Patent Grant
7527195
1. Field of the Invention
The present invention relates generally to transaction systems and, in particular, to risk management, and fraud avoidance and minimization in transactions between a consumer or customer and a merchant or credit issuer.
2. Description of Related Art
In order to enable convenient purchases of goods and services by consumers, the financial service industry has developed many alternative payment methods, including checks, ATM or debit cards, credit cards or charge cards. Until the birth of virtual commerce, as discussed below, these payment options provided adequate convenience and transactional security to consumers and merchants in the marketplace. Transactional security is defined as the security offered by a payment method to the buyer and the seller in a purchase transaction so that the purchase event will not result in breach of personal information or financial loss from fraud perpetrated upon either party involved.
Virtual commerce and the growth of the Internet as a medium for commerce has put pressure on the payment options cited above on both the convenience and transactional security dimensions. Specifically, checks require physical presentment and clearing of the check prior to shipment of goods. Credit cards are more convenient for the consumer, but are subject to fraudulent use via theft of the account number, expiration date and address of the consumer. Debit cards lack a credit facility and often require a separate personal identification number (PIN) number to be used. The financial services industry is currently attempting to improve performance of existing products by introducing disposable account numbers and electronic checks. Today, all of the improvements offered have sought to improve transactional security at the expense of the convenience during the purchase process.
Each of the payment options in place today has significant shortcomings when applied to remote purchases. Remote purchases are defined as those purchases where the buyer and the seller (the merchant) are not physically proximate during the transaction. Specific examples of remote purchases are mail order, telephone order, Internet and wireless purchases.
Merchants have long battled the problem of fraudulent purchases. Each new payment option and every new sales channel (in-store, telephone, mail, and Internet) has, in turn, spawned innovation on the part of individuals willing to perpetrate fraud in order to obtain goods and services without paying for them. In recent years, the birth of the Internet commerce industry and the continued growth in mail order and telephone order commerce has pushed the credit card to the forefront of these battles. Merchants are forced to rely on credit cards because it is currently their only option in the remote purchase environment. Unfortunately, credit cards offer low transactional security to both merchants and consumers when used for remote purchases.
Low transactional security in remote purchases leads to significant costs for consumers and merchants. Consumer costs include the impairment of their credit record, the inconvenience of changing all of their credit card accounts and the financial costs of resolving the situation. Many consumers have reacted to this by avoiding remote purchasing, particularly on the Internet.
Merchant costs incurred to mitigate fraud losses include the cost of incremental labor, hardware and software to implement additional security checks in their sale/order entry software, higher transaction processing expense in the form of discount rates for credit cards and NSF fees for checks and higher fraud charge-offs for undetected fraudulent purchases.
Essentially these costs are forced onto the parties involved in the remote purchase transaction because other card-based options failed to incorporate adequate security in two ways:
Individual consumers prefer to purchase from individual merchants. Some consumers find the available acceptable payment options a barrier to purchase, for example, Internet purchases where the barriers are possession of a credit card, willingness to disclose a credit card number, inconvenience of remembering 16 digit numbers, and so on.
The alternate methods in which this problem has been solved, and their drawbacks, are as follows. Credit cards, fiat currencies and novel payment mechanisms have been one such solution. In these cases, a third party defers consumer relationship costs among multiple merchants. In operation, the consumer provides to the merchant a key provided by the trusted third party (credit card issuer) which signifies or uniquely identifies the consumer/third-party relationship. The problem is that in all cases the consumer must have a previously established relationship with the third party (credit card issuer). Huge costs of customer acquisition limit the viability of business models. Another solution has been a merchant specific bill. However, the incremental costs of rendering, collecting and administrating their own bill has a dilutive effect on merchant profitability.
One particular type of fraud is referred to as “masking”. This type of fraudulent transaction is experienced by merchants, and unfortunately merchants are often left without any recourse. “Masking” occurs as follows (as illustrated in
Next, the fraudster A engages in a subsequent transaction using the victim's information. However, as seen in
Once the victim realizes that these fraudulent transactions have occurred, in most instances, all of the transactions will be charged back to the merchant B. In the prior art, the merchant B may catch one, some or none of these fraudulent and masked transactions. Typically, the merchant B and/or the bank or credit issuer, is not equipped to spot this type of fraud.
