[go: up one dir, main page]

WO2025071603A1 - Fingerprinting technique for determining risk of transaction executed on own device - Google Patents

Fingerprinting technique for determining risk of transaction executed on own device Download PDF

Info

Publication number
WO2025071603A1
WO2025071603A1 PCT/US2023/075305 US2023075305W WO2025071603A1 WO 2025071603 A1 WO2025071603 A1 WO 2025071603A1 US 2023075305 W US2023075305 W US 2023075305W WO 2025071603 A1 WO2025071603 A1 WO 2025071603A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
fingerprint
risk level
user device
fingerprints
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/US2023/075305
Other languages
French (fr)
Inventor
Yuexi Chen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa International Service Association
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa International Service Association filed Critical Visa International Service Association
Priority to PCT/US2023/075305 priority Critical patent/WO2025071603A1/en
Publication of WO2025071603A1 publication Critical patent/WO2025071603A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the following disclosure relates generally to a fingerprinting technique for determining a risk level associated with a transaction executed on a user device for effectively managing risks and reducing fraudulent and anomalous payment transactions.
  • the present disclosure provides a computer-implemented method for determining a risk level associated with a transaction executed on a user device, the computer-implemented method including retrieving data associated with a user device based on a transaction executed on the user device; storing a plurality of hash values corresponding to the data in a plurality of current transaction fingerprints; comparing the plurality of hash values stored in the plurality of current transaction fingerprints to a plurality of hash values stored in a plurality of previous transaction fingerprints associated with a plurality of previous transactions; detecting anomalies in the plurality of hash values stored in the plurality of current transaction fingerprints based on the comparison; and determining a level of risk based on the detected anomalies.
  • the data includes information corresponding to at least one of a hardware, a software, a location, a connection, or an origination of the user device.
  • the plurality of hash values are obtained by applying a plurality of one-way hash algorithms to the data.
  • the plurality of current transaction fingerprints includes at least one of a hardware fingerprint, a software fingerprint, a location fingerprint, a connection fingerprint, or an origination fingerprint;
  • the hardware fingerprint includes a first hash value corresponding to at least one of a secure element serial number, a device identification (ID), or a WiFi media access control (MAC) address of the user device;
  • the software fingerprint includes a second hash value corresponding to at least one of an operating system (OS) version or a browser version of the user device;
  • the location fingerprint includes a third hash value corresponding to at least one of a global positioning system (GPS) location or a proximity location of the user device;
  • the connection fingerprint includes a fourth hash value corresponding to at least one of a connectivity interface and an interface address of the user device; and
  • the origination fingerprint includes a fifth hash value corresponding to at least one of a request source of the user device.
  • the risk level is determined to be a first risk level based on the plurality of current transaction fingerprints remaining unchanged relative to the plurality of previous transaction fingerprints; the risk level is determined be a second risk level that is greater than the first risk level based on a modification of the software fingerprint relative to the plurality of previous transaction fingerprints; and the risk level also is determined to be the second risk level based on a modification of the connection fingerprint relative to the plurality of previous transaction fingerprints.
  • the risk level is determined to be a third risk level that is greater than the second risk level based only on a modification of the origination fingerprint relative to the plurality of previous transaction fingerprints; and the risk level also is determined to be the third risk level based on a modification of the origination fingerprint and the location fingerprint relative to the plurality of previous transaction fingerprints.
  • the risk level is determined to be a fourth risk level that is greater than the third risk level based on a modification of each fingerprint of the plurality of current transaction fingerprints relative to the plurality of previous transaction fingerprints.
  • the transaction is approved or denied based on a combination of at least one of the level of risk, a risk tolerance, or a transaction amount.
  • the transaction is further approved or denied based on an authentication of the transaction via multi-factor authentication (MFA).
  • MFA multi-factor authentication
  • the transaction is executed on the user device between the user device and at least one of a physical card via near-field communication (NFC) or a digitally-stored card.
  • NFC near-field communication
  • the present disclosure provides a system for determining a risk level associated with a transaction executed on a user device, the system including a server computer comprising a processor and a memory coupled to the processor, the memory storing thereon machine executable instructions that when instructed cause the processer to retrieve data associated with a user device based on a transaction executed on the user device; store a plurality of hash values corresponding to the data in a plurality of current transaction fingerprints; compare the plurality of hash values stored in the plurality of current transaction fingerprints to a plurality of hash values stored in a plurality of previous transaction fingerprints associated with a plurality of previous transactions; detect anomalies in the plurality of hash values stored in the plurality of current transaction fingerprints based on the comparison; and determine a level of risk based on the detected anomalies.
  • the data includes information corresponding to at least one of a hardware, a software, a location, a connection, or an origination of the user device.
  • the plurality of hash values are obtained by applying a plurality of one-way hash algorithms to the data.
  • the plurality of current transaction fingerprints includes at least one of a hardware fingerprint, a software fingerprint, a location fingerprint, a connection fingerprint, or an origination fingerprint;
  • the hardware fingerprint includes a first hash value corresponding to at least one of a secure element serial number, a device identification (ID), or a WiFi media access control (MAC) address of the user device;
  • the software fingerprint includes a second hash value corresponding to at least one of an operating system (OS) version or a browser version of the user device;
  • the location fingerprint includes a third hash value corresponding to at least one of a global positioning system (GPS) location or a proximity location of the user device;
  • the connection fingerprint includes a fourth hash value corresponding to at least one of a connectivity interface and an interface address of the user device; and
  • the origination fingerprint includes a fifth hash value corresponding to at least one of a request source of the user device.
  • the risk level is determined to be a first risk level based on the plurality of current transaction fingerprints remaining unchanged relative to the plurality of previous transaction fingerprints; the risk level is determined be a second risk level that is greater than the first risk level based on a modification of the software fingerprint relative to the plurality of previous transaction fingerprints; and the risk level also is determined to be the second risk level based on a modification of the connection fingerprint relative to the plurality of previous transaction fingerprints.
  • the risk level is determined to be a third risk level that is greater than the second risk level based only on a modification of the origination fingerprint relative to the plurality of previous transaction fingerprints; and the risk level also is determined to be the third risk level based on a modification of the origination fingerprint and the location fingerprint relative to the plurality of previous transaction fingerprints.
  • the risk level is determined to be a fourth risk level that is greater than the third risk level based on a modification of each fingerprint of the plurality of current transaction fingerprints relative to the plurality of previous transaction fingerprints.
  • the transaction is approved or denied based on a combination of at least one of the level of risk, a risk tolerance, or a transaction amount.
  • the transaction is further approved or denied based on an authentication of the transaction via multi-factor authentication (MFA).
  • MFA multi-factor authentication
  • the transaction is executed on the user device between the user device and at least one of a physical card via near-field communication (NFC) or a digitally-stored card.
  • NFC near-field communication
  • FIG. 1 illustrates an overall flow diagram of a fingerprinting technique for determining a risk level associated with a transaction executed on a user device, according to at least one aspect of the present disclosure.
  • FIG. 2 illustrates a flow diagram of a method for determining a risk level associated with a transaction executed on a user device, according to at least one aspect of the present disclosure.
  • FIG. 3 is a block diagram of a computer apparatus with data processing subsystems or components, according to at least one aspect of the present disclosure.
  • FIG. 4 is a diagrammatic representation of an example system that includes a host machine within which a set of instructions to perform any one or more of the methodologies discussed herein may be executed, according to at least one aspect of the present disclosure.
  • the following disclosure may provide exemplary systems, devices, and methods for conducting a financial transaction and related activities. Although reference may be made to such financial transactions in the examples provided below, aspects are not so limited. That is, the systems, methods, and apparatuses may be utilized for any suitable purpose.
  • 3D secure may refer to an entity that receives transaction data and/or account data, such as an account identifier, and/or the like, from a payment gateway or other entities and provides an additional security layer for electronic transactions.
  • a 3D secure may enable consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases with an additional security layer that helps inhibit or prevent unauthorized CNP (Card not present transaction) transactions and protects the merchant from CNP exposure to fraud.
  • CNP card-not-present
  • the term “3D secure system” may refer to one or more computer systems operated by or on behalf of a 3D secure, such as a 3D secure server executing one or more software applications.
  • a 3D secure server may include one or more processors and, in some nonlimiting embodiments or aspects, may be operated by or on behalf of a 3D secure.
  • a 3D secure may include Verified by Visa/Visa Secure, MasterCard SecureCode, JCB International J/Secure, American Express SafeKey, or any other entity that provides an additional security layer for electronic transactions.
  • Account credentials may include any information that identifies an account and allows a payment processor to verify that a device, person, or entity has permission to access the account.
  • account credentials may include an account identifier (e.g., a PAN), a token (e.g., account identifier substitute), an expiration date, a cryptogram, a verification value (e.g., card verification value (CVV)), personal information associated with an account (e.g., address, etc.), an account alias, or any combination thereof.
  • Account credentials may be static or dynamic such that they change over time. Further, in some embodiments or aspects, the account credentials may include information that is both static and dynamic. For example, an account identifier and expiration date may be static but a cryptogram may be dynamic and change for each transaction. Further, in some embodiments or aspects, some or all of the account credentials may be stored in a secure memory of a user device.
  • the secure memory of the user device may be configured such that the data stored in the secure memory may not be directly accessible by outside applications and a payment application associated with the secure memory may be accessed to obtain the credentials stored on the secure memory. Accordingly, a mobile application may interface with a payment application in order to gain access to payment credentials stored on the secure memory.
  • the term “account credential,” “account number,” or “payment credential” may refer to any suitable information associated with an account (e.g. a payment account and/or payment device associated with the account). Such information may be directly related to the account or may be derived from information related to the account. Examples of account information may include a PAN (primary account number or “account number”), user name, expiration date, CVV (card verification value), dCVV (dynamic card verification value), CVV2 (card verification value 2), CVC3 card verification values, etc.
  • Payment credentials may be any information that identifies or is associated with a payment account. Payment credentials may be provided in order to make a payment from a payment account. Payment credentials can also include a user name, an expiration date, a gift card number or code, and any other suitable information.
  • An “acquirer” may refer to an entity licensed by the transaction service provider and/or approved by the transaction service provider to originate transactions (e.g., payment transactions) using a portable financial device associated with the transaction service provider.
  • Acquirer may also refer to one or more computer systems operated by or on behalf of an acquirer, such as a server computer executing one or more software applications (e.g., “acquirer server”).
  • An “acquirer” may be a merchant bank, or in some cases, the merchant system may be the acquirer.
  • the transactions may include original credit transactions (OCTs) and account funding transactions (AFTs).
  • the acquirer may be authorized by the transaction service provider to sign merchants of service providers to originate transactions using a portable financial device of the transaction service provider.
  • the acquirer may contract with payment facilitators to enable the facilitators to sponsor merchants.
  • the acquirer may monitor compliance of the payment facilitators in accordance with regulations of the transaction service provider.
  • the acquirer may conduct due diligence of payment facilitators and ensure that proper due diligence occurs before signing a sponsored merchant.
  • Acquirers may be liable for all transaction service provider programs that they operate or sponsor. Acquirers may be responsible for the acts of its payment facilitators and the merchants it or its payment facilitators sponsor.
  • the term “acquirer” typically is a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant or other entity. Some entities can perform both issuer and acquirer functions. Some embodiments or aspects may encompass such single entity issuer-acquirers.
  • An acquirer may operate an acquirer computer, which can also be generically referred to as a “transport computer”.
  • Authentication is a process by which the credential of an endpoint (including but not limited to applications, people, devices, process, and systems) can be verified to ensure that the endpoint is who they are declared to be.
  • a “digital wallet” can include an electronic device that allows an individual to conduct electronic commerce transactions.
  • a digital wallet may be designed to streamline the purchase and payment process.
  • a digital wallet may allow the user to load one or more payment cards onto the digital wallet so as to make a payment without having to enter an account number or present a physical card.
  • An “issuer” can include a payment account issuer.
  • the payment account (which may be associated with one or more payment devices) may refer to any suitable payment account (e.g. credit card account, a checking account, a savings account, a merchant account assigned to a consumer, or a prepaid account), an employment account, an identification account, an enrollment account (e.g. a student account), etc.
  • the term “merchant” may refer to one or more individuals or entities (e.g., operators of retail businesses that provide goods and/or services, and/or access to goods and/or services, to a user (e.g., a customer, a consumer, a customer of the merchant, and/or the like) based on a transaction (e.g., a payment transaction)).
  • a transaction e.g., a payment transaction
  • merchant system may refer to one or more computer systems operated by or on behalf of a merchant, such as a server computer executing one or more software applications.
  • a “merchant application” may include any application associated with a relying party to a transaction.
  • a merchant mobile application may be associated with a particular merchant or may be associated with a number of different merchants.
  • the merchant mobile application may store information identifying a particular merchant server computer that is configured to provide a sales environment in which the merchant server computer is capable of processing remote transactions initiated by the merchant application.
