HK1148143A - Privacy protected anti-identity theft and payment network - Google Patents
Privacy protected anti-identity theft and payment network Download PDFInfo
- Publication number
- HK1148143A HK1148143A HK11102164.3A HK11102164A HK1148143A HK 1148143 A HK1148143 A HK 1148143A HK 11102164 A HK11102164 A HK 11102164A HK 1148143 A HK1148143 A HK 1148143A
- Authority
- HK
- Hong Kong
- Prior art keywords
- consumer
- computer system
- account
- identity
- ppaitpn
- Prior art date
Links
Abstract
A computerized and networked system protects individuals against identity theft without the need to disclose the detailed personal information of the individuals. Furthermore, the system helps prevent loss and damage to consumers, financial institutions and merchants caused by financial crimes related to identity theft. In addition, users can conduct payments in a secure manner without the need to use any traditional financial instrument. A pass code can be generated for each transaction and sent to a user's personal communications device. When the correct pass code is received from the user the transaction is then authorized
Description
Cross Reference to Related Applications
This application claims benefit of U.S. provisional application No.61/211,335, filed 3, 30, 2009, the disclosure of which is expressly incorporated herein in its entirety by reference.
Technical Field
The present invention relates generally to computer networking systems. More particularly, the present invention relates to the use of networked computer systems to reduce or prevent financial crimes, including identity theft.
Background
Identity theft and its related crime have recently become prevalent. As a result of these financial crimes, many individuals, merchants, and financial institutions have suffered tremendous data loss and damage.
If a perpetrator can steal the identity of another person, he/she can easily perpetrate a variety of financial crimes based on the stolen identity. Protecting the identity of a person is therefore a key to preventing a variety of financial crimes.
Some vendors provide identity theft protection for individuals. However, these providers can only prevent identity theft to a limited extent. For example, some vendors may charge a fee to an individual to issue "fraud alerts" on behalf of the individual to all major credit reporting companies such as Equifax, TransUnion, Experian, etc. According to Fair Credit Reporting Act 15 u.s.c. § 1681c-1, a Credit Reporting user, such as a Credit card company, must contact a consumer if a Credit application on behalf of the consumer is received and there is a fraud alert in the consumer's Credit report. In fact, the consumer may issue a "fraud alert" to the credit reporting company itself.
When a perpetrator ("fraudster") opens a credit card account using the identity of the consumer who has issued the "fraud alert," the credit card company may customize the credit report to view the consumer's credit history. As a result of fair credit reporting laws, the credit card company contacts the consumer during the account opening process due to fraud warnings in the consumer's credit reports. Thus, after the credit card company contacts the consumer and determines that the consumer has not applied for the credit card account, the perpetrator cannot open the account.
However, this protection has a very limited scope. This can only work if a financial institution such as a credit card company happens to use credit reports with fraud alerts. In practice, many identity theft cases do not involve opening a new account with the identity of another person.
Furthermore, in order to issue "fraud alerts" on behalf of a consumer, the provider must collect detailed personal information of the consumer, since the credit reporting company must verify the identity of the consumer before allowing him/her to issue the fraud alert. Naturally, the consumer may face a higher risk of identity theft, since the consumer must disclose his/her detailed personal information to the provider, a third party, who may have employees engaged in fraud (i.e., cheaters). Sharing personal information with third parties does carry an increased risk of identity theft and fraud.
In addition to the examples given above, identity theft can be easily perpetrated in the computer age, as users are often identified by user ID and/or personal identification number ("PIN") and passwords. Once a fraudster has stolen another person's user ID and/or PIN and password, the fraudster can conduct various criminal activities by entering the account. Thus, identity theft is a major threat to online banking, online transactions, e-commerce, and a variety of other computer-related activities.
In addition, payment fraud typically involves identity theft. Conventional payment instruments, such as checks, credit cards, debit cards, ATM cards, and the like, may be susceptible to theft or counterfeiting. Once a fraudster steals or counterfeits such an instrument of another person, the fraudster can quickly conduct multiple illegal payment transactions before the affected financial institution recognizes the fraud and freezes the payment.
A fraudster can commit identity theft crime in a number of ways. One purpose may be to steal someone's personal information to open a financial account. In view of the fact that most financial institutions have a stable Customer Identification Program (CIP) due to the american love law (USA patiotact) and the fair accurate credit transaction law (FACTAct), it is now difficult and dangerous to open financial accounts with forged identities to commit fraud crimes.
A simpler way to perpetrate identity theft is to steal information from the consumer's credit card, debit card, stored value card, etc. This may be accomplished, for example, by male and female servicers at the bribery restaurant to copy such information from the restaurant's guests. Fraudsters can use stolen card information to pay a symbolic fee to many background search sites on the internet to find useful personal information based on the name of the customer displayed on the stolen card. Counterfeit cards and counterfeit identification documents such as driver's licenses can be easily manufactured with current technology. Fraudsters can use counterfeit cards and counterfeit identity documents to make shopping crazy based on the stolen identity of the consumer for at least a few hours.
Financial institutions and merchants are losing billions of dollars each year due to this theft of identity. Furthermore, victims of identity theft must spend a great deal of personal time clearing their credit records, replacing cards with new account numbers, etc. after their identity is stolen.
In fact, now the crime of stealing personal information can be easily crime. Many financial institutions and merchants maintain personal information of their customers, including credit card, debit card, etc., in their databases. It has become common for financial institutions, merchants, or consumers to report that employees of a company steal personal information of the consumer, crime fraudulently, and/or sell information to fraudsters.
In addition to credit cards, debit cards, and the like, checks are now a popular means of payment. It is easier to make a counterfeit check than a counterfeit card. There are many cases associated with forged checks used with forged identity documents.
In addition, online merchants cannot easily know whether remote consumers have the correct identity. If the correct credit card information is displayed, which can be obtained from a stolen credit card, and the correct billing address, which can be obtained from an internet search website, the merchant cannot easily know whether the remote consumer is actually a fraudster. An experienced cheater can easily perform identity theft through online transactions. Consequently, online merchants lose a large amount of money each year.
In addition, many businesses conducting on the internet are based on user IDs and/or PINs and passwords. Once a person's user ID and/or PIN and password are stolen, there is no way to know whether the person who is remotely logged in has the correct identity. The user ID and/or PIN and password may be stolen in a number of ways. For example, a fraudster may obtain the person's user ID and/or PIN and password by observing or recording the person's finger movements remotely while he/she is logged into the computer system. Phishing is another common scam used by cheaters to retrieve personal information directly from consumers by falsely representing a financial institution or merchant.
In summary, identity theft and its associated crimes can now be easily perpetrated, and individuals, merchants, and financial institutions are suffering tremendous losses and damage. There is no fully reliable scheme available to prevent identity theft and payment fraud. If a cheater can steal the identity of another person, he/she can easily perpetrate various financial crimes based on the stolen identity.
Disclosure of Invention
The present invention describes a networked computer system for preventing identity theft, fraud, and other related financial crimes. In addition, the present invention enables consumers to make payments in an anti-fraud manner without the need to use any conventional financial instruments that can be easily stolen or counterfeited.
In addition, as a result of the present invention, the consumer does not need to carry traditional payment instruments such as cash, checks, credit cards, debit cards, prepaid cards, cash cards, stored value cards, ATM cards, financial instruments, and the like.
According to the present invention, the personal information of the consumer is stored in a database in a networked computer system. When a hypothetical consumer attempts to conduct a transaction with an individual, financial institution or merchant based on the identity of the stolen consumer, the individual's personal information, such as photos, test questions (challenge), etc., may be provided to the individual, financial institution or merchant over the network. The individual, financial institution and merchant may then verify whether the presumed consumer (queried person) corresponds to the true consumer's personal information provided by the computer system and, if the result is negative, i.e. if the queried person is a potential fraudster, the transaction is thus rejected.
The computer system may help individuals, merchants, and financial institutions accurately and quickly identify consumers. In addition, the present invention may inhibit or prevent identity theft in remote and/or online transactions and similar computer-related applications.
In order to implement the above-described system for secure transactions, a number of obstacles must be overcome. First, the consumer's personal information is highly confidential. Most consumers are reluctant to provide their personal information to other individuals, financial institutions, or merchant computer systems for use.
Individuals and people working with financial institutions or merchants may also be cheaters or conspires of cheaters, even if consumers would like to provide their personal information to other individuals, financial institutions, or merchants for use, as such information can be stolen.
A third party such as an agent may not be able to issue fraud alerts on behalf of the consumer to any credit reporting company if detailed personal information is not available.
In addition, even if personal information is available, individuals, financial institutions, and merchants cannot verify the personal information with remote persons during online and/or remote transactions.
In addition, some minors may not have an identity document, such as a driver's license, passport, or the like. In addition, some parents may be uncomfortable with minors carrying large amounts of cash, prepaid cards, cash cards, etc. during shopping. Alternatively, when shopping or traveling, the consumer may forget to bring his/her wallet with payment instruments and identity files or may lose the wallet. Accordingly, there is a need to enable consumers to conduct payment transactions without using any traditional financial instruments or identity documents, while still ensuring security from identity theft and fraudulent use.
In the present invention, a computer system for preventing identity theft includes: a computer processor and storage device connected to a network; a database stored on a storage device for storing at least a first set of data derived from personal information of a consumer in a manner that the personal information of the consumer cannot be recovered from the first set of data. The database is also used to store a photograph of the consumer and/or a test question created by the consumer and its answers in association with the first set of data. The computer system further includes a communication device that, when the processor receives a second set of data from the user over the network, sends the photograph and/or the test question to the user over the network in response to instructions from the processor. The second set of data corresponds to the first set of data and is associated with an object.
In addition, a computer system for preventing identity fraud, having: a computer processor and storage device connected to a network; and a database stored on the storage device. The database is used for storing at least one group of user identity information. An encoding generator is operable on the computer processor to generate a new authentication code. The new authentication code cannot be known before it is generated and should expire after a period of time. The new verification code is generated in response to each received set of user identity information from the device interface. The computer system also includes a first communication device that sends the verification code to a user, and a second communication device that sends authorization to the device interface when the verification code is subsequently received from the device interface before the verification code expires.