It is an object of the present invention to provide a method and system for risk management in a transaction that overcomes the deficiencies of prior art systems. It is another object of the present invention to provide a system for risk management in a transaction that is a monitoring application for each transaction between a consumer and a merchant. It is a further object of the present invention to provide a method and system for risk management in a transaction that uses modifiable rule sets to determine whether any transaction is fraudulent or potentially fraudulent. It is a still further object of the present invention to provide a method and system for risk management that is a “self healing” or intelligent system capable of building a dynamic rule set to apply against transactions. It is a still further object of the present invention to provide a method and system for risk management in a transaction that is particularly useful for remote purchase transactions or credit transactions between a consumer and a merchant. It is yet another object of the present invention to provide a method of authorizing a transaction between a consumer and an entity, such as a merchant or credit issuer.
The present invention is directed to a risk management system for providing risk data to an entity engaged in a transaction with a consumer. The system includes an authorization denial system having: (i) an authorization denial system interface for receiving a transaction data set, with a plurality of data fields, from the entity; and (ii) a denial rule set having a plurality of rules for outputting the risk data directed to the transaction based upon the result of applying the rules to one or more data fields in the transaction data set. The authorization denial system interface transmits the resulting risk data to the entity. This risk data may be credit risks, fraud risks, profitability data, risk factors, authentication data, verification data, consumer rating data, transaction risk data, consumer risk data, denial data, processing data, etc.
In one embodiment, the system includes a risk analysis system. The risk analysis system includes: (i) a risk analysis interface for receiving the transaction data set from the authorization denial system and/or the entity; and (ii) a risk analysis rule set for outputting the risk data based upon the result of applying the rules to one or more data fields in the transaction data set. The risk management system interface transmits the resulting risk data to the entity and/or the authorization denial system.
In one embodiment, a rule from the risk analysis rule set, a new rule, an applied rule, transaction denial data, authentication denial data and/or authorization denial data is transmitted from the risk analysis system to the authorization denial system. For example, a new fraud rule may be established by the risk analysis system while processing a transaction. This new fraud rule is transmitted to the authorization denial system, and this new fraud rule is added to the denial rule set for use in subsequent transaction analysis.
The present invention is further directed to a method of authorizing a transaction between a consumer and an entity. This method includes the steps of: receiving a transaction data set including a plurality of data fields; applying a denial rule set having a plurality of rules to at least one of the data fields in the transaction data set, thereby providing risk data; and transmitting the risk data to the entity. The entity may be a merchant, a credit issuer, a company, a corporation, a seller, a service provider, etc. Further, the transaction may be a credit account offered by a credit issuer, a credit account offered by a merchant, a credit account request by a consumer, a purchase request by a consumer, an item purchase transaction, a service purchase transaction, etc.
The present invention is further directed to a method of authorizing a transaction between a consumer and an entity. This method includes the steps of: receiving, at an authorization denial system interface, a transaction data set including a plurality of data fields; applying a denial rule set having a plurality of rules to at least one of the data fields in the transaction data set, thereby providing risk data; transmitting a denial instruction to the entity if the resulting risk data indicates that the transaction should be denied based upon the applied rule; and transmitting the transaction data set to a risk analysis system if the resulting risk data indicates that the transaction should not be denied based upon the applied rule.
The present invention, both as to its construction and its method of operation, together with the additional objects and advantages thereof, will best be understood from the following description of exemplary embodiments when read in connection with the accompanying drawings.
It is to be understood that the invention may assume various alternative variations and step sequences, except where expressly specified to the contrary. It is also to be understood that the specific devices and processes illustrated in the attached drawings, and described in the following specification, are simply exemplary embodiments of the invention.