  • the merchant mobile application may also include a general purpose browser or other software designed to interact with one or more merchant server computers.
  • the merchant mobile application may be installed in the general purpose memory of a user device and thus, may be susceptible to malicious attacks.
  • system may refer to one or more computing devices or combinations of computing devices (e.g., processors, servers, client devices, software applications, components of such, and/or the like).
  • a “user” may include an individual.
  • a user may be associated with one or more personal accounts and/or mobile devices.
  • the user may also be referred to as a cardholder, account holder, or consumer.
  • a “user device” is an electronic device that may be transported and/or operated by a user.
  • a user device may provide remote communication capabilities to a network.
  • the user device may be configured to transmit and receive data or communications to and from other devices.
  • the user device may be portable.
  • Examples of user devices may include mobile phones (e.g., smart phones, cellular phones, etc.), PDAs, portable media players, wearable electronic devices (e.g. smart watches, fitness bands, ankle bracelets, rings, earrings, etc.), electronic reader devices, and portable computing devices (e.g., laptops, netbooks, ultrabooks, etc.). Examples of user devices may also include automobiles with remote communication capabilities.
  • “User information” may include any information that is associated with a user.
  • the user information may include a device identifier of a device that the user owns or operates and/or account credentials of an account that the user holds.
  • a device identifier may include a unique identifier assigned to a user device that can later be used to verify the user device.
  • the device identifier may include a device fingerprint.
  • the device fingerprint may an aggregation of device attributes.
  • the device fingerprint may be generated by a software development kit (SDK) provided on the user device using, for example, a unique identifier assigned by the operating system, an International Mobile Station Equipment Identity (IMEI) number, operating system (OS) version, plug-in version, and the like.
  • SDK software development kit
  • Tap-to-pay is an increasingly popular payment method that allows users to wirelessly complete transactions using a physical card, or a digitally-stored card in a digital wallet, via near-field communication (NFC).
  • NFC near-field communication
  • tap-to-device and tap-to-own-device are two emerging techniques. Both the tap-to-device and tap-to-own-device techniques use NFC to complete a transaction between a physical card, or a digitally-stored card in a digital wallet, and a commercial-off-the-shelf (COTS) device, such as a smartphone, laptop, or the like.
  • COTS commercial-off-the-shelf
  • the COTS device may be that of a merchant, or the COTS device may be that of oneself.
  • the COTS device By tapping the physical card, or the digitally-stored card in a digital wallet, the COTS device acquires the card’s credentials and submits a transaction request.
  • Any one card may comprise credentials, or account credentials, that include at least one of an account identifier, Europay, Mastercard, and Visa (EMV) chip data, or a cryptogram.
  • EMV Europay, Mastercard, and Visa
  • additional data stored on the COTS device that is useful for risk determination and issuer decision making based on the risk determination.
  • issuers may take appropriate action to require further authentication or deny transactions in order to reduce fraudulent or anomalous payment transactions.
  • this additional data is not captured by the issuer, much less captured by the issuer and used for risk determination. Thus, fraudulent and anomalous payment transactions may still occur, which ultimately could be prevented by determining a risk level associated with the transaction and taking appropriate action.
  • the present disclosure provides a detailed description of the methods and systems that incorporate the additional data stored on the COTS device for use in risk determination and issuer decision making based on the risk determination.
  • the present disclosure provides a fingerprinting technique for determining a risk level associated with a transaction executed on a user device for effectively managing risks and reducing fraudulent and anomalous payment transactions.
  • the fingerprinting technique begins with retrieving data associated with a user device based on a transaction executed on the user device. This includes information relating to at least one of a hardware, a software, a location, a connectivity, or an origination of the user device.
  • information relating to the hardware may comprise information regarding the user device’s Secure Element Serial Number, Device Identification (ID), and/or WiFi Media Access Control (MAC) Address.
  • Information relating to the software may comprise information regarding the user device’s Operating System (OS) Version and/or Browser Version.
  • Information relating to the location may comprise information regarding the user device’s Global Positioning System (GPS) Location and/or Proximity Location.
  • Information relating to the connectivity may comprise information regarding the user device’s Connectivity Interface and/or Interface Address.
  • information relating to the origination may comprise information regarding the user device’s Request Source. Data abbreviations and data examples are provided below for clarity.
  • Hardware Secure Element Serial Number, SE.ID (e.g., G6TFGLC90DER).
  • DEV.ID e.g., 0a1b2c3d4e5f6a7b8c9d0e1f.
  • WiFi MAC Address MAC.ID (e.g., B4:56:78:0E:A1:F0).
  • OS Version OS. VER (e.g., 5.1.00998654.340).
  • Browser Version B.VER (e.g., 112.0762211012).
  • Location GPS Location, GPS.LOC (e.g., 41-23-12.2N2-10-26.5E). Proximity Location, PROX.LOC (e.g., 41-23-12N2-10-27).
  • Connectivity Connectivity Interface
  • CON. IF e.g., wlan
  • Interface Address IF.ADDR (e.g., 192.168.0.55).
  • Origination Request Source, REQ. SRC (e.g., 202.11.67.32:13345).
  • each category of data e.g., hardware, software, location, connectivity, and origination
  • each category of data is fingerprinted using a one-way hash algorithm.
  • Fingerprint(Hardware [HW]) Hash(SE.ID
  • Fingerprint(Software [SW]) Hash(OS.VER
  • Fingerprint(Location [LOG]) Hash(GPS.LOC
  • Fingerprint(Connectivity [CON]) Hash(CON.IF
  • Fingerprint(Origination [SRC]) Hash(REQ.SRC)
  • a plurality of current transaction fingerprints are generated.
  • Each fingerprint of the plurality of current transaction fingerprints stores a hash value (i.e., a random string of characters) corresponding to the retrieved data for any such category of data.
  • a hash value corresponding to the retrieved hardware data may correspond to at least one of the Secure Element Serial Number (SE.ID), Device ID (DEV.ID), or WiFi MAC Address (MAC. ID), or any combination thereof, of the user device.
  • SE.ID Secure Element Serial Number
  • DEV.ID Device ID
  • MAC. ID WiFi MAC Address
  • N 1 , 2, 3, etc.
  • a risk level may be determined to be a first risk level (e.g., extremely low) based on all current transaction fingerprints remaining unchanged relative to the previous- transactions’ fingerprints.
  • a hash value of a current transaction remaining unchanged relative to a hash value of a previous transaction is substantially equivalent to a current transaction fingerprint remaining unchanged relative to a previous-transaction fingerprint.
  • a hash value corresponding to a hardware of a user device for a current transaction remaining unchanged relative to a hash value corresponding to a hardware of a user device for a previous transaction is substantially equivalent to a current-transaction’s hardware fingerprint remaining unchanged relative to a previous-transaction’s hardware fingerprint.
  • a hash value of a current transaction changing relative to a hash value of a previous transaction is substantially equivalent to a current transaction fingerprint changing relative to a previous-transaction fingerprint.
  • a hash value corresponding to a hardware of a user device for a current transaction changing relative to a hash value corresponding to a hardware of a user device for a previous transaction is substantially equivalent to a current-transaction’s hardware fingerprint changing relative to a previous-transaction’s hardware fingerprint.
  • a risk level may be determined to be a second risk level (e.g., low), which is greater than the first risk level, based on the current software fingerprint changing relative to at least one of the previous-transactions’ software fingerprint, while all other fingerprints remain unchanged. Additionally, a risk level may be determined to be the second risk level based on the current connectivity fingerprint changing relative to at least one of the previous- transactions’ connectivity fingerprint, while all other fingerprints remain unchanged.
  • a second risk level e.g., low
  • a risk level may be determined to be a third risk level (e.g., medium), which is greater than the second risk level, based on the current origination fingerprint changing relative to at least one of the previous-transactions’ origination fingerprint, while all other fingerprints remain unchanged. Additionally, a risk level may be determined to be the third risk level based on the current connectivity fingerprint and the current location fingerprint changing relative to at least one of the previous-transactions’ connectivity and location fingerprints, respectively, while all other fingerprints remain unchanged.
  • a third risk level e.g., medium
  • a risk level may be determined to be a fourth risk level (e.g., high), which is greater than the third risk level, based on all current transaction fingerprints changing relative to the previous-transactions’ fingerprints.
  • each risk level may be determined based on changes to fingerprints that may not be detailed above. These examples are merely meant to illustrate how different risk levels may be determined using each category of data that is captured, fingerprinted, and compared.
  • the current transaction may be approved or denied. Additionally, the current transaction may be further approved or denied based on a successful or an unsuccessful authentication of the transaction via multi-factor authentication (MFA), such as, but not limited to, a one-time passcode sent to a user associated with the physical card, or the digitally-stored card in a digital wallet, that is being used in the current transaction.
  • MFA multi-factor authentication
  • the fingerprinting technique described herein provides privacy for the user of the COTS device (e.g., the user device). That is, the issuer does not process, or understand, specific information relating to the COTS device. Rather, the issuer receives the current transaction fingerprints and detects changes, or abnormalities, when compared to previous-transactions’ fingerprints. Thus, the user’s privacy is maintained.
  • FIG. 1 illustrates an overall flow diagram of a fingerprinting technique 100 for determining a risk level associated with a transaction executed on a user device, according to at least one aspect of the present disclosure.
  • the fingerprinting technique first begins by retrieving data from a card 102, either a physical card or a digitally-stored card in a digital wallet on the COTS device 104 via NFC.
  • the retrieved data is packaged into a digital token 106 which comprises at least one of an account identifier, EMV chip data, or a cryptogram.
  • the COTS device 104 retrieves data associated with the COTS device 106, including information relating to at least one of hardware, software, location, connectivity, or origination of the COTS device 106.
  • information relating to the hardware may comprise information regarding the Secure Element Serial Number, Device ID, and WiFi MAC Address of the user device.
  • Information relating to the software may comprise information regarding the OS Version and Browser Version of the user device.
  • Information relating to the location may comprise information regarding the GPS Location and Proximity Location of the user device.
  • Information relating to the connectivity may comprise information regarding the Connectivity Interface and Interface Address of the user device.
  • information relating to the origination may comprise information regarding the Request Source of the user device.
  • Each category of data relating to the COTS device 106 is then fingerprinted using a one-way hash, as described above, to a plurality of COTS device fingerprints 108.
  • the digital token 106 and the plurality of COTS device fingerprints 108 are sent to a merchant application, or a merchant website 110.
  • the merchant application or the merchant website 110 then sends the digital token 106 and the plurality of COTS device fingerprints 108 to the merchant backend 112.
  • the digital token 106 and the plurality of COTS device fingerprints 108 are then sent to the processor 114, which is responsible for completing the transaction process.
  • the digital token 106 and the plurality of COTS device fingerprints 108 are sent to the acquirer 116, then the network 118, and finally the issuer 120.
  • a comparison is made between the plurality of COTS device fingerprints 108 (e.g., the current transaction fingerprints) and a plurality of previous- transactions’ fingerprints.
  • the issuer 120 is further responsible for detecting changes, or abnormalities, in the plurality of COTS device fingerprints 108 based on the comparison. Additionally, the issuer 120 is responsible for determining a risk level and taking action based on the determined risk level. Such action may include approving or denying the transaction, or such action may include sending a request for authentication via MFA to a user associated with the card 112, either a physical card or a digitally-stored card in a digital wallet. Additionally, the issuer 120 may be in connection with the merchant backend 112 via an alternate connection 122, such as a 3D secure (3DS) that requires a user to authenticate their identity and the transaction before the transaction may be complete.
  • 3D secure 3D secure
  • FIG. 2 illustrates a flow diagram of a method 200 for determining a risk level associated with a transaction executed on a user device, according to at least one aspect of the present disclosure.
  • data associated with a user device is retrieved 202 based on a transaction executed on the user device.
  • the data is stored 204 in a plurality of current transaction fingerprints.
  • the data stored in the plurality of current transaction fingerprints is compared 206 to data stored in a plurality of previous transaction fingerprints associated with a plurality of previous transactions.
  • Anomalies in the data are stored in the plurality of current transaction fingerprints are detected 208 based on the comparison.
  • a level of risk based on the detected anomalies is determined 210.
  • the fingerprinting technique 100 may also illustrate a system 100, wherein the system 100 comprises at least each of the elements as shown in FIG. 1, as well as a server computer comprising a processor and a memory coupled to the processor, the memory storing thereon machine executable instructions that when instructed cause the processor the execute the steps of fingerprinting technique 100.
  • the method 200 may also illustrate a system 200, wherein the system 200 comprises at least each of the elements as shown in FIG. 2, as well as a server computer comprising a processor and a memory coupled to the processor, the memory storing thereon machine executable instructions that when instructed cause the processor the execute the steps of method 200.
  • a number of technologies may be used. This may include the use of at least one of a computer apparatus or a host machine, which are further described below with respect to FIGS. 3 and 4, respectively. That is, a computer apparatus and/or a host machine, as disclosed below, may be used in any of the aforementioned methods or systems for detecting anomalies in mobile payment transactions.
  • FIG. 3 is a block diagram of a computer apparatus 3000 with data processing subsystems or components, according to at least one aspect of the present disclosure.
  • the subsystems shown in FIG. A are interconnected via a system bus 3010. Additional subsystems such as a printer 3018, keyboard 3026, fixed disk 3028 (or other memory comprising computer readable media), monitor 3022, which is coupled to a display adapter 3020, and others are shown.
  • Peripherals and input/output (I/O) devices which couple to an I/O controller 3012 (which can be a processor or other suitable controller), can be connected to the computer system by any number of means known in the art, such as a serial port 3024.
  • serial port 3024 or external interface 3030 can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner.
  • the interconnection via system bus allows the central processor 3016 to communicate with each subsystem and to control the execution of instructions from system memory 3014 or the fixed disk 3028, as well as the exchange of information between subsystems.
  • the system memory 3014 and/or the fixed disk 3028 may embody a computer readable medium.
  • FIG. 4 is a diagrammatic representation of an example system 4000 that includes a host machine 4002 within which a set of instructions to perform any one or more of the methodologies discussed herein may be executed, according to at least one aspect of the present disclosure.
  • the host machine 4002 operates as a standalone device or may be connected (e.g., networked) to other machines.
  • the host machine 4002 may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment.
