WO2003001866A1 - Transcation processing - Google Patents

Transcation processing Download PDF

Info

Publication number
WO2003001866A1
WO2003001866A1 PCT/IE2002/000093 IE0200093W WO03001866A1 WO 2003001866 A1 WO2003001866 A1 WO 2003001866A1 IE 0200093 W IE0200093 W IE 0200093W WO 03001866 A1 WO03001866 A1 WO 03001866A1
Authority
WO
WIPO (PCT)
Prior art keywords
processing system
transaction processing
authorisation
transaction
customer
Prior art date
Application number
PCT/IE2002/000093
Other languages
French (fr)
Inventor
Stephen Kavanagh
Conor Clarke
Kieron Guilfoyle
Patrick Brosnan
Original Assignee
Snapcount Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Snapcount Limited filed Critical Snapcount Limited
Priority to EP20020743582 priority Critical patent/EP1402486A1/en
Publication of WO2003001866A1 publication Critical patent/WO2003001866A1/en
Priority to US10/735,642 priority patent/US20040128243A1/en
Priority to US11/643,939 priority patent/US20070198411A1/en
Priority to US12/461,289 priority patent/US8229854B2/en
Priority to US13/531,905 priority patent/US8639623B2/en
Priority to US14/079,711 priority patent/US10089618B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/108Remote banking, e.g. home banking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/108Remote banking, e.g. home banking
    • G06Q20/1085Remote banking, e.g. home banking involving automatic teller machines [ATMs]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/305Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wired telephone networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/354Card activation or deactivation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • G06Q20/4037Remote solvency checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/407Cancellation of a transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/122Online card verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Definitions