The present invention is directed to a risk management system 10 for use in connection with a transaction between a consumer 12 and an entity 14. Further, the present invention is directed to a method of authorizing the transaction between the consumer 12 and the entity 14. Schematic diagrams of various embodiments of the system 10 are illustrated in
In one embodiment, the risk management system 10 is implemented in order to provide risk data 16 to the entity 14 engaged in a transaction with the consumer 12. The system 10 includes an authorization denial system 18. This authorization denial system 18 includes an authorization denial system interface 20 for receiving a transaction data set 22 from the entity 14, and the transaction data set 22 includes multiple data fields 24 therein. The authorization denial system 18 also includes a denial rule set 26 having multiple rules 28. The denial rule set 26 outputs the risk data 16 based upon the application of one or more of the rules 28 in the denial rule set 26 to one or more of the data fields 24 in the transaction data set 22. Accordingly, based upon the denial rule set 26 application to the incoming transaction data set 22, the desired risk data 16 is output. Finally, the authorization denial system interface 20 transmits this resulting risk data 16 to the entity 14. See
The risk data 16 provided to the entity 14 can be in many forms, and is generally used to assist the entity 14 in making a decision regarding how to interact in the transaction with the consumer 12. For example, the risk data 16 may be indicative of credit risk, fraud risk, profitability data, risk factors, authentication data, verification data, consumer rating data, transaction risk data, consumer risk data, denial data, processing data, etc. For example, in one embodiment, the risk data 16 that is transmitted to the entity 14 is denial data, which advises the entity 14 to deny the transaction with the consumer 12, deny a purchase request by the consumer 12, deny a credit request by the consumer 12, and/or take some other specified action with respect to the consumer 12. In one embodiment, this denial data may instruct the entity 14 to withhold the provided credit card, temporarily revoke the account or even notify the authorities.
In one embodiment, the risk data 16 provided is denial data, which results from an application of the denial rule set 26 to the transaction data set 22. In this embodiment, the denial rule set 26 is considered a “negative” rule set, wherein only a denial instruction is provided to the entity 14. Therefore, the denial rule set 26, in this embodiment, acts as an initial filter that immediately informs the entity 14 that the transaction is suspect and should not be engaged in or completed. Accordingly, the denial rule set 26 in the authorization denial system 18 acts as a filter to provide the entity 14 with immediate risk data 16 for making decisions. Further, the authorization denial system 18 is dynamic and quickly accessible by the entity 14 for making decisions at the point-of-sale before the transaction is complete.
The transaction data set 22 typically includes multiple data fields 24 that completely describe the transaction, the consumer 12, the entity 14 (such as a merchant) and similar factors. For example, the data fields 24 may reflect certain demographic data of the consumer 12 for use in connection with the denial rule set 26. Any number of data fields 24 are envisioned, for example, the data fields 24 may be populated with data reflecting a consumer's name, an account number, an address, a city, a state, a zip code, a country, a telephone number, an e-mail address, a social security number, a date of birth, the merchant's name, an identification, an order number, an authorization number, an authorization time, an authorization amount, a ship-to address, a bill-to address, a transaction amount, a consumer purchase demographic, a transaction date, a transaction type, a product identification, a service identification, shipping costs, delivery type, customer type, a company identity, a merchant identity, a third-party risk score, risk data, authentication data, verification data, consumer rating data, profitability data, credit risk data, fraud risk data, transaction risk data, denial data, processing data, a general credit risk score, a credit bureau risk score, a prior approval, prior report data, previous transaction data, a geographical risk factor, credit account data, bankcard balance data, delinquency data, credit segment data, time between transactions data, previous transaction amount, previous transaction approval status, previous transaction time stamp data, a response code, active trades in database, public record data, trade line data, transaction medium, credit segment data, consumer payment type, consumer payment method, consumer payment history, consumer account history, consumer credit account balance, merchant history, private label entity data, affiliated private label entity, etc.
In order to facilitate speed, efficient processing and immediate access to the risk data 16 by the entity 14, the rules 28 and the denial rule set 26 are typically applied to data fields 24 populated with demographic data. For example, this demographic data may include a consumer's name, an address, a ship-to address, a bill-to address, a social security number, an e-mail address, a telephone number, an Internet address, an account number, etc. This demographic data would be checked against or applied with respect to the rules 28 and the denial rule set 26, which may act as a table having fields or data that, if found in the transaction data set 22, prompts a denial instruction. This denial instruction may also include an expiration stamp, such that the real customer or consumer 12 (as opposed to the fraudster A) can eventually use or unlock his or her account.
