EP3204906A1 - Transaction verification systems - Google Patents

Transaction verification systems

Info

Publication number
EP3204906A1
EP3204906A1 EP15848534.2A EP15848534A EP3204906A1 EP 3204906 A1 EP3204906 A1 EP 3204906A1 EP 15848534 A EP15848534 A EP 15848534A EP 3204906 A1 EP3204906 A1 EP 3204906A1
Authority
EP
European Patent Office
Prior art keywords
verification
card user
code
merchant
telephone
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP15848534.2A
Other languages
German (de)
French (fr)
Inventor
Mohammad Karaki
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/508,732 external-priority patent/US20160098726A1/en
Priority claimed from US14/508,706 external-priority patent/US20160098712A1/en
Priority claimed from US14/508,664 external-priority patent/US20160098715A1/en
Application filed by Individual filed Critical Individual
Publication of EP3204906A1 publication Critical patent/EP3204906A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Definitions

  • This disclosure relates generally to the field of transactions and more specifically to transaction verification systems.
  • a customer In order to conduct an online transaction with a merchant, a customer typically pays for goods or services received from the merchant using online payment accounts (such as PayPal), electronic funds (such as bitcoins), or credit/debit cards. Payments using credit/debit cards for an online transaction typically involve the customer entering their credit/debit card information into a secured web browser for transmittal to the merchant for processing. Such online transactions, however, may be susceptible to fraud. Furthermore, typical techniques for preventing fraud in online transactions with credit/debit cards may be deficient.
  • a customer when conducting a telephone transaction with a merchant, a customer typically pays for goods or services received from the merchant using credit/debit cards. Payments using credit/debit cards for a telephone transaction typically involve the customer verbally communicating their credit/debit card information to an employee of the merchant during a telephone conversation. Such telephone transactions, however, may be susceptible to fraud. Furthermore, typical techniques for preventing fraud in telephone transactions with credit/debit cards may be deficient.
  • a customer in order to conduct a transaction with a merchant, a customer typically pays for goods or services received from the merchant using money, a check, and/or credit/debit cards. Payments using credit/debit cards may be problematic for various reasons. For example, credit/debit cards are susceptible to fraud, which can affect the customer, merchant, and/or the financial institution associated with the customer. To prevent fraud with credit/debit cards, a merchant typically checks whether the name and/or picture on the credit/debit card matches identification provided by the customer. Such typical techniques for preventing fraud with credit/debit cards may be deficient.
  • an online transaction verification system includes one or more memory units and one or more processors.
  • the memory units are configured to store a plurality of comparison codes.
  • the processors are configured to receive an indication that a card user is attempting to perform an online transaction using payment card information and a transaction device.
  • the transaction device is communicatively coupled to a merchant device with which the card user is attempting to perform the online transaction.
  • the processors are also configured to, following reception of the indication, transmit a challenge code configured to interrogate a card user identification device for a first verification code.
  • the challenge code is received by a card user verification device communicatively coupled to the transaction device, and the challenge code is re-transmitted from the card user verification device to the card user identification device.
  • the processors are further configured to, following transmittal of the challenge code, receive the first verification code from the card user identification device.
  • the first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, and according to a predefined manner.
  • the processors are further configured to select a first comparison code from a plurality of comparison codes according to the predefined manner, and compare the first comparison code to the first verification code from the card user identification device.
  • the processors are further configured to, following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the online transaction has been verified.
  • Certain embodiments of the disclosure may provide one or more technical advantages.
  • a verification entity device may compare a comparison code selected by the verification entity device with a verification code selected by a card user identification device.
  • a person or a device
  • the person may be unable to conduct one or more online transactions using the payment card information (or the payment card) because the person may not also have the card user identification device, the verification code stored and selected by the card user identification device, and/or the card user verification device that may allow the card user identification device to communicate the verification code to the verification entity device.
  • the card user identification device may select a particular verification code for an online transaction by sequentially rotating through each of the verification codes stored by the card user identification device. As such, the same code may be re-used as the verification code at a later date and/or time, and the card user identification device may not need to receive new verification codes from the verification entity device when all of the verification codes have already been used.
  • a verification code stored in the card user identification device may be selected and/or communicated for receipt by the verification entity device without intervention by the card user. As such, the verification process may be easier for the card user.
  • the card user verification device may easily install onto the transaction device, such as by the card user connecting the card user verification device to a universal serial bus port of the transaction device. As such, the card user may be able to perform verified online transactions without any complicated installation procedures.
  • a telephone transaction verification system includes one or more memory units and one or more processors.
  • the memory units are configured to store a plurality of comparison codes.
  • the processors are configured to receive an indication that a card user is attempting to perform a telephone transaction using payment card information and a card user telephone device.
  • the card user telephone device is communicatively coupled to a merchant telephone device with which the card user is attempting to perform the telephone transaction.
  • the processors are also configured to, following reception of the indication, transmit a challenge code configured to interrogate a card user identification device for a first verification code.
  • the challenge code is received by the card user telephone device and re-transmitted by the card user telephone device to the card user identification device.
  • the processors are further configured to, following transmittal of the challenge code, receive the first verification code from the card user identification device.
  • the first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, and according to a predefined manner.
  • the first verification code is transmitted by the card user identification device to the card user telephone device and re-transmitted by the card user telephone device to the merchant telephone device.
  • the processors are further configured to select a first comparison code from the plurality of comparison codes according to the predefined manner, and compare the first comparison code to the first verification code from the card user identification device.
  • the processors are further configured to, following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the telephone transaction has been verified.
  • a verification entity device may compare a comparison code selected by the verification entity device with a verification code selected by a card user identification device.
  • a person or a device
  • the person may be unable to conduct one or more telephone transactions using the payment card information (or the payment card) because the person may not also have the card user identification device and/or the verification code stored and selected by the card user identification device.
  • the card user identification device may select a particular verification code for a telephone transaction by sequentially rotating through each of the verification codes stored by the card user identification device.
  • the same code may be re-used as the verification code at a later date and/or time, and the card user identification device may not need to receive new verification codes from the verification entity device when all of the verification codes have already been used.
  • a verification code stored in the card user identification device may be selected and/or communicated for receipt by the verification entity device without intervention by the card user. As such, the verification process may be easier for the card user.
  • a merchant verification device may be communicatively coupled to the card user identification device by a merchant telephone device and the card user telephone device. This may allow the telephone transaction to be verified even though it is performed over a telephone connection.
  • a transaction verification system includes one or more memory units and one or more processors coupled to the memory units.
  • the memory units store a plurality of comparison codes.
  • the processors are configured to receive an indication that a card user is attempting to perform a transaction with a payment card.
  • the processors are also configured to, following reception of the indication, transmit a challenge code for reception by a card user device.
  • the challenge code is configured to interrogate the card user device for a first verification code.
  • the processors are further configured to, following transmittal of the challenge code, receive the first verification code from the card user device.
  • the first verification code is selected, by the card user device, from a plurality of verification codes stored by the card user device. Furthermore, the first verification code is selected, by the card user device, according to a predefined manner.
  • the processors are further configured to select a first comparison code from the plurality of comparison codes according to the predefined manner, and compare the first comparison code to the first verification code received from the card user device.
  • the processors are further configured to, following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the transaction has been verified.
  • the verification entity device may compare a comparison code selected by the verification entity device with a verification code selected by a card user device.
  • the person may be unable to conduct one or more transactions using the payment card because the person may not also have the card user device (or the verification code selected by the card user device in a predefined manner).
  • the card user device may select a particular verification code for a transaction by sequentially rotating through each of the verification codes stored by the card user device.
  • the same code may be re-used as the verification code at a later date and/or time, and the card user device may not need to receive new verification codes from the verification entity device when all of the verification codes have already been used.
  • a verification code stored in the card user device may be selected and/or communicated for receipt by the verification entity device without intervention by the card user. As such, the verification process may be easier for the card user.
  • FIG. 1 illustrates an example online transaction verification system that verifies online transactions between card users and merchants
  • FIG. 2 illustrates an example selection of verification codes and comparison codes of
  • FIG. 3 illustrates an example telephone transaction verification system that verifies telephone transactions between card users and merchants
  • FIG. 4 illustrates an example selection of verification codes and comparison codes of
  • FIG. 5 illustrates an example transaction verification system that verifies transactions between card users and merchants.
  • FIG. 6 illustrates an example selection of verification codes and comparison codes of
  • FIG. 5 is a diagrammatic representation of FIG. 5.
  • FIGS. 1-6 of the drawings like numerals being used for like and corresponding parts of the various drawings.
  • FIG. 1 illustrates an example online transaction verification system 10 that verifies online transactions between card users and merchants.
  • System 10 includes a verification entity device 14 that stores comparison codes 42, and further includes a card user identification device 94 that stores verification codes 114.
  • a card user attempts to perform an online transaction using a payment card (e.g., a credit card) and a transaction device 62 (e.g., a laptop computer or a mobile phone)
  • the verification entity device 14 may compare a comparison code 42 (which is selected in a predefined manner by the verification entity device 14) with a verification code 114 (which is selected in the same predefined manner by the card user identification device 94 and then communicated to the verification entity device 14) in order to determine whether to approve the online transaction.
  • system 10 also includes a card user verification device 70 that is communicatively coupled to the card user identification device 94 and also communicatively coupled to the transaction device 62 (such as connected to the universal serial bus port of the transaction device 62). In particular embodiments, this may provide an easily installed card user verification device 70 that allows communication of verification codes 114 to the verification entity device 14, thereby allowing system 10 to provide additional protection against fraud in an online transaction.
  • a verification entity represents an entity that communicates with customers and/or merchants in order to verify online transactions between the customers and merchants.
  • a verification entity may be a financial institution, such as a credit card company, credit card servicer, debit card company, debit card servicer, bank, any other institution that communicates with customers and/or merchants in order to facilitate online transactions between the customers and merchants, or any combination of the preceding.
  • the verification entity verifies online transactions for customers that have a credit card account, a savings account, a debit card account, a checking account, any other account associated with the financial institution (or a merchant), or any combination of the preceding.
  • the verification entity may be a third party entity, such as a clearinghouse, payment processing institution, any other entity that may communicate with a financial institution in order to assist in facilitating online transactions between the customers and merchants, or any combination of the preceding.
  • the verification entity verifies online transactions for customers (and/or merchants) associated with the financial institution.
  • a verification entity may be a combination of a financial institution and a third party entity.
  • a merchant represents an entity in any suitable industry that conducts an online transaction with a customer.
  • the merchant may include a retailer, a wholesaler, a service company, or any other suitable entity that has customers and conducts online transactions with the customers.
  • the merchant interacts with the verification entity associated with a customer in order to facilitate each online transaction.
  • An online transaction represents a transaction made between a customer and merchant over an electronic (or online) communication network, and may include receiving payment from the customer for goods or services provided by the merchant (or crediting a refund to the customer).
  • An example of an online transaction may be a customer purchasing goods from the merchant over the Internet using a web browser displayed on a computing device (such as a laptop computer).
  • a payment card represents a credit card, a debit card, a check, a coupon linked to an account, a gift card linked to an account, a money order, a promissory note, or any other manner of non-cash payment.
  • a card user i.e., a customer using the payment card
  • the card user may enter payment card information into a merchant's web page in order to pay for goods or services from the merchant.
  • Payment card information may represent any information associated with the payment card, the card user, and/or an account of the card user.
  • payment card information may include the payment card number, the payment card expiration date, the payment card verification code, the billing address associated with the payment card, the card user, and/or the account of the card user, the shipping address associated with the card user, any other information that may be used to process an online transaction, or any combination of the preceding.
  • a customer In order to conduct an online transaction with a merchant, a customer typically pays for goods or services received from the merchant using online payment accounts (such as PayPal), electronic funds (such as bitcoins), or credit/debit cards. Payments using credit/debit cards for an online transaction typically involve the customer entering their credit/debit card information into a secured web browser for transmittal to the merchant for processing. Such online transactions, however, may be susceptible to fraud. Furthermore, typical techniques for preventing fraud in online transactions with credit/debit cards may be deficient. As such, in particular embodiments, system 10 of FIG. 1 may verify online transactions between card users and merchants in a manner that provide various advantages.
  • online payment accounts such as PayPal
  • electronic funds such as bitcoins
  • credit/debit cards Credit/debit cards
  • the verification entity device 14 may compare a comparison code 42 selected by the verification entity device 14 with a verification code 114 selected by a card user identification device 94 carried by the card user.