  • the host machine 4002 may be a computer or computing device, a personal computer (PC), a tablet PC, a set-top box (STB), a personal digital assistant (PDA), a cellular telephone, a portable music player (e.g., a portable hard drive audio device such as an Moving Picture Experts Group Audio Layer 3 (MP3) player), a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.
  • a portable music player e.g., a portable hard drive audio device such as an Moving Picture Experts Group Audio Layer 3 (MP3) player
  • MP3 Moving Picture Experts Group Audio Layer 3
  • web appliance e.g., a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.
  • machine shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple
  • the example system 4000 includes the host machine 4002, running a host operating system (OS) 4004 on a processor or multiple processor(s)/processor core(s) 4006 (e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both), and various memory nodes 4008.
  • the host OS 4004 may include a hypervisor 4010 which is able to control the functions and/or communicate with a virtual machine (“VM”) 4012 running on machine readable media.
  • the VM 4012 also may include a virtual CPU or vCPU 4014.
  • the memory nodes 4008 may be linked or pinned to virtual memory nodes or vNodes 4016. When the memory node 4008 is linked or pinned to a corresponding vNode 4016, then data may be mapped directly from the memory nodes 4008 to their corresponding vNodes 4016.
  • All the various components shown in host machine 4002 may be connected with and to each other, or communicate to each other via a bus (not shown) or via other coupling or communication channels or mechanisms.
  • the host machine 4002 may further include a video display, audio device or other peripherals 4018 (e.g., a liquid crystal display (LCD), alpha-numeric input device(s) including, e.g., a keyboard, a cursor control device, e.g., a mouse, a voice recognition or biometric verification unit, an external drive, a signal generation device, e.g., a speaker,) a persistent storage device 4020 (also referred to as disk drive unit), and a network interface device 4022.
  • a video display e.g., a liquid crystal display (LCD), alpha-numeric input device(s) including, e.g., a keyboard, a cursor control device, e.g., a mouse, a voice recognition or biometric verification unit, an external drive,
  • the host machine 4002 may further include a data encryption module (not shown) to encrypt data.
  • the components provided in the host machine 4002 are those typically found in computer systems that may be suitable for use with aspects of the present disclosure and are intended to represent a broad category of such computer components that are known in the art.
  • the system 4000 can be a server, minicomputer, mainframe computer, or any other computer system.
  • the computer may also include different bus configurations, networked platforms, multiprocessor platforms, and the like.
  • Various operating systems may be used including UNIX, LINUX, WINDOWS, QNX ANDROID, IOS, CHROME, TIZEN, and other suitable operating systems.
  • the disk drive unit 4024 also may be a Solid-state Drive (SSD), a hard disk drive (HDD) or other includes a computer or machine-readable medium on which is stored one or more sets of instructions and data structures (e.g., data/instructions 4026) embodying or utilizing any one or more of the methodologies or functions described herein.
  • the data/instructions 4026 also may reside, completely or at least partially, within the main memory node 4008 and/or within the processor(s) 4006 during execution thereof by the host machine 4002.
  • the data/instructions 4026 may further be transmitted or received over a network 4028 via the network interface device 4022 utilizing any one of several well-known transfer protocols (e.g., Hyper Text Transfer Protocol Secure (HTTPS)).
  • HTTPS Hyper Text Transfer Protocol Secure
  • the processor(s) 4006 and memory nodes 4008 also may comprise machine- readable media.
  • the term "computer-readable medium” or “machine-readable medium” should be taken to include a single medium or multiple medium (e.g., a centralized or distributed database and/or associated caches and servers) that store the one or more sets of instructions.
  • the term "computer-readable medium” shall also be taken to include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by the host machine 4002 and that causes the host machine 4002 to perform any one or more of the methodologies of the present application, or that is capable of storing, encoding, or carrying data structures utilized by or associated with such a set of instructions.
  • computer-readable medium shall accordingly be taken to include, but not be limited to, solid-state memories, optical and magnetic media, and carrier wave signals. Such media may also include, without limitation, hard disks, floppy disks, flash memory cards, digital video disks, random access memory (RAM), read only memory (ROM), and the like.
  • RAM random access memory
  • ROM read only memory
  • the example aspects described herein may be implemented in an operating environment comprising software installed on a computer, in hardware, or in a combination of software and hardware.
  • Internet service may be configured to provide Internet access to one or more computing devices that are coupled to the Internet service, and that the computing devices may include one or more processors, buses, memory devices, display devices, input/output devices, and the like.
  • the Internet service may be coupled to one or more databases, repositories, servers, and the like, which may be utilized to implement any of the various aspects of the disclosure as described herein.
  • the computer program instructions also may be loaded onto a computer, a server, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • Suitable networks may include or interface with any one or more of, for instance, a local intranet, a PAN (Personal Area Network), a LAN (Local Area Network), a WAN (Wide Area Network), a MAN (Metropolitan Area Network), a virtual private network (VPN), a storage area network (SAN), a frame relay connection, an Advanced Intelligent Network (AIN) connection, a synchronous optical network (SONET) connection, a digital T1, T3, E1 or E3 line, Digital Data Service (DDS) connection, DSL (Digital Subscriber Line) connection, an Ethernet connection, an ISDN (Integrated Services Digital Network) line, a dial-up port such as a V.90, V.34 or V.34bis analog modem connection, a cable modem, an ATM (Asynchronous Transfer Mode) connection, or an FDDI (Fiber Distributed Data Interface) or CDDI (Copper Distributed Data Interface) connection.
  • PAN Personal Area Network
  • LAN Local Area Network
  • WAN Wide Area Network
  • communications may also include links to any of a variety of wireless networks, including WAP (Wireless Application Protocol), GPRS (General Packet Radio Service), GSM (Global System for Mobile Communication), CDMA (Code Division Multiple Access) or TDMA (Time Division Multiple Access), cellular phone networks, GPS (Global Positioning System), CDPD (cellular digital packet data), RIM (Research in Motion, Limited) duplex paging network, Bluetooth radio, or an IEEE 802.11 -based radio frequency network.
  • WAP Wireless Application Protocol
  • GPRS General Packet Radio Service
  • GSM Global System for Mobile Communication
  • CDMA Code Division Multiple Access
  • TDMA Time Division Multiple Access
  • cellular phone networks GPS (Global Positioning System)
  • CDPD cellular digital packet data
  • RIM Research in Motion, Limited
  • Bluetooth radio or an IEEE 802.11 -based radio frequency network.
  • the network 4030 can further include or interface with any one or more of an RS-232 serial connection, an I EEE- 1394 (Firewire) connection, a Fiber Channel connection, an IrDA (infrared) port, a SCSI (Small Computer Systems Interface) connection, a USB (Universal Serial Bus) connection or other wired or wireless, digital or analog interface or connection, mesh or Digi® networking.
  • an RS-232 serial connection an I EEE- 1394 (Firewire) connection, a Fiber Channel connection, an IrDA (infrared) port, a SCSI (Small Computer Systems Interface) connection, a USB (Universal Serial Bus) connection or other wired or wireless, digital or analog interface or connection, mesh or Digi® networking.
  • a cloud-based computing environment is a resource that typically combines the computational power of a large grouping of processors (such as within web servers) and/or that combines the storage capacity of a large grouping of computer memories or storage devices.
  • Systems that provide cloud-based resources may be utilized exclusively by their owners or such systems may be accessible to outside users who deploy applications within the computing infrastructure to obtain the benefit of large computational or storage resources.
  • the cloud is formed, for example, by a network of web servers that comprise a plurality of computing devices, such as the host machine 4002, with each server 4030 (or at least a plurality thereof) providing processor and/or storage resources.
  • These servers manage workloads provided by multiple users (e.g., cloud resource customers or other users).
  • users e.g., cloud resource customers or other users.
  • each user places workload demands upon the cloud that vary in real-time, sometimes dramatically. The nature and extent of these variations typically depends on the type of business associated with the user.
  • Non-volatile media include, for example, optical or magnetic disks, such as a fixed disk.
  • Volatile media include dynamic memory, such as system RAM.
  • Transmission media include coaxial cables, copper wire and fiber optics, among others, including the wires that comprise one aspect of a bus.
  • Transmission media can also take the form of acoustic or light waves, such as those generated during radio frequency (RF) and infrared (IR) data communications.
  • RF radio frequency
  • IR infrared
  • Common forms of computer-readable media include, for example, a flexible disk, a hard disk, magnetic tape, any other magnetic medium, a CD-ROM disk, digital video disk (DVD), any other optical medium, any other physical medium with patterns of marks or holes, a RAM, a PROM, an EPROM, an EEPROM, a FLASH EPROM, any other memory chip or data exchange adapter, a carrier wave, or any other medium from which a computer can read.
  • Various forms of computer-readable media may be involved in carrying one or more sequences of one or more instructions to a CPU for execution.
  • a bus carries the data to system RAM, from which a CPU retrieves and executes the instructions.
  • the instructions received by system RAM can optionally be stored on a fixed disk either before or after execution by a CPU.
  • Computer program code for carrying out operations for aspects of the present technology may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++, or the like and conventional procedural programming languages, such as the "C" programming language, Go, Python, or other programming languages, including assembly languages.
  • the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • LAN local area network
  • WAN wide area network
  • Internet Service Provider an Internet Service Provider
  • Instructions used to program logic to perform various disclosed aspects can be stored within a memory in the system, such as dynamic random access memory (DRAM), cache, flash memory, or other storage. Furthermore, the instructions can be distributed via a network or by way of other computer readable media.
  • DRAM dynamic random access memory
  • cache cache
  • flash memory or other storage.
  • the instructions can be distributed via a network or by way of other computer readable media.
  • a machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer), but is not limited to, floppy diskettes, optical disks, compact disc, read-only memory (CD-ROMs), and magneto-optical disks, read-only memory (ROMs), random access memory (RAM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic or optical cards, flash memory, or a tangible, machine-readable storage used in the transmission of information over the Internet via electrical, optical, acoustical or other forms of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.).
  • the non- transitory computer-readable medium includes any type of tangible machine-readable medium suitable for storing or transmitting electronic instructions or information in a form readable by a machine (e.g., a computer).
  • Any of the software components or functions described in this application may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Python, Java, C++ or Perl using, for example, conventional or object-oriented techniques.
  • the software code may be stored as a series of instructions, or commands on a computer readable medium, such as RAM, ROM, a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD- ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.
  • logic may refer to an app, software, firmware and/or circuitry configured to perform any of the aforementioned operations.
  • Software may be embodied as a software package, code, instructions, instruction sets and/or data recorded on non-transitory computer readable storage medium.
  • Firmware may be embodied as code, instructions or instruction sets and/or data that are hard-coded (e.g., nonvolatile) in memory devices.
  • the terms “component,” “system,” “module” and the like can refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution.
  • an “algorithm” refers to a self-consistent sequence of steps leading to a desired result, where a “step” refers to a manipulation of physical quantities and/or logic states which may, though need not necessarily, take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It is common usage to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. These and similar terms may be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities and/or states.
  • a network may include a packet switched network.
  • the communication devices may be capable of communicating with each other using a selected packet switched network communications protocol.
  • One example communications protocol may include an Ethernet communications protocol which may be capable of permitting communication using a Transmission Control Protocol/lnternet Protocol (TCP/IP).
  • TCP/IP Transmission Control Protocol/lnternet Protocol
  • the Ethernet protocol may comply or be compatible with the Ethernet standard published by the Institute of Electrical and Electronics Engineers (IEEE) titled “IEEE 802.3 Standard”, published in December, 2008 and/or later versions of this standard.
  • the communication devices may be capable of communicating with each other using an X.25 communications protocol.
  • the X.25 communications protocol may comply or be compatible with a standard promulgated by the International Telecommunication Union-Telecommunication Standardization Sector (ITU-T).
  • the communication devices may be capable of communicating with each other using a frame relay communications protocol.
  • the frame relay communications protocol may comply or be compatible with a standard promulgated by Consultative Committee for International Circuit and Telephone (CCITT) and/or the American National Standards Institute (ANSI).
  • the transceivers may be capable of communicating with each other using an Asynchronous Transfer Mode (ATM) communications protocol.
  • ATM Asynchronous Transfer Mode
  • the ATM communications protocol may comply or be compatible with an ATM standard published by the ATM Forum titled “ATM- MPLS Network Interworking 2.0” published August 2001, and/or later versions of this standard.
  • ATM-MPLS Network Interworking 2.0 published August 2001
  • One or more components may be referred to herein as “configured to,” “configurable to,” “operable/operative to,” “adapted/adaptable,” “able to,” “conformable/conformed to,” etc.
  • “configured to” can generally encompass active-state components and/or inactive-state components and/or standby-state components, unless context requires otherwise.
  • any reference to “one aspect,” “an aspect,” “an exemplification,” “one exemplification,” and the like means that a particular feature, structure, or characteristic described in connection with the aspect is included in at least one aspect.
  • appearances of the phrases “in one aspect,” “in an aspect,” “in an exemplification,” and “in one exemplification” in various places throughout the specification are not necessarily all referring to the same aspect.
  • the particular features, structures or characteristics may be combined in any suitable manner in one or more aspects.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Biomedical Technology (AREA)
  • Power Engineering (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method and a system for performing a fingerprinting technique to determine a risk level associated with a transaction executed on a user device are disclosed. The method and the system generally disclose retrieving data associated with a user device based on a transaction executed on the user device; storing the data in a plurality of current transaction fingerprints; comparing the data stored in the plurality of current transaction fingerprints to data stored in a plurality of previous transaction fingerprints associated with a plurality of previous transactions; detecting anomalies in the data stored in the plurality of current transaction fingerprints based on the comparison; and determining a level of risk based on the detected anomalies. Additionally, the method and the system disclose approving or denying the transaction, or requiring authentication, based on a combination of the determined risk level, a risk tolerance, and a transaction amount associated with the transaction.