In an alternative embodiment of the invention, the user sends an acknowledgement to the computer system via the communication device when the verification code is received from the computer system. The communication device sends an authorization in response to receiving the confirmation from the user.
Additionally, an identity fraud prevention computer system has a processor and a storage device connected to a network. The processor receives contact information from a consumer, an expiration date of a fraud alert, and a desired early warning period for updating the fraud alert over the network. Upon reaching the desired early warning period, the processor sends an alert to the consumer to issue a new fraud alert to at least one credit reporting company. The computer processor receives a new expiration date for the new fraud alert from the consumer.
Alternatively, a consumer identity fraud prevention computer system has a processor and a storage device connected to a network. The processor receives, over the network, identity information from a consumer identified by at least one credit reporting company and a request to issue a fraud alert. The processor requests the credit reporting company to issue the fraud alert on behalf of the consumer based on the identity information. The processor requests the issuance of the fraud alert repeatedly until a cancellation is received from the consumer.
As another alternative, a computer system that prevents consumer identity fraud has a processor and a storage device connected to a network. The processor receives personal information from a consumer and a request to issue a fraud alert over the network. The processor logs into an equipment interface of at least one credit reporting company on behalf of the consumer and requests fraud alerts to be issued on behalf of the consumer. The processor repeatedly requests issuance of fraud alerts until a cancellation is received from the consumer.
Further, a computer system that prevents identity theft has a computer processor and a storage device connected to a network. A database stored on the storage device is used to store at least the first set of data and the second set of data provided by the consumer. The first and second sets of data are personal information associated with the consumer. The computer system also has a first communication device that sends the second set of data to the device interface over the network in response to instructions from the processor when the processor receives the third set of data from the device interface over the network. The third set of data corresponds to the first set of data and is associated with an object. The computer system includes a second communication device that receives a confirmation from the device interface indicating whether the second set of data is accurate based on the information associated with the object. The processor determines the accuracy of the personal information provided by the consumer based on the acknowledgements received from the plurality of device interfaces.
The invention also provides a computerized method for preventing identity theft. The computer system receives identity information from the presumed consumer and stores the identity information in a database. The computer system also receives a personal telephone number from the hypothetical consumer and stores the personal telephone number in association with identity information of the hypothetical consumer in a database. The computer searching a database for all historical identity information associated with the personal telephone number of the presumed consumer; and indicating potential identity theft by the presumed consumer when the identity information of the presumed consumer does not correspond to other historical identity information stored in the database and associated with the personal telephone number of the presumed consumer.
In the present invention, the term "network" or "networks" generally refers to a communication network or networks, which may be wireless or wired, private or public, or a combination thereof, and includes the well-known internet.
In the present invention, the term "computer" or "computer system" generally refers to a computer or a group of computers, which can work individually or together to achieve the purpose of the system.
In the present invention, the term "processor" generally refers to a processor or a group of processors, which may work individually or together to achieve the purpose of the computer system.
In the present invention, "bank" or "financial institution" generally refers to a financial service provider, bank or non-bank, that provides financial services.
In the present invention, "bank account" or "financial account" generally refers to an account in a financial institution such as a bank, a credit company, a stock broker, a trade company, a securities company, an investment company, an insurance company and an agent, a financial company, a payment service company, a money service organization, a financial service provider, etc., in which a transaction can be made through a payment instrument such as cash, a check, a credit card, a debit card, a prepaid card, a stored value card, an ATM card, an electric wire transfer, a credit card, a financial instrument, an electronic fund transfer, an automated clearing house, etc.
In the present disclosure, "consumer" generally refers to a consumer, object, person, payer, user, or customer, etc., that attempts to transact with an individual, merchant, and/or financial institution.
In this document, the term "official identity document" refers generally to passports, driver's licenses, voter cards, benefit cards, national identification cards, certificates of legal status, and other official documents and information carriers identifying a given individual by certain verifiable features, issued by leadership, embassies, government agencies, or other government agencies, and protected from unauthorized copying or replacement by the responsible government. In particular, such "official identity document" may be formed of various materials including paper, plastic, polycarbonate, PVC, ABS, PET, Teslin, composites, etc. and may embed the identity information in various formats including printing or embossing on a document (or card), writing on magnetic media, programming in an electronic device, storing in memory, and combinations thereof. The "identity information" may include, but is not necessarily limited to, name, identification number, birth date, signature, address, password, telephone number, email address, pin number, tax identification number, country issuing an ID, state issuing an ID, ID expiration date, photograph, fingerprint, iris scan, profile book, and other biometric information. The embedded information may be read through optical, acoustic, electronic, magnetic, electromagnetic, and other media.
In the present invention, "device interface" generally refers to a keyboard, a key, a monitor, a display, a terminal, a computer, a control panel, a vehicle dashboard, a network interface, a machine interface, a video interface, an audio interface, an electrical interface, an electronic interface, a magnetic interface, an electromagnetic interface including an electromagnetic wave interface, an optical interface, a light interface, an acoustic interface, a video interface, an audio interface, a non-contact interface, a portable phone interface, a Personal Digital Assistant (PDA) interface, a handheld device interface, a portable device interface, a wireless interface, a wired interface, and other interfaces capable of communicating with a computer system.
In this document, the term "terminal" or "kiosk" generally refers to a device that connects a user to a computer network, including a computer and/or its peripheral devices, microprocessor and/or its peripheral devices, ATM terminals, check cashing kiosks, money kiosks, merchant checkstands, cash registers, coin change machines, parking lot payment kiosks, other payment kiosks, contactless devices, wired telephones, mobile telephones, smart phones, PDAs, digital assistants, entertainment devices, network interface devices, routers, and/or Personal Digital Assistants (PDAs), etc., so that the user can interact with the computer system and other devices connected to the computer network.
For a further understanding of the nature and advantages of the present invention, reference should be made to the following description taken in conjunction with the accompanying drawings.
Drawings
FIG. 1 illustrates a system and network diagram of a privacy-preserving anti-identity theft and payment network ("PPAITPN") to enable consumers, financial institutions, and merchants to jointly protect against identity theft, fraud, and related financial crimes;
FIG. 2 is a flowchart of an example process showing how a consumer registers with the computer system of PPAITPN shown in FIG. 1;
FIGS. 3A and 3B are flow charts of an example process that shows how the system shown in FIG. 1 protects retail stores from identity theft and fraud;
FIG. 4 is a flow chart of an example process showing how the system shown in FIG. 1 protects online and/or remote merchants from identity theft and fraud;
FIGS. 5A and 5B are flow diagrams of an example process showing how the system shown in FIG. 1 protects a financial institution, such as a bank, from identity theft;
FIG. 6 is a flow chart of an example process showing how the system shown in FIG. 1 ensures that a perpetrator cannot log into the system even if the correct user ID and/or PIN, and password are stolen;
FIGS. 7A and 7B are flowcharts of an example process showing how the system shown in FIG. 1 authorizes a user to make anti-fraud payments without using any conventional payment instrument;
FIG. 8 is a flow chart of an example process for assisting a consumer in issuing fraud alerts to a credit reporting company.
Detailed Description
Most identity stealing cases belong to a category called "randomly stealing identity", in which a fraudster randomly steals the identity of a victim who may not even know the victim. In such a case, the fraudster typically seeks to make as many financial transactions or purchases as possible based on the stolen identity very quickly before the fraudster is discovered by the victim, supplier, and/or financial institution.
"selectively stealing identity" refers to an identity stealing case in which a fraudster may recognize a consumer. In such cases, it is often easier to track the fraudster, and thus such fraud is infrequent.
The present invention describes a system for preventing both the "randomly stealing identity" and the "selectively stealing identity" categories of identity theft. Furthermore, the invention enables the prevention of other financial crimes related to identity theft.
In the present invention, a privacy-preserving anti-identity theft and payment network ("PPAITPN") is established over a computer network, such as the Internet, that is globally accessible. The PPAITPN includes a computer system that records and stores transactions in a database, manages accounts in the PPAITPN, and controls network activities and transaction activities occurring over the PPAITPN.
In one embodiment of the invention, a consumer logs into and registers with the PPAITPN computer system through the device interface. However, to protect the privacy of a consumer's information, the PPAITPN computer system collects only a set of partial data of the consumer's personal information through the device interface.
For purposes of the present invention, the consumer's personal information includes identity information contained in, displayed on, or otherwise associated with such a tool or identity document. Typical personal information includes name, address, date of birth, tax identification number, country identification number, personal identification number, type of identity document or instrument, identification number associated with the identity document or instrument, country, state, government and/or individual organization that issued the identity document or instrument, expiration date of the identity document or instrument, telephone number, fax number, email address, signature, biometric information, financial account information, utility account information, insurance account information, brokerage account information, and/or financial service provider information.
For the purposes of the present invention, the words "file" and the words "card" are generally interchangeable.
A partial list of typical instruments or documents includes driver's licenses, birth certificates, foreigners' identification cards, passports, official identification documents, national identification documents, insurance cards, voter cards, and the like, as well as financial instruments such as credit cards, debit cards, prepaid cards, stored value cards, cash cards, check cards, insurance ID cards, broker ID cards, police ID cards, member ID cards, and the like.
For example, the device interface of the PPAITPN computer system may collect only the zip code of the address, year of birth, the last four digits of the ID number, the first two letters of the first name displayed on the ID, the first two letters of the last name displayed on the ID, the country/state from which the ID was issued, the expiration date of the ID, etc., displayed on the consumer's identity file.
Since only partial data of personal information of a group of consumers is used, the consumers cannot be identified. In addition, there is no way to accurately identify the consumer based on or through the set of partial data stored in the database.
Despite the PPAITPN databaseOnly partial data of the personal information of a group of consumers is stored, but if enough partial data is used, the probability of mismatching two persons having the same set of partial data can be substantially reduced to zero. In this example, the probability of a mismatch is about 1022On the order of one-half. Number 1022Derived from 105(postal code of 5 digits) × 102(year of birth based on two digits of the 100-year lifetime) × 104(4 digits of ID number) × 262(2 letters of name) × 262(2 letters of last name) x 200 (estimated number of participating membership countries) x 365 x 4 (4-year validity period of ID).