  • the invention relates to real time authorisation of transactions using non-cash payment instruments such as credit cards and debit cards.
  • the invention is therefore directed towards providing a system and method for real time processing of transactions to reduce overall fraud. Another object is to help ensure that cardholders are more in control of how their cards are used and that they are informed of what is happening.
  • a transaction processing system comprising an interface for receiving authorisation requests, an interface for transmitting authorisation outputs, and a processing means comprising means for determining from authorisation request data if the system output should be positive for negative, characterised in that the processing means comprises:
  • a setup means comprising means for storing transaction conditions associated with particular customers, and
  • authorisation means for dynamically retrieving a transaction condition associated with the customer of each authorisation request on a per- transaction basis and for applying said conditions to the authorisation request.
  • the setup means comprises an interface comprising means for allowing each customer to define said conditions.
  • said interface comprises a Web server.
  • the setup means comprises means for storing predefined template conditions, and for allowing a customer to select predefined template conditions for his or her card.
  • the setup means comprises a fraud manager interface comprising means for allowing a fraud manager with access control to define said template conditions.
  • the predefined template condition comprises specific placeholders for conditions, values and logical operators.
  • the setup means comprises input means for allowing a customer to input customer specified parameters to the predefined template conditions.
  • each template comprises an associated action which is the action to be taken if, upon evaluation, the template condition evaluates to "true”.
  • At least some of the conditions are in the form of program code rules.
  • the setup means comprises means for maintaining a rule database.
  • the rule database comprises means for storing rules in a format which is indexed on a particular customer or customer card number.
  • said rules comprise system, product and customer rules.
  • said rules are stored in a format which does not require parsing of logical string-based expressions for processing.
  • the authorisation means comprises means for automatically transmitting a notification to a customer under control of the conditions.
  • the authorisation means comprises means for receiving confirmation of authorisation from a customer in response to a notification.
  • the authorisation means comprises means for successively applying system-level, card product-level, and the customer conditions upon receipt of an authorisation request.
  • the authorisation request interface comprises a network interface for interfacing with a card payment network.
  • the authorisation request interface comprises a network interface for interfacing with an issuer front end system.
  • the output interface further comprises a card management system interface means for interfacing with an issuer card management system.
  • the network interface comprises means for communicating over TCP/IP, X.25, Serial, Modem, SNA or any other communication format.
  • the network interface comprises for converting received messages into a general standard data format.
  • the network interface comprises a communication header module for converting received messages into a standardised data sequence of bytes.
  • the card management system interface comprises a protocol header module comprising means for converting a standardised sequence of bytes received from the network interface into an internal format for processing.
  • the card management system interface comprises a protocol header module comprising means for converting a standardised sequence of bytes received from a communications header module into an internal format for processing.
  • the communication header and the protocol header modules comprise means for sequentially checking for, receiving, converting and routing messages and data.
  • the communication header and protocol header modules comprise means for routing transaction requests and responses between the card payment network and card management system.
  • the authorisation means comprises means for updating the rules database in real time.
  • the authorisation means comprises means for automatically transmitting a notification to a fraud manager if a possible fraud is detected.
  • the setup means comprises means for automatically transmitting a notification to a customer if a possible fraud is detected.
  • the authorisation means comprises means for automatically transmitting a notification to a customer if an authorisation request is rejected. In another embodiment the authorisation means comprises means for automatically transmitting a notification to a customer if a request is authorised, allowing a customer to maintain a local log of authorised requests.
  • the setup means comprises means for controlling customer activation of a card.
  • said controlling means comprises an on-line banking interface.
  • said controlling means comprises an ATM interface.
  • the authorisation means comprises means for receiving a cardholder request that a card be deactivated.
  • said means comprises means for receiving an SMS from a cardholder.
  • a transaction processing method carried by a verification system comprising the steps of:
  • processing said received authorisation request by dynamically retrieving a condition associated with the customer of the authorisation request on a per transaction basis; (v) applying said condition and determining from the authorisation request data if the requested transaction should be approved or denied.
  • Fig. 1 is a flow diagram illustrating signal transfers for transaction processing of the invention
  • FIGs. 2(a), 2(b) and 2(c) are block diagrams illustrating alternative arrangements for connecting the components of a verification system of the invention
  • Fig. 3 is a diagram showing interaction between a front end system and a card management system
  • Figs. 4, 5, and 6 are flow diagrams showing signalling at a lower level
  • Fig. 7 is a flow diagram illustrating processing steps in more detail
  • Fig. 8 is a diagram illustrating a database object containing templates and cardholder rules
  • Figs. 9 to 13 are diagrams illustrating interactions between a fraud manager and a rule database
  • Figs. 14 and 15 are diagrams showing interactions between a fraud manager and a Web server
  • Figs. 16 to 27 are diagrams showing interaction between people of various roles and systems of the invention.
  • Figs. 28, 29, and 30 are sample screen shots for system displays.
  • a cardholder system 1 accesses a banking interface 2 via the Internet, although it may alternatively be via wireless device, telephone or branch visit.
  • the banking interface 2 is operated by an issuing bank of which the cardholder is a customer.
  • the interface 2 is connected to an issuing system 3, in turn connected to a verification system 4.
  • the interface 2 allows the cardholder to input rules governing how credit card transactions with her card are to be authorised. These rules can be set according to a wide variety of parameters such as:-
  • the rules are updated to the verification system in a step B, and are maintained in a rule database. They can be dynamically varied by the cardholder or by issuer personnel such as a fraud manager.
  • a step C the cardholder initiates a purchase transaction with her card, the transaction being handled by a merchant system 5.
  • the merchant system 5 forwards the transaction details to an acquiring system 6, which in step E forwards an authorisation request to a card network device 7.
  • the verification system 4 executes the rules created by the cardholder in order to pass on or deny the transaction. If passed on, the issuing system 3 is updated in a step G, otherwise a deny signal is transmitted in a step H.
  • a rule may require for an SMS notification to be forwarded to a parent every time a card is used. This allows parents to continually monitor and track usage for parental control and information purposes. In effect, suitable rules can cause a full audit trail to be generated in real time, when the information is required and is of most benefit.
  • Fig. 1 We shall refer to the sequence of Fig. 1 as being the 'authorisation chain'. It can be described as a chain because it consists of the Merchant requesting an authorisation from an Acquirer; an Acquirer requesting an authorisation from the network and the network requesting authorisation from the Issuer.
  • This invention inserts into this chain a device whose function is to implement Cardholder authorisation rules.
  • This device is located at an Issuer's premises or at a remote location and is connected to the Issuer's systems using secure communication means.
  • Figs. 2(a), 2(b) and 2(c) show three alternative arrangements for integrating the verification system into an authorisation system.
  • the main components are the verification system (also referred to as the rule processor) 4, the card management (Issuer) system (CMS) 3, and optionally a front end system (FES) 10.
  • the verification system also referred to as the rule processor
  • the card management (Issuer) system CMS
  • FES front end system
  • the function of the rule processor 4 is to decide whether a particular request should be passed on to the issuer or declined based on the processing of system, product and cardholder rules.
  • the rule processor makes this decision by evaluating rules on the authorisation request. These rules are read in from a rule database. Three types of rules can be entered into the rule database:
  • the CMS 3 is the terminal device in the authorisation chain. Authorisation request responses are generated by this device.
  • the FES 10 interfaces with the card payment network and receives authorisation requests.
  • the rule processor 4 further comprises an SMS/Email gateway 19 which allows email SMS, EMS, MMS or any other communication format messages to be sent to the cardholders or received from the cardholders.
  • the rule processor 4 is connected between the FES 10 and the CMS 3.
  • the corresponding Fig. 3 illustrates the flow of requests in this embodiment.
  • an authorisation request received from the card payment network moves from the FES 10 and into the rule processor 4.
  • the rule processor decides whether the authorisation request is sent on to the CMS 3, or whether an authorisation request response - a decline - is sent back to the network side device.
  • the system also supports a bypass mode of operation used by default if a malfunction or failure is detected in the rule processor. In the bypass mode requests are routed directly from the FES to the CMS.
  • the rule processor 4 is interfaced to the FES 10.
  • authorisation requests from the card payment network received by the FES 10 are routed to the rule processor 4.
  • the rule processor applies rules to the requests and sends them back into the FES which decides whether or not to route them to the CMS 3.
  • authorisation requests are accepted from the card payment network into the rule processor 4, where rules are applied to the requests.
  • the rule processor then routes permitted authorisation requests to the CMS 3.
  • the verification system (or rule processor) of the present invention is designed to integrate flexibly into existing card management (Issuer) systems. While it is possible to include additional functionality by adding more features to a particular 'card management system' because each card management system is different such an approach is problematic.
  • the verification system is designed to be placed in the authorisation chain as a separate entity within that chain. However, in order to integrate the verification system into existing card management systems significant communications issues must be addressed.
  • Figs. 4 to 6 illustrate the communication modules and routing processes of the invention.
  • ISO8583 is used over many different types of communications media, depending on the equipment that is being used and the preferences of the institutions involved. These media include:
  • Interchange message specifications - Content for financial transactions' To facilitate connection and integration of the verification system of the invention into an existing authorisation chain a module which converts messages from any particular medium into a "stream of bytes" is used. This module is a CH (Communications Header).
  • CH Common Language
  • an ISO8583 Message is read by a CH (Communications Header) from whatever form of communications channel the incoming messages are arriving on.
  • the message is converted into a sequence of bytes and passed to a PH (Protocol Header) module.
  • the CH is a module that sends and receives data without regard to the content. It understands and implements the specifics needed to handle connections over different media - e.g. TCP/IP, X.25, Serial and Modem. It provides common functions for the set- up, management and teardown of open connections.
  • the PH layer converts the message from a specific 8583-message implementation into an internal 'Normalised' form. This form is independent of any vendor specific implementations.
  • the message After being processed by a 'Test Rules' process of the rule processor (described later) the message is converted from the 'Normalised' form back into a specific 8583 implementation via the PH layer, and then is sent to its destination via the CH layer.
  • the CH connects to its PH module. It then attempts to connect to its 8583 source using the specified method (TCP/IP, X.25 or Serial). It then checks whether there are any bytes ready to be accepted from the PH module. If there are no bytes available it immediately checks whether there are any available from the 8583 source. If there are none, it immediately goes back to check whether there are any bytes available from the PH and proceeds as before.
  • TCP/IP Transmission Control Protocol/IP, X.25 or Serial
  • ISO8583 is a standard that describes the messaging that is used to allow organisations to exchange messages that relate to 'Bank Cards'. This specification although complete in many ways is interpreted differently by different organisations. The differences relate for example to the specific meaning of a field, or the choice of field to hold a particular piece of data or how a particular response is to be interpreted. For the invention, the implication of this problem is that a message from one source may differ significantly from a message from another source, not because of any difference in the core transaction details, but because of differences between the organisations that are feeding the transactions into the verification system.
  • the PH initially connects to a 'Test Rules' process of the rule processor. It then connects to the CH. It checks whether there are any bytes available from the CH. If there are not, it immediately checks whether there are any messages available from the Application Process. If there are none, it goes back to check for bytes from the CH and so on. If there are bytes available from the CH, they are read and converted into a message. At this stage, the message is in the format of a vendor specific implementation of ISO8583. This message is then converted into a normalised form using transformations that are specific to this specific PH. These transformations are very much related to each vendor's implementation and thus can be arbitrarily complicated. For example, a particular field may be broken down in a particular manner by a vendor implementation.
  • the normalised message After the normalised message is generated, it is sent to the application process.
  • the PH then goes back to checking for bytes from the CH.
  • a message is read and converted to de-normalised form using PH transformations. It is then converted into a sequence of bytes and passed to the CH. The PH then goes back to checking for bytes from the CH.
  • step 101 the authorisation cycle or "Test Rules" process of the rule processor is shown in more detail.
  • step 101 If the number prefix is that of a valid product (step 102) in step 104 system rules are applied. If the output is negative in step 113 a decline response is generated. Otherwise, in step 105 product rules are applied. If the output is negative, again a decline response is generated. Otherwise, the Cardholder rules are applied in step 106. Again, this may provide a positive or a negative outcome.
