|Publication number||US20070094151 A1|
|Application number||US 11/612,254|
|Publication date||Apr 26, 2007|
|Filing date||Dec 18, 2006|
|Priority date||Jul 29, 2002|
|Also published as||US7177846, US20040019568|
|Publication number||11612254, 612254, US 2007/0094151 A1, US 2007/094151 A1, US 20070094151 A1, US 20070094151A1, US 2007094151 A1, US 2007094151A1, US-A1-20070094151, US-A1-2007094151, US2007/0094151A1, US2007/094151A1, US20070094151 A1, US20070094151A1, US2007094151 A1, US2007094151A1|
|Inventors||Peter Moenickheim, Paul Lyda|
|Original Assignee||Peter Moenickheim, Lyda Paul J|
|Export Citation||BiBTeX, EndNote, RefMan|
|External Links: USPTO, USPTO Assignment, Espacenet|
This application is a continuation of pending U.S. application Ser. No. 10/206,239, filed Jul. 29, 2002, entitled “Technique For Account Authentication,” the disclosure of which is incorporated by reference herein in its entirety.
The present invention relates to electronic commerce, and more particularly to authentication of deposit account information.
On-line payment service providers make payments on behalf of payors to payees. In making a payment on behalf of a payor, an on-line payment service provider debits a deposit account belonging to the payor and issues a credit to the payee, either electronically, by check drawn on an account belonging to the on-line service provider, or by draft drawn from the payor's deposit account. It will be understood by one skilled in the art that drafts serve as both the debit and the credit vehicle.
A payor must register with an on-line payment service provider to access services offered by the on-line payment service provider. The registration process, which can be either on-line, typically via the World Wide Web, or by paper forms, includes the payor (registering customer) providing information identifying a demand deposit account, such as a checking account, belonging to the payor to the on-line payment service provider. This identifying information includes a unique routing and transit number (RTN), which identifies the financial institution at which the deposit account is maintained, as well as a unique account number (DDA) identifying the payor's deposit account maintained at the financial institution. Together, this information is known as RTN/DDA information, and alternatively RT/DDA information.
For both on-line and paper registration, the registering customer has conventionally been required to supply the on-line payment service provider a voided check from the deposit account. This voided check is used as a fraud prevention measure to authenticate the association between the registering customer and the deposit account. Thus, in conventional enrollment, a registering customer has not been able to immediately direct an on-line payment service provider to make payments on his or her behalf, as the voided check must physically be delivered to the on-line payment service provider, and then the voided check must be authenticated by a customer service representative of the on-line payment service provider.
Recently, new completely on-line and real-time registration techniques have been introduced. In one, a trusted agent, typically a consumer service provider (CSP), guarantees to indemnify an on-line payment service provider against fraud committed by a registering customer that the CSP represents. No attempt is made by the on-line service provider to authenticate the association between the registering customer and that registering customer's deposit account.
In another completely on-line and real-time registration technique, the registering customer's identity is verified, by leveraging one or more commercial databases, while the registering customer is participating in an on-line registration session. While the registering customer's identity is verified, an association between the registering customers deposit account and the registering customer is not authenticated. At most, the on-line payment service provider can be assured that the registering customer is who he or she purports to be. Based upon a verified identity, on-line payment service providers have found that there is less chance of the registering customer providing fraudulent information identifying a deposit account. These two techniques each allow a registering customer the convenience of immediately directing payments.
In both of these completely on-line and real-time techniques, a registering customer is required to enter RTN/DDA information. As the registering customer is not required to supply a voided check, the sole source of this information is the registering customer. On-line payment services have found that registering customers often make mistakes in entering these numbers. On-line payment services, in rectifying these unintentional mistakes, incur customer service costs. In addition, fraudulent deposit account identifying information is also still received under both completely online registration techniques. Even when a CSP indemnifies an on-line payment service, costs are still associated with the fraud.