Even if two consumers have the same set of partial data, this confusion can be easily resolved by other methods, such as by viewing other information such as a photograph, or by contacting the consumer to clarify, or by asking other questions based on the consumer's other partial data. Thus, a user of the PPAITPN computer system may uniquely identify an individual in the PPAITPN database, even though only a partial data of the personal information of a group of individuals represents an individual.
Since only a partial data of a group of individuals is stored inside the PPAITPN database, even if a hacker hacks into the computer system of PPAITPN, there is no meaningful personal information stored in the system.
More importantly, since nobody can obtain useful information from a set of partial data, the consumer does not have to worry about whether a fraudster can steal his/her personal information by accessing the PPAITPN database.
In one embodiment of the invention, the consumer uploads his/her recent pictures to the PPAITPN's computer system. Because a person's face is exposed to the public on a daily basis and many social networks on the internet may have sent a photograph of the person to the internet, a consumer's photograph is not generally considered "private information".
In another embodiment of the present invention, the consumer provides additional information such as social security number and name so that the PPAITPN can verify the accuracy of incomplete personal information provided by the consumer through a third party such as a government agency, consumer credit reporting company, etc.
In one embodiment of the invention, to open an account, the consumer uploads his/her name and tax ID so that the PPAITPN can identify the consumer's presence through government records. Because each consumer has a unique tax ID, each consumer has only one opportunity to register with the computer system of the PPAITPN. If duplicate tax IDs are detected, the PPAITPN may query to identify which consumer has the correct tax ID and may filter out fraudsters. The tax ID may be encrypted in the database or encrypted in a separate database so that no one can see or use the tax ID after the account opening process.
To comply with the requirements of anti-money laundering, anti-terrorist financing and anti-financial crime, in one embodiment of the present invention, the computer system screens the consumer against a regulatory list to ensure that the PPAITPN can transact with the consumer in compliance with the appropriate regulations and laws. In another embodiment of the present invention, the computer system of the PPAITPN performs transaction monitoring to detect suspicious activity in compliance with appropriate regulations and laws.
A fraudster may attempt to open an account to the PPAITPN, but provide the PPAITPN with financial account information (i.e., stolen information) of another person. To prevent such fraud, in yet another embodiment of the present invention, when a consumer provides information about a financial account in the consumer's name, the PPAITPN may transact with the presumed consumer's financial account and ask the consumer to report the amount and/or type of transaction. If the consumer cannot properly report the amount and/or type of transaction, the consumer may be a fraudster. To further protect the consumer, the financial account information may be encrypted so that nobody can see or use the financial account information.
To ensure that the partial data stored in the PPAITPN database is up to date, in one embodiment of the invention, the consumer updates his/her partial data in the PPAITPN database each time there is a change in the information. For example, when a consumer moves to another state, his/her driver's license and address may change, the consumer updates the partial identity data stored within the PPAITPN database. Prior information prior to the change may be stored in a history database for future reference.
In one embodiment of the invention, the consumer provides one or more contact telephone numbers and/or email addresses for contact purposes.
In one embodiment of the present invention, the consumer enters into the PPAITPN database a list of questions and answers designed by the consumer and associated with relatively unique facts known only to the consumer. For example, a question may be "what is the name of the person who sits next to me during the year? ". Since the question is designed by the consumer, the possibility of the cheater knowing the answer is almost negligible. For the purposes of the present invention, these problems are referred to as "test problems".
In another embodiment of the present invention, the test question is "what is the key code? ", then the consumer is required to enter the key code into the device interface of the PPAITPN computer system. For the purposes of the present invention, a key code is an alpha-numeric combination designed by the consumer, generally similar to a password. If the key is long enough, the likelihood of another person knowing or guessing the key is very low.
To further enhance the protection of the consumer, in yet another embodiment of the present invention, the PPAITPN uses each key only once or only for a predetermined period of time. The consumer may update the key code periodically. Alternatively, the consumer may store multiple key codes at once to avoid the burden of frequently updating the key codes.
To provide additional protection to the consumer, in one embodiment of the invention, the consumer may select his/her own user ID, personal identification number, account number, password, or the like. In another embodiment of the present invention, the consumer may change his/her user ID, personal identification number, account number, password, etc. from time to time as an additional protection against stealing the data used on the PPAITPN.
After a consumer registers with the computer system of the PPAITPN, if a fraudster attempts to open a financial account at a bank using the stolen identity of the consumer, in one embodiment of the invention, a bank employee may enter a subset of the incomplete personal information used by the PPAITPN into the computer system of the PPAITPN. The computer system of PPAITPN searches its database to retrieve the consumer's picture for display by the bank employee.
Alternatively, in another embodiment of the present invention, the bank employee may scan the putative consumer's official identity file without manually entering a subset of the incomplete information into the PPAITPN's computer system. The computer system of PPAITPN can search its database to retrieve the consumer's picture for display by the bank employee. If the presumed customer does not match the customer's photograph, the bank employee may decline the application for the new account or block any transactions.
If the bank employee cannot identify a fraudster based on the customer's picture, in another embodiment of the invention, the bank employee asks a test question or asks for a key code designed by the customer. If the person is unable to correctly answer the test question or to provide the correct key code, the person may be a cheater.
In another embodiment of the invention, the bank employee may ask the person to provide other portions of the incomplete personal information. The computer system of the PPAITPN compares other portions of the incomplete personal information with the consumer's information stored in the PPAITPN database to determine if the person is the consumer.
In yet another embodiment of the present invention, a bank employee may dial the customer's phone number provided by the customer and stored in the PPAITPN database to verify that the person at the bank is indeed the customer. In an alternative embodiment of the invention, the bank employee may send an email to the consumer to verify whether the consumer is the person at the bank.
In one embodiment of the invention, the bank employee may notify the PPITPN computer system whether the bank employee declined the transaction, and the PPITPN computer system may send an alert message to the consumer to alert the consumer of possible identity theft and/or fraud with the consumer. As an alternative embodiment of the present invention, the bank employee may confirm that the bank employee has accepted the transaction so that the PPAITPN computer system may use such confirmation to further verify the accuracy of the information provided by the consumer.
It is possible that when the bank employee inputs to the PPAITPN computer system a subset of the customer's incomplete personal information that the PPAITPN uses, the customer has not yet opened an account with the PPAITPN computer system. In this case, the consumer's picture or test question cannot be obtained from the database of the PPAITPN computer system. Thus, in one embodiment of the invention, the bank employee may ask the hypothetical consumer to provide the telephone number of his/her personal communication device, such as a mobile phone, PDA, smart phone, etc. The PPAITPN computer system may verify the identity information provided by the presumed consumer based on consumer context information available from the telephone company that collected the consumer context information during the telephone account opening process. A business agreement may be made between PPAITPN and the telephone company to prevent sharing of such information for fraudulent purposes. If the information provided by the hypothetical consumer does not correspond to information available from the telephone company, the hypothetical consumer may steal the identity of others.
To confirm that the fraudster did not provide the wrong telephone number, the PPAITPN computer system may send a message or call the presumed consumer based on the telephone number received from the presumed consumer. If the presumed consumer is able to receive the message or telephone call, the presumed consumer is likely to have possession of the personal communication device. To ensure that the presumed consumer does receive the message or telephone call, in one embodiment of the invention, the PPAITPN computer system may send a verification code or message to the presumed consumer and ask the presumed consumer to return the received code or message to the PPAITPN computer system. If the PPAITPN computer system can receive the correct code or message from the hypothetical consumer, the identity of the hypothetical consumer is confirmed. Additionally, in another embodiment of the present invention, the PPAITPN computer system will store the identity information and telephone number provided by the presumed consumer in a database. If a fraudster steals the identity information of others to conduct a fraudulent transaction, this is simply a matter of time before the PPAITPN computer system detects two people with different identity information but associated with the same personal telephone number, since the fraudster may use the same personal telephone number in both cases.
In one embodiment of the present invention, when the hypothetical consumer provides a bank employee with his/her personal telephone number and the personal telephone number is associated with a different person in the database of the PPAITPN computer system, the PPAITPN computer system notifies the bank employee of a possible identity theft. In addition, the PPAITPN can make a special query for the case.
Similarly, if a fraudster attempts to use the consumer's identity to purchase goods or services at a merchant after stealing the consumer's credit card, in other embodiments of the invention, a photograph, test question, key code, and/or other incomplete information of the consumer may be used to detect the fraudster.
In another embodiment of the invention, if the merchant declines the transaction, the merchant notifies the PPAITPN computer system and the PPAITPN computer system may send a message to the consumer alerting the consumer that there may be identity theft of the consumer.
As an alternative embodiment of the present invention, the merchant may confirm that the merchant has accepted the transaction so that the PPAITPN computer system may use the confirmation to further verify the accuracy of the information provided by the consumer.
If a fraudster attempts to purchase goods or services on the web using the consumer's identity, in another embodiment of the invention, the web merchant may use test questions, key codes, and/or other incomplete personal information to detect the fraudster.
In yet another embodiment of the present invention, if the PPAITPN computer system rejects the transaction due to an answer error, the PPAITPN computer system may also send a message to the consumer alerting the consumer to possible identity theft of the consumer.
As an alternative embodiment of the present invention, the online merchant may confirm that the online merchant has accepted the transaction, so that the PPAITPN computer system may use the confirmation to further verify the accuracy of the information provided by the consumer.
In one embodiment of the invention, the PPAITPN may alert a consumer's financial institution after identifying possible identity theft and/or fraud for the consumer, so that the financial institution may act to protect the consumer and financial institution.
In another embodiment of the invention, the computer system may use the alerts provided by the PPAITPN computer system to perform other provisions to protect the consumer, financial institution, and possibly other customers of the financial institution. The additional software system may operate in the financial institution for anti-fraud purposes based on the alerts provided by the PPAITPN computer system. Thus, once a consumer, financial institution and merchant have registered with the PPAITPN, the PPAITPN enables the consumer, financial institution and merchant to jointly detect identity theft and prevent financial crimes.
To ensure that a fraudster cannot spoof the PPAITPN with a stolen identity, the computer system of the PPAITPN can record the historical activity of each consumer in a database and provide an index showing how reliable the information associated with the consumer is. In general, the longer a consumer maintains a PPAITPN account, the less likely the consumer is a fraudster. The more queries submitted by merchants and/or financial institutions to verify that a consumer has not been identified as potentially identity stolen, the less likely the consumer is a fraudster. The confirmation received from the merchant and/or financial institution and the manner in which the confirmation fails may provide a good indicator of how reliable the data is provided by the consumer.