Description

TITLE FINGERPRINTING TECHNIQUE FOR DETERMINING RISK OF TRANSACTION EXECUTED ON OWN DEVICE
TECHNICAL FIELD
[0001] The following disclosure relates generally to a fingerprinting technique for determining a risk level associated with a transaction executed on a user device for effectively managing risks and reducing fraudulent and anomalous payment transactions.
SUMMARY
[0002] In one aspect, the present disclosure provides a computer-implemented method for determining a risk level associated with a transaction executed on a user device, the computer-implemented method including retrieving data associated with a user device based on a transaction executed on the user device; storing a plurality of hash values corresponding to the data in a plurality of current transaction fingerprints; comparing the plurality of hash values stored in the plurality of current transaction fingerprints to a plurality of hash values stored in a plurality of previous transaction fingerprints associated with a plurality of previous transactions; detecting anomalies in the plurality of hash values stored in the plurality of current transaction fingerprints based on the comparison; and determining a level of risk based on the detected anomalies.
[0003] In one aspect of the computer-implemented method, the data includes information corresponding to at least one of a hardware, a software, a location, a connection, or an origination of the user device.
[0004] In one aspect of the computer-implemented method, the plurality of hash values are obtained by applying a plurality of one-way hash algorithms to the data.
[0005] In one aspect of the computer-implemented method, the plurality of current transaction fingerprints includes at least one of a hardware fingerprint, a software fingerprint, a location fingerprint, a connection fingerprint, or an origination fingerprint; the hardware fingerprint includes a first hash value corresponding to at least one of a secure element serial number, a device identification (ID), or a WiFi media access control (MAC) address of the user device; the software fingerprint includes a second hash value corresponding to at least one of an operating system (OS) version or a browser version of the user device; the location fingerprint includes a third hash value corresponding to at least one of a global positioning system (GPS) location or a proximity location of the user device; the connection fingerprint includes a fourth hash value corresponding to at least one of a connectivity interface and an interface address of the user device; and the origination fingerprint includes a fifth hash value corresponding to at least one of a request source of the user device.
[0006] In one aspect of the computer-implemented method, the risk level is determined to be a first risk level based on the plurality of current transaction fingerprints remaining unchanged relative to the plurality of previous transaction fingerprints; the risk level is determined be a second risk level that is greater than the first risk level based on a modification of the software fingerprint relative to the plurality of previous transaction fingerprints; and the risk level also is determined to be the second risk level based on a modification of the connection fingerprint relative to the plurality of previous transaction fingerprints.
[0007] In one aspect of the computer-implemented method, the risk level is determined to be a third risk level that is greater than the second risk level based only on a modification of the origination fingerprint relative to the plurality of previous transaction fingerprints; and the risk level also is determined to be the third risk level based on a modification of the origination fingerprint and the location fingerprint relative to the plurality of previous transaction fingerprints.
[0008] In one aspect of the computer-implemented method, the risk level is determined to be a fourth risk level that is greater than the third risk level based on a modification of each fingerprint of the plurality of current transaction fingerprints relative to the plurality of previous transaction fingerprints.
[0009] In one aspect of the computer-implemented method, the transaction is approved or denied based on a combination of at least one of the level of risk, a risk tolerance, or a transaction amount.
[0010] In one aspect of the computer-implemented method, the transaction is further approved or denied based on an authentication of the transaction via multi-factor authentication (MFA).
[0011] In one aspect of the computer-implemented method, the transaction is executed on the user device between the user device and at least one of a physical card via near-field communication (NFC) or a digitally-stored card.
[0012] In one aspect, the present disclosure provides a system for determining a risk level associated with a transaction executed on a user device, the system including a server computer comprising a processor and a memory coupled to the processor, the memory storing thereon machine executable instructions that when instructed cause the processer to retrieve data associated with a user device based on a transaction executed on the user device; store a plurality of hash values corresponding to the data in a plurality of current transaction fingerprints; compare the plurality of hash values stored in the plurality of current transaction fingerprints to a plurality of hash values stored in a plurality of previous transaction fingerprints associated with a plurality of previous transactions; detect anomalies in the plurality of hash values stored in the plurality of current transaction fingerprints based on the comparison; and determine a level of risk based on the detected anomalies.
[0013] In one aspect of the system, the data includes information corresponding to at least one of a hardware, a software, a location, a connection, or an origination of the user device.
[0014] In one aspect of the system, the plurality of hash values are obtained by applying a plurality of one-way hash algorithms to the data.
[0015] In one aspect of the system, the plurality of current transaction fingerprints includes at least one of a hardware fingerprint, a software fingerprint, a location fingerprint, a connection fingerprint, or an origination fingerprint; the hardware fingerprint includes a first hash value corresponding to at least one of a secure element serial number, a device identification (ID), or a WiFi media access control (MAC) address of the user device; the software fingerprint includes a second hash value corresponding to at least one of an operating system (OS) version or a browser version of the user device; the location fingerprint includes a third hash value corresponding to at least one of a global positioning system (GPS) location or a proximity location of the user device; the connection fingerprint includes a fourth hash value corresponding to at least one of a connectivity interface and an interface address of the user device; and the origination fingerprint includes a fifth hash value corresponding to at least one of a request source of the user device.
[0016] In one aspect of the system, the risk level is determined to be a first risk level based on the plurality of current transaction fingerprints remaining unchanged relative to the plurality of previous transaction fingerprints; the risk level is determined be a second risk level that is greater than the first risk level based on a modification of the software fingerprint relative to the plurality of previous transaction fingerprints; and the risk level also is determined to be the second risk level based on a modification of the connection fingerprint relative to the plurality of previous transaction fingerprints.
[0017] In one aspect of the system, the risk level is determined to be a third risk level that is greater than the second risk level based only on a modification of the origination fingerprint relative to the plurality of previous transaction fingerprints; and the risk level also is determined to be the third risk level based on a modification of the origination fingerprint and the location fingerprint relative to the plurality of previous transaction fingerprints.
[0018] In one aspect of the system, the risk level is determined to be a fourth risk level that is greater than the third risk level based on a modification of each fingerprint of the plurality of current transaction fingerprints relative to the plurality of previous transaction fingerprints.
[0019] In one aspect of the system, the transaction is approved or denied based on a combination of at least one of the level of risk, a risk tolerance, or a transaction amount.
[0020] In one aspect of the system, the transaction is further approved or denied based on an authentication of the transaction via multi-factor authentication (MFA).
[0021] In one aspect of the system, the transaction is executed on the user device between the user device and at least one of a physical card via near-field communication (NFC) or a digitally-stored card.
BRIEF DESCRIPTION OF THE DRAWINGS
[0022] In the description, for purposes of explanation and not limitation, specific details are set forth, such as particular aspects, procedures, techniques, etc. to provide a thorough understanding of the present technology. However, it will be apparent to one skilled in the art that the present technology may be practiced in other aspects that depart from these specific details.
[0023] The accompanying drawings, where like reference numerals refer to identical or functionally similar elements throughout the separate views, together with the detailed description below, are incorporated in and form part of the specification, and serve to further illustrate aspects of concepts that include the claimed disclosure and explain various principles and advantages of those aspects.
[0024] The methods and systems disclosed herein have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the various aspects of the present disclosure so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.
[0025] FIG. 1 illustrates an overall flow diagram of a fingerprinting technique for determining a risk level associated with a transaction executed on a user device, according to at least one aspect of the present disclosure.
[0026] FIG. 2 illustrates a flow diagram of a method for determining a risk level associated with a transaction executed on a user device, according to at least one aspect of the present disclosure.
[0027] FIG. 3 is a block diagram of a computer apparatus with data processing subsystems or components, according to at least one aspect of the present disclosure.
[0028] FIG. 4 is a diagrammatic representation of an example system that includes a host machine within which a set of instructions to perform any one or more of the methodologies discussed herein may be executed, according to at least one aspect of the present disclosure.
DESCRIPTION
[0029] The following disclosure may provide exemplary systems, devices, and methods for conducting a financial transaction and related activities. Although reference may be made to such financial transactions in the examples provided below, aspects are not so limited. That is, the systems, methods, and apparatuses may be utilized for any suitable purpose.
[0030] Before discussing specific embodiments, aspects, or examples, some descriptions of terms used herein are provided below.
[0031] As used herein, the term “3D secure,” or “3DS,” may refer to an entity that receives transaction data and/or account data, such as an account identifier, and/or the like, from a payment gateway or other entities and provides an additional security layer for electronic transactions. For example, a 3D secure may enable consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases with an additional security layer that helps inhibit or prevent unauthorized CNP (Card not present transaction) transactions and protects the merchant from CNP exposure to fraud. The term “3D secure system” may refer to one or more computer systems operated by or on behalf of a 3D secure, such as a 3D secure server executing one or more software applications. A 3D secure server may include one or more processors and, in some nonlimiting embodiments or aspects, may be operated by or on behalf of a 3D secure. A 3D secure may include Verified by Visa/Visa Secure, MasterCard SecureCode, JCB International J/Secure, American Express SafeKey, or any other entity that provides an additional security layer for electronic transactions. [0032] “Account credentials” may include any information that identifies an account and allows a payment processor to verify that a device, person, or entity has permission to access the account. For example, account credentials may include an account identifier (e.g., a PAN), a token (e.g., account identifier substitute), an expiration date, a cryptogram, a verification value (e.g., card verification value (CVV)), personal information associated with an account (e.g., address, etc.), an account alias, or any combination thereof. Account credentials may be static or dynamic such that they change over time. Further, in some embodiments or aspects, the account credentials may include information that is both static and dynamic. For example, an account identifier and expiration date may be static but a cryptogram may be dynamic and change for each transaction. Further, in some embodiments or aspects, some or all of the account credentials may be stored in a secure memory of a user device. The secure memory of the user device may be configured such that the data stored in the secure memory may not be directly accessible by outside applications and a payment application associated with the secure memory may be accessed to obtain the credentials stored on the secure memory. Accordingly, a mobile application may interface with a payment application in order to gain access to payment credentials stored on the secure memory.
[0033] Further, the term “account credential,” “account number,” or “payment credential” may refer to any suitable information associated with an account (e.g. a payment account and/or payment device associated with the account). Such information may be directly related to the account or may be derived from information related to the account. Examples of account information may include a PAN (primary account number or “account number”), user name, expiration date, CVV (card verification value), dCVV (dynamic card verification value), CVV2 (card verification value 2), CVC3 card verification values, etc. Payment credentials may be any information that identifies or is associated with a payment account. Payment credentials may be provided in order to make a payment from a payment account. Payment credentials can also include a user name, an expiration date, a gift card number or code, and any other suitable information.
[0034] An “acquirer” may refer to an entity licensed by the transaction service provider and/or approved by the transaction service provider to originate transactions (e.g., payment transactions) using a portable financial device associated with the transaction service provider. Acquirer may also refer to one or more computer systems operated by or on behalf of an acquirer, such as a server computer executing one or more software applications (e.g., “acquirer server”). An “acquirer” may be a merchant bank, or in some cases, the merchant system may be the acquirer. The transactions may include original credit transactions (OCTs) and account funding transactions (AFTs). The acquirer may be authorized by the transaction service provider to sign merchants of service providers to originate transactions using a portable financial device of the transaction service provider. The acquirer may contract with payment facilitators to enable the facilitators to sponsor merchants. The acquirer may monitor compliance of the payment facilitators in accordance with regulations of the transaction service provider. The acquirer may conduct due diligence of payment facilitators and ensure that proper due diligence occurs before signing a sponsored merchant. Acquirers may be liable for all transaction service provider programs that they operate or sponsor. Acquirers may be responsible for the acts of its payment facilitators and the merchants it or its payment facilitators sponsor.