  • the three possible outcomes of application of the sequence of three sets of rules are: decline, approve and pass to CMS, and create fraud queue item.
  • the third outcome causes an item to be added to a fraud queue.
  • a decline outcome may cause a message to be sent to the Cardholder (steps 116, 117, 118).
  • the Cardholder can communicate through the Issuer's computer system.
  • the Cardholder communicates with the Issuer's computer system through whatever means the Issuer's computer system supports - e.g. Internet, phone, WAP.
  • the Cardholder can enter a set of rules.
  • a rule may be in the form of IF (Condition) THEN (Action)
  • Each Condition can be a set of comparisons separated by AND and OR. Each comparison compares a authorisation request data element with a value.
  • This example condition would apply whenever the transaction amount is greater than 100 and the Merchant is registered in Ireland or the UK.
  • Each action is one of three choices - either 'decline' or 'accept' or 'advise Fraud Manager or advise Cardholder in the event of an automatic confirmation system being implemented'.
  • the term 'decline' means to not send the request onwards to the CMS, but to send an authorisation rejection back towards the Acquirer.
  • the term 'accept' means to send the authorisation request on towards the Issuer.
  • the term 'advise Fraud Manager' means to send a message to a Fraud Manager about the authorisation.
  • the Fraud Manager in the issuing institution can also enter rules. These rules can be entered at three levels. The first of these is the set of rules that are run for every transaction that passes through the system - these are termed 'system' rules. The second of these is the set of rules that are run for each 'product' that the issuing institution markets. A product in this sense is a set of credit card number ranges that are grouped together. The third of these is the set of 'template rules' for a particular product. These are pre-written rules that a Cardholder who has a card from particular product can 'opt into' without having to write the rule themselves.
  • the invention allows complex rules to be built and enables them to be executed in a very time-efficient manner by using template rules.
  • Each template is built in response to Fraud Manager inputs by the Fraud Manager and is given an index number (#1, #2, ..).
  • Each template comprises a set of empty placeholders for up to ten conditions.
  • Each condition comprises the following:
  • Template index Number Unique identifier for this template.
  • Field Number Number of field in message Eg 'Field32 could be Merchant Country'
  • 'Action' This is the action to take if the condition evaluates to 'True'.
  • Each action is composed of the following elements:
  • Cardholder Rules Each cardholder rule comprises a reference to a template and any information required by that template. Accordingly, the fields involved are:
  • Template The number of the template to which this rule refers.
  • SMS Address -SMS Address of this cardholder if required.
  • All of the cardholder rules in the system are stored in the system database and are indexed and clustered on card number.
  • the invention allows Cardholders and Fraud Managers to view and modify rules while, at the same time, processing authorisation transactions using these rules. Updates to the rules can be made in real time with the effect of such a change being immediate.
  • 'database transactions' are defined for the purposes of reading and updating the table in which rules are stored. The purpose of these transactions is to allow updates to rules to occur in the moments between one authorisation transaction and the next. Processing Efficiency
  • the processing efficiency of the system is based upon the time taken to read all rules related to a particular card out of the database and the time taken to computationally apply the rules to the transaction in hand.
  • cardholder rules refer to templates rather than exist in a stand-alone manner makes each cardholder rule very small ( ⁇ 100 bytes). This means that a minimal amount of disk space will be used per rule, and so more rules can be read per database read.
  • FIG. 8 an example of a database object containing two templates and two sets of Cardholder rules is illustrated.
  • Template #1 contains the rule:
  • Template #2 contains the rule:
  • Figs. 9 to 25 illustrate how Issuer Personnel and Cardholders interact with the rule processor.
  • CSR The Customer Service Representatives answer queries from Cardholders.
  • the invention allows CSRs to perform all of the tasks that a Cardholder can perform. Also, the CSR is able to view details on the authorisation requests and responses for particular cards over given time periods.
  • Technical The Technical Operator is responsible for starting and stopping the system, Operator editing database data, applying new configuration data to the system and checking the status of the system.
  • Auditor The Auditor's is allowed see, at a great level of detail the decisions being made by the system, and is able to trace these decisions back to individual messages and rules.
  • the Fraud Manager is that person in the Issuing Institution whose function is to track and minimise the incidence of fraud in the institution. This person and the Cardholder are the prime users of the system 4.
  • the Fraud Manager configures the system 4 according to the needs of the Issuer.
  • Figs. 9 to 15 illustrate some interactions of the Fraud Manager with the system.
  • Fraud Manager adds or modifies products (Fig. 9)
  • the Fraud Manager must define those products that the Issuer uses.
  • a product is a set of credit cards that a Fraud Manager wishes to view as a single entity for the purpose of applying rules to them. These may in fact be individual products that the Issuer offers its customers (e.g. Standard Card, Gold Card, Platinum Card,) or they may be collections or subsets of same.
  • Fraud Manager adds or modifies BIN (Fig. 10)
  • Each Issuer has a set of allocated credit card number prefixes (Bank Identifier Numbers or 'BIN's). In the natural course of events, it divides these up between the products that it creates. For instance, it might create a student credit card product, a normal credit card product and a gold credit card product. These products, and their associated BIN's are entered into the system as part of the product definitions.
  • 'BIN's Bank Identifier Numbers
  • Fraud Manager modifies system or product or template rules (Fig. 11)
  • the Fraud Manager can add rules to the system 4 of types 'System', 'Product' or 'Template'. Rules lie at the core of the system 4 and are in three types. Each rule type is applied in the following order to each authorisation request message:
  • Cardholder rules are applied to all messages that relate to a particular credit card number.
  • a Cardholder rule can be created in one of two ways: • It can be created by the Fraud Manager as a template rule, and can then be opted into by the cardholder. For example, the Fraud Manager might create a template rule that defines how to reject a transaction if the Merchant is not a European merchant. A Cardholder might then be asked whether they wanted to 'switch on' this rule on their card. If they decide to, a new rule is generated for them, based on the template rule. • The Cardholder can generate it directly.
  • the order of execution within each set of rules can be modified by the Fraud Manager as required.
  • a "PAN”, is the industry term for a credit card number ("Primary Account Number").
  • a fraud queue is a queue of issues that Fraud Managers go through on a regular basis. These issues are those items that have matched rules whose action was 'Advise Fraud Manager' or 'Decline'. Each item on the fraud queue has to be acknowledged by a Fraud Manager. Several different Fraud Managers can be looking at the fraud queue and acknowledging items at the same time.
  • the Fraud Manager can get various reports from the system 4. These can relate to fraud queue, activated rules, tracked rules, active rules, and suspended rules.
  • Figs. 16 and 17 illustrate how a cardholder can interact with the system.
  • the Cardholders can enter rules themselves. One way that they can do this is by choosing to have a particular rule from a template enabled.
  • the list of templates available to a Cardholder whose payment card is part of a particular product might be:
  • the invention provides the interface to the Issuer's online banking system.
  • This interface is web-based, although it is not expected that the web interface is delivered directly to the Cardholder. Rather, it is expected that the web-based interface is driven by the Issuer's computer systems.
  • a list of template rules is provided, from which the Cardholder can add one or more for their particular credit card.
  • Cardholder requests list of current rules for cardholder and can delete one (Fig. 17)
  • the Cardholder requests a list of current rules available and selects the option to delete one.
  • the Cardholder requests the set of rules that are set up for a particular PAN. The Cardholder can then optionally delete one of these rules.
  • the Cardholder generates a new rule rather than choosing from a list of pre-defined template rules and applies this rule to the credit card.
  • the system supports access by a Customer Service Representative.
  • the Issuer's CSR Customer Service Representative
  • the Issuer's CSR can perform all functions that a Cardholder can perform as well as one other.
  • the same interface is used for CSR functions as is provided for Cardholder functions. It is expected that an Issuer's existing CSR application will be integrated to allow this extra functionality.
  • the CSR can see logged activity for a credit card number over a time range.
  • the CSR can look into a particular item and see the underlying message if available.
  • Auditor views transaction log (Fig. 19) The Auditor can look into the transaction log to see the detail of the processing of the system.
  • the Auditor examines one particular set of rules in detail (Fig. 20)
  • the Auditor can enable rule tracking, which enables the Auditor to track all of the decisions relating to a particular rule. When rule tracking is switched on the Auditor will see each condition being tested and the result of the test.
  • the Technical Operator can modify all tables in the database through a web browser.
  • the Technical Operator uses an application to allow the starting and stopping of each processing node 15.
  • the technical operator must instruct the processing nodes to begin using the new registry that they have been sent, This is achieved with this use case.
  • O&M node checks status of processing nodes (Fig. 25)
  • the O&M Node sends a status request message once every 10 seconds to each O&M node.
  • the O&M node replies with a response, and on the basis of this, the O&M Node database entry is updated.
  • the database is backed up to tape on a nightly basis.
  • the data on tape can be restored into the database.
  • the system 4 generates a large number of messages and logged items. These objects are taken out of the database after they have been there for a period of time in order to prevent the database from growing too large. Over time, the expired rules (rules that are past the end of their stop date) must be archived. Management information (MIS) reports are run from a different database server. Entities relevant to MIS reports are copied into a separate database. Fraud alarm/ Rejection alarm/ Authorisation confirmation
  • This invention allows notifications (SMS/email) that are sent to cardholders to serve different functions:
  • Rules are set within the rule processor to prevent fraud. When a rule infringement and possible fraud is detected, a fraud alarm can be triggered and a notification sent to the cardholder in order to alert them of possible fraud.
  • a notification can be sent to alert the cardholder about a transaction that has been declined for a reason other than the infringement of a rule. For instance, if the card management system decides that a particular transaction would push a cardholder over their credit limit, it normally does this silently. However, the invention can be configured to see this rejection and to send a message to the cardholder informing them of the rejection.
  • the invention can be configured to see all approvals and to send a message to the cardholder informing them of the approval.
  • the cardholder could use his/her computer to access and switch off the rule that is denying the card's use.
  • the card can be thus activated.
  • the invention allows rules to be accessed by Cardholders through an online banking platform.
  • the online banking platform is responsible for construction of credit card management web page.
  • the online banking platform calls the verification system in order construct the required web page.
  • the verification system of the invention provides four services to the online banking platform to aid it in constructing the card management web page:
  • a screen of the interface 2 is shown, the screen shown is an example of a basic rule activation screen.
  • the customer can access this screen through their online banking channel, at an ATM, or through a customer representative.
  • This basic rule activation is part of the existing renewal or registration process.
  • the Issuer may inform the Cardholder that their card will not operate in a specific geographic region that may be sensitive to fraud unless the Cardholder informs them to the contrary by telephone or online that there are specific countries that they wish to "turn on”.
  • a customer segment uses the verification system through the card product they have chosen to use i.e. where the card product has predetermined parameters e.g. transaction type or geographic set to Issuer determined defaults when the card is issued but changed by the Cardholder to suit their own particular requirements whether it is security or control they are concerned about.
  • predetermined parameters e.g. transaction type or geographic set to Issuer determined defaults when the card is issued but changed by the Cardholder to suit their own particular requirements whether it is security or control they are concerned about.
  • Fig. 29 illustrates an example of a parent controlled teenager card and how the verification system enhances the security and control for the parent.
  • the card product design of this particular customer segment would be driven by specific customer needs for credit control and security.
  • An example of this would be a corporate Card Manager as detailed in Fig. 30. Designed for the corporate market where a financial controller may wish to centrally control the individual usage profiles of the company's payment card base using rules similar to previous examples. Rules could also exclude specific merchants or alternatively may allow the card to be used only at specific merchants i.e. as a controlled purchasing card.
  • Transaction rules form an important part of the operation of card management systems by card issuers. These are rules that are usually applied at either a system level i.e. a rule that will apply to all cards issued by that institution or at a product level i.e. a rule that will apply to a particular card product such as a Gold Card.
  • An example of a rule might be to deny or refer all transactions from a country that is deemed to be a particular hotspot for card fraud.
  • the invention allows the cardholder to control what happens in the authorisation process via the establishment of a rule set that will apply to all cardholder's transaction.
  • the cardholder can remotely create, delete or amend rules e.g. through online banking channels.
  • the invention at the Issuers discretion allows for the cardholder to be alerted in real-time of a rule infringement thus alerting him to potential misuse of their payment card and allows them to respond automatically to this alert in real-time to confirm their authenticity thus allowing the transaction to proceed.
  • the invention will reduce and displace the incidence of fraud in payment card networks. It effectively helps manage the risk of card fraud.
  • the system can be used as a complementary technology and as such the card Issuers can implement it as another line of defence in the fight against fraud.