For example, if a consumer has a long history of PPAITPN, but only few queries from merchants and/or financial institutions have ever occurred about the consumer, the presence of the consumer may be suspect. It may be that a fraudster steals the identity of the consumer and uses that identity to open an account with the PPAITPN. If an unusually large number of queries about a consumer are received within a very short period of time after the consumer opens a PPAITPN account, it is doubtful why the consumer behaves so differently than others. One of the consumer and/or merchant may be suspect if the consumer is present at two different merchant locations that are remote from each other and the consumer is not likely to walk between the two locations as fast. If the merchant or financial institution fails to confirm or disagree with the identity information of the consumer provided by the PPAITPN computer, the identity information of the consumer provided by the consumer and stored in the PPAITPN database may be suspect. It may also be questionable if confirmation about a consumer is always received from only a few specific merchants, whether these few merchants are collusions of the consumer who are intended to commit crimes to identity theft. If the merchant has confirmed the identity of someone who later proves to be a fraudster, the merchant's reply may be suspect later. If the merchant is suspect, its evaluation may also be suspect. In addition to the above examples, there are many other ways to detect whether there are any suspicious or anomalous activities, ways, or characteristics associated with a consumer or merchant.
Thus, based on the confirmation, failure to confirm, and activity, manner, and characteristics of the merchant involved, the PPAITPN computer may identify suspicious activities, manners, and characteristics associated with the consumer. Since honest consumers generally do not behave suspiciously, PPAITPN can determine how reliable the information provided by the consumer is based on the consumer's activities, patterns, and characteristics indirectly provided by its users (i.e., merchants and financial institutions). Thus, even if the trustworthiness of the data sources (e.g., consumers) cannot be verified and the trustworthiness of third parties (e.g., merchants and financial institutions) that attest to the accuracy of the data cannot be verified, the PPAITPN computer may still evaluate the reliability of the data provided by these sources based on statistical analysis of the attested results provided by the third parties and statistical analysis of these third parties. The user of the PPAITPN information may be alerted if the reliability of the information is suspect or unknown.
Preferably, nationwide movement is used to inform all consumers to register with the PPAITPN as early as possible so that no fraudster has the opportunity to use the stolen identity on the PPAITPN.
In one embodiment of the invention, a user of a PPAITPN may report a complaint about a particular customer and issue such complaint on the PPAITPN. The PPAITPN computer system will notify the consumer and the consumer can issue his/her own version of the experience to respond to the complaint. These disclosed expressions of both views are fair to both parties and will provide an alternative reference to the consumer.
Traditionally, it has been difficult for a merchant to know the contact information of a consumer in a transaction because financial institutions that are prohibited by law from processing transactions have disclosed such information to the merchant. This lack of contact information is problematic for the merchant when conducting sales activities because the merchant does not have the information needed to contact the consumer. While some merchants incentivize consumers to provide such information at the time of sale, many consumers are reluctant to do so because it is tedious.
Since the merchant may use PPAITPN to verify the identity of the consumer, each time the merchant performs an authentication process on the consumer, an association may be established between the merchant and the consumer and stored in the database of the PPAITPN computer system. Since the merchant may verify the identity of the consumer only when the consumer is transacting with the merchant, the PPAITPN computer system may automatically record and store in the database all consumers for which the merchant has verified identity.
In one embodiment of the present invention, the PPAITPN computer system enables a merchant to send sales, promotional information, or coupons via email, mail, fax, telephone, message, or the like to consumers whose identities have been previously verified by the merchant via the PPAITPN computer system. Sales, promotional information, or coupons may be sent to consumers based on contact information stored in a database of the PPAITPN computer system. If a particular consumer does not want to receive such sales, promotional information, or coupons, the consumer may request that the PPAITPN computer system block such information or coupons.
In another embodiment of the invention, when a merchant authenticates a consumer during a transaction, the merchant may enter a product code for the product purchased by the consumer into a device interface of the PPAITPN computer system. Thus, the PPAITPN computer system may identify which consumers have purchased a particular product from the merchant.
In one embodiment of the present invention, the merchant can accurately reach the target market by requesting the PPAITPN computer to send sales, promotional information, coupons, etc. only to consumers associated with a particular product code.
In addition, the merchant is able to evaluate the effectiveness of the sales activity by recording the sales activity identification information, such as the activity number, coupon number, etc., to the PPAITPN computer system during the authentication process. The PPAITPN computer system is capable of providing statistical information regarding the effectiveness of sales activity. For example, the PPAITPN computer system may report that 325 transactions have been made after sending sales, promotional information, or coupons to 748 consumers.
Thus, PPAITPN has effectively become a sales activity tool for merchants. In the present invention, there is no need for the merchant to collect contact information for the consumer. This information is automatically collected by the PPAITPN during its standard operation to prevent identity theft and financial crime. Although PPAITPN may also not have complete consumer identity information, PPAITPN can still effectively deliver marketing materials to a targeted group of consumers. Further, when a merchant uses the services provided by PPAITPN (1) to prevent fraud and (2) to collect sales information, the merchant is able to achieve both goals simultaneously.
To more automate the financial crime prevention process, in one embodiment of the invention, a financial institution's transaction network, such as a credit card, debit card, stored value card, cash card, ATM network, etc., can be linked with the PPAITPN computer system, enabling the merchant to use the consumer's picture, test questions, key codes, and/or other information when the merchant and consumer are conducting transactions over these transaction networks.
Because each PPAITPN user registers with the PPAITPN's computer system and uses the PPAITPN service based on a unique ID and password, the PPAITPN is able to process payment transactions for the user. There are a variety of ways in which an electronic transfer may be made between a payer (e.g., a consumer) account at a financial institution and the payer's account at the PPAITPN. For example, in one embodiment of the invention, such electronic transfers are accomplished by an Automated Clearing House (ACH).
In other implementations of the invention, a debit card network, a credit card network, a stored value card network, a debit card network, a prepaid card network, an ATM network, etc. electronically transfers between a payer's account in a financial institution and the payer's account in a PPAITPN.
As a result, any one consumer, merchant, and financial institution can transfer money to another consumer, merchant, and financial institution via PPAITPN. The PPAITPN may become a common platform for consumers and businesses to conduct business.
To facilitate a consumer's payment transaction against financial crimes, in one embodiment of the invention, the consumer (e.g., a payer) may give the merchant (i.e., payee) the payer's PPAITPN account number or any identity information such as a cell phone number, name, email address, ID number, etc. The payee may then enter the account identity information into a device interface provided by the computer system of the PPAITPN over the network. Alternatively, the payer may enter the account identity information into a device interface.
In addition, the payee may enter an amount due by the payer. If the payer's PPAITPN account has sufficient funds to cover the payment amount, the PPAITPN's computer system may freeze the payment amount in the payer's account and preferably issue a randomly generated "passcode" (i.e., message) that varies from transaction to transaction and whose value is not known in advance. The verification code may have a numeric or alphanumeric value and may be used only for a particular transaction with a particular merchant.
In one embodiment of the invention, the verification code, amount, and/or name of the payee is sent to the payer via a wireless telephone, Personal Digital Assistant (PDA), or other communication device as a text message, email, fax or voicemail.
In one embodiment of the invention, upon receiving the passcode and confirming the amount and name of the payee, the payer may send the passcode to the payee, who may enter the passcode into the device interface of the PPAITPN's computer system. In the event that the passcode entered by the payee is consistent with the passcode sent to the payer, the computer system of the PPAITPN may transfer the frozen payment amount in the payer account to the payee account and complete the payment transaction. Alternatively, the payer may enter the passcode into the payee's device interface at the point of sale or in an online transaction.
In another embodiment of the invention, upon receiving the passcode, the payer may send a message, such as a text message, an instant message, an email, a fax, and/or a voicemail, to the computer system of the PPAITPN to approve a particular transaction based on the particular passcode associated with the transaction.
In one embodiment of the invention, the PPAITPN computer system changes the account number of a payer in accordance with the payer's request.
In another embodiment of the invention, the verification code is invalidated after a fixed time. If the correct verification code is not entered into the device interface of the PPAITPN's computer system within the fixed time, the verification code is invalidated, the transaction is cancelled, and the funds in the payer account that were frozen are thawed back to the payer.
To further protect the payer, in one embodiment of the invention, if a predetermined number of false verification codes are entered against the payer's account, the payer's account is blocked, as someone may attempt to fraudulently the payer through trial and error. The frozen account may be reset (i.e., thawed) to a normal state by the payer or a system administrator of the PPAITPN. The payer may also request the computer system of the PPAITPN to change the payer's account number before resetting the account status to a normal state.
Because identity-stealing fraudsters typically make wild purchases shortly before the identity-stealing is exposed, in one embodiment of the invention, if the amount of a single transaction exceeds a limit set by the payer, the payer's account is frozen until the payer or a system administrator resets the account to a normal state. In another embodiment of the invention, the payer's account is blocked if the total amount of transactions on the payer's account exceeds the limit set by the payer within a predetermined period of time. This frozen account may be reset to a normal state by the payer or a system administrator. In yet another embodiment of the invention, the payer's account may be blocked if the total number of transactions in the payer's account within a predetermined period of time exceeds the limit set by the payer.
A payer may log into the PPAITPN computer system to reset the payer's account. Alternatively, the payee or payer may enter an authorization code known only to the payer to reset the account
To prevent payment fraud, the credit card company may issue a new Personal Identification Number (PIN) at the request of the cardholder. Potentially, the cardholder can request a new PIN for each transaction to prevent fraud. However, this approach may place an unnecessary burden on the consumer, as the consumer needs to actively make such a request before each transaction.
Furthermore, such an approach is difficult to use in some environments, such as restaurants. Traditionally, the consumer would not leave the dining table in the restaurant and the waiter would receive the PIN and credit card given by the consumer. If the waiter is dishonest, the consumer is likely to become a victim of identity theft because the PIN and credit card number may be supplied to fraudsters for various fraudulent purchases.