  • a comparison code 42 selected by the verification entity device 14 may be able to steal or copy a card user's payment card information or the payment card.
  • the person may be unable to conduct one or more online transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 94 and/or the card user verification device 70 that may allow the card user identification device 94 to communicate with the verification entity device 14.
  • the provided code may not match the comparison code 42 utilized by the verification entity device 14 because the fraudulent device may not have access to verification codes 114 or a verification management application 46b that results in a verification code 114 being selected in a predefined manner.
  • the card user identification device 94 may select a particular verification code 114 for an online transaction by sequentially rotating through each of the verification codes 114 stored at the card user identification device 94. In such an example, this may allow the same code to be re-used as the verification code 114 at a later date and/or time from the original use of the code. Furthermore, this may prevent the card user identification device 94 from needing to receive new verification codes 114 from verification entity device 14 (or some other device associated with the verification entity) when all of the verification codes 114 have already been used. As a further example, a verification code 114 stored in the card user identification device 94 may be selected and/or communicated for receipt by the verification entity device 14 without intervention by the card user.
  • the verification process may be easier for the card user because the card user may not need to perform any type of action to assist in the verification of the online transaction, other than the card user actually carrying the card user identification device 94 with them when performing the online transaction (such as carrying the card user identification device 94 in the card user's purse or attached to the card user's keys) and/or other than the card user performing the online transaction with a transaction device 62 (and/or card user verification device 70) that is within communication range to the card user identification device 94 (such as within Bluetooth range, WiFi range, radio frequency identification range, infrared range, or any other suitable range).
  • the card user verification device 70 may easily install onto (or otherwise communicate with) the transaction device 62, such as by the card user connecting the card user verification device 70 to a universal serial bus port (or other connection) of the transaction device 62.
  • the card user may be able to perform verified online transactions without any complicated installation procedures. Therefore, system 10 may verify online transactions between card users and merchants in a manner that is advantageous.
  • Verification entity device 14 represents any suitable components that verify online transactions between card users and merchants.
  • Verification entity device 14 may include a network server, any suitable remote server, a mdnframe, a host computer, a workstation, a web server, a personal computer, a file server, or any other suitable device for verifying online transactions between card users and merchants.
  • the functions of verification entity device 14 may be performed by any suitable combination of one or more servers or other components at one or more locations.
  • the server may be a private server, and the server may be a virtual or physical server.
  • the server may include one or more servers at the same or remote locations.
  • verification entity device 14 may include any suitable component that functions as a server.
  • verification entity device 14 includes a network interface 18, a processor 22, and a memory unit 26.
  • Network interface 18 represents any suitable device operable to receive information from network 50, transmit information through network 50, perform processing of information, communicate to other devices, or any combination of the preceding.
  • network interface 18 receives transaction information associated with an online transaction between a card user and a merchant.
  • network interface 18 communicates a challenge code 38 for receipt by a card user identification device 94.
  • Network interface 18 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), or other communication system that allows verification entity device 14 to exchange information with network 50, merchant device 54, card user environment 58, transaction device 62, card user verification device 70, network 90, card user identification device 94, or other components of system 10.
  • LAN local area network
  • MAN metropolitan area network
  • WAN wide area network
  • Processor 22 communicatively couples to network interface 18 and memory unit 26, and controls the operation and administration of verification entity device 14 by processing information received from network interface 18 and memory unit 26.
  • Processor 22 includes any hardware and/or software that operates to control and process information.
  • processor 22 executes verification entity device management application 30 to control the operation of verification entity device 14.
  • Processor 22 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
  • Memory unit 26 stores, either permanently or temporarily, data, operational software, or other information for processor 22.
  • Memory unit 26 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information.
  • memory unit 26 may include random access memory (RAM), read only memory (ROM), magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding.
  • RAM random access memory
  • ROM read only memory
  • magnetic storage devices magnetic storage devices
  • optical storage devices any other suitable information storage device, or any combination of the preceding.
  • memory unit 26 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 26. While illustrated as including particular information modules, memory unit 26 may include any suitable information for use in the operation of verification entity device 14.
  • memory unit 26 includes verification entity device management application 30 and accounts 34.
  • Verification entity device management application 30 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of verification entity device 14.
  • Accounts 34 represent any information regarding personal, commercial, and/or corporate accounts handled by verification entity device 14 with regard to one or more payment cards.
  • accounts 34 includes account numbers, nicknames for accounts, account identifiers associated with an account, balance information of an account (and/or a payment card linked to the account), limits of an account (and/or a payment card linked to the account), disclaimers associated with an account, card user preferences, data associated with one or more online transactions performed (or in the process of being performed) by a card user, any other suitable data, or any combination of the preceding.
  • Account 34 for each different card user may include challenge codes 38, comparison codes 42, and verification management application 46a.
  • Challenge codes 38 represent any code that may be used to interrogate card user identification device 94 for a verification code 114. Examples of challenge codes 38 are discussed in further detail below.
  • Comparison codes 42 represent any code that may be compared to a verification code 114 in order to verify an online transaction. Examples of comparison codes 42 are discussed in further detail below.
  • Verification management application 46a represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting comparison codes 42, verification codes 114, and/or verifying an online transaction using comparison codes 42 and verification codes 114. Examples of verification management application 46a are discussed in further detail below.
  • Network 50 represents any suitable network operable to facilitate communication between the components of system 10, such as verification entity device 14, merchant device 54, card user environment 58, transaction device 62, card user verification device 70, network 90, and card user identification device 94.
  • Network 50 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding.
  • Network 50 may include all or a portion of a public switched telephone network (PSTN), a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components.
  • PSTN public switched telephone network
  • Merchant device 54 represents any suitable components that communicate with a transaction device 62 in order to allow a card user to perform (or attempt to perform) an online transaction with a merchant.
  • Merchant device 54 may include a network server, any suitable remote server, a mainframe, a host computer, a workstation, a web server, a personal computer, a file server, or any other suitable device for communicating with the transaction device 62 in order to allow a card user to perform (or attempt to perform) an online transaction with a merchant.
  • the functions of merchant device 54 may be performed by any suitable combination of one or more servers or other components at one or more locations.
  • the server may be a private server, and the server may be a virtual or physical server.
  • the server may include one or more servers at the same or remote locations.
  • merchant device 54 may include any suitable component that functions as a server.
  • Merchant device 54 may store any information that may assist in allowing a card user to perform (or attempt to perform) an online transaction with a merchant.
  • merchant device 54 may store web page information (such information and/or files that may be utilized by a web browser to create and/or display a web page), online transaction information (such as the number and type of goods or services purchased, payment card information, the card user's shipping information, etc.), online transaction processing information (such as encryption or security information that may allow the payment card information entered by the card user to be encrypted or otherwise secured), any other information that may assist in allowing a card user to perform (or attempt to perform) an online transaction with a merchant, or any combination of the preceding. Additionally, merchant device 54 may further communicate with verification entity device 14 in order to process an online transaction between a card user and a merchant.
  • Merchant device 54 may be associated with a merchant.
  • a particular merchant may be a retail chain that sells goods to customers. This merchant may offer to sell their goods through an electronic (or online) connection network (such as the Internet) using a web page accessible by a web browser.
  • merchant device 54 may store the information utilized by a web browser to create and display the merchant's web page.
  • Merchant device 54 may be owned by the merchant.
  • the merchant may own one or more merchant devices 54 in order to host the merchant's web page information.
  • merchant device 54 (or all or a portion of the storage and/or processing capabilities of merchant device 54) may be temporarily purchased by the merchant, rented by the merchant, or otherwise obtained by the merchant.
  • Card user environment 58 represents any suitable components that allow card users to perform online transactions with merchants. As illustrated, card user environment 58 includes transaction device 62, card user verification device 70, network 90, and card user identification device 94. Transaction device 62 represents any suitable components that communicate with merchant device 14 in order to allow a card user to perform (or attempt to perform) an online transaction between a card user and a merchant.
  • Transaction device 62 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 10 in order to allow a card user to perform (or attempt to perform) an online transaction between a card user and a merchant, or any combination of the preceding.
  • Transaction device 62 may include a user interface, such as a display, a microphone, keypad, or other appropriate terminal equipment usable by a card user.
  • transaction device 62 may generate and display merchant interface 66.
  • Merchant interface 66 represents any interface between transaction device 62 and merchant device 54 that allows a card user to perform (or attempt to perform) an online transaction with a merchant.
  • merchant interface 66 may be a web page, a graphical user interface, a text-based interface, an application (such as a mobile phone application) that allows a card user to perform (or attempt to perform) an online transaction with a merchant, any other interface that allows a card user to perform (or attempt to perform) an online transaction with a merchant, or any combination of the preceding.
  • merchant interface 66 may be a web page associated with the merchant.
  • the card user may access the web page by entering the web page's uniform resource locator (URL) into a web browser (such as Firefox, Internet Explorer, Google Chrome, Opera, or Safari).
  • the web browser may access the web page's information (stored on merchant device 54) and use the accessed information to render the web page for display to the card user on transaction device 62.
  • the card user may then use the web page to browse through one or more goods or services sold by the merchant, select one or more goods or services for purchase, enter payment card information for purchasing the goods or services, and submit the purchase to merchant device 54.
  • transaction device 62 may further communicate with card user verification device 70 in order to assist in the verification of online transactions between card users and merchants.
  • Transaction device 62 may communicate with the card user verification device 70 in any suitable manner.
  • transaction device 62 may include (or be coupled to) one or more interfaces, connections, or ports (such as a serial port, a parallel port, a universal serial bus (USB) port, or any other communication port) that may communicatively couple transaction device 62 to the card user verification device 70.
  • the card user verification device 70 may be plugged into the interface, connection, or port (such as the
  • transaction device 62 may include a network interface similar to network interface 18 (discussed above).
  • the network interface may be any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a
  • transaction device 62 may be communicatively coupled to card user verification device 70 by a network similar to network 50 (discussed above).
  • Card user verification device 70 represents any suitable components that communicate with verification entity device 14 and card user identification device 94 in order to assist in the verification of online transactions between card users and merchants.
  • Card user verification device 70 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a radio frequency transceiver, a smart card reader, a wired identification tag transceiver, a wireless identification tag transceiver, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 10, or any combination of the preceding.
  • Card user verification device 70 may act as an intermediary between verification entity device 14 and card user identification device 94.
  • verification entity device 14 may communicate a challenge code 38 for receipt by the card user identification device 94.
  • card user verification device 70 may receive the challenge code 38 (prior to the card user identification device 94 receiving the challenge code 38) and may re-communicate the challenge code 38 to the card user identification device 94.
  • the card user identification device 94 may communication a verification code 114 for receipt by the verification entity device 14.
  • the card user verification device 70 may receive the verification code 114 (prior to the verification entity device 14 receiving the verification code 114) and may re- communicate the verification code 114 to the verification entity device 14.
  • Card user verification device 70 may be associated with a card user.
  • card user verification device 70 may be carried by the user (such as in the card user's pocket or purse), stored (or otherwise located) in the card user's office or residence, coupled to the transaction device 62 of the card user (such as connected to the USB port of the transaction device 62), any other manner of association with the card user, or any combination of the preceding.
  • the card user verification device 70 may assist in the verification of online transactions between card users and merchants, no matter where the card user is located.
  • card user verification device 70 may include a user interface, such as a display, a microphone, keypad, or other appropriate terminal equipment usable by a card user.
  • card user verification device 70 includes a network interface 74, a processor 78, and a memory unit 82.
  • Network interface 74 represents any suitable device operable to receive information from network 90 and/or network 50, transmit information through network 90 and/or network 50, perform processing of information, communicate to other devices, or any combination of the preceding.
  • network interface 74 receives a challenge code 38 from the verification entity device 14 and re-communicates the challenge code 38 to the card user identification device 94.
  • network interface 74 receives a verification code 114 from the card user identification device 94 and re-communicates the verification code 1 14 for receipt by the verification entity device 14.
  • Network interface 74 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 74 to exchange information with verification entity device 14, network 50, merchant device 54, card user environment 58, transaction device 62, network 90, card user identification device 94, or other components of system 10.
  • network interface 74 may be (or may further include) a radio frequency transceiver (such as a radio frequency identification transceiver, a Bluetooth transceiver, a WiFi transceiver, etc.) for communicating radio frequencies to and from the card user identification device 94.