Abstract

A transaction processing system for the real time authorisation of payment transactions, The system comprises a verification system (4) connected to an issuer card management system (3). A cardholder can access the system via an interface (2) which can be for example the Internet, a wireless device, telephone, or a branch visit. The interface allows the cardholder to input rules governing how their credit card transactions are to be authorised. When the cardholder initiates a purchase transaction with their credit card, an authorisation request is passed from the card network to the verification system which executes the rules created by the cardholder in order to approve or deny the transaction.

Description

"Transaction Processing"
INTRODUCTION
Field of the Invention
The invention relates to real time authorisation of transactions using non-cash payment instruments such as credit cards and debit cards.
Prior Art Discussion
While there has been much discussion in recent years concerning card-not-present (and particularly Internet shopping) fraud, in fact the bulk of credit card fraud arises from card-present transactions. For example, card "skimming" often results in a fraudulent card being produced and used, possibly in a different country from where the skimming occurred. Another example is mail interception, in which cards are stolen from the postal system as they are en route to the customer.
While the losses arising from fraud are very considerable, efforts to date at providing new systems to reduce fraud have met with only limited success. In one approach marketed by the company Orbiscom™ a "disposable" card number is issued to which limited use conditions are applied. This approach appears to be of benefit for Internet transactions, however it is generally believed to be of little benefit for card present transactions.
In anotlier approach, "neural intelligence" is used by the issuer to monitor proposed transactions and to block those which do not appear to fit a usage pattern for the cardholders. These systems monitor patterns of usage and on the basis of this monitoring, determine when usage is out of the ordinary. While this appears to be a very helpful approach, it suffers from practical problems. For example, a cardholder may find to his or her embarrassment and inconvenience that he or she can not use a card when on holiday in a foreign country. The overall impression the cardholder has is that he or she is not in control and does not understand how his or her transactions are controlled.
The invention is therefore directed towards providing a system and method for real time processing of transactions to reduce overall fraud. Another object is to help ensure that cardholders are more in control of how their cards are used and that they are informed of what is happening.
SUMMARY OF THE INVENTION
According to the invention, there is provided a transaction processing system comprising an interface for receiving authorisation requests, an interface for transmitting authorisation outputs, and a processing means comprising means for determining from authorisation request data if the system output should be positive for negative, characterised in that the processing means comprises:
a setup means comprising means for storing transaction conditions associated with particular customers, and
authorisation means for dynamically retrieving a transaction condition associated with the customer of each authorisation request on a per- transaction basis and for applying said conditions to the authorisation request.
In one embodiment the setup means comprises an interface comprising means for allowing each customer to define said conditions.
In one embodiment said interface comprises a Web server. In another embodiment the setup means comprises means for storing predefined template conditions, and for allowing a customer to select predefined template conditions for his or her card.
In a further embodiment the setup means comprises a fraud manager interface comprising means for allowing a fraud manager with access control to define said template conditions.
In one embodiment the predefined template condition comprises specific placeholders for conditions, values and logical operators.
In one embodiment the setup means comprises input means for allowing a customer to input customer specified parameters to the predefined template conditions.
In another embodiment each template comprises an associated action which is the action to be taken if, upon evaluation, the template condition evaluates to "true".
In a further embodiment at least some of the conditions are in the form of program code rules.
In one embodiment the setup means comprises means for maintaining a rule database.
In one embodiment the rule database comprises means for storing rules in a format which is indexed on a particular customer or customer card number.
In another embodiment said rules comprise system, product and customer rules.
In one embodiment said rules are stored in a format which does not require parsing of logical string-based expressions for processing. In one embodiment the authorisation means comprises means for automatically transmitting a notification to a customer under control of the conditions.
In another embodiment the authorisation means comprises means for receiving confirmation of authorisation from a customer in response to a notification.
In a further embodiment the authorisation means comprises means for successively applying system-level, card product-level, and the customer conditions upon receipt of an authorisation request.
In another embodiment the authorisation request interface comprises a network interface for interfacing with a card payment network.
In one embodiment the authorisation request interface comprises a network interface for interfacing with an issuer front end system.
In one embodiment the output interface further comprises a card management system interface means for interfacing with an issuer card management system.
In one embodiment the network interface comprises means for communicating over TCP/IP, X.25, Serial, Modem, SNA or any other communication format.
In a further embodiment the network interface comprises for converting received messages into a general standard data format.
In another embodiment the network interface comprises a communication header module for converting received messages into a standardised data sequence of bytes. In one embodiment the card management system interface comprises a protocol header module comprising means for converting a standardised sequence of bytes received from the network interface into an internal format for processing.
In another embodiment the card management system interface comprises a protocol header module comprising means for converting a standardised sequence of bytes received from a communications header module into an internal format for processing.
In a further embodiment the communication header and the protocol header modules comprise means for sequentially checking for, receiving, converting and routing messages and data.
In one embodiment the communication header and protocol header modules comprise means for routing transaction requests and responses between the card payment network and card management system.
In one embodiment the authorisation means comprises means for updating the rules database in real time.
In another embodiment the authorisation means comprises means for automatically transmitting a notification to a fraud manager if a possible fraud is detected.
In a further embodiment the setup means comprises means for automatically transmitting a notification to a customer if a possible fraud is detected.
In one embodiment the authorisation means comprises means for automatically transmitting a notification to a customer if an authorisation request is rejected. In another embodiment the authorisation means comprises means for automatically transmitting a notification to a customer if a request is authorised, allowing a customer to maintain a local log of authorised requests.
In a further embodiment the setup means comprises means for controlling customer activation of a card.
In one embodiment said controlling means comprises an on-line banking interface.
In another embodiment said controlling means comprises an ATM interface.
In a further embodiment the authorisation means comprises means for receiving a cardholder request that a card be deactivated.
In one embodiment said means comprises means for receiving an SMS from a cardholder.
According to another aspect of the invention, there is provided A transaction processing method carried by a verification system, and comprising the steps of:
(i) receiving a transaction condition associated with a customer ;
(ii) writing said condition to a condition database also storing conditions associated with other customers;
(iii) receiving a transaction authorisation request from a transaction network;
(iv) processing said received authorisation request by dynamically retrieving a condition associated with the customer of the authorisation request on a per transaction basis; (v) applying said condition and determining from the authorisation request data if the requested transaction should be approved or denied.
DETAILED DESCRIPTION OF THE INVENTION
Brief Description of the Drawings
The invention will be more clearly understood from the following description of some embodiments thereof, given by way of example only with reference to the accompanying drawings in which :-
Fig. 1 is a flow diagram illustrating signal transfers for transaction processing of the invention;
Figs. 2(a), 2(b) and 2(c) are block diagrams illustrating alternative arrangements for connecting the components of a verification system of the invention;
Fig. 3 is a diagram showing interaction between a front end system and a card management system;
Figs. 4, 5, and 6 are flow diagrams showing signalling at a lower level;
Fig. 7 is a flow diagram illustrating processing steps in more detail;
Fig. 8 is a diagram illustrating a database object containing templates and cardholder rules;
Figs. 9 to 13 are diagrams illustrating interactions between a fraud manager and a rule database; Figs. 14 and 15 are diagrams showing interactions between a fraud manager and a Web server;
Figs. 16 to 27 are diagrams showing interaction between people of various roles and systems of the invention; and
Figs. 28, 29, and 30 are sample screen shots for system displays.
Description of the Embodiments
Referring to Fig. 1, in overview, in a step A a cardholder system 1 accesses a banking interface 2 via the Internet, although it may alternatively be via wireless device, telephone or branch visit. The banking interface 2 is operated by an issuing bank of which the cardholder is a customer. The interface 2 is connected to an issuing system 3, in turn connected to a verification system 4. The interface 2 allows the cardholder to input rules governing how credit card transactions with her card are to be authorised. These rules can be set according to a wide variety of parameters such as:-
• deny if merchant is located outside of Ireland, • deny if the transaction amount exceeds EUR300, or
• notify me by SMS for every transaction greater than EUR100.
The rules are updated to the verification system in a step B, and are maintained in a rule database. They can be dynamically varied by the cardholder or by issuer personnel such as a fraud manager.
In a step C the cardholder initiates a purchase transaction with her card, the transaction being handled by a merchant system 5. In a step D the merchant system 5 forwards the transaction details to an acquiring system 6, which in step E forwards an authorisation request to a card network device 7. In a step F the verification system 4 executes the rules created by the cardholder in order to pass on or deny the transaction. If passed on, the issuing system 3 is updated in a step G, otherwise a deny signal is transmitted in a step H.
It will be appreciated that the systems and method allow the cardholder to be involved in the overall authorisation cycle so that usage control is tailored to his or her requirements.
This opens up other services in addition to effective fraud control. For example, a rule may require for an SMS notification to be forwarded to a parent every time a card is used. This allows parents to continually monitor and track usage for parental control and information purposes. In effect, suitable rules can cause a full audit trail to be generated in real time, when the information is required and is of most benefit.
We shall refer to the sequence of Fig. 1 as being the 'authorisation chain'. It can be described as a chain because it consists of the Merchant requesting an authorisation from an Acquirer; an Acquirer requesting an authorisation from the network and the network requesting authorisation from the Issuer.
This invention inserts into this chain a device whose function is to implement Cardholder authorisation rules. This device is located at an Issuer's premises or at a remote location and is connected to the Issuer's systems using secure communication means.
Figs. 2(a), 2(b) and 2(c) show three alternative arrangements for integrating the verification system into an authorisation system. The main components are the verification system (also referred to as the rule processor) 4, the card management (Issuer) system (CMS) 3, and optionally a front end system (FES) 10.
The function of the rule processor 4 is to decide whether a particular request should be passed on to the issuer or declined based on the processing of system, product and cardholder rules. The rule processor makes this decision by evaluating rules on the authorisation request. These rules are read in from a rule database. Three types of rules can be entered into the rule database:
• Rules that must be evaluated on every authorisation request - 'System Rules'
• Rules that must be evaluated on authorisation requests that relate to payment cards that form part of a particular product ("Product Rules").
• Rules that must be evaluated on authorisation requests that are for particular payment cards - 'Cardholder Rules'.
The CMS 3 is the terminal device in the authorisation chain. Authorisation request responses are generated by this device. The FES 10 interfaces with the card payment network and receives authorisation requests. The rule processor 4 further comprises an SMS/Email gateway 19 which allows email SMS, EMS, MMS or any other communication format messages to be sent to the cardholders or received from the cardholders.
Referring to Figs. 2(a) the rule processor 4 is connected between the FES 10 and the CMS 3. The corresponding Fig. 3 illustrates the flow of requests in this embodiment. In the normal mode of operation, an authorisation request received from the card payment network moves from the FES 10 and into the rule processor 4. The rule processor decides whether the authorisation request is sent on to the CMS 3, or whether an authorisation request response - a decline - is sent back to the network side device. The system also supports a bypass mode of operation used by default if a malfunction or failure is detected in the rule processor. In the bypass mode requests are routed directly from the FES to the CMS.
Referring to Fig. 2(b), in another embodiment the rule processor 4 is interfaced to the FES 10. In operation, authorisation requests from the card payment network received by the FES 10 are routed to the rule processor 4. The rule processor applies rules to the requests and sends them back into the FES which decides whether or not to route them to the CMS 3. Ref erring to Fig. 2(c), in another embodiment authorisation requests are accepted from the card payment network into the rule processor 4, where rules are applied to the requests. The rule processor then routes permitted authorisation requests to the CMS 3.
The verification system (or rule processor) of the present invention is designed to integrate flexibly into existing card management (Issuer) systems. While it is possible to include additional functionality by adding more features to a particular 'card management system' because each card management system is different such an approach is problematic. The verification system is designed to be placed in the authorisation chain as a separate entity within that chain. However, in order to integrate the verification system into existing card management systems significant communications issues must be addressed.
Figs. 4 to 6 illustrate the communication modules and routing processes of the invention.
ISO8583 is used over many different types of communications media, depending on the equipment that is being used and the preferences of the institutions involved. These media include:
TCP/IP X.25 SNA
Serial Line Modem
Messages that are sent between entities involved in the authorisation process are standardised according to the ISO8583 standard - "Bank card originated messages -
Interchange message specifications - Content for financial transactions'. To facilitate connection and integration of the verification system of the invention into an existing authorisation chain a module which converts messages from any particular medium into a "stream of bytes" is used. This module is a CH (Communications Header).
Referring to Fig. 4 an ISO8583 Message is read by a CH (Communications Header) from whatever form of communications channel the incoming messages are arriving on. The message is converted into a sequence of bytes and passed to a PH (Protocol Header) module. The CH is a module that sends and receives data without regard to the content. It understands and implements the specifics needed to handle connections over different media - e.g. TCP/IP, X.25, Serial and Modem. It provides common functions for the set- up, management and teardown of open connections. The PH layer converts the message from a specific 8583-message implementation into an internal 'Normalised' form. This form is independent of any vendor specific implementations.
After being processed by a 'Test Rules' process of the rule processor (described later) the message is converted from the 'Normalised' form back into a specific 8583 implementation via the PH layer, and then is sent to its destination via the CH layer.
Referring to Fig. 5 the CH connects to its PH module. It then attempts to connect to its 8583 source using the specified method (TCP/IP, X.25 or Serial). It then checks whether there are any bytes ready to be accepted from the PH module. If there are no bytes available it immediately checks whether there are any available from the 8583 source. If there are none, it immediately goes back to check whether there are any bytes available from the PH and proceeds as before.
If there are bytes available from the PH, they are read, and sent to the 8583 source, and then checks are made for bytes being available from 8583 source and PH as before.
If there are bytes available from the 8583 source, they are read, and sent to the PH, and then checks are made for bytes being available from the PH and the 8583 source as before. ISO8583 is a standard that describes the messaging that is used to allow organisations to exchange messages that relate to 'Bank Cards'. This specification although complete in many ways is interpreted differently by different organisations. The differences relate for example to the specific meaning of a field, or the choice of field to hold a particular piece of data or how a particular response is to be interpreted. For the invention, the implication of this problem is that a message from one source may differ significantly from a message from another source, not because of any difference in the core transaction details, but because of differences between the organisations that are feeding the transactions into the verification system.
Because of this, a technique is presented for converting many known implementations of ISO8583 into a single generalised format. Examples of 8583 protocol implementations include:
Figure imgf000015_0001
Referring to Fig. 6 the PH initially connects to a 'Test Rules' process of the rule processor. It then connects to the CH. It checks whether there are any bytes available from the CH. If there are not, it immediately checks whether there are any messages available from the Application Process. If there are none, it goes back to check for bytes from the CH and so on. If there are bytes available from the CH, they are read and converted into a message. At this stage, the message is in the format of a vendor specific implementation of ISO8583. This message is then converted into a normalised form using transformations that are specific to this specific PH. These transformations are very much related to each vendor's implementation and thus can be arbitrarily complicated. For example, a particular field may be broken down in a particular manner by a vendor implementation.
After the normalised message is generated, it is sent to the application process. The PH then goes back to checking for bytes from the CH.
If a message is available from an application, it is read and converted to de-normalised form using PH transformations. It is then converted into a sequence of bytes and passed to the CH. The PH then goes back to checking for bytes from the CH.
Referring to Fig. 7 the authorisation cycle or "Test Rules" process of the rule processor is shown in more detail. The request is generated in step 101. If the number prefix is that of a valid product (step 102) in step 104 system rules are applied. If the output is negative in step 113 a decline response is generated. Otherwise, in step 105 product rules are applied. If the output is negative, again a decline response is generated. Otherwise, the Cardholder rules are applied in step 106. Again, this may provide a positive or a negative outcome.
The three possible outcomes of application of the sequence of three sets of rules are: decline, approve and pass to CMS, and create fraud queue item.
The third outcome causes an item to be added to a fraud queue. In this embodiment, a decline outcome may cause a message to be sent to the Cardholder (steps 116, 117, 118). Process Messages According to Defined Rules
The Cardholder can communicate through the Issuer's computer system. The Cardholder communicates with the Issuer's computer system through whatever means the Issuer's computer system supports - e.g. Internet, phone, WAP. By doing this, the Cardholder can enter a set of rules. A rule may be in the form of IF (Condition) THEN (Action)