In contrast, the present invention thoroughly protects consumers from such fraud. Because the validation code is randomly generated by the PPAITPN's computer system in each transaction, the payee cannot steal the payer's money because the payee does not know the validation code for each transaction until the payer provides the payee with the validation code. Because the verification code is generated for a particular payee and the payer confirms the amount before providing the verification code to the payee, the verification code cannot be used for any other transaction. As a result, the waiter cannot fraudulently defraud the consumer for the restaurant example given above. Because the passcode is only sent to the payer, the third party is prevented from stealing the payer's money because the third party cannot receive the passcode to complete the transaction. Thus, even if a third party or payee steals the payer's PPAITPN account, the third party or payee cannot fraudulently commit to the payer.
Because the payment amount in the payer account is first verified and frozen before the verification code is generated and sent to the payer, the payer is not fraudulently involved in the payment.
The loss incurred by fraud needs to be borne as a major operating cost of the payment system. Payment systems without good fraud prevention measures naturally have high operating costs and cannot survive commercial competition. The invention is advantageous for mobile payment transactions, e.g. sending a payment from a payer to a payee via a mobile phone, as the invention also enables fraud to be eliminated in such payment transactions. Traditionally, mobile payment systems rely on cryptography to prevent fraud. For example, the technology has evolved to encrypt payment request and response data, and transmit the data over a human voice band channel (i.e., 300 hz to 3300 hz) using an acoustic modem. Such mobile payment systems have not become popular because of the incorporation of expensive cryptographic techniques and acoustic modems into such payment systems.
In contrast, the present invention does not rely on expensive cryptographic techniques and special modems. Although the passcode of the present invention is not encrypted, no third party can benefit from the passcode because the passcode can only be used once in a particular transaction with a particular merchant. In addition, the verification code will fail after a period of time. The passcode will automatically expire if the payer does not approve the transaction.
Furthermore, in one embodiment, the passcode is generated only after the transaction amount in the payer account is blocked, completely protecting the payee. As an additional protection for the payer, in one embodiment of the invention, the computer system of the PPAITPN must receive the payer's verification code and pin before transferring the frozen amount from the payer to the payee. As a result, the personal communication device of the party who steals the payment is useless.
Thus, the anti-fraud mechanism is automatically embedded into the operation of the PPAITPN system without the use of any special cryptographic equipment or technology. The existing infrastructure of voice and data networks is sufficient to support the present invention. This low cost feature of the present invention makes the present invention even more desirable.
Thus, the anti-fraud payment system of PPAITPN is advantageously used for a variety of transactions, including transactions at point-of-sale where the payer and payee are in face contact, online transactions, and remote transactions where the payee cannot ascertain who the payer is.
To be more technically accurate, the verification code need not be "randomly generated". The purpose behind "random" is to ensure that no one can figure out what the correct passcode is for a particular transaction until the payer receives the passcode. Thus, any verification code generation method that satisfies this "unpredictability" objective may be used with the present invention.
The length and complexity of the authentication code are traded off. For example, the probability that a fraudster correctly guesses a six-digit long digital authentication code is one million (i.e., 10 × 10 × 10 × 10 × 10). If we use an alphanumeric authentication code with a length of six characters, the probability will be reduced to a size of about one billion (i.e., 36 × 36 × 36 × 36 × 36). Generally, the longer the authenticator length, the more secure the authenticator is.
In an alternative embodiment of the invention, the verification code is also in the form of a bar code on the screen of the personal communication device, so that the device interface can read the bar code directly without the need for verbal communication between the payer and payee. In fact, the verification code may be sent directly from the payer's wireless phone, smart phone, PDA, etc. to the payee's device interface through optical, acoustic, electrical, magnetic, electromagnetic or other media to make the payment process for the point-of-sale transaction smooth.
In one embodiment of the invention, when a payer places an order on the internet, the payer may enter the payer's PPAITPN account number or account identity information into the internet merchant's device interface. This PPAITPN account number or account identity information is again transmitted by the internet merchant to the PPAITPN computer system, which may transmit a randomly generated verification code to the payer. The payer may then enter the passcode into the device interface of the internet merchant. This verification code is again transmitted by the internet merchant to the PPAITPN computer system to transfer the payment amount from the payer's PPAITPN account to the payee's PPAITPN account.
In an alternative embodiment of the invention, upon receiving the passcode, the payer may send a message to the computer system of the PPAITPN to approve the transaction. As a result, the payer can complete the online transaction securely without issuing any personal information, thereby reducing the possibility of fraud and protecting the payee.
In another embodiment of the invention, the payer may remotely (e.g., by making a telephone call) order the good or service by giving the payee the payer's PPAITPN account number or account identity information. Additionally, the payer provides the payee with a randomly generated passcode that the payer receives from the PPITPN's computer system. The invention enables the payee to complete the transaction without knowing the payer's identity and the payee is completely protected from the transaction.
In another embodiment of the invention, the payer may complete the payment transaction at the automated checkout station by himself. The payer may enter his PPAITPN account number or account identity information into a checkout station, which may retransmit the payer's PPAITPN account number or account identity information to the PPAITPN computer system. The computer system of the PPAITPN may send a verification code to the payer. The payer may then enter the verification code into the checkout station, which may also retransmit the verification code to the PPITPN's computer system to transfer the payment amount from the payer's account to the payee's account.
In an alternative embodiment of the invention, upon receiving the passcode, the payer may send a message to the PPAITPN's computer system to approve a particular transaction based on the particular passcode associated with the transaction. Both the payer and payee are thoroughly protected from fraud in the transaction, and the identity of the payer is also thoroughly protected.
In one embodiment of the invention, the account number or user's ID of the consumer on the PPAITPN's computer system may be the phone number of the consumer's personal communication device. Because each phone number is unique in each country, the phone number of a consumer's personal communication device can uniquely identify the consumer. If the customers in multiple countries are users of the PPAITPN computer system, a country code may be added to maintain the uniqueness of the account or user ID.
In another embodiment of the invention, the consumer's email address is used as the user's ID or account number. Because each email address is unique, the customer's email address may be used as the user's ID or account number on the PPAITPN's computer system.
In yet another embodiment of the present invention, the account number or user ID is assigned by the PPAITPN's computer system.
The system of the present invention can potentially replace all conventional payment instruments and at the same time provide improved protection for consumers, merchants and financial institutions. In addition, the consumer is not required to carry any conventional financial instrument such as cash, checks, credit cards, debit cards, pre-paid cards, stored value cards, cash cards, ATM cards, and the like. In addition, the present invention can quickly and safely transfer money to any place by accessing the PPAITPN.
In addition, the anti-fraud system described above may be used to protect against fraud traditional credit, debit, stored, debit, prepaid, stored, check, and the like transactions when the financial account number and network are coupled to the PPAITPN's computer system. For example, in one embodiment of the present invention, the computer system of the PPAITPN may randomly generate the verification code after the payee enters the credit card number, debit card number, prepaid card number, etc., and the amount of money into the PPAITPN's computer system. The verification code, amount and payee's name are sent to the payer, for example, in the form of a text message, email or voicemail. The transaction cannot be completed until the payee enters the correct passcode, which the payer may give to the payee, into the device interface, or until the payer enters the correct passcode into the device interface.
In an alternative embodiment of the invention, upon receiving the passcode, the payer may send a message to the PPAITPN's computer system to approve a particular transaction based on the particular passcode associated with the transaction.
A fraudster will not receive the verification code if a credit card, debit card, pre-paid card, etc. is forged or stolen by the fraudster unless the fraudster also steals the consumer's mobile phone, PDA, smart phone, or email account. Personal identification numbers may be used to further enhance security so that a fraudster cannot complete a transaction even if he steals the consumer's personal communication device, as the fraudster may not know what the personal identification number is. Of course, it is important to remind the payer that if he/she loses the device to receive the message, he/she should immediately disable the payment function in his/her PPAITPN account, disable the mobile phone, smartphone or PDA, or change the contact information in the PPAITPN's computer system database.
The present invention may also be used to protect a user ID, password, and/or PIN of a PPAITPN account from theft. Traditionally, a security token device is used to secure the login. Such methods are often expensive because hashing, synchronization, digital signatures, cryptography, and/or other complex techniques are required to produce the token. In addition, the token device itself costs money. In addition, a fraudster can still steal the user's token device.
In one embodiment of the invention, the system randomly generates the authentication code after the user (e.g., consumer, merchant, or financial institution) correctly enters the user ID and password and/or PIN when attempting to log in from the source application. The verification code may be a simple numeric or alphanumeric number that will fail over a period of time. Because hashing, synchronization, digital signatures, cryptography, or other complex techniques are not required to generate the verification code, the computer system of PPAITPN can easily generate such verification codes at very low cost.
This authentication code is immediately sent to the destination, rather than to the source application from which the user is attempting to log in. For example, the destination may be an email address, a cell phone number, etc., based on contact information of a formal registered user stored within the system. The user needs to enter the correct authentication code into the system before the authentication code fails to complete the login process. As a result, even if a fraudster steals the user's ID and password and/or PIN, the fraudster cannot log into the system without an important authentication code. Because the authentication code is randomly generated and different at each login, a third party cannot steal such an authentication code.
There is no need to purchase any token device, which may be very expensive. The login procedure of the present invention can be done quickly as long as the user has some communication devices such as cellular phones, which are very popular today.
Thus, the present invention provides enhanced protection against identity theft and fraud for computer-based systems.
The present invention also prevents ATM fraud. For example, in one embodiment of the invention, after a principal enters an ATM card and PIN number into an ATM terminal, a computer system of the ATM network can send a randomly generated validation code to the owner of the ATM account. If the subject fails to enter the correct passcode within a predetermined amount of time or enters more than a predetermined number of incorrect passcodes, the subject is considered to be a potential fraudster and the ATM transaction is terminated.
In such a case, in one embodiment of the invention, the ATM card is withheld by the ATM terminal and not returned to the principal to protect the account holder of the ATM account. In another embodiment of the present invention, the ATM account is frozen to protect the true holder of the ATM account.
To make it more convenient for the consumer, in one embodiment of the invention, the consumer may go to shop without carrying any conventional financial instrument such as cash, credit card, prepaid card, check, monetary instrument, stored value card, cash card, etc. For example, the merchant may enter the amount and the customer's PPAITPN account into a device interface of the PPAITPN's computer system. The consumer may obtain the passcode from his/her cell phone, smart phone, PDA, etc., and give the passcode to the merchant to complete the transaction. This alternative is very useful for protecting children whose parents are not comfortable with cash or prepaid cards for safety reasons.