In this manner, a transaction denial instruction can be provided to the entity 14 before the transaction is complete between the entity 14 and the consumer 12. In addition, this denial rule set 26 is modifiable, dynamic and configurable. Further, the denial rule set 26 may be in communication with an authorization denial system database 30. This database includes data and data fields that can be used in connection with the denial rule set 26, and the application of the denial rule set 26 to the transaction data set 22. For example, as discussed above, the authorization denial system database 30 may include data that, if found in the transaction data set 22, prompts an immediate denial instruction from the authorization denial system 18 to the entity 14.
In another embodiment, the risk management system 10 includes a risk analysis system 32. The risk analysis system 32 includes a risk analysis system interface 34, which receives the transaction data set 22 (or some portion thereof) from the authorization denial system 18 and/or the entity 14. Further, the risk analysis system 32 includes a risk analysis rule set 36 having multiple rules 38 therein. The rules 38 of the risk analysis rule set 36 are applied to one or more of the data fields 24 in the transaction data set 22, which results in the above-discussed risk data 16. This risk data 16 is transmitted by the risk analysis system interface to either the authorization denial system 18 and/or the entity 14.
As discussed above, this risk data 16 may be credit risk, fraud risk, profitability data, risk factors, authentication data, verification data, consumer rating data, transaction risk data, consumer risk data, denial data, processing data, etc. Further, the risk data 16, which in a preferred embodiment is transmitted to the authorization denial system 18, is denial data advising the entity 14 to deny the transaction, deny a purchase request, deny a credit request, or take some other specified action with respect to the consumer 12. Typically, the risk analysis system 32, and specifically the risk analysis rule set 36, is applied to a greater subset of data fields 24 in the transaction data set 22. In particular, the risk analysis rule set 36 is a larger and more comprehensive analytical tool in the risk management system 10.
The risk analysis rule set 36 may be in communication with a risk analysis system database 40. This risk analysis system database 40 is populated with data or data fields for use in connection with the risk analysis rule set 36 in application of the rules 38 to the data fields 24 in the transaction data set 22. The communication between the risk analysis system 32 and the authorization denial system 18 provides for the transmission of a rule 38 from the risk analysis rule set 36, a new rule, an applied rule, transaction denial data, authentication denial data and/or authorization denial data between the systems 18, 32. In one embodiment, a new rule 42, such as a new fraud rule, is transmitted from the risk analysis system 32 to the authorization denial system 18. This new rule 42 is then added to the denial rule set 26 for use in subsequent transaction analysis. Therefore, when the risk analysis system 32 analyzes a transaction and the transaction data set 22, it may identify new patterns, rules or data that would have resulted in an immediate denial instruction by the authorization denial system 18 if it had access to this information. Therefore, the new rule 42 allows the denial rule set 26 to be updated appropriately, which, in turn, makes the authorization denial system 18 a “self healing” system.
The risk analysis rule set 36, as discussed above, typically analyzes the vast majority of the data fields 24 and the transaction data set 22. Further, the risk analysis database 40 can be a specially-constructed database that employs a much larger and more robust rule set 36. After the transaction data set 22 has made it through the authorization denial system 18, and if the transaction data set 22 makes it through the risk analysis system rule set 36, the risk data 16 would include an instruction to the entity 14 that it may move forward with the transaction with the consumer 12. As with the denial rule set 26, the risk analysis rule set 36 is modifiable, dynamic and configurable. The entity 14 may be a merchant 44, a credit issuer 46, a company, a corporation, a seller, a service provider, etc.
In one embodiment, as illustrated in
This process is also useful in connection with the credit issuer 46, also as illustrated in
In both of the above-discussed examples, the use of the risk analysis system 32 adds further benefit to the invention. In particular, the use of the risk analysis system 32 and, in particular, the risk analysis rule set 36, allows for a more detailed review of the transaction data set 22 in order to provide the appropriate risk data 16 to either the merchant 44 or the credit issuer 46.