[0035] The term “acquirer” typically is a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant or other entity. Some entities can perform both issuer and acquirer functions. Some embodiments or aspects may encompass such single entity issuer-acquirers. An acquirer may operate an acquirer computer, which can also be generically referred to as a “transport computer”.
[0036] “Authentication” is a process by which the credential of an endpoint (including but not limited to applications, people, devices, process, and systems) can be verified to ensure that the endpoint is who they are declared to be.
[0037] A “digital wallet” can include an electronic device that allows an individual to conduct electronic commerce transactions. A digital wallet may be designed to streamline the purchase and payment process. A digital wallet may allow the user to load one or more payment cards onto the digital wallet so as to make a payment without having to enter an account number or present a physical card.
[0038] An “issuer” can include a payment account issuer. The payment account (which may be associated with one or more payment devices) may refer to any suitable payment account (e.g. credit card account, a checking account, a savings account, a merchant account assigned to a consumer, or a prepaid account), an employment account, an identification account, an enrollment account (e.g. a student account), etc.
[0039] As used herein, the term “merchant” may refer to one or more individuals or entities (e.g., operators of retail businesses that provide goods and/or services, and/or access to goods and/or services, to a user (e.g., a customer, a consumer, a customer of the merchant, and/or the like) based on a transaction (e.g., a payment transaction)). As used herein “merchant system” may refer to one or more computer systems operated by or on behalf of a merchant, such as a server computer executing one or more software applications.
[0040] A “merchant application” may include any application associated with a relying party to a transaction. For example, a merchant mobile application may be associated with a particular merchant or may be associated with a number of different merchants. In some embodiments or aspects, the merchant mobile application may store information identifying a particular merchant server computer that is configured to provide a sales environment in which the merchant server computer is capable of processing remote transactions initiated by the merchant application. Further, the merchant mobile application may also include a general purpose browser or other software designed to interact with one or more merchant server computers. In some cases, the merchant mobile application may be installed in the general purpose memory of a user device and thus, may be susceptible to malicious attacks.
[0041] As used herein, the term “system” may refer to one or more computing devices or combinations of computing devices (e.g., processors, servers, client devices, software applications, components of such, and/or the like).
[0042] A “user” may include an individual. In some embodiments or aspects, a user may be associated with one or more personal accounts and/or mobile devices. The user may also be referred to as a cardholder, account holder, or consumer.
[0043] A “user device” is an electronic device that may be transported and/or operated by a user. A user device may provide remote communication capabilities to a network. The user device may be configured to transmit and receive data or communications to and from other devices. In some embodiments or aspects, the user device may be portable. Examples of user devices may include mobile phones (e.g., smart phones, cellular phones, etc.), PDAs, portable media players, wearable electronic devices (e.g. smart watches, fitness bands, ankle bracelets, rings, earrings, etc.), electronic reader devices, and portable computing devices (e.g., laptops, netbooks, ultrabooks, etc.). Examples of user devices may also include automobiles with remote communication capabilities.
[0044] “User information” may include any information that is associated with a user. For example, the user information may include a device identifier of a device that the user owns or operates and/or account credentials of an account that the user holds. A device identifier may include a unique identifier assigned to a user device that can later be used to verify the user device. In some embodiments or aspects, the device identifier may include a device fingerprint. The device fingerprint may an aggregation of device attributes. The device fingerprint may be generated by a software development kit (SDK) provided on the user device using, for example, a unique identifier assigned by the operating system, an International Mobile Station Equipment Identity (IMEI) number, operating system (OS) version, plug-in version, and the like.
[0045] Tap-to-pay is an increasingly popular payment method that allows users to wirelessly complete transactions using a physical card, or a digitally-stored card in a digital wallet, via near-field communication (NFC). Among the various tap-to-pay techniques used, tap-to-device and tap-to-own-device are two emerging techniques. Both the tap-to-device and tap-to-own-device techniques use NFC to complete a transaction between a physical card, or a digitally-stored card in a digital wallet, and a commercial-off-the-shelf (COTS) device, such as a smartphone, laptop, or the like. The COTS device may be that of a merchant, or the COTS device may be that of oneself. By tapping the physical card, or the digitally-stored card in a digital wallet, the COTS device acquires the card’s credentials and submits a transaction request. Any one card may comprise credentials, or account credentials, that include at least one of an account identifier, Europay, Mastercard, and Visa (EMV) chip data, or a cryptogram. In addition to the card credentials that are necessary for completing a transaction, there is additional data stored on the COTS device that is useful for risk determination and issuer decision making based on the risk determination. By determining a risk level associated with a current transaction, issuers may take appropriate action to require further authentication or deny transactions in order to reduce fraudulent or anomalous payment transactions. However, currently, this additional data is not captured by the issuer, much less captured by the issuer and used for risk determination. Thus, fraudulent and anomalous payment transactions may still occur, which ultimately could be prevented by determining a risk level associated with the transaction and taking appropriate action.
[0046] Accordingly, the present disclosure provides a detailed description of the methods and systems that incorporate the additional data stored on the COTS device for use in risk determination and issuer decision making based on the risk determination. Specifically, the present disclosure provides a fingerprinting technique for determining a risk level associated with a transaction executed on a user device for effectively managing risks and reducing fraudulent and anomalous payment transactions. The fingerprinting technique begins with retrieving data associated with a user device based on a transaction executed on the user device. This includes information relating to at least one of a hardware, a software, a location, a connectivity, or an origination of the user device. Specifically, information relating to the hardware may comprise information regarding the user device’s Secure Element Serial Number, Device Identification (ID), and/or WiFi Media Access Control (MAC) Address. Information relating to the software may comprise information regarding the user device’s Operating System (OS) Version and/or Browser Version. Information relating to the location may comprise information regarding the user device’s Global Positioning System (GPS) Location and/or Proximity Location. Information relating to the connectivity may comprise information regarding the user device’s Connectivity Interface and/or Interface Address. Finally, information relating to the origination may comprise information regarding the user device’s Request Source. Data abbreviations and data examples are provided below for clarity.
[0047] Hardware: Secure Element Serial Number, SE.ID (e.g., G6TFGLC90DER). Device ID, DEV.ID (e.g., 0a1b2c3d4e5f6a7b8c9d0e1f). WiFi MAC Address, MAC.ID (e.g., B4:56:78:0E:A1:F0).
[0048] Software: OS Version, OS. VER (e.g., 5.1.00998654.340). Browser Version, B.VER (e.g., 112.0762211012).
[0049] Location: GPS Location, GPS.LOC (e.g., 41-23-12.2N2-10-26.5E). Proximity Location, PROX.LOC (e.g., 41-23-12N2-10-27).
[0050] Connectivity: Connectivity Interface, CON. IF (e.g., wlan). Interface Address, IF.ADDR (e.g., 192.168.0.55).
[0051] Origination: Request Source, REQ. SRC (e.g., 202.11.67.32:13345).
[0052] After retrieving the data associated with a user device based on a transaction executed on the user device, as detailed above, each category of data (e.g., hardware, software, location, connectivity, and origination) is fingerprinted using a one-way hash algorithm.
[0053] Fingerprint(Hardware [HW]) = Hash(SE.ID | DEV.ID | MAC.ID)
[0054] Fingerprint(Software [SW]) = Hash(OS.VER | B.VER)
[0055] Fingerprint(Location [LOG]) = Hash(GPS.LOC | PROX.LOC)
[0056] Fingerprint(Connectivity [CON]) = Hash(CON.IF | IF.ADDR)
[0057] Fingerprint(Origination [SRC]) = Hash(REQ.SRC)
[0058] As a result of the one-way hash algorithm, a plurality of current transaction fingerprints are generated. Each fingerprint of the plurality of current transaction fingerprints stores a hash value (i.e., a random string of characters) corresponding to the retrieved data for any such category of data. For example, with regard to the hardware data of a user device, a hash value corresponding to the retrieved hardware data may correspond to at least one of the Secure Element Serial Number (SE.ID), Device ID (DEV.ID), or WiFi MAC Address (MAC. ID), or any combination thereof, of the user device. The same applies with regard to the software, location, connectivity, and origination fingerprints.
[0059] After fingerprinting each category, and thus storing a hash value corresponding to each category of the data in each respective current transaction fingerprint of the plurality of current transaction fingerprints, the plurality of hash values are compared to a plurality of hash values stored in a plurality of previous transaction fingerprints corresponding to a plurality of previous transactions. That is, the plurality of hash values, each relating to one of the user device’s hardware, software, location, connectivity, or origination, of the current transaction are compared to previously-stored hash values, each relating to one of the user device’s hardware, software, location, connectivity, or origination at the time of N previous transactions, where N = 1 , 2, 3, etc. By way of comparison, anomalies in the plurality of hash values, and thus the plurality of current transaction fingerprints, are detected. Accordingly, a level of risk is determined based on the detected anomalies. The present disclosure provides four levels of risk. Examples are provided below.
[0060] A risk level may be determined to be a first risk level (e.g., extremely low) based on all current transaction fingerprints remaining unchanged relative to the previous- transactions’ fingerprints.
[0061] It should be noted that, for simplicity reasons, the present disclosure provides that a hash value of a current transaction remaining unchanged relative to a hash value of a previous transaction is substantially equivalent to a current transaction fingerprint remaining unchanged relative to a previous-transaction fingerprint. For example, a hash value corresponding to a hardware of a user device for a current transaction remaining unchanged relative to a hash value corresponding to a hardware of a user device for a previous transaction is substantially equivalent to a current-transaction’s hardware fingerprint remaining unchanged relative to a previous-transaction’s hardware fingerprint. The same applies with regard to the software, location, connectivity, and origination fingerprints. Additionally, the present disclosure provides that a hash value of a current transaction changing relative to a hash value of a previous transaction is substantially equivalent to a current transaction fingerprint changing relative to a previous-transaction fingerprint. For example, a hash value corresponding to a hardware of a user device for a current transaction changing relative to a hash value corresponding to a hardware of a user device for a previous transaction is substantially equivalent to a current-transaction’s hardware fingerprint changing relative to a previous-transaction’s hardware fingerprint. The same applies with regard to the software, location, connectivity, and origination fingerprints.
[0062] A risk level may be determined to be a second risk level (e.g., low), which is greater than the first risk level, based on the current software fingerprint changing relative to at least one of the previous-transactions’ software fingerprint, while all other fingerprints remain unchanged. Additionally, a risk level may be determined to be the second risk level based on the current connectivity fingerprint changing relative to at least one of the previous- transactions’ connectivity fingerprint, while all other fingerprints remain unchanged.
[0063] A risk level may be determined to be a third risk level (e.g., medium), which is greater than the second risk level, based on the current origination fingerprint changing relative to at least one of the previous-transactions’ origination fingerprint, while all other fingerprints remain unchanged. Additionally, a risk level may be determined to be the third risk level based on the current connectivity fingerprint and the current location fingerprint changing relative to at least one of the previous-transactions’ connectivity and location fingerprints, respectively, while all other fingerprints remain unchanged.
[0064] A risk level may be determined to be a fourth risk level (e.g., high), which is greater than the third risk level, based on all current transaction fingerprints changing relative to the previous-transactions’ fingerprints.
[0065] It should be noted that the examples provided above are not to be limiting in any way, and each risk level may be determined based on changes to fingerprints that may not be detailed above. These examples are merely meant to illustrate how different risk levels may be determined using each category of data that is captured, fingerprinted, and compared.