In fact, as long as the consumer carries some kind of communication device, such as a mobile phone, a smart phone, a PDA, etc., he/she can easily make any payment. As a result, the consumer can still pay the merchant through his/her PPAITPN account if he/she forgets his/her wallet containing the financial instrument. If the consumer forgets to carry the communication device, he/she can also log into the PPAITPN using the merchant's computer to transfer directly from the consumer's PPAITPN account to the merchant's PPAITPN account.
Sometimes, it is desirable to shut down cell phones, smart phones, PDAs, etc. at certain locations (e.g., some restaurants). Signals from cellular phones, smart phones, PDAs, etc. may also not be received correctly in certain locations. To address these abnormal situations, in one embodiment of the present invention, the computer system of the PPAITPN may generate the verification code in advance in response to a request by the consumer.
As a result, the consumer can give his/her account number and verification code to the payee based on the same procedure as described above. The consumer will only conduct such types of transactions if he/she is confident that the payee will not use his/her passcode for fraudulent purposes.
To protect the consumer, in one embodiment of the invention, the consumer may enter the payee's PPAITPN account number in advance so that the verification code provided by the PPAITPN's computer system is used to conduct a payment transaction with that particular payee.
In another embodiment of the invention, the consumer may decide how long the passcode will remain valid. As a result, the passcode will automatically expire if it is not used within a predetermined period of time.
In yet another embodiment of the invention, the consumer may specify a maximum amount allowed for the passcode. As a result, if the amount paid exceeds the maximum amount specified by the consumer, the verification code cannot be used.
In one embodiment of the invention, the consumer may specify an available verification code for multiple payment transactions at potentially different stores. This application is necessary, for example, for a consumer who makes holiday purchases at a store where the signal of the communication device cannot be received correctly. In such a case, in one embodiment of the invention, the consumer specifies a maximum amount for the total transaction amount allowed by the verification code.
In another embodiment of the invention, the consumer specifies a maximum amount for each transaction allowed by the verification code. In an alternative embodiment of the invention, the consumer specifies the maximum number of transactions allowed by the verification code.
There are multiple ways or combinations of ways to protect consumers. A trade-off between security and convenience needs to be taken into account.
To assist the consumer in issuing a "fraud alert" at the consumer credit reporting company, in one embodiment of the invention, the computer system of the PPAITPN periodically sends a message to the consumer to alert the consumer to issue a "fraud alert". Once the consumer issues the fraud alert, he/she may notify the computer system of PPAITPN through the device interface of the computer system of PPAITPN so that the computer system of PPAITPN no longer sends any alerts to the consumer until it is time to update such fraud alert.
To avoid forgetting to renew the fraud alert, in one embodiment of the invention, the consumer can enter his/her preferred early warning period into the PPAITPN's computer system. For example, if the early warning period is seven days, the computer system of the PPAITPN may begin sending alerts to the consumer at the beginning of seven days before expiration until the fraud alert is updated.
In an alternative embodiment of the present invention, the computer system of the PPAITPN may be linked with the computer systems of the credit reporting companies to automatically update the fraud alerts to the credit reporting companies regardless of whether the fraud alert is expired. This service may persist for a particular consumer until he/she stops such service.
To protect the consumer's private information, in one embodiment of the invention, the consumer designates PPAITPN as an agent for their renewed fraud alert. Additionally, the credit reporting company may record and store the PPAITPN identity information of the consumer in its database.
After the consumer issues the fraud alert at the credit reporting company, the consumer may ask the PPAITPN to update it whenever the fraud alert expires. In one embodiment of the invention, the computer system of the PPAITPN notifies the computer of the credit reporting company to update the fraud alert based on account identity information or PPAITPN identity information provided by the credit reporting company.
In yet another embodiment of the present invention, the computer system of the credit reporting company negotiates with the computer system of the PPAITPN whether an update is required based on account identity information provided by the credit reporting company or the PPAITPN identity information of the consumer. As a result, a computer system that does not require a PPAITPN records any private information about the consumer in the database of the PPAITPN.
If the computer system of the PPAITPN is not directly linked to the computer system of the credit reporting company, in an alternative embodiment of the invention, the computer system of the PPAITPN collects all the information from the consumer that the credit reporting company needs to issue fraud alerts. In addition, the computer system of the PPAITPN emulates the behavior of the consumer by logging into the device interface of the credit reporting company's computer system, providing the information needed by the credit reporting company, and submitting a request for fraud alerts on behalf of the consumer.
The computer system of the PPAITPN may repeat this process regardless of whether the fraud alert is about to expire. As a result, this process does not require any human involvement. If the consumer no longer needs the fraud alerting service, the consumer may notify the PPAITPN's computer system to stop such service.
Some of the various possible combinations are described below as examples, as contemplated in the described embodiments. As shown in fig. 1, a computer system 500 of a privacy-preserving anti-identity theft and payment network (PPAITPN) and a packet-switched network such as the internet 600 enable consumers 100, financial institutions 200, retail stores 300, and online merchants 400 to collectively prevent financial crimes when conducting transactions.
Referring now to the flow chart of FIG. 2 in conjunction with the system block diagram of FIG. 1, FIGS. 1 and 2 together illustrate an exemplary process by which a consumer may register with the PPAITPN computer system.
First (block 2001), the consumer 100 enters his name, user ID and password into the PPAITPN computer system 500 via the internet 600.
Through the internet 600 (block 2002), the consumer 100 further enters into the PPAITPN computer system 500 partial data displayed on his official identification document (e.g., the last four digits of a driver's license or passport number, the expiration date of a driver's license or passport, the first five digits of a zip code for an address displayed on a driver's license or passport, etc.), partial data displayed on a credit, debit, or prepaid card (e.g., the last six digits of a card number, a security code, the expiration date of a card, the type of card, etc.), partial data displayed on a check (e.g., the last eight digits of a check account number, etc.), and/or partial data displayed on other financial instruments.
The consumer 100 then enters his contact information, such as a mobile phone number, email address, etc., into the PPAITPN computer system 500 via the internet 600 (block 2003).
In addition (block 2004), the consumer 100 uploads his picture to the computer system 500 of the PPAITPN via the Internet 600.
Additionally (block 2005), the consumer 100 enters a set of test questions, corresponding answers, and/or at least one key code into the computer system 500 of the PPAITPN via the Internet 600.
Referring now to the flow diagrams of figures 3A and 3B in conjunction with the system block diagram of figure 1, together with figures 3A and 3B, illustrates an example of how the computer system 500 of a PPAITPN may protect a consumer 100 and a merchant (e.g., a retail store) 300 over the internet 600.
When a hypothetical consumer (e.g., customer) conducts a transaction with retail store 300 based on the identity of consumer 100, retail store 300 may ask the consumer to provide an identity document (e.g., driver's license, etc.), and a payment instrument such as a credit card, debit card, pre-paid card, or check.
The retail store 300 enters, for example, the last six digits of the credit card number and the last four digits of the driver's license number into the computer system 500 of the PPAITPN over the internet 600 (block 3001). Based on the information entered by the retail store 300, the PPITPN computer system 500 retrieves its database (block 3002) and displays all possible matching names over the Internet 600. The retail store 300 selects the correct name based on the names displayed on the customer's driver's license. Based on the selected name, a photograph of the consumer 100 stored in the database of the computer system 500 of the PPAITPN is displayed over the Internet 600 (block 3003).
Retail store 300 compares the photo of consumer 100 to the assumed appearance of the consumer (decision block 3004), and if the photo does not match the appearance of the consumer (no branch 3005), retail store 300 should reject the transaction (block 3012). If the photograph of the consumer 100 appears to match the assumed appearance of the consumer (yes branch 3006), the retail store 300 may choose to ask a test question or ask a key code based on the questions of the consumer 100 stored in the database of the PPAITPN's computer system 500 (block 3007).
Depending on whether the presumed consumer can correctly answer the test question or provide the key code specified by the consumer 100, the retail store 300 can take different actions (decision block 3008). If the presumed payer does not reply to the test question correctly or does not provide the key code (no branch 3009), the retail store 300 should reject the transaction (block 3012). On the other hand, if the presumed consumer can correctly answer the test question or can correctly provide the key code (yes branch 3010), the retail store 300 may proceed with the transaction (block 3011).
Referring to the flow chart shown in fig. 4 in conjunction with the system block diagram shown in fig. 1, fig. 1 and 4 together illustrate how an online merchant 400 prevents financial crimes through a PPAITPN computer system 500.
When a hypothetical consumer conducts a transaction with the online merchant 400 based on the identity of the consumer 100, the online merchant 400 requests that the consumer provide his name and account number, expiration date, and/or security code for a payment instrument (e.g., credit card, debit card, pre-paid card, check, etc.), as is conventional. The online merchant 400 may enter, for example, the last six digits of the consumer's credit card, the consumer's name, expiration date, and/or security code into the PPAITPN computer system 500 via the internet 600 (block 4001).
Because it is nearly impossible for two people to have the same name, the same last six digits of a credit card, the same expiration date, and the same security code, the computer system 500 of PPAITPN can retrieve its database and find the record of the consumer 100 (block 4002). In the event that two individuals have the same set of partial data as described above, the PPITPN computer system 500 may require additional partial data such as the last four digits of the driver's license number, the first five digits of the zip code displayed on the driver's license, and the like.
Once the computer system 500 of PPAITPN identifies the consumer 100 record in its database, (block 4003) the computer system 500 of PPAITPN may provide the web merchant 400 with the test questions of the consumer 100. The online merchant 400 may take different actions depending on whether the consumer replies to the test question correctly or provides the key code specified by the consumer 100 (decision block 4004). If the consumer fails to reply to the test question correctly or the key code is not provided correctly (no branch 4005), the online merchant 400 should decline the transaction (block 4008). On the other hand, if the consumer can correctly answer the test question or can correctly provide the key code (yes branch 4006), the online merchant 400 may proceed with the transaction (block 4007).