  • a radio frequency transceiver such as a radio frequency identification transceiver, a Bluetooth transceiver, a WiFi transceiver, etc.
  • network interface 74 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from the card user identification device 94.
  • network interface 74 may be (or may further include) a display screen for capturing images (such as a quick response (QR) code) generated and displayed on the card user identification device 94, or for generating and displaying images (such as a QR code) for capture by the card user identification device 94.
  • QR quick response
  • Processor 78 communicatively couples to network interface 74 and memory unit 82, and controls the operation and administration of card user verification device 70 by processing information received from network interface 74 and memory unit 82.
  • Processor 78 includes any hardware and/or software that operates to control and process information.
  • processor 78 executes card user verification device management application 86 to control the operation of card user verification device 70.
  • Processor 78 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
  • Memory unit 82 stores, either permanently or temporarily, data, operational software, or other information for processor 78.
  • Memory unit 82 includes any one or a combination of volatile or non- volatile local or remote devices suitable for storing information.
  • memory unit 82 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding.
  • memory unit 82 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 82. While illustrated as including particular information modules, memory unit 82 may include any suitable information for use in the operation of card user verification device 70.
  • memory unit 82 includes card user verification device management application 86.
  • Card user verification device management application 86 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of card user verification device 70.
  • card user verification device 70 is illustrated as a separate device from transaction device 62, card user verification device 70 may the same device as transaction device 62. In such an example, a single device may be used to communicate with merchant device 54 in order to allow a card user to perform (or attempt to perform) an online transaction between a card user and a merchant, and also communicate with card user identification device 94 in order to assist in the verification of online transactions between card users and merchants.
  • Network 90 represents any suitable network operable to facilitate communication between the components of system 10, such as card user verification device 70 and card user identification device 94.
  • Network 90 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding.
  • Network 90 may include all or a portion of a PSTN, a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components.
  • network 90 may be the same type of network as network 50, or network 90 may be a different type of network than network 50.
  • both network 90 and network 50 may be a combination of wireless and wireline networks.
  • network 90 may be only a wireless network (such as only a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network), while network 50 may be a combination of wireless and wireline networks.
  • network 90 and network 50 are illustrated as separate networks, network 90 and network 50 may be the same network.
  • a single network may communicate a challenge code 38 from verification entity device 14 to card user verification device 70 (and/or transaction device 62), and may further re-communicate the challenge code 38 from card user verification device 70 to card user identification device 94.
  • Card user identification device 94 represents any suitable components that communicate with card user verification device 70 in order to provide verification codes 114 to the verification entity device 14 to verify online transactions between card users and merchants.
  • Card user identification device 94 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a wired identification tag, a wireless identification tag, a radio frequency identification device, an audio-generation device, a smart card, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with card user verification device 70 (and/or other components of system 10), or any combination of the preceding.
  • card user identification device 94 may include a user interface, such as a display, a microphone, keypad, a scanner (such as a QR code scanner), or other appropriate terminal equipment usable by the card user.
  • Card user identification device 94 may be carried by the card user (or otherwise associated with the card user).
  • card user verification device 70 and verification entity device 14
  • card user identification device 94 may communicate with card user verification device 70 (and verification entity device 14) in order to provide verification codes 114 that may allow the verification entity device 14 to verify the online transaction.
  • Card user identification device 94 may be carried by the card user (or otherwise associated with the card user) in any suitable manner.
  • the card user identification device 94 may be a wireless identification tag that is attached to the card user's keys, wallet, purse, wearable items (such as a wearable wristband), and/or article of clothing (such as a belt).
  • the card user identification device 94 may be a smart card that is carried within the card user's wallet, purse, or pocket.
  • the card user identification device 94 may be the card user's mobile phone.
  • card user identification device 94 includes a network interface 98, a processor 102, and a memory unit 106.
  • Network interface 98 represents any suitable device operable to receive information from network 90, transmit information through network 90, perform processing of information, communicate to other devices, or any combination of the preceding.
  • network interface 98 receives a challenge code 38 from the verification entity device 14 (via the card user verification device 70) and commumcates a verification code 114 to the verification entity device 14 (via the card user verification device 70).
  • Network interface 98 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 98 to exchange information with network 90, card user verification device 70, verification entity device 14, or other components of system 10.
  • network interface 90 may be (or may further include) a radio frequency transceiver (such as a radio frequency identification transceiver, a Bluetooth transceiver, a WiFi transceiver, etc.) for communicating radio frequencies to and from the card user verification device 70.
  • network interface 90 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from card user verification device 70.
  • network interface 90 may be (or may further include) a card user display screen for capturing images (such as a QR code) generated and displayed on the card user verification device 70, or for generating and displaying images (such as a QR code) for capture by the card user verification device 70.
  • images such as a QR code
  • QR code a QR code
  • Processor 102 communicatively couples to network interface 98 and memory unit 106, and controls the operation and administration of card user identification device 94 by processing information received from network interface 98 and memory unit 106.
  • Processor 102 includes any hardware and/or software that operates to control and process information.
  • processor 102 executes card user identification device management application 110 to control the operation of card user identification device 94.
  • Processor 102 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
  • Memory unit 106 stores, either permanently or temporarily, data, operational software, or other information for processor 102.
  • Memory unit 106 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information.
  • memory unit 106 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding.
  • memory unit 106 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 106. While illustrated as including particular information modules, memory unit 106 may include any suitable information for use in the operation of card user identification device 94.
  • memory unit 106 includes card user identification device management application 110, verification codes 114, and verification management application 46b.
  • Card user identification device management application 110 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of card user identification device 94.
  • Verification codes 114 represent any code that may be used to identify the card user as the approved user of the payment card
  • Verification management application 46b may be substantially similar to verification management application 46a (stored in memory unit 34 of verification entity device 14). As such, verification management application 46b represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting verification codes 114. Verification management application 46b may be received by (and stored by) card user identification device 94 prior to card user identification device 94 receiving a challenge code 38. For example, verification management application 46b may be received by (and stored by) card user identification device 94 when card user identification device 94 is manufactured, programmed, and/or updated to operate with system 10.
  • verification management application 46b may be received by (and stored by) card user identification device 94 at any other time.
  • verification management application 46b may be a portion of the challenge code 38 communicated for receipt by the card user identification device 94.
  • the card user identification device 94 may receive (and store) the verification management application 46b the first time it receives the challenge code 38 (or every time it receives the challenge code 38).
  • verification management application 46b may be communicated to the card user identification device 94 in the same message as a challenge code 38, in a message prior to the communication of the challenge code 38, or in a message after the communication of the challenge code 38.
  • the card user identification device 94 may receive (and store) the verification management application 46b prior to receiving a challenge code 38, at the same time (or substantially the same time) as receiving a challenge code 38, or after receiving a challenge code 38. Examples of verification management application 46b are discussed in further detail below.
  • a card user may desire to conduct an online transaction with a particular merchant. For example, a card user may desire to purchase an item (such as a shirt) using a payment card (such as a credit card) and a transaction device 62 (such as the card user's laptop computer or mobile phone). In order to do so, the card user may access the merchant interface 66 associated with the merchant in order to select the item, and may provide the merchant with payment card information (via online payment 150). As a result of receiving the payment card information, the merchant device may begin processing the payment card information by providing an indication (via indication 154) to verification entity device 14 that the card user is attempting to perform an online transaction with the merchant using the payment card.
  • a payment card such as a credit card
  • a transaction device 62 such as the card user's laptop computer or mobile phone.
  • the card user may access the merchant interface 66 associated with the merchant in order to select the item, and may provide the merchant with payment card information (via online payment 150).
  • the merchant device may begin processing the payment card information by providing an
  • the verification entity may desire to verify that the person attempting to perform the online transaction with the payment card is the card user that is authorized to use the payment card.
  • the credit card company may desire to verify that a card issued to John Doe is being used by John Doe, as opposed to someone that may have fraudulently obtained the card (or information about the card) issued to John Doe.
  • verification entity device 14 may communicate a challenge code 38 configured to interrogate a card user identification device 94 carried by (or otherwise associated with) the card user, such as a wireless identification tag attached to the keys of John Doe.
  • the challenge code 38 may be first communicated to merchant device 54 (via first challenge message 158), which may then re- communicate the challenge code 38 to transaction device 62 (via second challenge message 162).
  • the transaction device 62 may then re-communicate the challenge code 38 (via third challenge message 166) to a card user verification device 70, such as a wireless radio frequency identification transceiver connected to the USB port of the transaction device 62.
  • Card user verification device 70 may receive the challenge code 38 and re-communicate the challenge code 38 to the card user identification device 94 (via fourth challenge message 170) carried by the card user, such as the wireless identification tag attached to the keys of John Doe.
  • the challenge code 38 may interrogate the card user identification device 94, causing the card user identification device 94 to select a verification code 114 (via a predefined manner of verification management application 46b) and communicate (via first verification response message 174) the verification code 114 back to card user verification device 70.
  • the card user verification device 70 may receive the verification code 114 and then re- communicate the verification code 114 to transaction device 62 (via second verification response message 178).
  • the transaction device 62 may re-communicate the verification code 114 to merchant device 54 (via third verification response message 182), and the merchant device 54 may re-communicate the verification code 114 to verification entity device 14 (via fourth verification response message 186).
  • verification entity device 14 may select a comparison code 42 (via the predefined manner of verification management application 46a) to compare to the verification code 114 received from the card user identification device 94. If the verification code 114 does not match the comparison code 42 (or a verification code 114 is never received in response to a challenge code 38), verification entity device 14 may deny the processing of the online transaction. On the other hand, if the verification code 114 does match the comparison code 42, verification entity device 14 may verify the online transaction (or otherwise approve the processing of the online transaction) via verification signal 190 communicated to merchant device 54, and the online transaction may be allowed to occur. In particular embodiments, this method of verifying an online transaction may provide additional protection against fraud.
  • the person may be unable to conduct one or more online transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 94 (or the card user verification device 70).
  • the code provided by the fraudulent device may not match the comparison code 42 utilized by the verification entity device 14 because the fraudulent device may not have access to verification codes 114 or the verification management application 46b that results in a verification code 114 being selected in a predefined manner. Further details regarding particular examples of these sequences illustrated in FIG. 1 are discussed below.
  • a card user may initiate an online transaction with a merchant by providing payment card information to the merchant via online payment 150.
  • Online payment 150 may be performed in any suitable manner.
  • the card user may type (or otherwise enter) the payment card information into merchant interface 66, and then communicate the payment card information to the merchant device 54.
  • the payment card information may be automatically entered into merchant interface 54, such as when the payment card information is already saved (or otherwise on file with the merchant, the merchant device 54, the merchant interface 66, and/or the transaction device 62) for future online transactions.
  • the card user may communicate the payment card information to the merchant device 54.
  • merchant device 54 may communicate indication 154 to verification entity device 14, indicating that that the card user is attempting to perform an online transaction with the merchant using the payment card.
  • Indication 154 may include any information about the attempted online transaction.
  • indication 154 may include all (or a portion) of the payment card information received by the merchant device 54, information associated with the merchant
  • indication 154 has been illustrated as being communicated directly from merchant device 54 to verification entity device 14, in particular embodiments, indication 154 may be communicated to one or more additional devices (not shown) before indication 154 is received by verification entity device 14. For example, indication 154 may first be communicated to a payment processor (such as a payment processing system run by, for example, First Data Merchant Services Corporation), and then the payment processor may re- communicate the indication 154 to verification entity device 14. The payment processor may re-communicate all or a portion of indication 154.
  • a payment processor such as a payment processing system run by, for example, First Data Merchant Services Corporation
  • the payment processor may perform one or more payment processing actions (using the information in indication 154) prior to re-communicating indication 154.
  • the payment processor may add information associated with these additional payment processing actions to indication 154 prior to re-communicating indication 154 to verification entity device 14.
  • verification entity device 14 may communicate a challenge code 38 (via first challenge message 158) for receipt by the card user identification device 94.
  • a challenge code 38 represents any code that may be used to interrogate card user identification device 94 for a verification code 114.
  • a challenge code 38 may be a computer-readable code that forces, requests, or causes a response from card user identification device 94.
  • the challenge code 38 may force, request, or cause the card user identification device 94 to select a verification code 114 stored at the card user identification device 94 and communicate the verification code 114 for receipt by the verification entity device 14.