The present invention is further directed to a method 100 of authorizing a transaction between a consumer 12 and an entity 14. This method is illustrated in schematic form in
The present invention provides a system 10 and method 100 that reduces the merchant 44 and credit issuer 46 risk in a transaction. For example, the system 10 and method 100 provide an increased defense against “masking” fraud and similar identity theft variations. Still further, the system 10 and method 100 allow the merchant 44 and/or the credit issuer 46 to spot such fraud and take action prior to the completion of the transaction. Still further, the present invention provides a system 10 and method 100 that provide a dynamic authorization denial system 18 with a configurable and robust denial rule set 26, which can be supplemented with new rules from the risk analysis system 32. In this manner, the system 10 and method 100 of the present invention reduce the chances of fraud propagated on the merchant 44 and credit issuer 46, provide the merchant 44 and credit issuer 46 with immediate and useful risk data 16, and represent a cost savings to both the entity 14 and the consumer 12 based upon this fraud reduction.
This invention has been described with reference to the preferred embodiments. Obvious modifications and alterations will occur to others upon reading and understanding the preceding detailed description. It is intended that the invention be construed as including all such modifications and alterations.
| Number | Name | Date | Kind |
|---|---|---|---|
| 3920908 | Kraus | Nov 1975 | A |
| 4191860 | Weber | Mar 1980 | A |
| 4291198 | Anderson et al. | Sep 1981 | A |
| 4757267 | Riskin | Jul 1988 | A |
| 4969183 | Reese | Nov 1990 | A |
| 4996705 | Entenmann et al. | Feb 1991 | A |
| 5010238 | Kadono et al. | Apr 1991 | A |
| 5012077 | Takano | Apr 1991 | A |
| 5120945 | Nishibe et al. | Jun 1992 | A |
| 5329589 | Fraser et al. | Jul 1994 | A |
| 5446885 | Moore et al. | Aug 1995 | A |
| 5537315 | Mitcham | Jul 1996 | A |
| 5793028 | Wagener et al. | Aug 1998 | A |
| 5794221 | Egendorf | Aug 1998 | A |
| 5866889 | Weiss et al. | Feb 1999 | A |
| 5870721 | Norris | Feb 1999 | A |
| 5883810 | Franklin et al. | Mar 1999 | A |
| 5940811 | Norris | Aug 1999 | A |
| 6000832 | Franklin et al. | Dec 1999 | A |
| 6029150 | Kravitz | Feb 2000 | A |
| 6029890 | Austin | Feb 2000 | A |
| 6032136 | Brake, Jr. et al. | Feb 2000 | A |
| 6078891 | Riordan et al. | Jun 2000 | A |
| 6098053 | Slater | Aug 2000 | A |
| 6105007 | Norris | Aug 2000 | A |
| 6122624 | Tetro et al. | Sep 2000 | A |
| 6188994 | Egendorf | Feb 2001 | B1 |
| 6202053 | Christiansen et al. | Mar 2001 | B1 |
| 6227447 | Campisano | May 2001 | B1 |
| 6289319 | Lockwood | Sep 2001 | B1 |
| 6317783 | Freishtat et al. | Nov 2001 | B1 |
| 6324524 | Lent et al. | Nov 2001 | B1 |
| 6332134 | Foster | Dec 2001 | B1 |
| 6341724 | Campisano | Jan 2002 | B2 |
| 6351739 | Egendorf | Feb 2002 | B1 |
| 6477578 | Mhoon | Nov 2002 | B1 |
| 6505171 | Cohen et al. | Jan 2003 | B1 |
| 6675153 | Cook et al. | Jan 2004 | B1 |
