “module,” “system”, “interface”, and the like are generally intended to refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, or a computer. By way of illustration, both an application running on a controller and the controller can be a component. One or more components residing within a process or thread of execution and a component may be localized on one computer or distributed between two or more computers.
Furthermore, the claimed subject matter can be implemented as a method, apparatus, or article of manufacture using standard programming or engineering techniques to produce software, firmware, hardware, or any combination thereof to control a computer to implement the disclosed subject matter. The term “article of manufacture” as used herein is intended to encompass a computer program accessible from any computer-readable device, carrier, or media. Of course, many modifications may be made to this configuration without departing from the scope or spirit of the claimed subject matter.
While certain ways of displaying information to users are shown and described with respect to certain figures as screenshots, those skilled in the relevant art will recognize that various other alternatives can be employed. The terms “screen,” “web page,” “screenshot,” and “page” are generally used interchangeably herein. The pages or screens are stored and/or transmitted as display descriptions, as graphical user interfaces, or by other methods of depicting information on a screen (whether personal computer, PDA, mobile telephone, or other suitable device, for example) where the layout and information or content to be displayed on the page is stored in memory, database, or another storage facility.
With reference to
The authenticating or authentication sources 130 can include a primary connections network 140, a secondary connections network 150, contacts 160, and/or a database 170. While specific factors are shown and described herein to effect authentication, it is to be appreciated that additional and/or a subset of those shown can be employed in alternate embodiments and considered within the scope of this specification and claims appended hereto. In the example of
With reference to
The connections graphing component 220 accesses the connections information received by the connections component 210. The connections graphing component 220 generates a connections graph based on the connections information. The connections graph identifies relationships between the customer and a connection. Other components shown in
With reference to
In one embodiment, the trust level determination component 310 evaluates connections in each type of connection. For example, the trust level determination component 310 can identify the customer as being connected on the primary connections network 140 to the financial institution or a broker of the financial institution. As another example, the trust level determination component 310 can identify the customer as being connected on the secondary connections network 150 to another customer who is directly connected to the financial institution via the primary connections network 140. In one embodiment, each type of connection can be associated with a level of trust. In one embodiment, the evaluated connection is taken alone to determine the level of trust associated with the customer. In another embodiment, multiple connections can be aggregated to determine a single level of trust. In another embodiment, a customer that is connected to two trusted secondary connections is trusted equally as a customer that is connected to one primary connection.
With reference to
The institution location component 420 retrieves and/or stores the location of the financial institution and/or a broker or agent of the financial institution. The location can be stored locations for automated teller machines (ATM), financial institution branch locations, financial institution office locations, and/or the like. The location can be stored as GPS coordinates or the like. In one embodiment, the location can be that of a broker or agent of the financial institution. In this example, the location can be based up most any factors including, but not limited to, global positioning system (GPS) coordinates, Wi-Fi, triangulation, etc. In another embodiment, the institution location component 410 can retrieve the broker's location via the primary connections network. For example, the broker can be “checked in” at a location via a connections network, which can be used as the location of the broker. In one embodiment, the GPS coordinates and/or the location via the connections network can be used in tandem to verify one another. In one embodiment, the GPS coordinates are received from a mobile device of the broker.
The customer location history component 430 retrieves and/or stores previous location data of the customer. The previous location data can be stored a predetermined time period. The previous location data 430 can facilitate in verifying the customer identity and fraud protection. For example, the customer location history component 430 can detect and/or determine customer location changes that are not feasible. For example, the customer location history component 430 can detect large changes in the customer location in a relatively small amount of time which can be indicative of fraud.
The matching component 440 determines whether the customer location and the institution location are co-located, e.g. are within a maximum or threshold distance of one another such that it can be determined they are in the same place and intend to complete a transaction. In one embodiment, the matching component 440 receives the customer location from the customer location component 410 and the institution location from the institution location component 420 as GPS coordinates. The matching component 440 determines the distance between the two locations. The matching component 440 compares the distance between the two locations to a maximum distance. The maximum distance may be a predetermined value. In one embodiment, the maximum distance is specific to an institution branch, institution ATM, and/or the broker of the financial institution.
With reference to
The image recognition component 520 receives the imaging data from the imaging component 510. The image recognition component 520 analyzes the imaging data to confirm the customer is the person in the imaging data. The image recognition component 520 can use a known and/or confirmed picture of the customer to compare to the imaging data and confirm the customer's identity. In one embodiment, the known picture can be used from the customer's profile on a connections network, e.g. social media website. The image recognition component 520 can use any known image recognition algorithms.
The voice detection component 530 can confirm the customer's identity using voice detection algorithms. The voice detection component 530 can use a microphone to compare the customer's voice with a known recording of the customer's voice (e.g., voice print). The biometric component 540 can confirm the customer's identity using biometric matching algorithms and comparing the customer's biometric data with known biometric data of the customer. The storage component 550 can store the authentication data for verifying the customer's identity. The storage component 550 can include a database, hard disk drive, cloud storage, and/or the like.