Each Condition can be a set of comparisons separated by AND and OR. Each comparison compares a authorisation request data element with a value. An example of a condition would be: Amount > "100.00" AND (MerchantCountry = "IE" OR MerchantCountry ="UK")
This example condition would apply whenever the transaction amount is greater than 100 and the Merchant is registered in Ireland or the UK.
Each action is one of three choices - either 'decline' or 'accept' or 'advise Fraud Manager or advise Cardholder in the event of an automatic confirmation system being implemented'. The term 'decline' means to not send the request onwards to the CMS, but to send an authorisation rejection back towards the Acquirer. The term 'accept' means to send the authorisation request on towards the Issuer. The term 'advise Fraud Manager' means to send a message to a Fraud Manager about the authorisation.
In addition to cardholder rules, the Fraud Manager in the issuing institution can also enter rules. These rules can be entered at three levels. The first of these is the set of rules that are run for every transaction that passes through the system - these are termed 'system' rules. The second of these is the set of rules that are run for each 'product' that the issuing institution markets. A product in this sense is a set of credit card number ranges that are grouped together. The third of these is the set of 'template rules' for a particular product. These are pre-written rules that a Cardholder who has a card from particular product can 'opt into' without having to write the rule themselves.
The invention allows complex rules to be built and enables them to be executed in a very time-efficient manner by using template rules.
Each template is built in response to Fraud Manager inputs by the Fraud Manager and is given an index number (#1, #2, ..). Each template comprises a set of empty placeholders for up to ten conditions. Each condition comprises the following:
Template index Number Unique identifier for this template. Field Number Number of field in message Eg 'Field32 could be Merchant Country'
Condition Condition to apply to field Eg - 'equals'/ 'does not equal' / 'is less than' / 'is greater than'
Value - Value to compare against
Logical Operator - Operator to use with next condition Eg - 'AND' / 'OR'
Also associated with each template is an 'Action'. This is the action to take if the condition evaluates to 'True'. Each action is composed of the following elements:
Event - Event that should take place
Eg - 'Decline' / 'Approve' / 'Advise'
Direction - Direction to send message Eg - 'Forward' / 'Back'
Response Code - Value to set in 'Response Code' field of message. Eg - '01 - refer to Card Issuer' Each template also includes 'Notification' fields. These fields indicate whether an Email or SMS notification should be sent if the condition above evaluates to 'True'.
Cardholder Rules Each cardholder rule comprises a reference to a template and any information required by that template. Accordingly, the fields involved are:
Card Number -The unique number of the card
Template -The number of the template to which this rule refers.
Parameterl -If any conditions for this template require a parameter
(eg Template condition is 'Amount >= User_Specified_Amount), the first of these parameters is stored here. Parameter2 -As Parameterl above.
SMS Address -SMS Address of this cardholder if required.
Email Address -Email Address of this cardholder if required.
Sequence -Sequence in which the rules associated with this cardholder should be executed.
All of the cardholder rules in the system are stored in the system database and are indexed and clustered on card number.
Real Time - not Batch
The invention allows Cardholders and Fraud Managers to view and modify rules while, at the same time, processing authorisation transactions using these rules. Updates to the rules can be made in real time with the effect of such a change being immediate.
In order to allow this to occur, 'database transactions' are defined for the purposes of reading and updating the table in which rules are stored. The purpose of these transactions is to allow updates to rules to occur in the moments between one authorisation transaction and the next. Processing Efficiency
The processing efficiency of the system is based upon the time taken to read all rules related to a particular card out of the database and the time taken to computationally apply the rules to the transaction in hand.
By having cardholder rules refer to templates rather than exist in a stand-alone manner makes each cardholder rule very small (<100 bytes). This means that a minimal amount of disk space will be used per rule, and so more rules can be read per database read.
By clustering the cardholder rules within the database on Card Number, all rules related to a particular Cardholder can be read in one disk read by the database.
By allowing templates to have specific placeholders for conditions, values and logical operators there is no requirement for the normal parsing of logical string-based expressions. Processing can proceed without the need for intensive string parsing.
Referring to Fig. 8, an example of a database object containing two templates and two sets of Cardholder rules is illustrated.
Template #1 contains the rule:
IF (Field32='Africa' OR Field32='Asia' OR Field32= 'Australia') THEN
Sent Decline Back with Response Code 2
Send SMS and Email to Cardholder
Template #2 contains the rule:
IF (Field41.2='20' OR Field41.2='20) THEN
Send Decline Back with Response Code 2
Cardholder Rules for card '1234123412341234':
IF (Card Number is '1234123412341234') Apply Template 1 with no parameters, and SMS Address 0872337868 and Email Address joebloggs@aol.com
Apply Template 2 with no parameters, and no SMS Address and no Email Address
Cardholder Rules for card '9999999999999999':
IF (Card Number is '9999999999999999') App y Template 1 with no parameters, and SMS Address 0872337868 and Email Address joebloggs@aol.com
Figs. 9 to 25 illustrate how Issuer Personnel and Cardholders interact with the rule processor.
Users of the system are as follows:
Figure imgf000021_0001
Manager person to add rules to particular control how particular credit card products operate. This can be done in order to reduce Fraud, or in order to create new types of credit card products with different operating profiles.
CSR The Customer Service Representatives answer queries from Cardholders. The invention allows CSRs to perform all of the tasks that a Cardholder can perform. Also, the CSR is able to view details on the authorisation requests and responses for particular cards over given time periods.
Technical The Technical Operator is responsible for starting and stopping the system, Operator editing database data, applying new configuration data to the system and checking the status of the system.
Auditor The Auditor's is allowed see, at a great level of detail the decisions being made by the system, and is able to trace these decisions back to individual messages and rules.
The Fraud Manager is that person in the Issuing Institution whose function is to track and minimise the incidence of fraud in the institution. This person and the Cardholder are the prime users of the system 4. The Fraud Manager configures the system 4 according to the needs of the Issuer. Figs. 9 to 15 illustrate some interactions of the Fraud Manager with the system.
Fraud Manager adds or modifies products (Fig. 9)
The Fraud Manager must define those products that the Issuer uses. A product is a set of credit cards that a Fraud Manager wishes to view as a single entity for the purpose of applying rules to them. These may in fact be individual products that the Issuer offers its customers (e.g. Standard Card, Gold Card, Platinum Card,) or they may be collections or subsets of same.
Fraud Manager adds or modifies BIN (Fig. 10)
Each Issuer has a set of allocated credit card number prefixes (Bank Identifier Numbers or 'BIN's). In the natural course of events, it divides these up between the products that it creates. For instance, it might create a student credit card product, a normal credit card product and a gold credit card product. These products, and their associated BIN's are entered into the system as part of the product definitions.
Fraud Manager modifies system or product or template rules (Fig. 11)
The Fraud Manager can add rules to the system 4 of types 'System', 'Product' or 'Template'. Rules lie at the core of the system 4 and are in three types. Each rule type is applied in the following order to each authorisation request message:
• System Rules are applied to all messages arriving from the network.
• Product Rules are applied to all messages in particular BIN ranges arriving from Network.
• Cardholder rules are applied to all messages that relate to a particular credit card number. A Cardholder rule can be created in one of two ways: • It can be created by the Fraud Manager as a template rule, and can then be opted into by the cardholder. For example, the Fraud Manager might create a template rule that defines how to reject a transaction if the Merchant is not a European merchant. A Cardholder might then be asked whether they wanted to 'switch on' this rule on their card. If they decide to, a new rule is generated for them, based on the template rule. • The Cardholder can generate it directly.
Fraud Manager modifies rule sequence (Fig. 12)
The order of execution within each set of rules (system, product and cardholder) can be modified by the Fraud Manager as required.
Fraud Manager views cardholder rules (Fig. 13)
The Fraud Manager can view but not modify Cardholder rules. A "PAN", is the industry term for a credit card number ("Primary Account Number").
Fraud Manager reviews fraud queue and acknowledges an item (Fig. 14) A fraud queue is a queue of issues that Fraud Managers go through on a regular basis. These issues are those items that have matched rules whose action was 'Advise Fraud Manager' or 'Decline'. Each item on the fraud queue has to be acknowledged by a Fraud Manager. Several different Fraud Managers can be looking at the fraud queue and acknowledging items at the same time.
Fraud Manager requests report (Fig. 15)
The Fraud Manager can get various reports from the system 4. These can relate to fraud queue, activated rules, tracked rules, active rules, and suspended rules.
Fraud Manager sets up system options (Fig. 16)
There are various system settings that the Fraud Manager needs to set up. These settings are global, i.e. in that they apply to all products. • Monitor only without declining • Archival Options - when to archive and how old items must be before they are archived.
Figs. 16 and 17 illustrate how a cardholder can interact with the system. The Cardholders can enter rules themselves. One way that they can do this is by choosing to have a particular rule from a template enabled. The list of templates available to a Cardholder whose payment card is part of a particular product might be:
Deny Access Outside Ireland
Deny Access Outside Europe
Deny Access Outside Europe and US • Deny Access to Internet Merchants
Deny All Transactions unless Specified
Deny All Internet Transactions unless Specified
Allow One-Time Transaction for (£50, £100, £500, £1000) Alternatively, the Cardholder can define a Rule from scratch in the same way that the Fraud Manager defines one.
Cardholder requests list of templates available for credit card number, and adds one (Fig. 16)
The invention provides the interface to the Issuer's online banking system. This interface is web-based, although it is not expected that the web interface is delivered directly to the Cardholder. Rather, it is expected that the web-based interface is driven by the Issuer's computer systems. Here a list of template rules is provided, from which the Cardholder can add one or more for their particular credit card.
Cardholder requests list of current rules for cardholder and can delete one (Fig. 17)
Referring to Fig. 17, the Cardholder requests a list of current rules available and selects the option to delete one. The Cardholder requests the set of rules that are set up for a particular PAN. The Cardholder can then optionally delete one of these rules.
The Cardholder generates a new rule rather than choosing from a list of pre-defined template rules and applies this rule to the credit card.
As shown in Fig. 18 the system supports access by a Customer Service Representative. The Issuer's CSR (Customer Service Representative) can perform all functions that a Cardholder can perform as well as one other. The same interface is used for CSR functions as is provided for Cardholder functions. It is expected that an Issuer's existing CSR application will be integrated to allow this extra functionality.
Referring to Fig. 18, the CSR can see logged activity for a credit card number over a time range. The CSR can look into a particular item and see the underlying message if available.
Functional Requirement - allow Auditor to verify integrity of system The Issuer's auditors - internal and external - must be able to see how and why the software functions in the way that it does. The overall functionality of the system is to allow Issuers and Cardholders to selectively decline transactions, so the reason for a transaction either being declined or not has to be clear to an Auditor.
Auditor views transaction log (Fig. 19)The Auditor can look into the transaction log to see the detail of the processing of the system.
Auditor examines one particular set of rules in detail (Fig. 20) The Auditor can enable rule tracking, which enables the Auditor to track all of the decisions relating to a particular rule. When rule tracking is switched on the Auditor will see each condition being tested and the result of the test.
Functional Requirement - allow technical team to control and configure system The Technical Operator has the job of configuring the system for use, and maintaining it thereafter. Most of this configuration resides in the database. However, it would be inefficient for the processing nodes to have to read their own configuration from the database. Instead their configuration is loaded into a local database on each processing node. This means that there is a requirement for parts of the database to be loaded into the local database on each processing node by the Technical Operator.
Technical Operator modifies database through web browser (Fig. 21)
The Technical Operator can modify all tables in the database through a web browser.
Technical Operator starts/stops processing nodes (Fig. 22)
The Technical Operator uses an application to allow the starting and stopping of each processing node 15.
Technical Operator sends new configuration to the processing nodes (Fig. 23) The technical operator must instruct the processing nodes to begin using the new registry that they have been sent, This is achieved with this use case.
Technical Operator triggers the processing nodes to begin using a new configuration (Fig. 24)
The technical operator must instruct the processing nodes to begin using the new registry that they have been sent, This is achieved with this use case.
O&M node checks status of processing nodes (Fig. 25) The O&M Node sends a status request message once every 10 seconds to each O&M node. The O&M node replies with a response, and on the basis of this, the O&M Node database entry is updated.
Functional Requirement - perform all system maintenance functions automatically At the end of each period (such as a day), the system 4 must run several procedures automatically.
Database is backed up (Fig. 26)
The database is backed up to tape on a nightly basis.
Database is restored (Fig. 27)
The data on tape can be restored into the database.
The system 4 generates a large number of messages and logged items. These objects are taken out of the database after they have been there for a period of time in order to prevent the database from growing too large. Over time, the expired rules (rules that are past the end of their stop date) must be archived. Management information (MIS) reports are run from a different database server. Entities relevant to MIS reports are copied into a separate database. Fraud alarm/ Rejection alarm/ Authorisation confirmation
This invention allows notifications (SMS/email) that are sent to cardholders to serve different functions:
• They can be configured to act as a 'Fraud Alarm'
Rules are set within the rule processor to prevent fraud. When a rule infringement and possible fraud is detected, a fraud alarm can be triggered and a notification sent to the cardholder in order to alert them of possible fraud.
• They can be configured to act as a 'Rejection Alarm'
A notification can be sent to alert the cardholder about a transaction that has been declined for a reason other than the infringement of a rule. For instance, if the card management system decides that a particular transaction would push a cardholder over their credit limit, it normally does this silently. However, the invention can be configured to see this rejection and to send a message to the cardholder informing them of the rejection.
• They can be configured to act as an 'Authorisation Confirmation' A notification can be sent to a cardholder whenever a transaction is approved. A cardholder may wish to use this feature to maintain an email log of all transactions on a card.
The invention can be configured to see all approvals and to send a message to the cardholder informing them of the approval.
Card Activation
Much credit card fraud exists in the form of "Mail Fraud". This fraud occurs when a fraudster intercepts a latter containing a credit card, which is on the way to a cardholder. In order to eliminate this form of fraud, the system 4 can establish rules denying the use of each recently issued credit card until an activation event occurs. This activation event can have a number of forms:
• The cardholder goes to an ATM machine and enters the new card followed by the allocated PIN. A transaction is then sent to the issuing bank from the ATM. This transaction is specially formatted to that when the transaction goes through to the processor of the invention, the processor deactivates the rule that is denying the card use. The card is thus "Activated".
• Alternatively the cardholder could use his/her computer to access and switch off the rule that is denying the card's use. The card can be thus activated.
Online-banking access
The invention allows rules to be accessed by Cardholders through an online banking platform. The online banking platform is responsible for construction of credit card management web page. The online banking platform calls the verification system in order construct the required web page.
The verification system of the invention provides four services to the online banking platform to aid it in constructing the card management web page:
•List all rules that a Cardholder can switch on. •Display all rules that a Cardholder can switch off. •Switch a rule on. 'Switch a rule off.
Referring to Fig. 28, a screen of the interface 2 is shown, the screen shown is an example of a basic rule activation screen. The customer can access this screen through their online banking channel, at an ATM, or through a customer representative. This basic rule activation is part of the existing renewal or registration process. For example the Issuer may inform the Cardholder that their card will not operate in a specific geographic region that may be sensitive to fraud unless the Cardholder informs them to the contrary by telephone or online that there are specific countries that they wish to "turn on".
In another application, as shown in Fig. 29, a customer segment uses the verification system through the card product they have chosen to use i.e. where the card product has predetermined parameters e.g. transaction type or geographic set to Issuer determined defaults when the card is issued but changed by the Cardholder to suit their own particular requirements whether it is security or control they are concerned about.
These products are designed for Cardholders who may wish to have more active participation in how a card is used, for example, an ancillary card issued by a parent to a child where the parent wishes to control how, where and when the card is used by the child. Fig. 29 illustrates an example of a parent controlled teenager card and how the verification system enhances the security and control for the parent.
The card product design of this particular customer segment would be driven by specific customer needs for credit control and security. An example of this would be a corporate Card Manager as detailed in Fig. 30. Designed for the corporate market where a financial controller may wish to centrally control the individual usage profiles of the company's payment card base using rules similar to previous examples. Rules could also exclude specific merchants or alternatively may allow the card to be used only at specific merchants i.e. as a controlled purchasing card.
Transaction rules form an important part of the operation of card management systems by card issuers. These are rules that are usually applied at either a system level i.e. a rule that will apply to all cards issued by that institution or at a product level i.e. a rule that will apply to a particular card product such as a Gold Card. An example of a rule might be to deny or refer all transactions from a country that is deemed to be a particular hotspot for card fraud. It will be appreciated that the invention allows the cardholder to control what happens in the authorisation process via the establishment of a rule set that will apply to all cardholder's transaction. The cardholder can remotely create, delete or amend rules e.g. through online banking channels. In addition the invention at the Issuers discretion allows for the cardholder to be alerted in real-time of a rule infringement thus alerting him to potential misuse of their payment card and allows them to respond automatically to this alert in real-time to confirm their authenticity thus allowing the transaction to proceed.
It is expected that the invention will reduce and displace the incidence of fraud in payment card networks. It effectively helps manage the risk of card fraud. The system can be used as a complementary technology and as such the card Issuers can implement it as another line of defence in the fight against fraud.
The invention is not limited to the embodiments described but may be varied in construction and detail.