  • a challenge code 38 may be the same code for all card user identification devices 94, or may be unique for each card user identification device 94 (or for one or more card user identification devices 94). For example, a challenge code 38 for a card user identification device 94 carried by John Doe may be different than a challenge code 38 for a card user identification device 94 carried by Jane Doe.
  • Challenge code 38 may be the same challenge code every time it is sent for receipt by a particular card user identification device 94, or it may be different every time it is sent for receipt by a particular card user identification device
  • challenge code 38 may include one or more details associated with the online transaction (such as the purchase amount, the merchant identification, the time and/or date associated with the online transaction or the challenge code 38, etc.), thereby causing it to be different every time it is sent for receipt by the card user identification device 94 carried by John Doe.
  • the challenge code 38 may include a particular verification management application 46b for use by the card user identification device 94 for that online transaction.
  • the challenge code 38 may include particular instructions for responding to the challenge code 38 (such as a particular question that is to be answered using the verification code 114).
  • the challenge code 38 may be received by merchant device 54.
  • Merchant device 54 may then re-communicate the challenge code 38 to transaction device 62 (via second challenge message 162), and transaction device 62 may re-communicate the challenge code 38 to card user verification device 70 (via third challenge message 166).
  • Card user verification device 70 may act as an intermediary between verification entity device 14 and card user identification device 94. By doing so, card user verification device 70 may receive the challenge code 38 from verification entity device 14 (via first challenge message 158, second challenge message 162, and third challenge message 166) and re-communicate the challenge code 38 to card user identification device 94 (via fourth challenge message 170).
  • Card user verification device 70 may re-communicate challenge code 38 in the same form (and/or in the same manner) in which card user verification device 70 received the challenge code 38.
  • card user verification device 70 may act as an amplifier (or an access point) that provides a network connection between verification entity device 14 and card user identification device 94.
  • card user verification device 70 may re-communicate challenge code 38 in a different form (and/or in a different manner) than what card user verification device 70 received the challenge code 38 as.
  • card user verification device 70 may receive the challenge code 38 in digital form over a wired connection and re-communicate the challenge code 38 in analog form over a wireless connection.
  • card user verification device 70 may receive the challenge code 38 in digital form over a wireless connection and re-communicate the challenge code 38 in a radio frequency (or as a particular audio tone) over a different wireless connection.
  • card user verification device 70 may receive the challenge code 38 in a digital form over a wired connection and re-communicate the challenge code 38 as a graphical image (such as a barcode, a QR code, a universal product code (UPC), a matrix bar code, a MaxiCode, or a ShotCode) that may be scanned or copied by the card user identification device 94.
  • a graphical image such as a barcode, a QR code, a universal product code (UPC), a matrix bar code, a MaxiCode, or a ShotCode
  • card user verification device 70 may act as a converter to convert challenge code 38 from a form (and/or a communication manner) that cannot be received by the card user identification device 94 to a form (and/or a communication manner) that can be received by the card user identification device 94.
  • challenge code 38 has been illustrated as being communicated from verification entity device 14 to card user verification device 70 (via various devices and messages) for re-communication to card user identification device 94
  • the challenge code 38 may be communicated directly from verification entity device 14 to the card user verification device 70 (for re-communication to card user identification device 94).
  • the card user verification device 70 may be a mobile phone that receives the challenge code 38 directly from the verification entity device 14.
  • the mobile phone may be running a mobile phone application associated with the verification entity device 14, and the verification entity device 14 may push the challenge code 38 directly to the mobile phone.
  • the card user verification device 70 (such as a mobile phone) may be connected directly to the verification entity device 14 via a communication network, such as a network similar to network 50 (discussed above).
  • challenge code 38 has been illustrated as being communicated from verification entity device 14 to card user identification device 94 (via various devices and various messages), in particular embodiments, the challenge code 38 may be communicated directly from verification entity device 14 to the card user identification device 94.
  • the card user identification device 94 may be a mobile phone that receives the challenge code 38 directly.
  • the mobile phone may be running a mobile phone application associated with the verification entity device 14, and the verification entity device 14 may push the challenge code 38 directly to the mobile phone.
  • the card user identification device 94 (such as a mobile phone) may be connected directly to the verification entity device 14 via a communication network, such as a network similar to network 50 (discussed above).
  • the card user identification device 94 may communicate a verification code 114 to the card user verification device 70, which may then re-communicate the verification code 114 to the verification entity device 14 (either directly or via various devices and/or messages).
  • challenge code 38 has been illustrated as being automatically re-communicated from the card user verification device 70 to the card user identification device 94, in particular embodiments, the re-communication (and/or even the original communication) of the challenge code 38 to the card user identification device 94 may only occur after a signal is first received from the card user identification device 94. For example, before the challenge code 38 may be received by the card user identification device 94 (and/or even communicated to the card user identification device 94), the card user may activate the card user identification device 94 (such as by pushing a button on the card user identification device 94 or performing any other user action with the card user identification device 94).
  • This activation by the card user may cause the card user identification device 94 to send a signal to the card user verification device 70 (and/or the verification entity device 14) indicating that the card user identification device 94 is ready to receive the challenge code 38. Following receipt of this signal from the card user identification device 94, the challenge code 38 may be communicated to (and received by) the card user identification device 94.
  • a verification code 114 represents any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card information and/or the payment card).
  • a verification code 114 may be a predefined code stored at the card user identification device 94, and may be configured to match a comparison code 42 stored at the verification entity device 14.
  • the verification code 114 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding.
  • the verification code 114 may have any length, size, or dimension.
  • the verification code 114 may be a 35 character password.
  • the verification code 114 may match a comparison code 42 when all or a portion of the verification code 114 is identical to all or a portion of the comparison code 42.
  • the verification code 114 may match the comparison code 42 when the last 30 digits of the verification code 114 are identical to the last 30 digits of the comparison code 42.
  • the verification code 114 may match a comparison code 42 when the verification code 114 is an answer to the comparison code 42 (such as an answer to a question), when the verification code 114 completes the comparison code 42 (such as a final piece of a puzzle), when the verification code 114 is the opposite of the comparison code 42 (such as the term "up” is the opposite of "down"), any other manner of matching, or any combination of the preceding.
  • Card user identification device 94 may store any suitable number of different verification codes 114. For example, card user identification device 94 may store 2 different verification codes 114, 5 different verification codes 114, 10 different verification codes 114, 15 different verification codes 114, 25 different verification codes 114, 50 different verification codes 114, 100 different verification codes 114, 1,000 different verification codes 114, 10,000 different verification codes 114, 1 million different verification codes 114, or any other number of different verification codes 114. Furthermore, following receipt of the challenge code 38 by the card user identification device 94, the card user identification device 94 may select one of the verification codes 114 stored at the card user identification device 94. The card user identification device 94 may select one of the verification codes 114 according to a predefined manner based on verification management application 46b.
  • card user identification device 94 may select one of the verification codes 114 by sequentially rotating through each of the verification codes 114 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes 114 (e.g., skipping from the first code to the fifth code), by selecting a position of one of the verification codes 114 (e.g., selecting the code positioned in column five, row ten), any other manner of selecting one of the verification codes 114 according to a predefined manner based on verification management application 46b, or any combination of the preceding.
  • selection of the verification code 114 may further include modifying the verification code 114.
  • the verification code 114 may be modified to include information from the challenge code 38, such as all or a portion of the challenge code 38, or details associated with the online transaction (e.g., the purchase amount, the merchant identification, the date and/or time associated with the online transaction or the challenge code 38, etc.).
  • the verification code 114 may be modified to include information regarding the date and/or time associated with the selection of the verification code 114. Further details regarding examples of the selection of a verification code 114 are discussed below with regard to FIG. 2.
  • the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 via first verification response message 174.
  • the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in any suitable manner (and/or any suitable form).
  • the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in the same manner of communication (and/or form) by which the card user identification device 94 received the challenge code 38. In such an example, if the card user identification device 94 received the challenge code 38 in a particular radio frequency, the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in the same radio frequency.
  • the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in a different manner of communication (and/or form) than that by which the card user identification device 94 received the challenge code 38.
  • the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in a different audio tone, a radio frequency, a graphical image displayed or sent to the card user verification device 70, any other manner (and/or form) different from that by which the card user identification device 94 received the challenge code 38, or any combination of the preceding.
  • the selection and communication processes of the verification code 114 by the card user identification device 94 may occur without user intervention. For example, following the reception of the challenge code 38 by the card user identification device 94, the card user identification device 94 may both automatically select and communicate the verification code 114 without any intervention by the card user (e.g., without the card user pressing a button, confirming a selection, pointing the card user identification device 94 in a particular direction, scanning the card user identification device 94, etc.).
  • verifying the online transaction using the card user identification device 94 may occur without any action by the user, other than the card user actually carrying the card user identification device 94 with them when performing the online transaction (such as carrying the card user identification device 94 in the card user's purse or attached to the card user's keys) and/or other than the card user performing the online transaction with a transaction device 62 (and/or card user verification device 70) that is within communication range to the card user identification device 94 (such as within Bluetooth range, WiFi range, radio frequency identification range, infrared range, or any other suitable range).
  • one or more (or both) of the selection and communication processes of the verification code 114 by the card user identification device 94 may occur with user intervention.
  • selection of the verification code 114 may occur when the card user presses a button on the card user identification device 94 to select the verification code 114, when the card user points the card user identification device 94 at the card user verification device 70 (or hovers the card user identification device 94 over a scanner at the card user verification device 70), when the card user performs any other manner of user intervention, or any combination of the preceding.
  • communication of the verification code 114 may occur when the card user points the card user identification device 94 at the card user verification device 70 (or hovers the card user identification device 94 over a scanner at the card user verification device 70), when the card user swipes the card user identification device 94 (such as a smart card) through a card reader on the card user verification device 70, when the card user presses a button to communicate the verification code 114, any other manner of user intervention, or any combination of the preceding.
  • the card user verification device 70 may re-communicate the verification code 114 for receipt by the verification entity device 14 via second verification response message 174.
  • Card user verification device 70 may re-communicate the verification code 114 in the same form (and/or communication manner) in which card user verification device 70 received the verification code 114.
  • card user verification device 70 may re-communicate the verification code 114 in a different form (and/or manner) than by which the card user verification device 70 received the verification code 114.
  • the card user verification device 70 may re-communicate the verification code 114 to the verification entity device 14 via a wired internet connection.
  • card user verification device 70 may act as a converter to convert verification code 114 from a form (and or communication manner) that cannot be received by the verification entity device 14 to a form (or communication manner) that can be received by the verification entity device 14.
  • transaction device 62 may receive the verification code 114, and re-communicate the verification code 114 to merchant device 54 (via third verification response message 182).
  • merchant device 54 may then re-communicate the verification code 114 to the verification entity device 14 (via fourth verification response message 186).
  • a comparison code 42 represents any code that may be compared to a verification code 114 in order to verify an online transaction.
  • a comparison code 42 may be predefined code stored at the verification entity device 14 and that is configured to match a verification code 114 stored at the card user identification device 94.
  • the comparison code 42 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding.
  • the comparison code 42 may have any length, size, or dimension.
  • the comparison code 42 may be a 35 character password.
  • the comparison code 42 may match a verification code 114 when all or a portion of the comparison code 42 is identical to all or a portion of the verification code 114. Additionally, the comparison code 42 may match a verification code 114 in any of the manners of matching discussed above with regard to verification codes 114.
  • Verification entity device 14 may store (for each account 34) any suitable number of different comparison codes 42.
  • verification entity device 14 may store (for each account 34) 2 different comparison codes 42, 5 different comparison codes 42, 10 different comparison codes 42, 15 different comparison codes 42, 25 different comparison codes 42, 50 different comparison codes 42, 100 different comparison codes 42, 1,000 different comparison codes 42, 10,000 different comparison codes 42, 1 million different comparison codes 42, or any other number of different comparison codes 42.
  • verification entity device 14 may store (for each account 34) a matching comparison code 42 for each verification code 114 stored by the card user identification device 94 (and associated with an account 34). In such an example, if the card user identification device 94 stores 10 different verification codes 114, the verification entity device 14 may store 10 matching comparison codes 42.
  • the verification entity device 14 may select one of the comparison codes 42 according to the same predefined manner utilized by the card user identification device 94.
  • the verification entity device 14 may select one of the comparison codes 42 by sequentially rotating through each of the comparison codes 42 (e.g., rotating from a first code to a second code).