[0066] Finally, based on the determined level of risk, and in combination with a risk tolerance and a transaction amount, the current transaction may be approved or denied. Additionally, the current transaction may be further approved or denied based on a successful or an unsuccessful authentication of the transaction via multi-factor authentication (MFA), such as, but not limited to, a one-time passcode sent to a user associated with the physical card, or the digitally-stored card in a digital wallet, that is being used in the current transaction.
[0067] For example, if all current fingerprints have changed relative to previous- transactions’ fingerprints (e.g., a high risk level), the tolerance is low, and the transaction amount is 5.00 USD, a user may be prompted to authenticate the transaction via MFA. Now, for example, if all current fingerprints have changed relative to previous-transactions’ fingerprints (e.g., a high risk level), the tolerance is low, and the transaction amount is large (e.g., 100.00 US), the transaction would be declined. These examples are not meant to be limiting in any way. Rather, these examples are merely meant to illustrate different scenarios where the transaction may require MFA, or where the transaction may be declined.
[0068] In addition to the benefits detailed above, the fingerprinting technique described herein provides privacy for the user of the COTS device (e.g., the user device). That is, the issuer does not process, or understand, specific information relating to the COTS device. Rather, the issuer receives the current transaction fingerprints and detects changes, or abnormalities, when compared to previous-transactions’ fingerprints. Thus, the user’s privacy is maintained.
[0069] Now, with respect to the figures, FIG. 1 illustrates an overall flow diagram of a fingerprinting technique 100 for determining a risk level associated with a transaction executed on a user device, according to at least one aspect of the present disclosure. The fingerprinting technique first begins by retrieving data from a card 102, either a physical card or a digitally-stored card in a digital wallet on the COTS device 104 via NFC. The retrieved data is packaged into a digital token 106 which comprises at least one of an account identifier, EMV chip data, or a cryptogram. Additionally, the COTS device 104 retrieves data associated with the COTS device 106, including information relating to at least one of hardware, software, location, connectivity, or origination of the COTS device 106.
[0070] As detailed above, information relating to the hardware may comprise information regarding the Secure Element Serial Number, Device ID, and WiFi MAC Address of the user device.
[0071] Information relating to the software may comprise information regarding the OS Version and Browser Version of the user device.
[0072] Information relating to the location may comprise information regarding the GPS Location and Proximity Location of the user device.
[0073] Information relating to the connectivity may comprise information regarding the Connectivity Interface and Interface Address of the user device.
[0074] Finally, information relating to the origination may comprise information regarding the Request Source of the user device.
[0075] Each category of data relating to the COTS device 106 (e.g., hardware, software, location, connectivity, and origination) is then fingerprinted using a one-way hash, as described above, to a plurality of COTS device fingerprints 108. Altogether, the digital token 106 and the plurality of COTS device fingerprints 108 are sent to a merchant application, or a merchant website 110. The merchant application or the merchant website 110 then sends the digital token 106 and the plurality of COTS device fingerprints 108 to the merchant backend 112. The digital token 106 and the plurality of COTS device fingerprints 108 are then sent to the processor 114, which is responsible for completing the transaction process. Furthermore, the digital token 106 and the plurality of COTS device fingerprints 108 are sent to the acquirer 116, then the network 118, and finally the issuer 120.
[0076] At the issuer 120, a comparison is made between the plurality of COTS device fingerprints 108 (e.g., the current transaction fingerprints) and a plurality of previous- transactions’ fingerprints. The issuer 120 is further responsible for detecting changes, or abnormalities, in the plurality of COTS device fingerprints 108 based on the comparison. Additionally, the issuer 120 is responsible for determining a risk level and taking action based on the determined risk level. Such action may include approving or denying the transaction, or such action may include sending a request for authentication via MFA to a user associated with the card 112, either a physical card or a digitally-stored card in a digital wallet. Additionally, the issuer 120 may be in connection with the merchant backend 112 via an alternate connection 122, such as a 3D secure (3DS) that requires a user to authenticate their identity and the transaction before the transaction may be complete.
[0077] FIG. 2 illustrates a flow diagram of a method 200 for determining a risk level associated with a transaction executed on a user device, according to at least one aspect of the present disclosure. According to the method 200, data associated with a user device is retrieved 202 based on a transaction executed on the user device. The data is stored 204 in a plurality of current transaction fingerprints. The data stored in the plurality of current transaction fingerprints is compared 206 to data stored in a plurality of previous transaction fingerprints associated with a plurality of previous transactions. Anomalies in the data are stored in the plurality of current transaction fingerprints are detected 208 based on the comparison. A level of risk based on the detected anomalies is determined 210.
[0078] It should be noted that each of the methods, or flow diagrams, illustrated in each of FIGS. 1-2, and as described above, are also illustrative of the systems that are configured to perform the steps to provide the solution. That is, with respect to FIG. 1, the fingerprinting technique 100 may also illustrate a system 100, wherein the system 100 comprises at least each of the elements as shown in FIG. 1, as well as a server computer comprising a processor and a memory coupled to the processor, the memory storing thereon machine executable instructions that when instructed cause the processor the execute the steps of fingerprinting technique 100. Furthermore, with respect to FIG. 2, the method 200 may also illustrate a system 200, wherein the system 200 comprises at least each of the elements as shown in FIG. 2, as well as a server computer comprising a processor and a memory coupled to the processor, the memory storing thereon machine executable instructions that when instructed cause the processor the execute the steps of method 200.
[0079] In order to perform the fingerprinting techniques described above with respect to FIGS. 1 and 2, a number of technologies may be used. This may include the use of at least one of a computer apparatus or a host machine, which are further described below with respect to FIGS. 3 and 4, respectively. That is, a computer apparatus and/or a host machine, as disclosed below, may be used in any of the aforementioned methods or systems for detecting anomalies in mobile payment transactions.
[0080] FIG. 3 is a block diagram of a computer apparatus 3000 with data processing subsystems or components, according to at least one aspect of the present disclosure. The subsystems shown in FIG. A are interconnected via a system bus 3010. Additional subsystems such as a printer 3018, keyboard 3026, fixed disk 3028 (or other memory comprising computer readable media), monitor 3022, which is coupled to a display adapter 3020, and others are shown. Peripherals and input/output (I/O) devices, which couple to an I/O controller 3012 (which can be a processor or other suitable controller), can be connected to the computer system by any number of means known in the art, such as a serial port 3024. For example, the serial port 3024 or external interface 3030 can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner. The interconnection via system bus allows the central processor 3016 to communicate with each subsystem and to control the execution of instructions from system memory 3014 or the fixed disk 3028, as well as the exchange of information between subsystems. The system memory 3014 and/or the fixed disk 3028 may embody a computer readable medium.
[0081] FIG. 4 is a diagrammatic representation of an example system 4000 that includes a host machine 4002 within which a set of instructions to perform any one or more of the methodologies discussed herein may be executed, according to at least one aspect of the present disclosure. In various aspects, the host machine 4002 operates as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the host machine 4002 may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. The host machine 4002 may be a computer or computing device, a personal computer (PC), a tablet PC, a set-top box (STB), a personal digital assistant (PDA), a cellular telephone, a portable music player (e.g., a portable hard drive audio device such as an Moving Picture Experts Group Audio Layer 3 (MP3) player), a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
[0082] The example system 4000 includes the host machine 4002, running a host operating system (OS) 4004 on a processor or multiple processor(s)/processor core(s) 4006 (e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both), and various memory nodes 4008. The host OS 4004 may include a hypervisor 4010 which is able to control the functions and/or communicate with a virtual machine (“VM”) 4012 running on machine readable media. The VM 4012 also may include a virtual CPU or vCPU 4014. The memory nodes 4008 may be linked or pinned to virtual memory nodes or vNodes 4016. When the memory node 4008 is linked or pinned to a corresponding vNode 4016, then data may be mapped directly from the memory nodes 4008 to their corresponding vNodes 4016.
[0083] All the various components shown in host machine 4002 may be connected with and to each other, or communicate to each other via a bus (not shown) or via other coupling or communication channels or mechanisms. The host machine 4002 may further include a video display, audio device or other peripherals 4018 (e.g., a liquid crystal display (LCD), alpha-numeric input device(s) including, e.g., a keyboard, a cursor control device, e.g., a mouse, a voice recognition or biometric verification unit, an external drive, a signal generation device, e.g., a speaker,) a persistent storage device 4020 (also referred to as disk drive unit), and a network interface device 4022. The host machine 4002 may further include a data encryption module (not shown) to encrypt data. The components provided in the host machine 4002 are those typically found in computer systems that may be suitable for use with aspects of the present disclosure and are intended to represent a broad category of such computer components that are known in the art. Thus, the system 4000 can be a server, minicomputer, mainframe computer, or any other computer system. The computer may also include different bus configurations, networked platforms, multiprocessor platforms, and the like. Various operating systems may be used including UNIX, LINUX, WINDOWS, QNX ANDROID, IOS, CHROME, TIZEN, and other suitable operating systems.
[0084] The disk drive unit 4024 also may be a Solid-state Drive (SSD), a hard disk drive (HDD) or other includes a computer or machine-readable medium on which is stored one or more sets of instructions and data structures (e.g., data/instructions 4026) embodying or utilizing any one or more of the methodologies or functions described herein. The data/instructions 4026 also may reside, completely or at least partially, within the main memory node 4008 and/or within the processor(s) 4006 during execution thereof by the host machine 4002. The data/instructions 4026 may further be transmitted or received over a network 4028 via the network interface device 4022 utilizing any one of several well-known transfer protocols (e.g., Hyper Text Transfer Protocol Secure (HTTPS)).
[0085] The processor(s) 4006 and memory nodes 4008 also may comprise machine- readable media. The term "computer-readable medium" or “machine-readable medium” should be taken to include a single medium or multiple medium (e.g., a centralized or distributed database and/or associated caches and servers) that store the one or more sets of instructions. The term "computer-readable medium" shall also be taken to include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by the host machine 4002 and that causes the host machine 4002 to perform any one or more of the methodologies of the present application, or that is capable of storing, encoding, or carrying data structures utilized by or associated with such a set of instructions. The term “computer-readable medium” shall accordingly be taken to include, but not be limited to, solid-state memories, optical and magnetic media, and carrier wave signals. Such media may also include, without limitation, hard disks, floppy disks, flash memory cards, digital video disks, random access memory (RAM), read only memory (ROM), and the like. The example aspects described herein may be implemented in an operating environment comprising software installed on a computer, in hardware, or in a combination of software and hardware.
[0086] One skilled in the art will recognize that Internet service may be configured to provide Internet access to one or more computing devices that are coupled to the Internet service, and that the computing devices may include one or more processors, buses, memory devices, display devices, input/output devices, and the like. Furthermore, those skilled in the art may appreciate that the Internet service may be coupled to one or more databases, repositories, servers, and the like, which may be utilized to implement any of the various aspects of the disclosure as described herein.
[0087] The computer program instructions also may be loaded onto a computer, a server, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
[0088] Suitable networks may include or interface with any one or more of, for instance, a local intranet, a PAN (Personal Area Network), a LAN (Local Area Network), a WAN (Wide Area Network), a MAN (Metropolitan Area Network), a virtual private network (VPN), a storage area network (SAN), a frame relay connection, an Advanced Intelligent Network (AIN) connection, a synchronous optical network (SONET) connection, a digital T1, T3, E1 or E3 line, Digital Data Service (DDS) connection, DSL (Digital Subscriber Line) connection, an Ethernet connection, an ISDN (Integrated Services Digital Network) line, a dial-up port such as a V.90, V.34 or V.34bis analog modem connection, a cable modem, an ATM (Asynchronous Transfer Mode) connection, or an FDDI (Fiber Distributed Data Interface) or CDDI (Copper Distributed Data Interface) connection. Furthermore, communications may also include links to any of a variety of wireless networks, including WAP (Wireless Application Protocol), GPRS (General Packet Radio Service), GSM (Global System for Mobile Communication), CDMA (Code Division Multiple Access) or TDMA (Time Division Multiple Access), cellular phone networks, GPS (Global Positioning System), CDPD (cellular digital packet data), RIM (Research in Motion, Limited) duplex paging network, Bluetooth radio, or an IEEE 802.11 -based radio frequency network. The network 4030 can further include or interface with any one or more of an RS-232 serial connection, an I EEE- 1394 (Firewire) connection, a Fiber Channel connection, an IrDA (infrared) port, a SCSI (Small Computer Systems Interface) connection, a USB (Universal Serial Bus) connection or other wired or wireless, digital or analog interface or connection, mesh or Digi® networking.