Other new registration techniques have also been introduced. These techniques are not completely on-line or real-time. In one technique, a financial institution at which a customer's account is maintained supplies RTN/DDA information. While an association between a customer and an account is authenticated because the financial institution itself supplies RTN/DDA information, this does not occur during an on-line and real-time enrollment session with a customer. In another technique, a registering customer provides RTN/DDA information during an on-line session. Subsequent to the session, a service provider makes one or more small debits and/or credits, via electronic funds transfer, from/to the customer's account. The customer then determines the amount(s) and initiates another on-line session with the service provider and identifies the amount(s) to the service provider. If the customer supplied amount(s) is/are correct, the service provider has a high level of confidence that the account is actually associated with the registering customer. However, the enrollment process can not be completed fully in a single session, as the consumer must take some action (determining the amount(s)) subsequent to an initial registration session.
Accordingly, a need exists for an on-line and real-time technique to authenticate an association between a registering customer and a demand deposit account which mitigates occurrence of both incorrect entry of RTN/DDA information and fraud.
Some on-line payment services access more than one commercial database in the registration process in attempting to locate information used to authenticate a registering customer's identity (not to authenticate an association between a customer and a deposit account). Often an on-line service provider must access multiple commercial databases before useful information is found. These commercial databases charge for access, making this an expensive process.
Accordingly a need exists for a technique for registration for electronic commerce service which minimizes costs associated with utilizing information belonging to an entity other than an electronic commerce service provider.
In order to facilitate a fuller understanding of the present invention, reference is now made to the appended drawings. These drawings should not be construed as limiting the present invention, but are intended to be exemplary only.
Also depicted in
These external databases 160A-160N belong to any one of, or any combination of, check printing services, check verification services, check guarantee services, and financial institutions. Examples of check printing services are Deluxe, Harland, and Clark American, though other check printing services' databases could also be accessed. Examples of check verification and/or guarantee services are Telecheck and Equifax Check Services, though other check verification and/or guarantee services' databases could also be accessed. A financial institution maintains deposit accounts on behalf of depositors, in addition to providing other financial services. A financial institution, obviously, has knowledge of associations between accounts that financial institution maintains and depositors (customers). A financial institution may have knowledge about associations between accounts and depositors for accounts that are maintained at other financial institutions. Information stored in external database 160A-160N is associated with deposit accounts. Check printing services retain information associated with each check order printed for an account holder. This information is typically retained so that a subsequent check order for the account holder can be printed without all account holder identifying and account identifying information being supplied a second time in order to print the second order. Thus, check printing services maintain information that authenticates an association between an account holder and an account.
It should be noted that one or more of the external databases 160A-160N, though belonging to an entity other than the service provider, could be hosted by the service provider. In such a case, a third party such as a check printing, verification, or guarantee service, would provide information to be stored to the service provider. The service provider would then access the service provider hosted external database(s) as necessary.
As shown in
This received information is then processed by the rules engine 107 while the registering customer is still participating in the on-line enrollment session. The rules engine 107 first determines if historical database 150 contains information upon which a positive authentication between the registering customer and the customer's deposit account can be based. If so, the on-line registration session can be successfully completed without accessing commercial databases.
If the historical database 150 does not contain information which leads to a successful registration, then based upon logic derived from historical registration experience and other information contained in the historical database 150, the rules engine 107 determines which of external databases 160A-160N to access to authenticate an association between the registering customer and a deposit account. Criteria that can be used by the rules engine 107 in determining which external database to access includes the registering customer's financial institution's RTN (ABA) number. This information can be used because, based upon the historical information stored in the historical database 150, it is known that certain financial institutions utilize certain check printing services.
Other criteria that can be utilized to determine which of the external databases 160A-160N to access includes geographic criteria, such as the location of the registering customer and/or his or her financial institution. Yet another criteria is cost. That is, fees charged by entities maintaining external databases 160A-160N for accessing different ones of the external databases 160A-160N vary among the external databases. Still another criteria is a success rate of particular ones of the external databases 160A-160N in providing information useful in the registration process.
The rules engine 107 determines an order in which to access the external databases 160A-160N. Once the rules engine 107 determines the order in which the external databases 160A-160N should be accessed, the first determined external database is accessed in an attempt to locate information upon which to base an authentication determination.