In one embodiment, the authentication device 120 grants the authentication request to authenticate the customer for the financial transaction upon a verification of the customer identity and a determination the customer is co-located with the financial institution. In another embodiment, the authentication device 120 further verifies the customer's identity before granting the request.
With reference to
In aspects, method 600 can begin at 610 by receiving an authentication request. For example, a customer desires to complete a financial transaction using a financial institution. The customer and/or the financial institution may initiate an authentication request to authenticate the customer. In this specific example, the authenticating device is a mobile device of a broker employed by the financial institution. However, it is appreciated that the request may be received by an authentication device such as a computer, a mobile device and/or the like and used by the customer or the financial institution.
At 620, connections data is received. Continuing the example, the authenticating device, e.g. broker's mobile device, accesses the customer's social media profile to analyze the customer's connections, e.g. “friends,” “groups,” friends of friends, or the like. At 630, a connections graph or tree is generated of the customer's connections data to look for trusted connections to facilitate determining the customer can be trusted as part of the financial transaction. In the above example, the authenticating device searches for friends employed by (or in a trusted relationship with) the financial institution or friends that have already been authenticated and/or trusted by the financial institution. The common connections facilitate determining a trust level of the customer. At 640, the determination to trust (or not to trust) the customer is made. If no, the method 600 stops at 650 because the customer cannot be authenticated for the transaction. If yes, the method 600 proceeds.
At 660, location data of the customer is received. In one embodiment, the location data of the financial institution or broker is received. In another embodiment, the location data of the financial institution is already known and/or pre-loaded in a memory or the like. For example, the customer is determined to be a trusted customer through social media connections to the financial institution. The customer's mobile device sends location data of the customer to the authentication device. The authentication device then receives location data of the broker employed by the financial institution and determines the distance between the customer and the broker. At 670, if the determined distance is below a maximum or threshold distance, the customer is determined to be co-located with the broker. If the distance is above the maximum distance, the method 600 stops at 650 because the customer cannot be authenticated for the transaction.
At 680, the customer's identity may be verified. The identity may be verified using a known metric of the customer and an immediate or present metric of the customer. In the example, a customer's image can be captured from their mobile device and then used to compare against a known confirmed photo of the customer to verify the customer's identity. In another embodiment, video data from a surveillance camera in the institution can be used to capture image data of the customer.
At 690, the customer is authenticated for the transaction when the customer is trusted and co-located with the financial institution. In the example, the customer may proceed with the financial transaction without using a memorized password or key. The customer is authenticated by the financial institution by being socially connected with the financial institution and being in the presence of the financial institution.
Still another embodiment can involve a computer-readable medium comprising processor-executable instructions configured to implement one or more embodiments of the techniques presented herein. An embodiment of a computer-readable medium or a computer-readable device that is devised in these ways is illustrated in
With reference to
Generally, embodiments are described in the general context of “computer readable instructions” being executed by one or more computing devices. Computer readable instructions are distributed via computer readable media as will be discussed below. Computer readable instructions can be implemented as program modules, such as functions, objects, Application Programming Interfaces (APIs), data structures, and the like, that perform particular tasks or implement particular abstract data types. Typically, the functionality of the computer readable instructions can be combined or distributed as desired in various environments.
In these or other embodiments, device 802 can include additional features or functionality. For example, device 802 can also include additional storage such as removable storage or non-removable storage, including, but not limited to, magnetic storage, optical storage, and the like. Such additional storage is illustrated in
The term “computer readable media” as used herein includes computer storage media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions or other data. Memory 808 and storage 810 are examples of computer storage media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVDs) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by device 802. Any such computer storage media can be part of device 802.
The term “computer readable media” includes communication media. Communication media typically embodies computer readable instructions or other data in a “modulated data signal” such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” includes a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
Device 802 can include one or more input devices 814 such as keyboard, mouse, pen, voice input device, touch input device, infrared cameras, video input devices, or any other input device. One or more output devices 812 such as one or more displays, speakers, printers, or any other output device can also be included in device 802. The one or more input devices 814 and/or one or more output devices 812 can be connected to device 802 via a wired connection, wireless connection, or any combination thereof. In some embodiments, one or more input devices or output devices from another computing device can be used as input device(s) 814 or output device(s) 812 for computing device 802. Device 802 can also include one or more communication connections 816 that can facilitate communications with one or more other devices 820 by means of a communications network 818, which can be wired, wireless, or any combination thereof, and can include ad hoc networks, intranets, the Internet, or substantially any other communications network that can allow device 802 to communicate with at least one other computing device 820.
What has been described above includes examples of the innovation. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the subject innovation, but one of ordinary skill in the art may recognize that many further combinations and permutations of the innovation are possible. Accordingly, the innovation is intended to embrace all such alterations, modifications and variations that fall within the spirit and scope of the appended claims. Furthermore, to the extent that the term “includes” is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term “comprising” as “comprising” is interpreted when employed as a transitional word in a claim.