  • both the card user identification device 94 and the verification entity device 14 may utilize the same predefined manner (based on verification management applications 46b and 46a, respectively) to select a matching verification code 114 and comparison code 42.
  • selection of the comparison code 42 may further include modifying comparison code 42.
  • the comparison code 42 may be modified to include information from the challenge code 38, such as all or a portion of the challenge code 38, or details associated with the online transaction (e.g., the purchase amount, the merchant identification, the time and/or date associated with the online transaction or the challenge code 38, etc.).
  • the comparison code 42 may be modified to include information regarding the date and/or time associated with the reception of the verification code 114. Further details regarding examples of the selection of a comparison code 42 are discussed below with regard to FIG. 2.
  • the verification entity device 14 may select one of the comparison codes 42 in a different predefined manner than the card user identification device 94 (but in a manner that still causes the selected comparison code 42 to match the selected verification code 114).
  • the verification entity device 14 may store the comparison codes 42 in a different order than the card user identification device 94 stores the matching verification codes 114. In such an example, the verification entity device
  • the card user identification device 94 may select the matching verification code 114 using a second predefined manner (such as by skipping over a predefined number of the verification codes
  • comparison code 42 may be selected any time after indication 154 is received by the verification entity device 14.
  • the comparison code 42 may be selected before the challenge code
  • the comparison code 42 may be selected after the challenge code 38 is communicated for receipt by the card user identification device 94, but before the verification entity device 14 receives the verification code 114.
  • the verification entity device 14 may compare the verification code 114 to the comparison code 42 in order to determine whether the verification code 114 matches the comparison code 42. If the verification code 114 does not match the comparison code 42 (or a verification code 114 is never received in response to a challenge code 38), verification entity device 14 may deny the online transaction. This denial may result in a denial message (not shown) being sent to merchant device 54, transaction device 62, card user verification device 70, and/or card user identification device 94. As a result, the online transaction will not be allowed to occur.
  • verification entity device 14 may verify the online transaction (or otherwise approve the processing of the online transaction) by communicating a verification signal 190 to merchant device 54 (and/or one or more of transaction device 62, card user verification device 70, and card user identification device 94). As such, the online transaction may be allowed to occur.
  • verification entity device 14 may compare more than one verification code 114 to more than one comparison code 42 in order to verify the particular online transaction. For example, for each online transaction, two or more verification codes 114 and two or more comparison codes 42 may be selected for the verification process. In such an example, verification entity device 14 may only verify (or otherwise allow) the online transaction if each of the selected verification codes 114 match each of the selected comparison codes 42.
  • verification entity device 14 has been illustrated as verifying
  • verification entity device 14 may determine whether the payment card has been reported lost or stolen, whether the online transaction appears suspicious based on the card user's typical purchases, whether there is a sufficient balance associated with the payment card to approve the online transaction, whether the online transaction will cause a credit limit associated with the payment card (or account 34) to be overdrawn, whether a billing address listed in the payment card information received from the card user matches the billing address listed in account 34 for the card user, any other suitable method for determining whether to verify (or approve) the online transaction, or any combination of the preceding.
  • verification entity device 14 has been illustrated as storing and communicating challenge codes 38, storing and selecting comparison codes 42, and verifying the online transactions by comparing comparison codes 42 to verification codes 114, in particular embodiments, one or more (or all) of these actions may be performed by other devices or components of system 10, such as card user verification device 74, transaction device 62, merchant device 54, and/or one or more third party devices or components.
  • card user verification device 70 may store and communicate challenge codes 38, store and select comparison codes 42, and verify the online transactions by comparing comparison codes 42 to verification codes 114.
  • verification entity device 14 may approve the online transaction (or otherwise allow the online transaction to occur) if the card user verification device 70 verifies the online transaction and communicates a verification signal (such as verification signal 190) to the verification entity device 14.
  • merchant device 54 and/or the transaction device 62 may store and communicate challenge codes 38 for receipt by the card user identification device 94.
  • the transaction device 62 may include a plug in application installed on a web browser, and the plug in application may communicate a challenge code 38 for receipt by the card user identification device 94 after the payment card information has been entered into merchant interface 66).
  • the above-described method of verifying an online transaction may provide additional protection against fraud. For example, even if a person (or a device) is able to steal or copy a card user's payment card information (such as the payment card number, expiration date, and verification code) or the payment card (itself), the person may be unable to conduct one or more online transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 94 (or the card user verification device 70).
  • a card user's payment card information such as the payment card number, expiration date, and verification code
  • the payment card itself
  • the person may be unable to conduct one or more online transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 94 (or the card user verification device 70).
  • the code provided by the fraudulent device may not match the comparison code 42 utilized by the verification entity device 14 because the fraudulent device may not have access to verification codes 114 or the verification management application 46b that results in a verification code 114 being selected in a predefined manner.
  • verification entity device 14 may verify any number of online transactions that are performed using any number of merchant devices 54, card user environments 58, transaction devices 62, card user verification devices 70, card user identification devices 94, card users, and/or merchants.
  • system 10 may include any number of verification entity devices 14, networks 50, merchant devices 54, card user environments 58, transaction devices 62, card user verification devices 70, networks 90, and/or card user identification devices 94 (and/or any number of components, such as processors or memory units illustrated in the above described devices).
  • any suitable logic may perform the functions of system 10 and the components and/or devices within system 10.
  • transaction device 62 may be a virtual processing system that utilizes a portion of merchant device 54 (and/or the processing capability of merchant device 54) to perform (or attempt to perform) an online transaction.
  • system 10 may include additional components.
  • a payment processor such as a payment processing system run by, for example, First Data Merchant Services Corporation
  • system 10 may further include one or more additional secured devices (such as additional secured servers) that receive all or a portion of the payment card information communicated by the card user when performing (or attempting to perform) the online transaction.
  • additional secured devices such as additional secured servers
  • the payment card information entered by the card user may not be communicated to the merchant device 54, but instead may be communicated to an additional secured server that is associated with the merchant. As such, the payment card information may be even further protected from fraudulent attempts to access it.
  • one or more of the communications may be encrypted (or otherwise secured in any suitable manner), providing protection against fraudulent attempts to access the information included in the communications.
  • one or more of the communications may further include one or more codes that may assist in identifying the communication as being sent by one of the devices or components of system 10.
  • the card user verification device 70 may generate a random code, and insert the code into any communication with the card user identification device 94. Based on this random code, card user identification device 94 may be able to identify the communication as having been sent by the card user verification device 70, and thus the card user identification device 94 may respond to the communication. In such an example, the card user identification device 94 may also generate a random code, and insert the code into any communication with the card user verification device 70. Based on this random code, card user verification device 70 may be able to identify the communication as having been sent by the card user identification device 94, and thus the card user verification device 70 may re-communicate the communication for receipt by the verification entity device 14.
  • FIG. 2 illustrates an example selection 200 of verification codes 114 and comparison codes 42.
  • Verification codes 114 are selected by the card user identification device 94 of FIG. 1
  • comparison codes 42 are selected by the verification entity device 14 of FIG. 1, for example.
  • verification entity device 14 may compare verification codes 114 to comparison codes 42 in order to determine whether to allow an online transaction to occur, as is discussed above.
  • Verification codes 114 and comparison codes 42 may each be selected according to a predefined manner based on verification management applications 46. For example, verification codes 114 and comparison codes 42 may be selected by sequentially rotating through each of the verification codes 114 and comparison codes 42 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes
  • comparison codes 42 e.g., skipping from the first code to the fifth code
  • by selecting a position of one of the verification codes 114 and comparison codes 42 e.g., selecting the code positioned in column five, row ten
  • any other manner of selecting one of the verification codes 114 and one of the comparison codes 42 according to a predefined manner based on verification management applications 46, or any combination of the preceding.
  • verification codes 114 and comparison codes 42 may each be selected by sequentially rotating through each of the verification codes 114 and comparison codes 42.
  • the card user identification device 94 may store the following verification codes 114: Code A, Code B, Code C, Code D, ... Code n.
  • the verification entity device 14 may store the following comparison codes 42, each of which match a respective verification code 114: Code A, Code B, Code C, Code D, ... Code n.
  • the predefined manner may cause the card user identification device 94 to select Code A as the verification code 114 for communication to the verification entity device 14. Furthermore, the same predefined manner (based on verification management application 46a) may cause the verification entity device 14 to select the matching Code A as the comparison code 42. As such, the verification code 114 (i.e., Code A) will match comparison code 42 (i.e., Code A), and the first online transaction will be allowed to proceed.
  • the predefined manner may cause the card user identification device 94 to sequentially rotate to and select Code B as the verification code 114 for communication to the verification entity device 14. That is, the sequential rotation may cause the card user identification device 94 to rotate to and select the next verification code 114 (i.e., Code B) in the sequence of verification codes 114. Furthermore, the same predefined manner (based on verification management application 46a) may cause the verification entity device 14 to sequentially rotate to and select the matching Code B as the comparison code 42. As such, the verification code 114 (i.e., Code B) will match the comparison code 42 (i.e., Code B), and the second online transaction will be allowed to proceed.
  • the verification code 114 i.e., Code B
  • the comparison code 42 i.e., Code B
  • This sequential rotation through (and selection of) the verification codes 114 and comparison codes 42 may continue until Code n is selected for both the verification code 114 and the comparison code 42. After Code n is selected, the process of selecting verification codes 114 and comparison codes 42 may be reset (as is seen by resets 204a and 204b) back to
  • the predefined manner (based on verification management application 46b) may cause the card user identification device 94 to sequentially rotate to (via reset 204a) and re-select Code A as the verification code 114 for communication to the verification entity device 14.
  • the same predefined manner (based on verification management application 46a) may cause the verification entity device 14 to sequentially rotate to (via reset 204b) and re-select the matching Code A as the comparison code 42.
  • the verification code 114 i.e., Code A
  • the comparison code 42 i.e., Code A
  • the next online transaction will be allowed to proceed.
  • the verification codes 114 and comparison codes 42 may be rotated through continuously. This may allow the same code to be re-used as the verification code 114 and comparison code 42 at a later date and/or time from the original use of the code. As such, the card user identification device 94 may not need to receive new verification codes 114 from verification entity device 14 (or some other device associated with the verification entity) when all of the verification codes 114 have already been used.
  • selection 200 illustrates a sequential rotation for selecting verification codes 114 and comparison codes 42
  • any other manner of selecting one of the verification codes 114 and one of the comparison codes 42 may be utilized (such as a reverse sequential rotation where the rotation process rotates from Code B to Code A; skipping over a predefined number of the verification codes 114 and comparison codes 42; selecting a position of one of the verification codes 114 and comparison codes 42; or any combination of the preceding).
  • selection 200 may be performed using any number of verification codes 114 and comparison codes 42.
  • FIG. 3 illustrates an example telephone transaction verification system 310 that verifies telephone transactions between card users and merchants.
  • System 310 includes a verification entity device 314 that stores comparison codes 342, and further includes a card user identification device 386 that stores verification codes 406.
  • the verification entity device 314 may compare a comparison code 342 (which is selected in a predefined manner by the verification entity device 314) with a verification code 406 (which is selected in the same predefined manner by the card user identification device 386 and then communicated to the verification entity device 314) in order to determine whether to approve the telephone transaction.
  • payment card information e.g., credit card information
  • a card user telephone device e.g., the card user's mobile phone
  • the verification entity device 314 may compare a comparison code 342 (which is selected in a predefined manner by the verification entity device 314) with a verification code 406 (which is selected in the same predefined manner by the card user identification device 386 and then communicated to the verification entity device 314) in order to determine whether to approve the telephone
  • system 310 also includes a merchant verification device 354 that is communicatively coupled to the card user identification device 386 by the merchant telephone device 374 and the card user telephone device 382. In particular embodiments, this may allow the telephone transaction to be verified even though it is performed over a telephone connection, thereby allowing system 310 to provide additional protection against fraud in a telephone transaction.
  • a verification entity represents an entity that communicates with customers and/or merchants in order to verify telephone transactions between the customers and merchants.
  • a verification entity may be a financial institution, such as a credit card company, credit card servicer, debit card company, debit card servicer, bank, any other institution that communicates with customers and/or merchants in order to facilitate telephone transactions between the customers and merchants, or any combination of the preceding.
  • the verification entity verifies telephone transactions for customers that have a credit card account, a savings account, a debit card account, a checking account, any other account associated with the financial institution (or a merchant), or any combination of the preceding.