Claims

Claims
1. A transaction processing system comprising an interface for receiving authorisation requests, an interface for transmitting authorisation outputs, and a processing means comprising means for determining from authorisation request data if the system output should be positive for negative, characterised in that the processing means comprises:
a setup means comprising means for storing transaction conditions associated with particular customers, and
authorisation means for dynamically retrieving a transaction condition associated with the customer of each authorisation request on a per- transaction basis and for applying said conditions to the authorisation request.
2. A transaction processing system as claimed in claim 1, wherein the setup means comprises an interface comprising means for allowing each customer to define said conditions.
3. A transaction processing system as claimed in claim 2, wherein said interface comprises a Web server.
4. A transaction processing system as claimed in any preceding claim, wherein the setup means comprises means for storing predefined template conditions, and for allowing a customer to select predefined template conditions for his or her card.
5. A transaction processing system as claimed in claim 4, wherein the setup means comprises a fraud manager interface comprising means for allowing a fraud manager with access control to define said template conditions.
6. A transaction processing system as claimed in claims 4 or 5 wherein the predefined template condition comprises specific placeholders for conditions, values and logical operators.
7. A transaction processing system as claimed in any of claims 4, 5 or 6, wherein the setup means comprises input means for allowing a customer to input customer specified parameters to the predefined template conditions.
8. A transaction processing system as claimed in any of claims 4 to 7, wherein each template comprises an associated action which is the action to be taken if, upon evaluation, the template condition evaluates to "true".
9. A transaction processing system as claimed in any preceding claim, wherein at least some of the conditions are in the form of program code rules.
10. A transaction processing system as claimed in claim 9, wherein the setup means comprises means for maintaining a rule database.
11. A transaction processing system as claimed in claim 10, wherein the rule database comprises means for storing rules in a format which is indexed on a particular customer or customer card number.
12. A transaction processing system as claimed in claim 11, wherein said rules comprise system, product and customer rules.
13. A transaction processing system as claimed in claims 10 or 11, wherein said rules are stored in a format which does not require parsing of logical string-based expressions for processing.
14. A transaction processing system as claimed in any preceding claim, wherein the authorisation means comprises means for automatically transmitting a notification to a customer under control of the conditions.
15. A transaction processing system as claimed in claim 14, wherein the authorisation means comprises means for receiving confirmation of authorisation from a customer in response to a notification.
16. A transaction processing system as claimed in any preceding claim, wherein the authorisation means comprises means for successively applying system-level, card product-level, and the customer conditions upon receipt of an authorisation request.
17. A transaction processing system as claimed in any preceding claim, wherein the authorisation request interface comprises a network interface for interfacing with a card payment network.
18. A transaction processing system as claimed in claim 17, wherein the authorisation request interface comprises a network interface for interfacing with an issuer front end system.
19. A transaction processing system as claimed in any of claims 17 or 18, wherein the output interface further comprises a card management system interface for interfacing with an issuer card management system.
20. A transaction processing system as claimed any of claims 17 or 18, wherein the network interface comprises means for communicating over TCP/IP, X.25, Serial, Modem, SNA or any other communication format.
21. A transaction processing system as claimed in any of claims 17, 18 or 20, wherein the network interface comprises means for converting received messages into a general standard data format.
22. A transaction processing system as claimed in claim 21, wherein the network interface comprises a communication header module for converting received messages into a standardised data sequence of bytes.
23. A transaction processing system as claimed in claims 19 to 22, wherein the card management system interface comprises a protocol header module comprising means for converting a standardised sequence of bytes received from the network interface into an internal format for processing.
24. A transaction processing system as claimed in claim 19 or 22, wherein the card management system interface comprises a protocol header module comprising means for converting a standardised sequence of bytes received from a communications header module into an internal format for processing.
25. A transaction processing system as claimed in any of claims 22 to 24, wherein the communication header and the protocol header modules comprise means for sequentially checking for, receiving, converting and routing messages and data.
26. A transaction processing system as claimed in any of claims 17 to 25, wherein the communication header and protocol header modules comprise means for routing transaction requests and responses between the card payment network and card management system.
27. A transaction processing system as claimed in any of claims 10 to 26, wherein the setup means comprises means for updating the rules database in real time.
28. A transaction processing system as claimed in any preceding claim, wherein the authorisation means comprises means for automatically transmitting a notification to a fraud manager if a possible fraud is detected.
29. A transaction processing system as claimed in any preceding claim, wherein the authorisation means comprises means for automatically transmitting a notification to a customer if a possible fraud is detected.
30. A transaction processing system as claimed in any preceding claim, wherein the authorisation means comprises means for automatically transmitting a notification to a customer if an authorisation request is rejected.
31. A transaction processing system as claimed in any preceding claim, wherein the authorisation means comprises means for automatically transmitting a notification to a customer if a request is authorised, allowing a customer to maintain a local log of authorised requests.
32. A transaction processing system as claimed in any preceding claim, wherein the setup means comprises means for controlling customer activation of a card.
33. A transaction processing system as claimed in claim 32, wherein said controlling means comprises an on-line banking interface.
34. A transaction processing system as claimed in claim 32, wherein said controlling means comprises an ATM interface.
35. A transaction processing system as claimed in any of claims 17 to 34, wherein the authorisation means comprises means for receiving a cardholder request that a card be deactivated.
36. A transaction processing system as claimed in claim 35, wherein said means comprises means for receiving an SMS from a cardholder.
37. A computer program product comprising software for completing a transaction processing system as claimed in any of claims 1 to 36 when executing on a digital computer.
38. A transaction processing method carried by a verification system, and comprising the steps of
(i) receiving a transaction condition associated with a customer ;
(ii) writing said condition to a condition database also storing conditions associated with other customers;
(iii) receiving a transaction authorisation request from a transaction network;
(iv) processing said received authorisation request by dynamically retrieving a condition associated with the customer of the authorisation request on a per transaction basis;
(v) applying said condition and determining from the authorisation request data if the requested transaction should be approved or denied.
PCT/IE2002/000093 2001-06-27 2002-06-27 Transcation processing WO2003001866A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
EP20020743582 EP1402486A1 (en) 2001-06-27 2002-06-27 Transcation processing
US10/735,642 US20040128243A1 (en) 2001-06-27 2003-12-16 Transaction processing
US11/643,939 US20070198411A1 (en) 2001-06-27 2006-12-22 Transaction processing
US12/461,289 US8229854B2 (en) 2001-06-27 2009-08-06 Transaction processing
US13/531,905 US8639623B2 (en) 2001-06-27 2012-06-25 Transaction processing
US14/079,711 US10089618B2 (en) 2001-06-27 2013-11-14 Transaction processing

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IE2001/0594 2001-06-27
IE20010594 2001-06-27

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US10/735,642 Continuation US20040128243A1 (en) 2001-06-27 2003-12-16 Transaction processing

Publications (1)

Publication Number Publication Date
WO2003001866A1 true WO2003001866A1 (en) 2003-01-09

Family

ID=11042804

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IE2002/000093 WO2003001866A1 (en) 2001-06-27 2002-06-27 Transcation processing

Country Status (4)

Country Link
US (5) US20040128243A1 (en)
EP (1) EP1402486A1 (en)
IE (1) IE20020534A1 (en)
WO (1) WO2003001866A1 (en)

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004090825A1 (en) * 2003-04-08 2004-10-21 Secure Transaction Processing Limited System for secure transactions
EP1485846A1 (en) * 2002-03-05 2004-12-15 Visa U.S.A., Inc. System for personal authorization control for card transactions
WO2006085293A1 (en) * 2005-02-10 2006-08-17 Norkom Alchemist Limited A transaction data processing system
EP1934866A2 (en) * 2005-08-31 2008-06-25 Metavante Corporation System and method for locking and unlocking a financial account card
WO2009074847A1 (en) * 2007-12-11 2009-06-18 Xs Innovation Holdings Limited Account risk management and authorization system for preventing unauthorized usage of accounts
EP2095262A1 (en) * 2006-11-17 2009-09-02 Visa International Service Association Method and system for using payment history for conducting commercial transactions
US7895122B2 (en) 1999-04-13 2011-02-22 Orbis Patents Limited Person-to-person, person-to business and business-to-business financial transaction system
US8527416B2 (en) 2001-06-04 2013-09-03 Orbis Patents Limited Business-to-business commerce using financial transaction numbers
WO2014024150A1 (en) * 2012-08-07 2014-02-13 VALLY, Muhammed Method and system for intermediate analysis, control and preauthorisation of electronic payments
US8660955B2 (en) 2008-11-21 2014-02-25 Pscu Financial Services Method and apparatus for consumer driven protection for payment card transactions
US8676707B2 (en) 1998-03-25 2014-03-18 Orbis Patents Ltd. Credit cards system and method having additional features
WO2016062198A1 (en) * 2014-10-20 2016-04-28 阿里巴巴集团控股有限公司 Verification method and apparatus
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
EP3245805A4 (en) * 2015-01-16 2018-08-15 Van De Wetering, Stephen James Methods and systems for a personal data sharing app
US10121129B2 (en) 2011-07-05 2018-11-06 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US10154084B2 (en) 2011-07-05 2018-12-11 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US10223691B2 (en) 2011-02-22 2019-03-05 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US10223730B2 (en) 2011-09-23 2019-03-05 Visa International Service Association E-wallet store injection search apparatuses, methods and systems
US10242358B2 (en) 2011-08-18 2019-03-26 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US10262001B2 (en) 2012-02-02 2019-04-16 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US10586227B2 (en) 2011-02-16 2020-03-10 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US10825001B2 (en) 2011-08-18 2020-11-03 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10896462B2 (en) * 2017-01-05 2021-01-19 Financialapps, Llc System and method for aggregating and analyzing financial data
US11023873B1 (en) * 2017-03-31 2021-06-01 Square, Inc. Resources for peer-to-peer messaging
US11037138B2 (en) 2011-08-18 2021-06-15 Visa International Service Association Third-party value added wallet features and interfaces apparatuses, methods, and systems
US11107069B2 (en) 2006-06-19 2021-08-31 Visa U.S.A. Inc. Transaction authentication using network
US11288661B2 (en) 2011-02-16 2022-03-29 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US11410140B1 (en) 2013-12-05 2022-08-09 Block, Inc. Merchant performed banking-type transactions
US11694200B2 (en) 2017-06-29 2023-07-04 Block, Inc. Secure account creation