[0089] In general, a cloud-based computing environment is a resource that typically combines the computational power of a large grouping of processors (such as within web servers) and/or that combines the storage capacity of a large grouping of computer memories or storage devices. Systems that provide cloud-based resources may be utilized exclusively by their owners or such systems may be accessible to outside users who deploy applications within the computing infrastructure to obtain the benefit of large computational or storage resources.
[0090] The cloud is formed, for example, by a network of web servers that comprise a plurality of computing devices, such as the host machine 4002, with each server 4030 (or at least a plurality thereof) providing processor and/or storage resources. These servers manage workloads provided by multiple users (e.g., cloud resource customers or other users). Typically, each user places workload demands upon the cloud that vary in real-time, sometimes dramatically. The nature and extent of these variations typically depends on the type of business associated with the user.
[0091] It is noteworthy that any hardware platform suitable for performing the processing described herein is suitable for use with the technology. The terms “computer-readable storage medium” and “computer-readable storage media” as used herein refer to any medium or media that participate in providing instructions to a CPU for execution. Such media can take many forms, including, but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media include, for example, optical or magnetic disks, such as a fixed disk. Volatile media include dynamic memory, such as system RAM. Transmission media include coaxial cables, copper wire and fiber optics, among others, including the wires that comprise one aspect of a bus. Transmission media can also take the form of acoustic or light waves, such as those generated during radio frequency (RF) and infrared (IR) data communications. Common forms of computer-readable media include, for example, a flexible disk, a hard disk, magnetic tape, any other magnetic medium, a CD-ROM disk, digital video disk (DVD), any other optical medium, any other physical medium with patterns of marks or holes, a RAM, a PROM, an EPROM, an EEPROM, a FLASH EPROM, any other memory chip or data exchange adapter, a carrier wave, or any other medium from which a computer can read.
[0092] Various forms of computer-readable media may be involved in carrying one or more sequences of one or more instructions to a CPU for execution. A bus carries the data to system RAM, from which a CPU retrieves and executes the instructions. The instructions received by system RAM can optionally be stored on a fixed disk either before or after execution by a CPU.
[0093] Computer program code for carrying out operations for aspects of the present technology may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++, or the like and conventional procedural programming languages, such as the "C" programming language, Go, Python, or other programming languages, including assembly languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). [0094] The foregoing detailed description has set forth various forms of the systems and/or processes via the use of block diagrams, flowcharts, and/or examples. Insofar as such block diagrams, flowcharts, and/or examples contain one or more functions and/or operations, it will be understood by those within the art that each function and/or operation within such block diagrams, flowcharts, and/or examples can be implemented, individually and/or collectively, by a wide range of hardware, software, firmware, or virtually any combination thereof. Those skilled in the art will recognize that some aspects of the forms disclosed herein, in whole or in part, can be equivalently implemented in integrated circuits, as one or more computer programs running on one or more computers (e.g., as one or more programs running on one or more computer systems), as one or more programs running on one or more processors (e.g., as one or more programs running on one or more microprocessors), as firmware, or as virtually any combination thereof, and that designing the circuitry and/or writing the code for the software and or firmware would be well within the skill of one of skill in the art in light of this disclosure. In addition, those skilled in the art will appreciate that the mechanisms of the subject matter described herein are capable of being distributed as one or more program products in a variety of forms, and that an illustrative form of the subject matter described herein applies regardless of the particular type of signal bearing medium used to actually carry out the distribution.
[0095] Instructions used to program logic to perform various disclosed aspects can be stored within a memory in the system, such as dynamic random access memory (DRAM), cache, flash memory, or other storage. Furthermore, the instructions can be distributed via a network or by way of other computer readable media. Thus a machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer), but is not limited to, floppy diskettes, optical disks, compact disc, read-only memory (CD-ROMs), and magneto-optical disks, read-only memory (ROMs), random access memory (RAM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic or optical cards, flash memory, or a tangible, machine-readable storage used in the transmission of information over the Internet via electrical, optical, acoustical or other forms of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.). Accordingly, the non- transitory computer-readable medium includes any type of tangible machine-readable medium suitable for storing or transmitting electronic instructions or information in a form readable by a machine (e.g., a computer).
[0096] Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Python, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as RAM, ROM, a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD- ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.
[0097] As used in any aspect herein, the term “logic” may refer to an app, software, firmware and/or circuitry configured to perform any of the aforementioned operations. Software may be embodied as a software package, code, instructions, instruction sets and/or data recorded on non-transitory computer readable storage medium. Firmware may be embodied as code, instructions or instruction sets and/or data that are hard-coded (e.g., nonvolatile) in memory devices.
[0098] As used in any aspect herein, the terms “component,” “system,” “module” and the like can refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution.
[0099] As used in any aspect herein, an “algorithm” refers to a self-consistent sequence of steps leading to a desired result, where a “step” refers to a manipulation of physical quantities and/or logic states which may, though need not necessarily, take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It is common usage to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. These and similar terms may be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities and/or states.
[0100] A network may include a packet switched network. The communication devices may be capable of communicating with each other using a selected packet switched network communications protocol. One example communications protocol may include an Ethernet communications protocol which may be capable of permitting communication using a Transmission Control Protocol/lnternet Protocol (TCP/IP). The Ethernet protocol may comply or be compatible with the Ethernet standard published by the Institute of Electrical and Electronics Engineers (IEEE) titled “IEEE 802.3 Standard”, published in December, 2008 and/or later versions of this standard. Alternatively or additionally, the communication devices may be capable of communicating with each other using an X.25 communications protocol. The X.25 communications protocol may comply or be compatible with a standard promulgated by the International Telecommunication Union-Telecommunication Standardization Sector (ITU-T). Alternatively or additionally, the communication devices may be capable of communicating with each other using a frame relay communications protocol. The frame relay communications protocol may comply or be compatible with a standard promulgated by Consultative Committee for International Telegraph and Telephone (CCITT) and/or the American National Standards Institute (ANSI). Alternatively or additionally, the transceivers may be capable of communicating with each other using an Asynchronous Transfer Mode (ATM) communications protocol. The ATM communications protocol may comply or be compatible with an ATM standard published by the ATM Forum titled “ATM- MPLS Network Interworking 2.0” published August 2001, and/or later versions of this standard. Of course, different and/or after-developed connection-oriented network communication protocols are equally contemplated herein.
[0101] Unless specifically stated otherwise as apparent from the foregoing disclosure, it is appreciated that, throughout the present disclosure, discussions using terms such as “processing,” “computing,” “calculating,” “determining,” “displaying,” or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
[0102] One or more components may be referred to herein as “configured to,” “configurable to,” “operable/operative to,” “adapted/adaptable,” “able to,” “conformable/conformed to,” etc. Those skilled in the art will recognize that “configured to” can generally encompass active-state components and/or inactive-state components and/or standby-state components, unless context requires otherwise.
[0103] Those skilled in the art will recognize that, in general, terms used herein, and especially in the appended claims (e.g., bodies of the appended claims) are generally intended as “open” terms (e.g., the term “including” should be interpreted as “including but not limited to,” the term “having” should be interpreted as “having at least,” the term “includes” should be interpreted as “includes but is not limited to,” etc.). It will be further understood by those within the art that if a specific number of an introduced claim recitation is intended, such an intent will be explicitly recited in the claim, and in the absence of such recitation no such intent is present. For example, as an aid to understanding, the following appended claims may contain usage of the introductory phrases “at least one” and “one or more” to introduce claim recitations. However, the use of such phrases should not be construed to imply that the introduction of a claim recitation by the indefinite articles “a” or “an” limits any particular claim containing such introduced claim recitation to claims containing only one such recitation, even when the same claim includes the introductory phrases “one or more” or “at least one” and indefinite articles such as “a” or “an” (e.g., “a” and/or “an” should typically be interpreted to mean “at least one” or “one or more”); the same holds true for the use of definite articles used to introduce claim recitations.
[0104] In addition, even if a specific number of an introduced claim recitation is explicitly recited, those skilled in the art will recognize that such recitation should typically be interpreted to mean at least the recited number (e.g., the bare recitation of “two recitations,” without other modifiers, typically means at least two recitations, or two or more recitations). Furthermore, in those instances where a convention analogous to “at least one of A, B, and C, etc.” is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., “a system having at least one of A, B, and C” would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). In those instances where a convention analogous to “at least one of A, B, or C, etc.” is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., “a system having at least one of A, B, or C” would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). It will be further understood by those within the art that typically a disjunctive word and/or phrase presenting two or more alternative terms, whether in the description, claims, or drawings, should be understood to contemplate the possibilities of including one of the terms, either of the terms, or both terms unless context dictates otherwise. For example, the phrase “A or B” will be typically understood to include the possibilities of “A” or “B” or “A and B.”
[0105] With respect to the appended claims, those skilled in the art will appreciate that recited operations therein may generally be performed in any order. Also, although various operational flow diagrams are presented in a sequence(s), it should be understood that the various operations may be performed in other orders than those which are illustrated, or may be performed concurrently. Examples of such alternate orderings may include overlapping, interleaved, interrupted, reordered, incremental, preparatory, supplemental, simultaneous, reverse, or other variant orderings, unless context dictates otherwise. Furthermore, terms like “responsive to,” “related to,” or other past-tense adjectives are generally not intended to exclude such variants, unless context dictates otherwise.
[0106] It is worthy to note that any reference to “one aspect,” “an aspect,” “an exemplification,” “one exemplification,” and the like means that a particular feature, structure, or characteristic described in connection with the aspect is included in at least one aspect. Thus, appearances of the phrases “in one aspect,” “in an aspect,” “in an exemplification,” and “in one exemplification” in various places throughout the specification are not necessarily all referring to the same aspect. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner in one or more aspects.
[0107] As used herein, the singular form of “a”, “an”, and “the” include the plural references unless the context clearly dictates otherwise.
[0108] Any patent application, patent, non-patent publication, or other disclosure material referred to in this specification and/or listed in any Application Data Sheet is incorporated by reference herein, to the extent that the incorporated materials is not inconsistent herewith. As such, and to the extent necessary, the disclosure as explicitly set forth herein supersedes any conflicting material incorporated herein by reference. Any material, or portion thereof, that is said to be incorporated by reference herein, but which conflicts with existing definitions, statements, or other disclosure material set forth herein will only be incorporated to the extent that no conflict arises between that incorporated material and the existing disclosure material. None is admitted to be prior art.
[0109] In summary, numerous benefits have been described which result from employing the concepts described herein. The foregoing description of the one or more forms has been presented for purposes of illustration and description. It is not intended to be exhaustive or limiting to the precise form disclosed. Modifications or variations are possible in light of the above teachings. The one or more forms were chosen and described in order to illustrate principles and practical application to thereby enable one of ordinary skill in the art to utilize the various forms and with various modifications as are suited to the particular use contemplated. It is intended that the claims submitted herewith define the overall scope.