To illustrate an example of how the computer system 500 of the PPAITPN may protect the consumer 100 and financial institution 200 over the Internet 600, reference should now be made to the flow diagrams illustrated in FIGS. 5A and 5B in conjunction with the system block diagram illustrated in FIG. 1.
When an intended consumer attempts to open an account or conduct a transaction with a financial institution 200 (e.g., a bank) based on the identity of the consumer 100, the financial institution 200 may require that the consumer provide an identity document (e.g., driver's license, passport, etc.). The financial institution 200 enters a set of partial data of the prospective consumer (e.g., the last four digits of the driver's license number, the expiration date of the driver's license, and the first five digits of the zip code displayed on the driver's license) into the computer system 500 of the PPAITPN over the internet 600 (block 5001).
Based on the information entered by the financial institution 200, the PPITPN computer system 500 retrieves its database (block 5002) and displays all possible matching names over the Internet 600.
The financial institution 200 selects the correct name based on the names displayed on the intended customer's driver's license. Based on the selected name, a photograph of the consumer 100 stored in the database of the computer system 500 of the PPAITPN may be displayed over the Internet 600 (block 5003).
Financial institution 200 compares the photograph of consumer 100 to the presumed appearance of the consumer (decision block 5004) and if the photograph does not match the presumed appearance of the consumer (no branch 5005), financial institution 200 should decline the transaction (block 5012). If the photograph of the consumer 100 appears to match the consumer's appearance (yes branch 5006), the financial institution 200 may select a key code to ask a test question or to be displayed over the internet 600 based on the question of the consumer 100 stored in the database of the PPAITPN computer system 500 (block 5007).
Depending on whether the presumed consumer can correctly answer the test question or provide the key code specified by the consumer 100 (decision block 5008), the financial institution 200 may take different actions. If the presumed consumer is unable to correctly answer the test question or is unable to provide the key code (no branch 5009), the financial institution 200 should decline the transaction (block 5012). On the other hand, if the consumer is able to correctly answer the test question or is able to correctly provide the key code (yes branch 5010), the financial institution 200 may proceed with the transaction (block 5011).
As shown in the above example, the consumer, merchant, and financial institution may collectively prevent financial crimes and avoid loss and damage through the PPAITPN computer system 500.
To illustrate an example of how the computer system 500 of the PPAITPN can protect a user in the event his/her ID and password are stolen, the flow diagram shown in figure 6 should be referenced below in conjunction with the system network diagram shown in figure 1.
When a hypothetical user attempts to log into the computer system of the PPAITPN, he/she must enter the correct user ID and password as in the conventional method (block 6001). If the user ID and password are correct, the PPAITPN computer system may randomly generate an authentication code that is different at each login. Additionally, the computer system of PPAITPN may message this verification code to a destination associated with the formally registered user (block 6002).
The presumed user determines receipt of the verification code by entering the verification code he/she just received in the message into the PPAITPN computer system (block 6003). The computer system of PPAITPN compares the presumed user-entered verification code to the verification code generated by the computer system of PPAITPN and makes a determination (decision block 6004). If the verification code is not correct (no branch 6005), the computer system of the PPAITPN may deny login (block 6008). If the verification code is correct (yes branch 6006), the computer system of the PPAITPN may allow the user to log in (block 6007).
The consumer may forget to carry his/her wallet or lose his/her wallet when he/she is out. In such a situation, he/she may still need to conduct a payment transaction when conventional payment instruments and identification documents (e.g., driver's license, etc.) are not available. Furthermore, for online or remote transactions, the payee cannot know clearly whether the payer has the correct identity and authority to complete the transaction. The computer system 500 of PPAITPN may solve the above-described problems.
To illustrate how the computer system 500 of the PPAITPN enables a consumer 100 (i.e., a payer) to pay a retail store 300 (i.e., a payee) without publishing any personal information and without using any conventional payment means, reference should be made to the flow diagrams shown in fig. 7A and 7B in conjunction with the system diagram shown in fig. 1.
The payer 100 has his/her PPAITPN account number to the payee 300, and the payee 300 inputs this account number and the transaction amount into the device interface of the PPAITPN's computer system 500 over the Internet 600 (block 7001). Based on the account number entered by the payee 300, the PPITPN computer system 500 retrieves its database to locate the account of the payer 100 (block 7002).
The computer system 500 of the PPAITPN determines whether there are sufficient funds to cover the payment of the transaction (decision block 7003). If the payer's PPAITPN account does not have a sufficient amount of money in it (no branch 7004), the PPAITPN's computer system 500 notifies the payee to decline the transaction (block 7012). If the payer's PPAITPN account has sufficient funds to cover the payment (yes branch 7005), the PPAITPN's computer system 500 may freeze such payment amount in the payer's account, randomly generate a verification code, and send the verification code to the payer 100 via a message (block 7006).
Payer 100 acknowledges receipt of the passcode by giving it to payee 300, and payee 300 enters the passcode into the device interface of PPAITPN computer system 500 over network 600 (block 7007). The computer system 500 of PPAITPN then compares the passcode entered by payee 300 with the passcode sent to payer 100 (decision block 7008). If the verification code is not correct (no branch 7009), the computer system 500 of the PPAITPN may notify the payee 300 to decline the transaction (block 7012). If the verification code is correct (yes branch 7010), the computer system 500 of the PPITPN may transfer the blocked payment amount from the payer's account to the payee's account, and the payee 300 may proceed to complete the transaction (block 7011).
Because the passcode is randomly generated in each transaction and sent to the payer 100 only for that particular transaction, the third party has little opportunity to know the passcode or to use it again for payment fraud. Because the amount of the transaction needs to be approved by the payer 100 before the payer 100 gives the passcode to the payee 300 for that particular transaction, the payee 300 has substantially no chance to make any payment that is fraudulent to the payer 100. Because the payment amount in the payer's PPAITPN account is frozen before the verification code is randomly generated and sent to the payer 100, the payer 100 has substantially no chance to make any payment by the fraudulent payee 300. Because the payee 300 only needs to know the payer's account number, the identity of the payer is thoroughly protected. This transaction may be conducted face-to-face or remotely, as the payer 100 only needs to provide the payee 300 with a verification code to complete the transaction.
To further protect the consumer, in one embodiment of the invention, the PPAITPN account of the consumer may be changed at the request of the consumer. As a result, it is of no significance to the third party to steal the PPAITPN account number, which is simply a temporary reference number in the transaction.
In another embodiment of the invention, the consumer defines the maximum amount available in each transaction. If a transaction exceeds this maximum amount, the PPAITPN account is blocked until the consumer resets the account back to normal. In yet another embodiment of the invention, the consumer defines the maximum number of transactions that can occur within a fixed time. If the transaction number exceeds this maximum number, the PPAITPN account is frozen until the consumer resets the account to a normal state.
As a result, the consumer can shop without having to carry any traditional financial instrument such as credit card, debit card, prepaid card, gift card, check, cash, etc., or identification document such as a driver's license. Even if the consumer forgets to carry his/her cell phone, smartphone, or PDA, he/she can make the payment by logging into the PPAITPN's computer system and transferring from his/her PPAITPN account to the merchant's PPAITPN account.
The computer system of PPAITPN can also help consumers prevent fraudsters from opening financial accounts under the consumer's identity by issuing fraud alerts at credit reporting companies. To illustrate an example of how the computer system 500 of the PPAITPN helps the consumer 100 issue fraud alerts at credit reporting companies, reference should be made to the flow chart shown in FIG. 8 in conjunction with the system diagram shown in FIG. 1.
First, the consumer 100 issues fraud alerts at the credit reporting company (block 8001). The consumer 100 then notifies the PPAITPN computer system 500 of the expiration date of such fraud alerts and the warning period he/she desires (block 8002). For the purposes of the present invention, the early warning period is defined as the period of time that the consumer is prepared to take action in preparation for the fraud alert before the fraud alert expires.
The computer system 500 of PPAITPN compares the day on which the early warning period begins with calendar days on a constant basis (block 8003) and determines whether the calendar days reach the early warning period of fraud alerts (decision block 8004). If the desired warning period has not been reached (no branch 8005), the computer system 500 of the PPAITPN may continue to compare the calendar day to the day on which the warning period started (block 8003). If the calendar day reaches the desired warning period (yes branch 8006), the PPAITPN's computer system 500 periodically notifies the consumer to issue a new fraud alert (block 8007). This periodic notification may stop after the consumer issues a new fraud alert (block 8001) and sets a new expiration date for the fraud alert (block 8002).
In another embodiment of the invention, the computer system of the PPAITPN may be linked to the computer system of the credit reporting company. In such a situation, the computer system of the PPAITPN may periodically issue new fraud alerts to the consumer regardless of whether the old fraud alert is expired.
Although some of the above description is with respect to transmissions over a single network (e.g., the internet), other types of transmissions are also contemplated. For example, the payer may receive the passcode over a first type of network (e.g., a cellular data network), while the payee may receive authorization via a second type of network (e.g., a WiFi network). Thus, the computer system of PPAITPN may use a combination of communication devices to achieve the objectives of the present invention.
The methods described herein may be implemented in various ways depending on the application. For example, the methods may be implemented in hardware, firmware, software, or any combination thereof. For a hardware implementation, the process may be implemented within one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), processors, controllers, micro-controllers, microprocessors, electronic devices, other electronic units designed to perform the functions described herein, or a combination thereof.
For a firmware-wise and/or software-wise implementation, the methods may be implemented with modules (e.g., procedures, functional blocks, etc.) that perform the functions described herein. Any machine-readable medium tangibly embodying instructions may be used in implementing the methodologies described herein. For example, software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor. The term "memory" as used herein refers to any long term, short term, volatile, nonvolatile, or other type of memory and is not to be limited to any particular type of memory or number of memories, or storage of a particular type of media.
If implemented in firmware and/or software, the functions may be stored as one or more instructions or code on a computer-readable medium. Examples include computer-readable media encoded with a data structure and computer-readable media encoded with a computer program. Computer readable media include physical computer storage media. The storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM, DVD, or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store desired program code in the form of instruction structures or data structures and that can be accessed by a computer; disk and disc, as used herein, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
In addition to storage on a computer-readable medium, the instructions and/or data may be provided as signals on a transmission medium included in a communication device. For example, the communication device may include a transceiver having signals representing instructions and data. The instructions and data are configured to cause one or more processors to perform the functions outlined in the claims. The communication device may not store all of the instructions and/or data on a computer-readable medium.