Families Citing this family (112)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8571975B1 (en) 1999-11-24 2013-10-29 Jpmorgan Chase Bank, N.A. System and method for sending money via E-mail over the internet
EP1402486A1 (en) 2001-06-27 2004-03-31 Snapcount Limited Transcation processing
CA2406880A1 (en) * 2002-10-04 2004-04-04 Ibm Canada Limited-Ibm Canada Limitee Method and apparatus for an ecommerce message using sms
US7472827B2 (en) * 2004-05-17 2009-01-06 American Express Travel Related Services Company, Inc. Limited use PIN system and method
AU2004100722B4 (en) * 2004-08-31 2005-11-24 Markets-Alert Pty Ltd A Security System
AU2005279689B2 (en) * 2004-08-31 2008-04-10 Markets-Alert Pty Ltd A security system
JP2006139591A (en) * 2004-11-12 2006-06-01 Fujitsu Ltd Process synchronous certification system and process synchronous certification method
US7357310B2 (en) 2005-03-11 2008-04-15 Gerry Calabrese Mobile phone charge card notification and authorization method
US7578438B2 (en) * 2005-07-15 2009-08-25 Revolution Money Inc. System and method for user selection of fraud detection rules
US20070100773A1 (en) * 2006-08-11 2007-05-03 Regions Asset Company Transaction security system having user defined security parameters
US8924295B2 (en) 2007-01-03 2014-12-30 At&T Intellectual Property I, L.P. User terminal location based credit card authorization servers, systems, methods and computer program products
US7594605B2 (en) * 2007-01-10 2009-09-29 At&T Intellectual Property I, L.P. Credit card transaction servers, methods and computer program products employing wireless terminal location and registered purchasing locations
US8010428B2 (en) 2007-09-26 2011-08-30 Visa Usa Inc. Form factor identification
US20090106151A1 (en) 2007-10-17 2009-04-23 Mark Allen Nelsen Fraud prevention based on risk assessment rule
US20090125440A1 (en) * 2007-11-13 2009-05-14 Mr. Joon Maeng Method and system for approving credit card transactions
US8145569B2 (en) * 2007-12-13 2012-03-27 Google Inc. Multiple party on-line transactions
US20100063903A1 (en) * 2008-03-10 2010-03-11 Thayne Whipple Hierarchically applied rules engine ("hare")
WO2009134790A2 (en) * 2008-04-29 2009-11-05 Visa U. S. A. Inc. Authorization system with split messaging
US8682717B2 (en) * 2008-04-30 2014-03-25 Visa U.S.A. Inc. System and method for processing field 55 customer exclusive data
US7962390B2 (en) * 2008-06-05 2011-06-14 Visa Usa Inc. Field 55 data relationships
US20100005029A1 (en) * 2008-07-03 2010-01-07 Mark Allen Nelsen Risk management workstation
US8447669B2 (en) 2008-08-26 2013-05-21 Visa U.S.A. Inc. System and method for implementing financial assistance programs
US10867298B1 (en) 2008-10-31 2020-12-15 Wells Fargo Bank, N.A. Payment vehicle with on and off function
US20100114768A1 (en) 2008-10-31 2010-05-06 Wachovia Corporation Payment vehicle with on and off function
US8756082B1 (en) * 2008-11-25 2014-06-17 Allstate Insurance Company Virtuous cycle business growth
GB2466810A (en) 2009-01-08 2010-07-14 Visa Europe Ltd Processing payment authorisation requests
US8140418B1 (en) * 2009-01-09 2012-03-20 Apple Inc. Cardholder-not-present authorization
US8364593B2 (en) * 2009-06-30 2013-01-29 Visa International Service Association Intelligent authentication
US10438181B2 (en) * 2009-07-22 2019-10-08 Visa International Service Association Authorizing a payment transaction using seasoned data
US20110145082A1 (en) 2009-12-16 2011-06-16 Ayman Hammad Merchant alerts incorporating receipt data
US8429048B2 (en) 2009-12-28 2013-04-23 Visa International Service Association System and method for processing payment transaction receipts
US20110302084A1 (en) * 2010-06-02 2011-12-08 Stefan Melik-Aslanian System and method for immediate replacement of lost or stolen credit cards/debit cards
WO2011159775A2 (en) * 2010-06-15 2011-12-22 Visa International Service Association Method and system for customizing fraud rules
US9619801B2 (en) * 2010-08-02 2017-04-11 Stanton Management Group, Inc. User positive approval and authentication services (UPAAS)
AU2011316955B2 (en) 2010-10-20 2016-12-01 Playspan Inc. Flexible monetization service apparatuses, methods and systems
US20120116964A1 (en) * 2010-11-05 2012-05-10 Onbest Technology Holdings Limited Method and system of transaction cards management through business network
US20120123941A1 (en) * 2010-11-17 2012-05-17 American Express Travel Related Services Company, Inc. Internet facilitation of fraud services
WO2012106655A2 (en) 2011-02-05 2012-08-09 Visa International Service Association Merchant-consumer bridging platform apparatuses, methods and systems
WO2012109628A2 (en) 2011-02-10 2012-08-16 Visa International Service Assocation Electronic coupon issuance and redemption apparatuses, methods and systems
US8751381B2 (en) 2011-02-23 2014-06-10 Mastercard International Incorporated Demand deposit account payment system
AU2012223415B2 (en) 2011-02-28 2017-05-18 Visa International Service Association Secure anonymous transaction apparatuses, methods and systems
WO2012122060A1 (en) 2011-03-04 2012-09-13 Visa International Service Association Cloud service facilitator apparatuses, methods and systems
US10210497B2 (en) 2011-04-06 2019-02-19 OnDot Systems, Inc. System and method for cashless peer-to-peer payment
US9129321B2 (en) 2011-04-29 2015-09-08 Visa International Service Association Fraud detection system audit capability
US9760861B2 (en) * 2011-04-29 2017-09-12 Visa International Service Association Fraud detection system automatic rule population engine
US10380570B2 (en) 2011-05-02 2019-08-13 Ondot System, Inc. System and method for secure communication for cashless transactions
US9646291B2 (en) 2011-05-11 2017-05-09 Visa International Service Association Electronic receipt manager apparatuses, methods and systems
CN103797500A (en) 2011-06-03 2014-05-14 维萨国际服务协会 Virtual wallet card selection apparatuses, methods and systems
US10438176B2 (en) 2011-07-17 2019-10-08 Visa International Service Association Multiple merchant payment processor platform apparatuses, methods and systems
US10318941B2 (en) 2011-12-13 2019-06-11 Visa International Service Association Payment platform interface widget generation apparatuses, methods and systems
US10460378B1 (en) 2011-09-12 2019-10-29 OnDot Systems, Inc. Payment card policy enforcement
US9117225B2 (en) 2011-09-16 2015-08-25 Visa International Service Association Apparatuses, methods and systems for transforming user infrastructure requests inputs to infrastructure design product and infrastructure allocation outputs
US9953378B2 (en) 2012-04-27 2018-04-24 Visa International Service Association Social checkout widget generation and integration apparatuses, methods and systems
WO2013090611A2 (en) 2011-12-13 2013-06-20 Visa International Service Association Dynamic widget generator apparatuses, methods and systems
US10223710B2 (en) 2013-01-04 2019-03-05 Visa International Service Association Wearable intelligent vision device apparatuses, methods and systems
US10262148B2 (en) 2012-01-09 2019-04-16 Visa International Service Association Secure dynamic page content and layouts apparatuses, methods and systems
US11308227B2 (en) 2012-01-09 2022-04-19 Visa International Service Association Secure dynamic page content and layouts apparatuses, methods and systems
US9928518B1 (en) * 2012-05-11 2018-03-27 Amazon Technologies, Inc. Transaction processing using mobile devices
GB2502565A (en) 2012-05-31 2013-12-04 Ibm Providing event-processing rules in an event-processing environment
KR20150020689A (en) * 2012-06-13 2015-02-26 엠파이어 테크놀로지 디벨롭먼트 엘엘씨 Transactional permissions
US11899711B2 (en) 2012-06-19 2024-02-13 Ondot Systems Inc. Merchant logo detection artificial intelligence (AI) for injecting user control to ISO back-end transaction approvals between acquirer processors and issuer processors over data communication networks
US11636489B2 (en) 2013-10-19 2023-04-25 Ondot Systems Inc. System and method for authorizing a transaction based on dynamic location updates from a user device
US20190147450A1 (en) 2012-06-19 2019-05-16 Ondot System Real-time enrichment of raw merchant data from iso transactions on data communication networks for preventing false declines in fraud prevention systems
US10026119B2 (en) 2012-09-10 2018-07-17 Google Llc Efficient transfer of funds between accounts
US10163108B1 (en) 2013-02-28 2018-12-25 OnDot Systems, Inc. Transparently reconstructing sniffed network traffic over a back-end data communications network to reconstruct payment card transactions for generating user notifications during transactions
US10282709B2 (en) 2013-04-05 2019-05-07 Visa International Service Association Processor issuer detection and user level stand-in authorization
US8690054B1 (en) 2013-05-29 2014-04-08 The Toronto-Dominion Bank System and method for chip-enabled card transaction processing and alert communication
US9532227B2 (en) * 2013-09-13 2016-12-27 Network Kinetix, LLC System and method for an automated system for continuous observation, audit and control of user activities as they occur within a mobile network
US9832646B2 (en) * 2013-09-13 2017-11-28 Network Kinetix, LLC System and method for an automated system for continuous observation, audit and control of user activities as they occur within a mobile network
US10043182B1 (en) 2013-10-22 2018-08-07 Ondot System, Inc. System and method for using cardholder context and preferences in transaction authorization
US10769613B1 (en) 2013-10-22 2020-09-08 Ondot Systems, Inc Delegate cards
GB2529378A (en) * 2014-06-05 2016-02-24 Mastercard International Inc Method and system for providing a payment card
CN107111810A (en) 2014-10-13 2017-08-29 万事达卡国际股份有限公司 Method and system for direct operator's charging
MX2014015834A (en) * 2014-12-18 2016-06-17 Ivan Mauricio Gonzalez Corona System and method for the authorisation of simple, sequential and parallel requests, comprising means for authorisation using previously defined parameters.
WO2016116943A2 (en) * 2015-01-23 2016-07-28 Al Rafae Badr M Front end transaction system
US11216468B2 (en) 2015-02-08 2022-01-04 Visa International Service Association Converged merchant processing apparatuses, methods and systems
US11429975B1 (en) 2015-03-27 2022-08-30 Wells Fargo Bank, N.A. Token management system
CN105046481B (en) * 2015-04-29 2018-08-14 丁超 A kind of system and method that internet business is independently paid
US11170364B1 (en) 2015-07-31 2021-11-09 Wells Fargo Bank, N.A. Connected payment card systems and methods
WO2017044836A1 (en) 2015-09-09 2017-03-16 Pay with Privacy, Inc. Systems and methods for automatically securing and validating multi-server electronic communications over a plurality of networks
US10339529B2 (en) 2015-11-18 2019-07-02 Mastercard Internatioinal Incorporated Rules engine for applying rules from a reviewing network to signals from an originating network
US10430795B2 (en) 2015-11-18 2019-10-01 Mastercard International Incorporated Rules engine for applying rules from a reviewing network to signals from an originating network
WO2017106472A1 (en) 2015-12-17 2017-06-22 Mastercard International Incorporated Method and system for distribution, use and validation of electronic entitlement certificates
US11854016B1 (en) * 2016-04-05 2023-12-26 Jpmorgan Chase Bank, N.A. Method and system for implementing performance and volume testing for credit card authorization systems
US11080714B2 (en) 2016-05-27 2021-08-03 Mastercard International Incorporated Systems and methods for providing stand-in authorization
US11615402B1 (en) 2016-07-01 2023-03-28 Wells Fargo Bank, N.A. Access control tower
US10992679B1 (en) 2016-07-01 2021-04-27 Wells Fargo Bank, N.A. Access control tower
US11386223B1 (en) 2016-07-01 2022-07-12 Wells Fargo Bank, N.A. Access control tower
US11886611B1 (en) 2016-07-01 2024-01-30 Wells Fargo Bank, N.A. Control tower for virtual rewards currency
EP3285220A1 (en) 2016-08-18 2018-02-21 Mastercard International Incorporated Transaction control management
US10021056B2 (en) 2016-09-12 2018-07-10 International Business Machines Corporation Dynamic e-mail chain participant manager
US10375078B2 (en) 2016-10-10 2019-08-06 Visa International Service Association Rule management user interface
US10740757B2 (en) 2017-01-04 2020-08-11 Mastercard International Incorporated Method and system for secured merchant verification
CN106845995B (en) * 2017-01-19 2018-05-04 飞天诚信科技股份有限公司 A kind of Bluetooth intelligent card and its method for controlling transaction risk
US11556936B1 (en) 2017-04-25 2023-01-17 Wells Fargo Bank, N.A. System and method for card control
US11062388B1 (en) 2017-07-06 2021-07-13 Wells Fargo Bank, N.A Data control tower
US11188887B1 (en) 2017-11-20 2021-11-30 Wells Fargo Bank, N.A. Systems and methods for payment information access management
US20190156413A1 (en) 2017-11-21 2019-05-23 Mastercard International Incorporated Method and system for real time installment options on inter- and intra-bank transactions
US11068569B2 (en) * 2017-12-22 2021-07-20 Barracuda Networks, Inc. Method and apparatus for human activity tracking and authenticity verification of human-originated digital assets
US11233700B2 (en) * 2018-08-03 2022-01-25 Visa International Service Association Method, system, and computer program product for configuring a gateway
KR20200034020A (en) 2018-09-12 2020-03-31 삼성전자주식회사 Electronic apparatus and control method thereof
SG10201809808UA (en) * 2018-11-05 2020-06-29 Mastercard International Inc Method and system for translating transaction messages
US11580543B2 (en) * 2019-01-03 2023-02-14 Mastercard International Incorporated Methods, systems and computer program products for implementing pre-authorized payment transactions
US11475516B2 (en) * 2019-05-23 2022-10-18 Comenity Llc Distributed risk rules
US11620651B2 (en) 2019-07-11 2023-04-04 Mastercard International Incorporated Method and system for blocking and unblocking merchants for future transactions
SG10201911045RA (en) 2019-11-22 2021-06-29 Mastercard Asia Pacific Pte Ltd Electronic system and computerized method for controlling operation of service devices
US20210365922A1 (en) * 2020-05-20 2021-11-25 Wells Fargo Bank, N.A. Device controls
US10992606B1 (en) 2020-09-04 2021-04-27 Wells Fargo Bank, N.A. Synchronous interfacing with unaffiliated networked systems to alter functionality of sets of electronic assets
US20220129894A1 (en) * 2020-10-23 2022-04-28 Mastercard International Incorporated Devices, Methods and Computer Readable Mediums for Providing Access Control
US11546338B1 (en) 2021-01-05 2023-01-03 Wells Fargo Bank, N.A. Digital account controls portal and protocols for federated and non-federated systems and devices
US11930014B2 (en) 2021-09-29 2024-03-12 Bank Of America Corporation Information security using multi-factor authorization
US11775977B1 (en) 2022-07-07 2023-10-03 Lithic, Inc. Systems and methods for dynamic authorization of virtual bank account transactions

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4874932A (en) * 1987-09-26 1989-10-17 Omron Tateisi Electronics Co. Card authorization terminal
EP0745961A2 (en) * 1995-05-31 1996-12-04 AT&T IPM Corp. Transaction authorization and alert system
EP0813173A2 (en) * 1996-06-14 1997-12-17 Hitachi, Ltd. Electronic purse application system and method thereof
WO2000063855A1 (en) * 1999-04-19 2000-10-26 Barton Peter R Improved system and method for anonymous transactions