Claims

CLAIMS What is claimed is:
1. A computer-implemented method for determining a risk level associated with a transaction executed on a user device, the computer-implemented method comprising: retrieving data associated with a user device based on a transaction executed on the user device; storing a plurality of hash values corresponding to the data in a plurality of current transaction fingerprints; comparing the plurality of hash values stored in the plurality of current transaction fingerprints to a plurality of hash values stored in a plurality of previous transaction fingerprints associated with a plurality of previous transactions; detecting anomalies in the plurality of hash values stored in the plurality of current transaction fingerprints based on the comparison; and determining a level of risk based on the detected anomalies.
2. The computer-implemented method of Claim 1 , wherein the data comprises information corresponding to at least one of a hardware, a software, a location, a connection, or an origination of the user device.
3. The computer-implemented method of Claim 1 , wherein the plurality of hash values are obtained by applying a plurality of one-way hash algorithms to the data.
4. The computer-implemented method of Claim 1 , wherein the plurality of current transaction fingerprints comprises at least one of a hardware fingerprint, a software fingerprint, a location fingerprint, a connection fingerprint, or an origination fingerprint, wherein the hardware fingerprint comprises a first hash value corresponding to at least one of a secure element serial number, a device identification (ID), or a WiFi media access control (MAC) address of the user device, wherein the software fingerprint comprises a second hash value corresponding to at least one of an operating system (OS) version or a browser version of the user device, wherein the location fingerprint comprises a third hash value corresponding to at least one of a global positioning system (GPS) location or a proximity location of the user device, wherein the connection fingerprint comprises a fourth hash value corresponding to at least one of a connectivity interface and an interface address of the user device, and wherein the origination fingerprint comprises a fifth hash value corresponding to at least one of a request source of the user device.
5. The computer-implemented method of Claim 4, wherein the risk level is determined to be a first risk level based on the plurality of current transaction fingerprints remaining unchanged relative to the plurality of previous transaction fingerprints, wherein the risk level is determined be a second risk level that is greater than the first risk level based on a modification of the software fingerprint relative to the plurality of previous transaction fingerprints, and wherein the risk level also is determined to be the second risk level based on a modification of the connection fingerprint relative to the plurality of previous transaction fingerprints.
6. The computer-implemented method of Claim 5, wherein the risk level is determined to be a third risk level that is greater than the second risk level based only on a modification of the origination fingerprint relative to the plurality of previous transaction fingerprints, and wherein the risk level also is determined to be the third risk level based on a modification of the origination fingerprint and the location fingerprint relative to the plurality of previous transaction fingerprints.
7. The computer-implemented method of Claim 6, wherein the risk level is determined to be a fourth risk level that is greater than the third risk level based on a modification of each fingerprint of the plurality of current transaction fingerprints relative to the plurality of previous transaction fingerprints.
8. The computer-implemented method of Claim 1, wherein the transaction is approved or denied based on a combination of at least one of the level of risk, a risk tolerance, or a transaction amount.
9. The computer-implemented method of Claim 8, wherein the transaction is further approved or denied based on an authentication of the transaction via multi-factor authentication (MFA).
10. The computer-implemented method of Claim 1, wherein the transaction is executed on the user device between the user device and at least one of a physical card via near-field communication (NFC) or a digitally-stored card.
11. A system for determining a risk level associated with a transaction executed on a user device, the system comprising: a server computer comprising a processor and a memory coupled to the processor, the memory storing thereon machine executable instructions that when instructed cause the processer to: retrieve data associated with a user device based on a transaction executed on the user device; store a plurality of hash values corresponding to the data in a plurality of current transaction fingerprints; compare the plurality of hash values stored in the plurality of current transaction fingerprints to a plurality of hash values stored in a plurality of previous transaction fingerprints associated with a plurality of previous transactions; detect anomalies in the plurality of hash values stored in the plurality of current transaction fingerprints based on the comparison; and determine a level of risk based on the detected anomalies.
12. The system of Claim 11, wherein the data comprises information corresponding to at least one of a hardware, a software, a location, a connection, or an origination of the user device.
13. The system of Claim 11, wherein the plurality of hash values are obtained by applying a plurality of one-way hash algorithms to the data.
14. The system of Claim 11 , wherein the plurality of current transaction fingerprints comprises at least one of a hardware fingerprint, a software fingerprint, a location fingerprint, a connection fingerprint, or an origination fingerprint, wherein the hardware fingerprint comprises a first hash value corresponding to at least one of a secure element serial number, a device identification (ID), or a WiFi media access control (MAC) address of the user device, wherein the software fingerprint comprises a second hash value corresponding to at least one of an operating system (OS) version or a browser version of the user device, wherein the location fingerprint comprises a third hash value corresponding to at least one of a global positioning system (GPS) location or a proximity location of the user device, wherein the connection fingerprint comprises a fourth hash value corresponding to at least one of a connectivity interface and an interface address of the user device, and wherein the origination fingerprint comprises a fifth hash value corresponding to at least one of a request source of the user device.
15. The system of Claim 14, wherein the risk level is determined to be a first risk level based on the plurality of current transaction fingerprints remaining unchanged relative to the plurality of previous transaction fingerprints, wherein the risk level is determined be a second risk level that is greater than the first risk level based on a modification of the software fingerprint relative to the plurality of previous transaction fingerprints, and wherein the risk level also is determined to be the second risk level based on a modification of the connection fingerprint relative to the plurality of previous transaction fingerprints.
16. The system of Claim 15, wherein the risk level is determined to be a third risk level that is greater than the second risk level based only on a modification of the origination fingerprint relative to the plurality of previous transaction fingerprints, and wherein the risk level also is determined to be the third risk level based on a modification of the origination fingerprint and the location fingerprint relative to the plurality of previous transaction fingerprints.
17. The system of Claim 16, wherein the risk level is determined to be a fourth risk level that is greater than the third risk level based on a modification of each fingerprint of the plurality of current transaction fingerprints relative to the plurality of previous transaction fingerprints.
18. The system of Claim 11, wherein the transaction is approved or denied based on a combination of at least one of the level of risk, a risk tolerance, or a transaction amount.
19. The system of Claim 18, wherein the transaction is further approved or denied based on an authentication of the transaction via multi-factor authentication (MFA).
20. The system of Claim 11 , wherein the transaction is executed on the user device between the user device and at least one of a physical card via near-field communication (NFC) or a digitally-stored card.
PCT/US2023/075305 2023-09-28 2023-09-28 Fingerprinting technique for determining risk of transaction executed on own device Pending WO2025071603A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2023/075305 WO2025071603A1 (en) 2023-09-28 2023-09-28 Fingerprinting technique for determining risk of transaction executed on own device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2023/075305 WO2025071603A1 (en) 2023-09-28 2023-09-28 Fingerprinting technique for determining risk of transaction executed on own device

Publications (1)

Publication Number Publication Date
WO2025071603A1 true WO2025071603A1 (en) 2025-04-03

Family

ID=95201960

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2023/075305 Pending WO2025071603A1 (en) 2023-09-28 2023-09-28 Fingerprinting technique for determining risk of transaction executed on own device

Country Status (1)

Country Link
WO (1) WO2025071603A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008544339A (en) * 2005-04-29 2008-12-04 バローサ・インコーポレイテッド Systems and methods for fraud monitoring, detection, and hierarchical user authentication
KR20150029664A (en) * 2015-02-26 2015-03-18 이명수 Payment gateway system using security code based on time stamp, and the operating method thereof
US20150080114A1 (en) * 2013-09-18 2015-03-19 Eddie Raymond Tipton Security for electronic wager transactions
KR20200061264A (en) * 2018-11-23 2020-06-02 현대카드 주식회사 Method for certifying user in order to pay with card based on blockchain network, and card company server using the same
US11763311B2 (en) * 2015-03-17 2023-09-19 Visa International Service Association Multi-device transaction verification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008544339A (en) * 2005-04-29 2008-12-04 バローサ・インコーポレイテッド Systems and methods for fraud monitoring, detection, and hierarchical user authentication
US20150080114A1 (en) * 2013-09-18 2015-03-19 Eddie Raymond Tipton Security for electronic wager transactions
KR20150029664A (en) * 2015-02-26 2015-03-18 이명수 Payment gateway system using security code based on time stamp, and the operating method thereof
US11763311B2 (en) * 2015-03-17 2023-09-19 Visa International Service Association Multi-device transaction verification
KR20200061264A (en) * 2018-11-23 2020-06-02 현대카드 주식회사 Method for certifying user in order to pay with card based on blockchain network, and card company server using the same

Similar Documents

Publication Publication Date Title
US11922407B2 (en) System, method, and computer program product for secure payment device data storage and access
US12456148B2 (en) Devices, systems, and methods for authenticating an account for transacting on cryptocurrency exchanges
US20250104075A1 (en) Multilayer identity transaction control and verification for e-commerce transactions
US20260004293A1 (en) Devices, systems, and methods for enhancing transactions via a blockchain network
WO2025170641A2 (en) Token portfolio migration system and method
US20240346468A1 (en) Methods and systems for secure transfer of payment plans
EP4649439A1 (en) One-stop merchant integrated mobile payment experience
WO2025071603A1 (en) Fingerprinting technique for determining risk of transaction executed on own device
WO2024215307A1 (en) Devices, systems, and methods for seamlessly integrating and facilitating the use of fiat and digital assets
US12481856B1 (en) Transaction card
US20240370862A1 (en) Mutual authentication of peer-to-peer payments
US20250232309A1 (en) Payment network intent money manager
US20260038044A1 (en) Devices, systems, and methods for authenticating an account for transacting on cryptocurrency exchanges
US20260012348A1 (en) Non-custodial cryptocurrency wallet
US20240386411A1 (en) System and method for facilitating frictionless payment transactions field
WO2025014518A1 (en) System and method for remote transaction processing
US20250356350A1 (en) Method and system for transaction risk screening
US20250252209A1 (en) Secure communication of sensitive information to visually impaired device users
US20250037126A1 (en) System to prevent frauds and authenticate users for third party applications while token processing
US20250078075A1 (en) Method for verification of hardware-based and software-based payment terminal authenticity during cardholder verification
WO2025147250A1 (en) Tap to provision device binding technique
WO2025071630A1 (en) Automated privacy preserving dispute resolution for biometric identification
WO2024081023A1 (en) Devices, systems, and methods for enabling personal authorization of financial transactions
US20250014020A1 (en) System and method for reducing cross-currency transactions
US20250285113A1 (en) Data tracker

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23954545

Country of ref document: EP

Kind code of ref document: A1