| 6704714 | O'Leary et al. | Mar 2004 | B1 |
| 6785661 | Mandler et al. | Aug 2004 | B1 |
| 6820202 | Wheeler et al. | Nov 2004 | B1 |
| 6839690 | Foth et al. | Jan 2005 | B1 |
| 6868408 | Rosen | Mar 2005 | B1 |
| 6883022 | Van Wyngarden | Apr 2005 | B2 |
| 6915272 | Zilliacus et al. | Jul 2005 | B1 |
| 6957334 | Goldstein et al. | Oct 2005 | B1 |
| 6970853 | Schutzer | Nov 2005 | B2 |
| 6976008 | Egendorf | Dec 2005 | B2 |
| 6980970 | Krueger et al. | Dec 2005 | B2 |
| 7006986 | Sines et al. | Feb 2006 | B1 |
| 7051001 | Slater | May 2006 | B1 |
| 7107243 | McDonald et al. | Sep 2006 | B1 |
| 7177836 | German et al. | Feb 2007 | B1 |
| 7263506 | Lee et al. | Aug 2007 | B2 |
| 20010034702 | Mockett et al. | Oct 2001 | A1 |
| 20010034724 | Thieme | Oct 2001 | A1 |
| 20020007302 | Work et al. | Jan 2002 | A1 |
| 20020007341 | Lent et al. | Jan 2002 | A1 |
| 20020032860 | Wheeler et al. | Mar 2002 | A1 |
| 20020035538 | Moreau | Mar 2002 | A1 |
| 20020052833 | Lent et al. | May 2002 | A1 |
| 20020069166 | Moreau et al. | Jun 2002 | A1 |
| 20020087467 | Mascavage, III et al. | Jul 2002 | A1 |
| 20020099649 | Lee et al. | Jul 2002 | A1 |
| 20020107793 | Lee | Aug 2002 | A1 |
| 20020112160 | Wheeler et al. | Aug 2002 | A2 |
| 20020120537 | Morea et al. | Aug 2002 | A1 |
| 20020120864 | Wu et al. | Aug 2002 | A1 |
| 20020156688 | Horn et al. | Oct 2002 | A1 |
| 20020178071 | Walker et al. | Nov 2002 | A1 |
| 20020198822 | Munoz et al. | Dec 2002 | A1 |
| 20030036996 | Lazerson | Feb 2003 | A1 |
| 20030061157 | Hirka et al. | Mar 2003 | A1 |
| 20030120615 | Kuo | Jun 2003 | A1 |
| 20030149656 | Magruder et al. | Aug 2003 | A1 |
| 20040111362 | Nathans et al. | Jun 2004 | A1 |
| 20040151292 | Larsen | Aug 2004 | A1 |
| 20040186807 | Nathans et al. | Sep 2004 | A1 |
| 20050038715 | Sines et al. | Feb 2005 | A1 |
| 20050071266 | Eder | Mar 2005 | A1 |
| 20050125336 | Rosenblatt et al. | Jun 2005 | A1 |
| 20060064372 | Gupta | Mar 2006 | A1 |
| 20060174426 | Ruchser | Aug 2006 | A1 |
| 20060178988 | Egendorf | Aug 2006 | A1 |
| 20060184428 | Sines et al. | Aug 2006 | A1 |
| 20060184449 | Eder | Aug 2006 | A1 |
| 20060184570 | Eder | Aug 2006 | A1 |
| 20060226216 | Keithley et al. | Oct 2006 | A1 |
| 20060248016 | Ginter et al. | Nov 2006 | A1 |
| 20060266819 | Sellen et al. | Nov 2006 | A1 |
| 20060289621 | Foss et al. | Dec 2006 | A1 |
| 20070005445 | Casper | Jan 2007 | A1 |
| 20070038485 | Yeransian et al. | Feb 2007 | A1 |
| 20070056019 | Allen et al. | Mar 2007 | A1 |
| 20070063017 | Chen et al. | Mar 2007 | A1 |
| 20070080207 | Williams | Apr 2007 | A1 |
| 20070094114 | Bufford et al. | Apr 2007 | A1 |
| 20080033775 | Dawson et al. | Feb 2008 | A1 |
| 20080046334 | Lee et al. | Feb 2008 | A1 |
| 20080052244 | Tsuei et al. | Feb 2008 | A1 |
| Number | Date | Country |
|---|---|---|
| 0 338 568 | Oct 1989 | EP |
| WO 8810467 | Dec 1988 | WO |
| WO 0002150 | Jan 2000 | WO |
| WO 0067177 | Nov 2000 | WO |
| WO 0223439 | Mar 2002 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20060226216 A1 | Oct 2006 | US |