If information upon which to base an authentication determination is not found in the first determined external database, the second determined external database is accessed. This process continues until information is found. It should be noted that if information for successful authentication information is not found in any database or other data store, the registering customer could be given the opportunity, on-line and in-session, to resubmit account identifying information, in view of the chance that the registering customer may have provided incorrect identifying information beforehand.
Once information is found in an external database, all or a portion of the information gathered via the web interface from the registering customer is used by the matching engine 108 in authenticating the RTN/DDA information received from the registering customer. That is, the matching engine 108 compares the RTN/DDA information and the identity information received from the registering customer with data stored in the external database. If the received data matches that supplied by the registering customer, the association is successfully authenticated.
Upon successful authentication, the registering customer is informed, via the on-line registration session, that registration is successful. The registering customer becomes a registered customer. The service provider can immediately and in-session provide services to the registered customer with confidence that an authentic association between the registered customer and a deposit account identified by that customer is in fact authentic.
In the event that on-line authentication of customer supplied information is unsuccessful, the registering customer would be required to complete the registration process by traditional techniques. This could include, for instance, requiring the registering customer to supply a voided check to the service provider, as well as any other known registration technique.
In a variation of the above-described process, instead of accessing the external databases 160A-160N in a determined order to determine if each database includes information which can be used in the authentication process, each of external databases 160A-160N are accessed, in the same determined order as above, and an authentication attempt is made against data stored in each external database. Thus, the first determined external database is accessed, and based upon data stored in that database an authentication attempt is made. If that authentication attempt is unsuccessful, the second determined external database is accessed and another authentication attempt is made. This process continues until a successful authentication is made, or until each database has been accessed. As above, if on-line authentication is unsuccessful, the registering customer would have to complete the registration process in an off-line fashion. In another variation, external databases 160A-160N could be accessed in a random order.
In yet another variation of the above-described process, an entity to whom an external database belongs might not offer direct access to the information stored in the database. In such a case, the service provider transmits at least a portion of the received identifying information as well as the RTN/DDA information to the entity to whom the external database belongs. That entity then compares this received information with information contained in the database.
That entity then returns a match key to the service provider. The match key could be one of four types: Account Found-Full Match, Account Found-No Match, Account Not Found, and Account Found-Possible Match. If the match key is of the Account Found-Full Match type, the authentication is successful. If the match key is of either the Account Found-No Match or Account Not Found types, the authentication is not successful and conventional, off-line, authentication techniques could be utilized. If the match key is of the Account Found-Possible Match type, further on-line activity can be performed to complete the authentication. This further activity could include the service provider providing further received identifying information to the entity to whom the database belongs, and could include the service provider querying the registering customer, via the still active on-line session, for additional identifying information, which would then be transmitted to the entity to whom the database belongs for further processing. It will be appreciated that the returned Match Key could be processed with other information to make the determination that authentication is successful or not. This other information could belong to the entity receiving the Match Key, or another entity. Also, instead of being processed with other information, a returned Match Key could be just one factor considered when making a determination as to a successful or unsuccessful authentication.
It should be noted that the inventive technique of on-line authentication of RTN/DDA information could be performed by the service provider on behalf of an entity other than the service provider. This authentication process could be performed in real-time, via perhaps a Web-based interface or a direct connection between another entity and the service provider, or could be performed as an asynchronous (e.g. batch file based or messaging-based) process for another entity. Further, it will be appreciated that the account authentication technique disclosed herein can be performed in a batch mode,
The present invention is not to be limited in scope by the specific embodiments described herein. Indeed, various modifications of the present invention in addition to those described herein, will be apparent to those of skill in the art from the foregoing description and accompanying drawings. Thus, such modifications are intended to fall within the scope of the appended claims.
|International Classification||G06Q20/40, G06Q20/38, G06Q20/08, H04L9/00, G06Q99/00, H04K1/00|
|Cooperative Classification||G06Q20/4012, G06Q20/401, G06Q20/0855, G06Q40/02, G06Q20/382|
|European Classification||G06Q40/02, G06Q20/401, G06Q20/0855, G06Q20/382, G06Q20/4012|