  • the verification entity may be a third party entity, such as a clearinghouse, payment processing institution, any other entity that may communicate with a financial institution in order to assist in facilitating telephone transactions between the customers and merchants, or any combination of the preceding.
  • the verification entity verifies telephone transactions for customers (and/or merchants) associated with the financial institution.
  • a verification entity may be a combination of a financial institution and a third party entity.
  • a merchant represents an entity in any suitable industry that conducts a transaction (such as a telephone transaction) with a customer.
  • the merchant may include a retailer, a wholesaler, a service company, or any other suitable entity that has customers and conducts transactions with the customers.
  • the merchant may interact with the verification entity associated with a customer in order to facilitate each transaction.
  • a telephone transaction represents a transaction made between a customer and merchant over a telephone communication network (or any other audio communication network), and may include receiving payment from the customer for goods or services provided by the merchant (or crediting a refund to the customer).
  • An example of a telephone transaction may be a customer calling a merchant over the phone in order to purchase goods from the merchant.
  • a payment card represents a credit card, a debit card, a check, a coupon linked to an account, a gift card linked to an account, a money order, a promissory note, or any other manner of non-cash payment.
  • a card user i.e., a customer using the payment card
  • the card user may verbally communicate their payment card information to an employee of the merchant in order to pay for goods or services from the merchant.
  • Payment card information may represent any information associated with the payment card, the card user, and/or an account of the card user.
  • payment card information may include the payment card number, the payment card expiration date, the payment card verification code, the billing address associated with the payment card, the card user, and/or the account of the card user, the shipping address associated with the card user, any other information that may be used to process a telephone transaction, or any combination of the preceding.
  • system 310 of FIG. 3 may verify telephone transactions between card users and merchants in a manner that provide various advantages.
  • the verification entity device 314 may compare a comparison code 342 selected by the verification entity device 314 with a verification code 406 selected by a card user identification device 386 carried by (or otherwise associated with) the card user.
  • a comparison code 342 selected by the verification entity device 314 with a verification code 406 selected by a card user identification device 386 carried by (or otherwise associated with) the card user.
  • the person may be unable to conduct one or more telephone transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 386.
  • the provided code may not match the comparison code 342 utilized by the verification entity device 314 because the fraudulent device may not have access to verification codes 406 or a verification management application 346b that results in a verification code 406 being selected in a predefined manner.
  • the card user identification device 386 may select a particular verification code 406 for a telephone transaction by sequentially rotating through each of the verification codes 406 stored at the card user identification device 386. In such an example, this may allow the same code to be re-used as the verification code 406 at a later date and/or time from the original use of the code. Furthermore, this may prevent the card user identification device 386 from needing to receive new verification codes 406 from verification entity device 314 (or some other device associated with the verification entity) when all of the verification codes 406 have already been used. As a further example, a verification code 406 stored in the card user identification device 386 may be selected and/or communicated for receipt by the verification entity device 314 without intervention by the card user.
  • the verification process may be easier for the card user because the card user may not need to perform any type of action to assist in the verification of the telephone transaction, other than the card user actually carrying the card user identification device 386 with them when performing the telephone transaction (such as carrying the card user identification device 386 in the card user's purse or attached to the card user's keys) and/or other than the card user performing the telephone transaction with a card user identification device 386 that is held (or otherwise positioned) within communication range to the card user telephone device 382 (such as within Bluetooth range, WiFi range, radio frequency identification range, infrared range, sound wave range, or any other suitable range).
  • system 310 also includes a merchant verification device 354 that is communicatively coupled to the card user identification device 386 by the merchant telephone device 374 and the card user telephone device 382.
  • this may allow the telephone transaction to be verified even though it is performed over a telephone connection, thereby allowing system 310 to provide additional protection against fraud in a telephone transaction. Therefore, system 310 may verify telephone transactions between card users and merchants in a manner that is advantageous.
  • Verification entity device 314 represents any suitable components that verify telephone transactions between card users and merchants.
  • Verification entity device 314 may include a network server, any suitable remote server, a mainframe, a host computer, a workstation, a web server, a personal computer, a file server, or any other suitable device for verifying telephone transactions between card users and merchants.
  • the functions of verification entity device 314 may be performed by any suitable combination of one or more servers or other components at one or more locations.
  • the server may be a private server, and the server may be a virtual or physical server.
  • the server may include one or more servers at the same or remote locations.
  • verification entity device 314 may include any suitable component that functions as a server.
  • verification entity device 314 includes a network interface 318, a processor 322, and a memory unit 326.
  • Network interface 318 represents any suitable device operable to receive information from network 350, transmit information through network 350, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 318 receives an indication that the card user is attempting to perform a telephone transaction using payment card information and a card user telephone device. As another example, network interface 318 communicates a challenge code 338 for receipt by a card user identification device 386.
  • Network interface 318 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), or other communication system that allows verification entity device 314 to exchange information with network 350, merchant verification device 354, merchant telephone device 374, network 378, card user telephone device 382, card user identification device 386, or other components of system 310.
  • LAN local area network
  • MAN metropolitan area network
  • WAN wide area network
  • Processor 322 communicatively couples to network interface 318 and memory unit 326, and controls the operation and administration of verification entity device 314 by processing information received from network interface 318 and memory unit 326.
  • Processor 322 includes any hardware and/or software that operates to control and process information.
  • processor 322 executes verification entity device management application 330 to control the operation of verification entity device 314.
  • Processor 322 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
  • Memory unit 326 stores, either permanently or temporarily, data, operational software, or other information for processor 322.
  • Memory unit 326 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information.
  • memory unit 326 may include random access memory (RAM), read only memory (ROM), magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 326 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 326. While illustrated as including particular information modules, memory unit 326 may include any suitable information for use in the operation of verification entity device 314.
  • RAM random access memory
  • ROM read only memory
  • magnetic storage devices magnetic storage devices
  • optical storage devices any other suitable information storage device, or any combination of the preceding.
  • memory unit 326 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 326. While illustrated as including particular information modules, memory unit 326 may include any suitable information for use in the operation of verification entity device 314.
  • memory unit 326 includes verification entity device management application 330 and accounts 334.
  • Verification entity device management application 330 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of verification entity device 314.
  • Accounts 334 represent any information regarding personal, commercial, and/or corporate accounts handled by verification entity device 314 with regard to one or more payment cards.
  • accounts 334 includes account numbers, nicknames for accounts, account identifiers associated with an account, balance information of an account (and/or a payment card linked to the account), limits of an account (and/or a payment card linked to the account), disclaimers associated with an account, card user preferences, data associated with one or more telephone transactions performed (or in the process of being performed) by a card user, any other suitable data, or any combination of the preceding.
  • Account 334 for each different card user may include challenge codes 338, comparison codes 342, and verification management application 346a.
  • Challenge codes 338 represent any code that may be used to interrogate card user identification device 386 for a verification code 406. Examples of challenge codes 338 are discussed in further detail below.
  • Comparison codes 342 represent any code that may be compared to a verification code 406 in order to verify a telephone transaction. Examples of comparison codes 342 are discussed in further detail below.
  • Verification management application 346a represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting comparison codes 342, verification codes 406, and/or verifying a telephone transaction using comparison codes 342 and verification codes 406. Examples of verification management application 346a are discussed in further detail below.
  • Network 350 represents any suitable network operable to facilitate communication between the components of system 310, such as verification entity device 314, network 350, merchant verification device 354, merchant telephone device 374, network 378, card user telephone device 382, and card user identification device 386.
  • Network 350 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding.
  • Network 350 may include all or a portion of a public switched telephone network (PSTN), a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components.
  • PSTN public switched telephone network
  • a public or private data network such as a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any
  • Merchant verification device 354 represents any suitable components that communicate with verification entity device 314 and card user identification device 386 in order to assist in the verification of telephone transactions between card users and merchants.
  • Merchant verification device 354 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a radio frequency transceiver, an audio-generation device (such as an audio sound modulator or an analog modem), any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 310, or any combination of the preceding.
  • Merchant verification device 354 may act as an intermediary between verification entity device 314 and card user identification device 386.
  • verification entity device 314 may communicate a challenge code 338 for receipt by the card user identification device 386.
  • merchant verification device 354 may receive the challenge code 338 (prior to the card user identification device
  • the card user identification device 386 may communicate a verification code 406 for receipt by the verification entity device 314.
  • the merchant verification device 354 may receive the verification code 406 (prior to the verification entity device 314 receiving the verification code 406) and may re-communicate the verification code 406 for receipt by the verification entity device 314.
  • Merchant verification device 354 may be associated with a merchant.
  • a particular merchant may be a retail chain that sells goods to card users.
  • this merchant may have one or more merchant verification devices 354 that allow the merchant to perform telephone transactions with a card user.
  • the merchant verification device 354 may be connected to, combined with, or otherwise associated with the merchant telephone device 374, a cash register (or other device used to process purchases, such as a point-of-sale device) of the merchant, and/or a payment card reader (or other device used to process a payment card).
  • the merchant verification device 354 may be located at the merchant's location (and/or at the location of an employee of the merchant), and may act as an intermediary between the verification entity device 314 and the card user identification device 386.
  • Merchant verification device 354 may include a user interface, such as a display, a microphone, a speaker, a keypad, a scanner (such as a barcode scanner), or other appropriate terminal equipment usable by a merchant or other user.
  • merchant verification device 354 includes a network interface 358, a processor 362, and a memory unit 366.
  • Network interface 358 represents any suitable device operable to receive information from network 350 and/or network 378, transmit information through network 350 and/or network 378, perform processing of information, communicate with other devices, or any combination of the preceding.
  • network interface 358 receives a challenge code 338 from the verification entity device 314 and re-communicates the challenge code 338 for receipt by the card user identification device 386.
  • network interface 358 receives a verification code 406 from the card user identification device 386 and re-communicates the verification code 406 for receipt by the verification entity device 314.
  • Network interface 358 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 358 to exchange information with verification entity device 314, network 350, merchant telephone device 374, network 378, card user telephone device 382, card user identification device 386, or other components of system 310.
  • network interface 358 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from the card user identification device 386.
  • Processor 362 communicatively couples to network interface 358 and memory unit 366, and controls the operation and administration of merchant verification device 354 by processing information received from network interface 358 and memory unit 366.
  • Processor 362 includes any hardware and/or software that operates to control and process information.
  • processor 362 executes merchant verification device management application 370 to control the operation of merchant verification device 354.
  • Processor 362 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
  • Memory unit 366 stores, either permanently or temporarily, data, operational software, or other information for processor 362.
  • Memory unit 366 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information.
  • memory unit 366 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding.
  • memory unit 366 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 366. While illustrated as including particular information modules, memory unit 366 may include any suitable information for use in the operation of merchant verification device 354.
  • memory unit 366 includes merchant verification device management application 370.
  • Merchant verification device management application 370 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of merchant verification device 354.
  • Merchant telephone device 374 represents any suitable components that provide for telephone communication (or any other verbal communication) between card users and merchants.
  • Merchant telephone device 374 may include a landline (or wired) telephone, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), a voice over internet protocol (VoIP) device (such as a VoIP telephone, a personal computer with VoIP capabilities, a workstation with VoIP capabilities, a laptop with VoIP capabilities), a telephone with video capabilities, a telephone with text-based capabilities (such as text-based hearing-impaired telephones), a two-way radio device, any other device (wireless, wireline, or otherwise) capable of providing for telephone communication (or other verbal communication) between card users and merchants, or any combination of the preceding.
  • VoIP voice over internet protocol
  • Merchant telephone device 374 may be associated with a merchant.
  • a particular merchant may be a retail chain that sells goods to card users.
  • this merchant may have one or more merchant telephone devices 374 that allow the merchant to receive/place calls with customers, communicate with customers, and/or perform telephone transactions with a card user (or other customer).
  • the merchant telephone device 374 may be located at the merchant's location (and/or at the location of an employee of the merchant).
  • Merchant telephone device 374 may include a user interface, such as a display, a keypad, a microphone, an earphone, a speaker, a headset, or other appropriate terminal equipment usable by a merchant or other user.
  • merchant telephone device 374 is communicatively coupled to merchant verification device 354.
  • Merchant telephone device 374 may communicate with merchant verification device 354 (or vice versa) in any suitable manner.
  • merchant telephone device 374 may include (or be coupled to) one or more interfaces, connections, or ports (such as an audio input port) that may communicatively couple merchant verification device 354 to merchant telephone device 374.