The embodiments described in this invention can be combined to form a variety of applications based on the needs. It will be appreciated by those skilled in the art that changes in and/or modifications to the illustrated construction may be made without departing from the principles, spirit and scope of the invention. Such changes and modifications are not to be construed as a departure from the invention.
Claims (30)
1. A computer system that prevents identity theft, comprising:
a computer processor and storage device connected to a network;
a database stored on a storage device for storing at least a first set of data derived from personal information of a consumer in a manner that the personal information of the consumer cannot be recovered from the first set of data, the database further for storing at least one of a test question and a corresponding answer created by the consumer and a photograph of the consumer in a manner associated with the first set of data; and
a communication device to send at least one of the photograph and the test question to a user over a network in response to an instruction from the processor when the processor receives a second set of data from the user over the network, the second set of data corresponding to the first set of data and associated with an object.
2. The computer system of claim 1, wherein said communication device sends said photograph and receives a response from said user over said network indicating whether said consumer's photograph matches the appearance of said object, said communication device sending an alert to said consumer when said response indicates that fraud is likely.
3. The computer system of claim 1, wherein said communication device sends said photograph and receives a response from said user over said network indicating whether said consumer's photograph matches the appearance of said object, said communication device sending an alert to said consumer's financial institution when said response indicates that fraud is likely.
4. The computer system of claim 1, wherein said communication device sends said test question and receives a reply from said user over said network, said communication device sending an alert to said consumer when said reply indicates possible fraud.
5. The computer system of claim 1, wherein said communication device sends said test question and receives a reply from said user over said network, said communication device sending an alert to a financial institution of said consumer when said reply indicates possible fraud.
6. The computer system of claim 1, wherein the personal information comprises data obtained from at least one of a financial instrument and an identity document.
7. The computer system of claim 6, wherein the financial instrument is at least one of a credit card, a debit card, an ATM card, a debit card, a prepaid card, a stored value card, a check, a financial instrument, a financial account instrument, a brokerage account instrument, an insurance account instrument, a welfare account instrument, a mobile account instrument, and an instrument issued by the computer system.
8. The computer system of claim 6, wherein the identity document comprises at least one of a driver's license, a passport, a government issued identity document, a foreigner's identity card, a student's card, a social security card, a tax identification card, a national identity card, a benefit card, an official identity document, and an identity document issued by the computer system.
9. The computer system of claim 3, wherein the financial institution's computer system protects the consumer from fraud and other potential crimes.
10. The computer system of claim 5, wherein the financial institution's computer system protects the consumer from fraud and other potential crimes.
11. A computer system that prevents identity theft, comprising:
a computer processor and storage device connected to a network;
a passcode generator operable on the computer processor to generate a new single-use, expirable passcode in response to each login attempt by a user at a source application;
a first communication device that transmits the passcode in substantially real-time to a user at a destination other than a source application in response to generation of the passcode; and
a second communication device that sends a login authorization for a source application when the authentication code is received from a user at the source application before the authentication code expires.
12. The computer system of claim 11, wherein the first communication device and the second communication device are integrated into a single device.
13. The computer system of claim 11, wherein the destination comprises a personal communication device.
14. The computer system of claim 11, wherein the processor generates an instruction to prevent the user from further activity when a user activity pattern corresponds to a predetermined condition.
15. The computer system of claim 11, wherein the processor generates an instruction to prevent the user from further activity when a predetermined number of incorrect verification codes are received.
16. The computer system as recited in claim 11, wherein, when an erroneous passcode is received, the processor generates instructions that send an alert to the user that fraud is likely.
17. A computer system for preventing identity theft during a financial transaction between a payer and a payee, comprising:
a computer processor and storage device connected to a network;
a passcode generator operable on the computer processor to generate a passcode in response to initiating the financial transaction; and
a communication device that, in response to initiating the financial transaction, sends the verification code to a payer's personal communication device substantially in real-time, the computer processor generating instructions to transfer a transaction amount from a payer account to a payee account when the verification code is returned from the payee.
18. A computer system for preventing identity theft during a financial transaction between a payer and a payee, comprising:
a computer processor and storage device connected to a network;
a passcode generator operable on the computer processor to generate a new single-use, expirable passcode in response to initiating the financial transaction and in response to receiving an indication of whether a transaction amount and an available amount of funds in a user account are sufficient for the transaction amount, the computer processor generating instructions to freeze the transaction amount in the user account; and
a communication device to send the passcode to the user in substantially real-time in response to the freezing of the transaction amount, the computer processor generating instructions to transfer the frozen transaction amount from the user account to an account associated with a payee when the passcode is returned from the payee prior to expiration of the passcode.
19. The computer system of claim 18, wherein the processor generates an instruction to prevent the user from further activity when a user activity pattern corresponds to a predetermined condition.
20. The computer system of claim 18, wherein the processor generates an instruction to prevent the user from further activity when a predetermined number of incorrect verification codes are received.
21. The computer system as recited in claim 18, wherein, when an erroneous passcode is received, the processor generates instructions that send an alert to the user that fraud is likely.
22. A computerized method of preventing identity theft during a financial transaction between a payer and a payee, comprising:
receiving payer identity information and a transaction amount from a payee;
generating a new passcode in response to receiving the transaction amount when the amount available for funds in the payer account is sufficient for the transaction amount;
blocking the transaction amount in the payer's account;
sending the new passcode to the payer in substantially real-time in response to the freezing of the transaction amount in the payer's account; and
transferring the frozen transaction amount to an account of a payee when the new passcode is received from the payee.
23. A computerized method of preventing identity theft during account login, comprising:
receiving a user ID and password from a user attempting to log into an account;
generating a new single-use, expirable passcode when the user ID and password correspond to the account;
sending, substantially in real-time, the new passcode to a personal communication device associated with a registered holder of the account; and
allowing the user to log into the account when the new passcode is received from the user before the passcode expires.
24. A computer system for protecting against identity theft by a consumer, comprising:
a computer processor and storage device connected to a network;
the computer processor receiving, from a consumer over the network, contact information, an expiration date of a fraud alert, and a desired early warning period for updating the fraud alert;
upon reaching the desired early warning period, the computer processor sending an alert to the consumer to issue a new fraud alert to at least one credit reporting company; and
the computer processor receives a new expiration date for the new fraud alert from the consumer.
25. A computer system for protecting against identity theft by a consumer, comprising:
a computer processor and storage device connected to a network;
the computer processor receiving, from a consumer over the network, identity information identified by at least one credit reporting company and a request to issue a fraud alert;
requesting, by the computer processor, the credit reporting company to issue the fraud alert on behalf of the consumer based on the identity information; and
when the fraud alert is about to expire, the computer processor requests the credit reporting company to repeatedly issue the fraud alert.
26. A computer system for protecting against identity theft by a consumer, comprising:
a computer processor and storage device connected to a network;
the computer processor receiving personal information and a request to issue a fraud alert from a consumer over the network;
said computer processor logging on to at least one credit reporting company on behalf of said consumer and submitting a request for issuance of said fraud alert on behalf of said consumer; and
when the fraud alert is about to expire, the processor repeatedly issues a request for the fraud alert.
27. A computer system for determining the authenticity of personal identity data provided by a hypothetical consumer based on analysis from a plurality of third parties, comprising:
a computer processor and storage device connected to a network;
a database stored on the storage device for storing at least identity data of the assumed consumer and corresponding data to be verified; and
the communication device sends the data to be verified to a third party when the processor receives the identity data of the assumed consumer from the third party, and the communication device receives a reply indicating whether the data to be verified is accurate from the third party;
wherein the computer processor determines the reliability of the personally identifiable information of the hypothetical consumer based on the hypothetical consumer's activities, patterns, and/or characteristics based on a plurality of replies received from and based on the activities, patterns, and/or characteristics of a plurality of third parties.
28. A computerized method of identity theft prevention, comprising:
receiving identity information from a hypothetical consumer;
storing the identity information in a database;
receiving a personal telephone number from the hypothetical consumer;
storing the personal telephone number in association with the identity information of the presumed consumer in a database;
searching the database to determine if previously stored identity information has been associated with the personal telephone number received from the presumed consumer; and
when previously stored identity information has been associated with the personal telephone number received from the presumed consumer, indicating potential identity theft by the presumed consumer when the identity information received from the presumed consumer does not correspond to previously stored identity information.
29. The computerized method of claim 28, further comprising:
comparing the identity information received from the presumed consumer with identity information received from a third party and associated with a telephone account corresponding to the personal telephone number received from the presumed consumer; and
indicating a potential identity theft by the presumed consumer when the identity information received from the presumed consumer does not correspond to the identity information received from the third party.
30. A computerized method of privacy protection for conducting sales campaigns for merchants that may not have contact information for consumers, comprising:
opening an account of a merchant;
opening an account of a consumer and storing consumer contact information and consumer identity information in a database;
receiving identity information of a presumed consumer from the merchant;
authenticating the presumed consumer for the merchant based on the identity information of the presumed consumer;
storing an association between the consumer account and the merchant account in a database when the assumed identity information of the consumer corresponds to consumer identity information; and
sending sales information to the consumer on behalf of the merchant based on the association associated with the merchant and the stored contact information for the consumer.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US61/211,335 | 2009-03-30 | ||
| US12/638,886 | 2009-12-15 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| HK1148143A true HK1148143A (en) | 2011-08-26 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11288676B2 (en) | Private confirmation system | |
| US12039532B2 (en) | Universal customer identification system | |
| LoPucki | Human identification theory and the identity theft problem | |
| US7698567B2 (en) | System and method for tokenless biometric electronic scrip | |
| US20030195859A1 (en) | System and methods for authenticating and monitoring transactions | |
| US20070011100A1 (en) | Preventing identity theft | |
| WO2009055178A1 (en) | Systems and methods for verifying identities | |
| US20110225045A1 (en) | Paperless Coupon Transactions System | |
| HK1148143A (en) | Privacy protected anti-identity theft and payment network | |
| Poe | An Evaluation of a Biometric Enabled Credit Card for Providing High Authenticity Identity Proofing During the Transaction Authentication Process | |
| HK1148595A (en) | Cardless financial transactions system |