Family Cites Families (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4408203A (en) * 1978-01-09 1983-10-04 Mastercard International, Inc. Security system for electronic funds transfer system
US5263164A (en) * 1991-01-09 1993-11-16 Verifone, Inc. Method and structure for determining transaction system hardware and software configurations
US5388148A (en) * 1991-08-12 1995-02-07 Seiderman; Abe Cellular telephone calling system using credit card validation
US5208446A (en) * 1991-09-19 1993-05-04 Martinez Jerry R Method and apparatus for validating credit information during home delivery of order
US5819226A (en) * 1992-09-08 1998-10-06 Hnc Software Inc. Fraud detection using predictive modeling
AU2227995A (en) 1994-03-28 1995-10-17 Robert Waxman, Inc. Interactive product selection and purchasing system
US5659779A (en) * 1994-04-25 1997-08-19 The United States Of America As Represented By The Secretary Of The Navy System for assigning computer resources to control multiple computer directed devices
US20050033659A1 (en) 1996-01-17 2005-02-10 Privacy Infrastructure, Inc. Third party privacy system
US5903830A (en) * 1996-08-08 1999-05-11 Joao; Raymond Anthony Transaction security apparatus and method
US6970837B1 (en) 1996-09-04 2005-11-29 Walker Digital, Llc Methods and apparatus wherein a buyer arranges to purchase a first product using a communication network and subsequently takes possession of a substitute product at a retailer
JPH10143572A (en) 1996-09-12 1998-05-29 N T T Data Tsushin Kk Prepaid card system, prepaid card and recording medium
AU745141B2 (en) * 1996-10-09 2002-03-14 Visa International Service Association Electronic statement presentment system
US5917489A (en) * 1997-01-31 1999-06-29 Microsoft Corporation System and method for creating, editing, and distributing rules for processing electronic messages
US6282522B1 (en) 1997-04-30 2001-08-28 Visa International Service Association Internet payment system using smart card
US6029154A (en) * 1997-07-28 2000-02-22 Internet Commerce Services Corporation Method and system for detecting fraud in a credit card transaction over the internet
US7403922B1 (en) * 1997-07-28 2008-07-22 Cybersource Corporation Method and apparatus for evaluating fraud risk in an electronic commerce transaction
US6636833B1 (en) * 1998-03-25 2003-10-21 Obis Patents Ltd. Credit card system and method
US20020198806A1 (en) 1998-04-24 2002-12-26 First Data Corporation Systems and methods for accessing and modifying usage parameters associated with a financial transaction account
US20030171992A1 (en) 1999-04-23 2003-09-11 First Data Corporation System and methods for redeeming rewards associated with accounts
US6556875B1 (en) * 1998-06-30 2003-04-29 Seiko Epson Corporation Device control system
WO2000002150A1 (en) 1998-07-01 2000-01-13 Webcard Inc. Transaction authorisation method
US6338050B1 (en) * 1998-11-16 2002-01-08 Trade Access, Inc. System and method for providing and updating user supplied context for a negotiations system
US6233588B1 (en) * 1998-12-02 2001-05-15 Lenel Systems International, Inc. System for security access control in multiple regions
US6173269B1 (en) 1998-12-16 2001-01-09 Zowi.Com, Inc Method and apparatus for executing electronic commercial transactions with minors
IL144713A0 (en) 1999-02-18 2002-06-30 Orbis Patents Ltd Credit card system and method
US6748367B1 (en) * 1999-09-24 2004-06-08 Joonho John Lee Method and system for effecting financial transactions over a public network without submission of sensitive information
US6947737B2 (en) * 1999-12-30 2005-09-20 Motient Communications Inc. System and method of transmitting data messages between subscriber units communicating with/between complementary/disparate networks
US6871221B1 (en) * 2000-01-21 2005-03-22 Scriptlogic Corporation Method and apparatus to manage network client logon scripts using a graphical management and administration tool
TW550477B (en) * 2000-03-01 2003-09-01 Passgate Corp Method, system and computer readable medium for Web site account and e-commerce management from a central location
US7263506B2 (en) * 2000-04-06 2007-08-28 Fair Isaac Corporation Identification and management of fraudulent credit/debit card purchases at merchant ecommerce sites
GB2372616A (en) * 2001-02-23 2002-08-28 Hewlett Packard Co Transaction method and apparatus using two part tokens
US20020143634A1 (en) * 2001-03-30 2002-10-03 Kumar K. Anand Wireless payment system
EP1265200A1 (en) 2001-06-04 2002-12-11 Orbis Patents Limited Credit card system and method
EP1402486A1 (en) * 2001-06-27 2004-03-31 Snapcount Limited Transcation processing
US20030158759A1 (en) * 2002-01-24 2003-08-21 Robert Kannenberg Method of modifying software by defining business rules

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4874932A (en) * 1987-09-26 1989-10-17 Omron Tateisi Electronics Co. Card authorization terminal
EP0745961A2 (en) * 1995-05-31 1996-12-04 AT&T IPM Corp. Transaction authorization and alert system
EP0813173A2 (en) * 1996-06-14 1997-12-17 Hitachi, Ltd. Electronic purse application system and method thereof
WO2000063855A1 (en) * 1999-04-19 2000-10-26 Barton Peter R Improved system and method for anonymous transactions

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1402486A1 *

Cited By (62)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9898730B2 (en) 1998-03-25 2018-02-20 Orbit Patents Limited Credit card system and method
US9881298B2 (en) 1998-03-25 2018-01-30 Orbis Patents Limited Credit card system and method
US8676707B2 (en) 1998-03-25 2014-03-18 Orbis Patents Ltd. Credit cards system and method having additional features
US7895122B2 (en) 1999-04-13 2011-02-22 Orbis Patents Limited Person-to-person, person-to business and business-to-business financial transaction system
US10592901B2 (en) 2001-06-04 2020-03-17 Orbis Patents, Ltd. Business-to-business commerce using financial transaction numbers
US8527416B2 (en) 2001-06-04 2013-09-03 Orbis Patents Limited Business-to-business commerce using financial transaction numbers
US9685024B2 (en) 2002-03-05 2017-06-20 Visa U.S.A. Inc. System for personal authorization control for card transactions
US7389275B2 (en) 2002-03-05 2008-06-17 Visa U.S.A. Inc. System for personal authorization control for card transactions
US10540659B2 (en) 2002-03-05 2020-01-21 Visa U.S.A. Inc. System for personal authorization control for card transactions
US7427021B2 (en) 2002-03-05 2008-09-23 Visa U.S.A. Inc. System for personal authorization control for card transactions
EP2287793A1 (en) * 2002-03-05 2011-02-23 VISA U.S.A. Inc. System for personal authorization control for card transactions
EP1485846A1 (en) * 2002-03-05 2004-12-15 Visa U.S.A., Inc. System for personal authorization control for card transactions
EP1485846A4 (en) * 2002-03-05 2005-03-30 Visa Usa Inc System for personal authorization control for card transactions
US8793189B2 (en) 2002-03-05 2014-07-29 Visa U.S.A. Inc. System for personal authorization control for card transactions
WO2004090825A1 (en) * 2003-04-08 2004-10-21 Secure Transaction Processing Limited System for secure transactions
WO2006085293A1 (en) * 2005-02-10 2006-08-17 Norkom Alchemist Limited A transaction data processing system
US7925607B2 (en) 2005-02-10 2011-04-12 Norkom Alchemist Limited Transaction data processing system
EP1934866A2 (en) * 2005-08-31 2008-06-25 Metavante Corporation System and method for locking and unlocking a financial account card
EP1934866A4 (en) * 2005-08-31 2011-04-06 Metavante Corp System and method for locking and unlocking a financial account card
US11107069B2 (en) 2006-06-19 2021-08-31 Visa U.S.A. Inc. Transaction authentication using network
EP2095262A1 (en) * 2006-11-17 2009-09-02 Visa International Service Association Method and system for using payment history for conducting commercial transactions
US8175961B2 (en) 2006-11-17 2012-05-08 Visa International Service Association Method and system for using payment history for conducting commercial transactions
US10108957B2 (en) 2006-11-17 2018-10-23 Visa International Service Association Method and system for using payment history for conducting commercial transactions
EP2095262A4 (en) * 2006-11-17 2011-04-13 Visa Int Service Ass Method and system for using payment history for conducting commercial transactions
EA016321B1 (en) * 2007-12-11 2012-04-30 Трэнволл Холдингз Лтд. Account risk management and authorization system for preventing unauthorized usage of accounts
WO2009074847A1 (en) * 2007-12-11 2009-06-18 Xs Innovation Holdings Limited Account risk management and authorization system for preventing unauthorized usage of accounts
US8660955B2 (en) 2008-11-21 2014-02-25 Pscu Financial Services Method and apparatus for consumer driven protection for payment card transactions
US8725601B2 (en) 2008-11-21 2014-05-13 Pscu Financial Services Method and apparatus for consumer driven protection for payment card transactions
US10586227B2 (en) 2011-02-16 2020-03-10 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US11288661B2 (en) 2011-02-16 2022-03-29 Visa International Service Association Snap mobile payment apparatuses, methods and systems
US10223691B2 (en) 2011-02-22 2019-03-05 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US11023886B2 (en) 2011-02-22 2021-06-01 Visa International Service Association Universal electronic payment apparatuses, methods and systems
US10121129B2 (en) 2011-07-05 2018-11-06 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US11010753B2 (en) 2011-07-05 2021-05-18 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US11900359B2 (en) 2011-07-05 2024-02-13 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US10154084B2 (en) 2011-07-05 2018-12-11 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US10419529B2 (en) 2011-07-05 2019-09-17 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
US11803825B2 (en) 2011-08-18 2023-10-31 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US9959531B2 (en) 2011-08-18 2018-05-01 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10354240B2 (en) 2011-08-18 2019-07-16 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US11037138B2 (en) 2011-08-18 2021-06-15 Visa International Service Association Third-party value added wallet features and interfaces apparatuses, methods, and systems
US11397931B2 (en) 2011-08-18 2022-07-26 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10825001B2 (en) 2011-08-18 2020-11-03 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10242358B2 (en) 2011-08-18 2019-03-26 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US11010756B2 (en) 2011-08-18 2021-05-18 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US11763294B2 (en) 2011-08-18 2023-09-19 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US10223730B2 (en) 2011-09-23 2019-03-05 Visa International Service Association E-wallet store injection search apparatuses, methods and systems
US11354723B2 (en) 2011-09-23 2022-06-07 Visa International Service Association Smart shopping cart with E-wallet store injection search
US10983960B2 (en) 2012-02-02 2021-04-20 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia centralized personal information database platform apparatuses, methods and systems
US10262001B2 (en) 2012-02-02 2019-04-16 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
US10430381B2 (en) 2012-02-02 2019-10-01 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia centralized personal information database platform apparatuses, methods and systems
US11036681B2 (en) 2012-02-02 2021-06-15 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia analytical model sharing database platform apparatuses, methods and systems
US11074218B2 (en) 2012-02-02 2021-07-27 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia merchant analytics database platform apparatuses, methods and systems
WO2014024150A1 (en) * 2012-08-07 2014-02-13 VALLY, Muhammed Method and system for intermediate analysis, control and preauthorisation of electronic payments
US11410140B1 (en) 2013-12-05 2022-08-09 Block, Inc. Merchant performed banking-type transactions
US11544681B1 (en) 2013-12-05 2023-01-03 Block, Inc. Merchant performed banking-type transactions
WO2016062198A1 (en) * 2014-10-20 2016-04-28 阿里巴巴集团控股有限公司 Verification method and apparatus
CN105591999A (en) * 2014-10-20 2016-05-18 阿里巴巴集团控股有限公司 Verification method and device
EP3245805A4 (en) * 2015-01-16 2018-08-15 Van De Wetering, Stephen James Methods and systems for a personal data sharing app
US10896462B2 (en) * 2017-01-05 2021-01-19 Financialapps, Llc System and method for aggregating and analyzing financial data
US11023873B1 (en) * 2017-03-31 2021-06-01 Square, Inc. Resources for peer-to-peer messaging
US11694200B2 (en) 2017-06-29 2023-07-04 Block, Inc. Secure account creation

Also Published As

Publication number Publication date
EP1402486A1 (en) 2004-03-31
US20100017328A1 (en) 2010-01-21
US8229854B2 (en) 2012-07-24
US20070198411A1 (en) 2007-08-23
US8639623B2 (en) 2014-01-28
US10089618B2 (en) 2018-10-02
US20040128243A1 (en) 2004-07-01
US20140201079A1 (en) 2014-07-17
US20120330839A1 (en) 2012-12-27
IE20020534A1 (en) 2002-12-30

Similar Documents

Publication Publication Date Title
US8229854B2 (en) Transaction processing
US10540659B2 (en) System for personal authorization control for card transactions
US7660764B2 (en) Service charge adjustment platform
US20180225668A1 (en) Method And System For Detecting Fraud
US8024271B2 (en) Purchasing alert methods and apparatus
US8589297B2 (en) Prepaid value account with reversion to purchaser systems and methods
US20160224980A1 (en) Configurable system and apparatus for rendering payment decisions and triggering actions
US20050015332A1 (en) Cashless payment system
US20020161701A1 (en) Debit or credit card transaction clearing house system
WO2005053271A2 (en) Systems and methods for authenticated communications
US20120203689A1 (en) Real-Time Account Communication
CN112997208A (en) Purchase management system and method
KR100864995B1 (en) A system and a method for banking service in which drawing one&#39;s savings from the bank is only possible with approval of the member
KR20020050689A (en) Method of using card that discerns services using the secret number

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REEP Request for entry into the european phase

Ref document number: 2002743582

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2002743582

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 10735642

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 2002743582

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: JP