  • the merchant verification device 354 may be plugged into the interface, connection, or port, allowing the merchant verification device 354 to communicate with (or through) the merchant telephone device 374.
  • merchant verification device 354 and or merchant telephone device 374 may position merchant verification device 354 in a close proximity to merchant telephone device 374 so that audio signals generated and/or transmitted by merchant verification device 354 may be received by the merchant telephone device 374.
  • the merchant (or other user) may hold the merchant verification device 354 up to (or otherwise position the merchant verification device 354 near) the microphone/speaker of the merchant telephone device 374 so that the microphone/speaker may hear (or otherwise receive) an audio signal generated by the merchant verification device 354 (or so that the merchant verification device 354 may hear, or otherwise receive, an audio signal communicated by the merchant telephone device 374).
  • merchant telephone device 374 and merchant verification device 354 may be communicatively coupled through a network similar to network 350 (discussed above) and/or network 378 (discussed below).
  • merchant telephone device 374 and merchant verification device 354 may be communicatively coupled through a wireless network (such as a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network).
  • a wireless network such as a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network.
  • merchant telephone device 374 is illustrated as a separate device from merchant verification device 354, merchant telephone device 374 may the same device as merchant verification device 354.
  • a single device may be used to provide for telephone communication between card users and merchants, and also to communicate with verification entity device 314 and card user identification device 386 in order to assist in the verification of telephone transactions between card users and merchants.
  • the merchant telephone device 374 may be mobile phone running a mobile phone application that allows the merchant telephone device 374 to perform one or more (or all) of the functions of the merchant verification device 354.
  • Network 378 represents any suitable network operable to facilitate a telephone communication (or any other communication) between the components of system 310, such as merchant telephone device 374 and card user telephone device 382.
  • Network 378 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding.
  • Network 378 may include all or a portion of a PSTN, a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate a telephone communication (or any other communication) between the components of system 310.
  • network 378 may be the same type of network as network 350, or network 378 may be a different type of network than network 350.
  • both network 378 and network 350 may be a combination of wireless and wireline networks.
  • network 378 may be only a PSTN network (or only a wireless network), while network 350 may be a combination of wireless and wireline networks.
  • network 378 and network 350 are illustrated as separate networks, network 378 and network 350 may be the same network.
  • a single network may communicate a challenge code 338 from verification entity device 314 to merchant verification device 354, and may further re-communicate the challenge code 338 from merchant telephone device 374 to card user telephone device 382.
  • Card user telephone device 382 represents any suitable components that provide for telephone communication between card users and merchants. Card user telephone device
  • 382 may include a landline (or wired) telephone, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), a voice over internet protocol
  • VoIP Voice over IP
  • Card user telephone device 382 may include a user interface, such as a display, a keypad, a microphone, an earphone, a speaker, a headset, or other appropriate terminal equipment usable by a card user.
  • Card user telephone device 382 may be associated with a card user.
  • the card user may own (or have access to) the card user telephone device 382 in order to conduct telephone communications (or other verbal communications).
  • the card user telephone device 382 may be located at the card user's location.
  • the card user may utilize the card user telephone device 382 to communicate with the merchant (via network 378 and merchant telephone device 374) in order to perform (or attempt to perform) a telephone transaction with the merchant.
  • Card user identification device 386 represents any suitable components that communicate with merchant verification device 354 in order to provide verification codes 406 to the verification entity device 314 to verify telephone transactions between card users and merchants.
  • Card user identification device 386 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, an audio-generation device (such as an audio sound modulator or an analog modem), any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with merchant verification device 354 (and/or other components of system 310), or any combination of the preceding.
  • the card user identification device 386 may include a user interface, such as a display, a microphone, a speaker, a keypad, a scanner (such as a barcode scanner), or other appropriate terminal equipment usable by a card user.
  • Card user identification device 386 may be carried by the card user (or otherwise associated with the card user). As such, when the card user attempts to conduct a telephone transaction with a merchant using payment card information (or the payment card), card user identification device 386 may communicate with merchant verification device 354 (and verification entity device 314) in order to provide verification codes 406 that may allow the verification entity device 314 to verify the telephone transaction. Card user identification device 386 may be carried by the card user (or otherwise associated with the card user) in any suitable manner.
  • the card user identification device 386 may be an audio- generation device that is attached to the card user's keys, wallet, purse, wearable items (such as a wearable wristband), and/or article of clothing (such as a belt).
  • the card user identification device 386 may be an audio-generation device that is stored (or otherwise positioned) near the card user telephone device 382.
  • the card user identification device 86 may be the card user's mobile phone.
  • card user identification device 386 includes a network interface 390, a processor 394, and a memory unit 398.
  • Network interface 390 represents any suitable device operable to receive information from network 378, transmit information through network 378, perform processing of information, communicate to other devices, or any combination of the preceding.
  • network interface 390 receives a challenge code 338 from the verification entity device 314 (via the merchant verification device 354, merchant telephone device 374, network 378, and card user telephone device 382) and communicates a verification code 406 to the verification entity device 314 (via the card user telephone device 382, network 378, merchant telephone device 374, and merchant verification device 354).
  • Network interface 390 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 390 to exchange information with verification entity device 314, network 350, merchant verification device 354, merchant telephone device 374, network 378, card user telephone device 382, or other components of system 310.
  • network interface 358 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from the merchant verification device 354.
  • Processor 394 communicatively couples to network interface 390 and memory unit 398, and controls the operation and administration of card user identification device 386 by processing information received from network interface 390 and memory unit 398.
  • Processor 394 includes any hardware and/or software that operates to control and process information.
  • processor 394 executes card user identification device management application 402 to control the operation of card user identification device 386.
  • Processor 394 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
  • Memory unit 398 stores, either permanently or temporarily, data, operational software, or other information for processor 394.
  • Memory unit 398 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information.
  • memory unit 398 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 398 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 398. While illustrated as including particular information modules, memory unit 398 may include any suitable information for use in the operation of card user identification device 386.
  • memory unit 398 includes card user identification device management application 402, verification codes 406, and verification management application 346b.
  • Card user identification device management application 402 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of card user identification device 386.
  • Verification codes 406 represent any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card). Examples of verification codes 406 are discussed in further detail below.
  • Verification management application 346b may be substantially similar to verification management application 346a (stored in memory unit 326 of verification entity device 314).
  • verification management application 346b represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting verification codes 406. Verification management application
  • verification management application 346b may be received by (and stored by) card user identification device 386 prior to card user identification device 386 receiving a challenge code 338.
  • verification management application 346b may be received by (and stored by) card user identification device 386 when card user identification device 386 is manufactured, programmed, and/or updated to operate with system 310.
  • verification management application 346b may be received by (and stored by) card user identification device 386 at any other time.
  • verification management application 346b may be a portion of the challenge code
  • the card user identification device 386 may receive (and store) the verification management application 346b the first time it receives the challenge code 338 (or every time it receives the challenge code 338).
  • verification management application 346b may be communicated to the card user identification device 386 in the same message as a challenge code 338, in a message prior to the communication of the challenge code 338, or in a message after the communication of the challenge code 338.
  • the card user identification device 386 may receive (and store) the verification management application 346b prior to receiving a challenge code 348, at the same time (or substantially the same time) as receiving a challenge code 338, or after receiving a challenge code 338. Examples of verification management application 346b are discussed in further detail below.
  • card user identification device 386 is communicatively coupled to the card user telephone device 382.
  • Card user identification device 386 may communicate with the card user telephone device 382 (or vice versa) in any suitable manner.
  • card user telephone device 382 may include (or be coupled to) one or more interfaces, connections, or ports (such as an audio input port) that may communicatively couple card user identification device 386 to card user telephone device 382.
  • the card user identification device 386 may be plugged into the interface, connection, or port, allowing the card user identification device 386 to communicate with (or through) the card user telephone device 382.
  • a user of card user identification device 386 and/or card user telephone device 382 may position card user identification device 386 in a close proximity to card user telephone device 382 so that audio signals generated and/or transmitted by card user identification device 386 may be received by the card user telephone device 382.
  • the card user (or other user) may hold the card user identification device 386 up to (or otherwise position the card user identification device 386 near) the microphone/speaker of the card user telephone device 382 so that the microphone/speaker may hear (or otherwise receive) an audio signal generated by the card user identification device 386 (or so that the card user identification device 386 may hear, or otherwise receive, an audio signal communicated by the merchant verification device 354).
  • card user identification device 386 and card user telephone device 382 may be communicatively coupled through a network similar to network 350 (discussed above) and/or network 378 (also discussed above).
  • card user identification device 386 and card user telephone device 382 may be communicatively coupled through a wireless network (such as a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network).
  • a wireless network such as a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network.
  • card user identification device 386 is illustrated as a separate device from card user telephone device 382, card user identification device 386 may the same device as card user telephone device 382.
  • a single device may be used to provide for telephone communication between card users and merchants, and also to communicate with merchant verification device 354 in order to provide verification codes 406 to the verification entity device 314 to verify telephone transactions between card users and merchants.
  • the card user telephone device 382 may be mobile phone running a mobile phone application that allows the card user telephone device 382 to perform one or more (or all) of the functions of the card user identification device 386.
  • a card user may desire to conduct a telephone transaction with a particular merchant.
  • a card user may desire to purchase an item (such as a shirt) using a payment card (such as a credit card) and a card user telephone device 382 (such as the card user's mobile phone).
  • the card user may make a telephone call to the merchant, and may provide the merchant with payment card information (via telephone payment 450).
  • the merchant may provide the payment card information to the merchant verification device 354 (via payment entry 454), which may provide an indication (via indication 458) to verification entity device 314 that the card user is attempting to perform a telephone transaction with the merchant using the payment card.
  • the verification entity may desire to verify that the person attempting to perform the telephone transaction using the payment card is the card user that is authorized to use the payment card.
  • the credit card company may desire to verify that a card issued to John Doe is being used by John Doe, as opposed to someone that may have fraudulently obtained the card (or information about the card) issued to John Doe.
  • verification entity device 314 may communicate a challenge code 338 configured to interrogate a card user identification device 386 carried by (or otherwise associated with) the card user, such as an audio-generation device that is attached to the keys of John Doe.
  • the challenge code 338 may be first communicated to merchant verification device 354 (via first challenge message 462). Following receipt of the challenge code 338, merchant verification device 354 may re- communicate the challenge code 338 to merchant telephone device 374 (via second challenge message 466), such as by generating an audio signal for communication to the merchant telephone device 374. The merchant telephone device 374 may then re-communicate the challenge code 338 to card user telephone device 382 (via third challenge message 470), which may re-communicate the challenge code 338 to the card user identification device 386
  • the challenge code 338 may interrogate the card user identification device 386, causing the card user identification device 386 to select a verification code 406 (via a predefined manner of verification management application 346b).
  • the card user identification device 386 may then communicate the verification code 406 to the card user telephone device 382 (via first verification response message 478), such as by generating an audio signal for communication to the card user telephone device 382.
  • the card user telephone device 382 may re-communicate the verification code 406 to the merchant telephone device 374 (via second verification response message 482), which may re-communicate the verification code 406 to the merchant verification device 354 (via third verification response message 486).
  • the merchant verification device 354 may receive the verification code 406 and then re-communicate the verification code 406 to verification entity device 314 (via fourth verification response message 490).
  • verification entity device 314 may select a comparison code 342 (via the predefined manner of verification application 346a) to compare to the verification code 406 received from the card user identification device 386. If the verification code 406 does not match the comparison code 342 (or a verification code 406 is never received in response to a challenge code 338), verification entity device 314 may deny the processing of the telephone transaction. On the other hand, if the verification code 406 does match the comparison code 342, verification entity device 314 may verify the telephone transaction (or otherwise approve the processing of the telephone transaction) via verification signal 494 communicated to merchant verification device 354, and the telephone transaction may be allowed to occur. In particular embodiments, this method of verifying a telephone transaction may provide additional protection against fraud. For example, even if a person
  • the person may be unable to conduct one or more telephone transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 386.
  • the code provided by the fraudulent device may not match the comparison code 342 utilized by the verification entity device 314 because the fraudulent device may not have access to verification codes 406 or the verification management application 346b that results in a verification code 406 being selected in a predefined manner. Further details regarding particular examples of these sequences illustrated in FIG. 3 are discussed below.
  • a card user may initiate a telephone transaction with a merchant by providing payment card information to the merchant via telephone payment 450.
  • Telephone payment 450 may be performed in any suitable manner.
  • the card user may call the merchant (or an employee of the merchant) on the card user telephone device 382, may verbally communicate what goods or services the card user desires to purchase, and may verbally communicate the payment card information to the merchant.
  • the payment card information may already be saved (or otherwise on file with the merchant).
  • telephone payment 450 may be performed by the card user verbally communicating their name (or other identifying information), which may allow the merchant to look-up (or otherwise access) the already saved payment card information.
  • Payment entry 454 may be performed in any suitable manner.
  • the merchant may enter the payment card information directly into merchant verification device 354 by, for example, typing (or otherwise pressing one or more buttons) the payment card information into the merchant verification device 354.
  • the merchant may enter the payment card information indirectly into merchant verification device 354 by, for example, typing (or otherwise pressing one or more buttons) the payment card information into a payment device (such as a cash register), which may then communicate the payment card information to merchant verification device 354.
  • a payment device such as a cash register
  • the merchant may enter the payment card information indirectly into merchant verification device 354 by, for example, looking-up (or otherwise accessing) the payment card information saved (or otherwise on file) with the payment device (such as the cash register), which may then communicate the payment card information to merchant verification device 354.
  • the payment device such as the cash register
  • merchant verification device 354 may communicate indication 458 to verification entity device 314, indicating that that the card user is attempting to perform a telephone transaction with the merchant using the payment card.
  • Indication 458 may include any information about the attempted telephone transaction.
  • indication 458 may include all (or a portion) of the payment card information received by the merchant verification device 354, information associated with the merchant (such as information that identifies the merchant), information associated with the telephone transaction (such as the purchase amount for the telephone transaction and details about what is being purchased), any other information desired by a verification entity for approving a telephone transaction, or any combination of the preceding.
  • indication 458 has been illustrated as being communicated directly from merchant verification device 354 to verification entity device 314, in particular embodiments, indication 458 may be communicated to one or more additional devices (not shown) before indication 458 is received by verification entity device 314.
  • indication 458 may first be communicated to a payment processor (such as a payment processing system run by, for example, First Data Merchant Services Corporation), and then the payment processor may re-communicate the indication 458 to verification entity device 314.
  • the payment processor may re-communicate all or a portion of indication 458.
  • the payment processor may perform one or more payment processing actions (using the information in indication 458) prior to re-communicating indication 458.
  • the payment processor may add information associated with these additional payment processing actions to indication 458 prior to re-communicating indication 458 to verification entity device 314.
  • the indication 458 has been illustrated as being communicated to the verification entity device 314 by merchant verification device 354, in particular embodiments, the indication 458 may be communicated to the verification entity device 314 by the payment device (such as the cash register), thereby bypassing merchant verification device 354.
  • verification entity device 314 may communicate a challenge code 338 (via first challenge message 462) for receipt by the card user identification device 386.
  • a challenge code 338 represents any code that may be used to interrogate card user identification device 386 for a verification code 406.
  • a challenge code 338 may be a computer-readable code that forces, requests, or causes a response from card user identification device 386.
  • the challenge code 338 may force, request, or cause the card user identification device 386 to select a verification code 406 stored at the card user identification device 386 and communicate the verification code 406 for receipt by the verification entity device 314.
  • a challenge code 338 may be the same code for all card user identification devices 386, or may be unique for each card user identification device 386 (or for one or more card user identification devices 386).
  • a challenge code 338 for a card user identification device 386 carried by John Doe may be different than a challenge code 338 for a card user identification device 386 carried by Jane Doe.
  • Challenge code 338 may be the same challenge code every time it is sent for receipt by a particular card user identification device 386, or it may be different every time it is sent for receipt by a particular card user identification device 386.
  • challenge code 338 may include one or more details associated with the telephone transaction (such as the purchase amount, the merchant identification, the time and/or date associated with the telephone transaction or the challenge code 338, etc.), thereby causing it to be different every time it is sent for receipt by the card user identification device 386 carried by John Doe.
  • the challenge code 338 may include a particular verification management application 346b for use by the card user identification device 386 for that telephone transaction.
  • the challenge code 338 may include particular instructions for responding to the challenge code 338 (such as a particular question that is to be answered using the verification code 406).
  • the challenge code 338 may be received by merchant verification device 354 (via first challenge message 462).
  • Merchant verification device 354 may act as an intermediary between verification entity device 314 and card user identification device 386.
  • merchant verification device 354 may receive the challenge code 338 from verification entity device 314 (via first challenge message 462) and re-communicate the challenge code 338 for receipt by card user identification device 386 (via second challenge message 466, third challenge message 470, and fourth challenge message 474). Merchant verification device 354 may re-communicate challenge code 338 in the same form (and/or in the same manner) in which merchant verification device 354 received the challenge code 338.
  • merchant verification device 354 may act as an amplifier (or an access point) that provides a network connection between verification entity device 314 and card user identification device 386. Additionally (or alternatively), merchant verification device 354 may re-communicate challenge code 338 in a different form (and/or in a different manner) than what merchant verification device 354 received the challenge code 338 as. For example, merchant verification device 354 may receive the challenge code 338 in digital form over a wired connection and re-communicate the challenge code 338 in analog form over a wireless connection. As another example, merchant verification device 354 may receive the challenge code 338 in digital form over a wireless connection and re-communicate the challenge code 338 as an audio signal.
  • merchant verification device 354 may receive the challenge code 33 in a digital form over a wired connection and re-communicate the challenge code 338 as a graphical image (such as a barcode, a QR code, a universal product code (UPC), a matrix bar code, a MaxiCode, or a ShotCode) that may be scanned or copied by the merchant telephone device 374 for transmittal to the card user telephone device 382 and the card user identification device 386.
  • merchant verification device 354 may act as a converter to convert challenge code 338 from a form (and/or a communication manner) that cannot be received by the card user identification device 386 to a form (and/or a communication manner) that can be received by the card user identification device 386.
  • merchant verification device 354 re-communicates the challenge code 338 as an audio tone (or other audio signal).
  • merchant verification device 354 be an audio-generation device that is held (or otherwise positioned) by the merchant in close proximity to merchant telephone device 374 so that audio tones (which include the challenge code 338) generated and/or transmitted by the merchant verification device 354 may be received by the merchant telephone device 374 (via, for example, a microphone/speaker in the merchant telephone device 374).
  • the merchant telephone device 374 may re-communicate the challenge code 338 to the card user telephone device 382 (via third challenge message 470).
  • Merchant telephone device 374 may re-communicate challenge code 338 in the same form (and/or in the same manner) in which merchant telephone device 374 received the challenge code 338.
  • merchant telephone device 374 may receive the challenge code as an audio signal, and may re-communicate the challenge code 338 as the audio signal.
  • merchant telephone device 374 may re-communicate challenge code 338 in a different form (and/or in a different manner) than what merchant telephone device 374 received the challenge code 338 as.
  • merchant telephone device 374 may receive the challenge code 338 in digital form over a wired connection and re-communicate the challenge code 338 as an audio signal.
  • merchant telephone device 374 may receive the challenge code 338 in a digital form over a wired connection and re- communicate the challenge code 338 as a graphical image.
  • the card user telephone device 382 may re-communicate the challenge code 338 to the card user identification device 386 (via fourth challenge message 474).
  • Card user telephone device 382 may re-communicate challenge code 338 in the same form (and/or in the same manner) in which card user telephone device 382 received the challenge code 338.
  • card user telephone device 382 may receive the challenge code as an audio signal, and may re-communicate the challenge code 338 as the audio signal. Additionally (or alternatively), card user telephone device 382 may re-communicate challenge code 338 in a different form (and/or in a different manner) than what card user telephone device 382 received the challenge code 338 as. For example, card user telephone device 382 may receive the challenge code 338 in digital form over a wireless connection and re- communicate the challenge code 338 as an audio signal. As a further example, merchant telephone device 374 may receive the challenge code 338 in a digital form over a wireless connection and re-communicate the challenge code 338 as a graphical image.
  • card user telephone device 382 re-communicates the challenge code 338 as an audio tone (or other audio signal).
  • the card user identification device 386 may be held (or otherwise positioned) by the card user in close proximity to the card user telephone device 382 so that audio tones (which include the challenge code 338) generated and/or transmitted by the card user telephone device 382 (such as, for example, transmitted by a speaker in the card user telephone device 382) may be received by the card user identification device 386 (such as, for example, received by a microphone/speaker in the card user identification device 386).
  • challenge code 338 has been illustrated as being indirectly communicated from verification entity device 314 to card user identification device 386 (via various devices and various messages), in particular embodiments, the challenge code 338 may be communicated directly from verification entity device 314 to the card user identification device 386.
  • the card user identification device 386 may be a mobile phone that receives the challenge code 338 directly.
  • the mobile phone may be running a mobile phone application associated with the verification entity device 314, and the verification entity device 314 may push the challenge code 338 directly to the mobile phone.
  • the card user identification device 386 (such as a mobile phone) may be connected directly to the verification entity device 314 via a communication network, such as a network similar to network 350 (discussed above).
  • the card user identification device 386 may communicate a verification code 406 to the merchant verification device 354 (either directly or via various devices and/or messages), which may then re-communicate the verification code 406 to the verification entity device 314.
  • challenge code 338 has been illustrated as being automatically re-communicated from the merchant verification device 354 to the card user identification device 386, in particular embodiments, the re-communication (and/or even the original communication) of the challenge code 338 to the card user identification device 386 may only occur after a signal is first received from the card user identification device 386. For example, before the challenge code 338 may be received by the card user identification device 386 (and/or even communicated to the card user identification device 386), the card user may activate the card user identification device 386 (such as by pushing a button on the card user identification device 386 or performing any other user action with the card user identification device 386).
  • This activation by the card user may cause the card user identification device 386 to send a signal to the merchant verification device 354 (and/or the verification entity device 314) indicating that the card user identification device 386 is ready to receive the challenge code 338. Following receipt of this signal from the card user identification device 386, the challenge code 338 may be communicated to (and received by) the card user identification device 386.
  • the card user identification device 386 may (in response to the interrogation provided by the challenge code 338) select one of the verification codes 406 stored at the card user identification device 386. Furthermore, the card user identification device 386 may communicate the verification code 406 for receipt by the verification entity device 314.
  • a verification code 406 represents any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card information and/or the payment card).
  • a verification code 406 may be a predefined code stored at the card user identification device 386, and may be configured to match a comparison code 342 stored at the verification entity device 314.
  • the verification code 406 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding.
  • the verification code 406 may have any length, size, or dimension.
  • the verification code 406 may be a 35 character password.
  • the verification code 406 may match a comparison code 342 when all or a portion of the verification code 406 is identical to all or a portion of the comparison code 342.
  • the verification code 406 may match the comparison code 342 when the last 30 digits of the verification code 406 are identical to the last 30 digits of the comparison code 342.
  • the verification code 406 may match a comparison code 342 when the verification code 406 is an answer to the comparison code 342 (such as an answer to a question), when the verification code 406 completes the comparison code 342 (such as a final piece of a puzzle), when the verification code 406 is the opposite of the comparison code 342 (such as the term "up” is the opposite of "down"), any other manner of matching, or any combination of the preceding.
  • Card user identification device 386 may store any suitable number of different verification codes 406. For example, card user identification device 386 may store 2 different verification codes 406, 5 different verification codes 406, 10 different verification codes 406,
  • the card user identification device 386 may select one of the verification codes 406 stored at the card user identification device 386.
  • the card user identification device 386 may select one of the verification codes
  • card user identification device 386 may select one of the verification codes 406 by sequentially rotating through each of the verification codes 406 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes 406
  • any other manner of selecting one of the verification codes 406 according to a predefined manner based on verification management application 346b, or any combination of the preceding.
  • selection of the verification code 406 may further include modifying the verification code 406.
  • the verification code 406 may be modified to include information from the challenge code 338, such as all or a portion of the challenge code 338, or details associated with the telephone transaction (e.g., the purchase amount, the merchant identification, the date and/or time associated with the telephone transaction or the challenge code 338, etc.).
  • the verification code 406 may be modified to include information regarding the date and/or time associated with the selection of the verification code 406. Further details regarding examples of the selection of a verification code 406 are discussed below with regard to FIG. 4.
  • the card user identification device 386 may communicate the verification code 406 to the card user telephone device 382
  • the card user identification device 386 may communicate the verification code 406 to the card user telephone device 382 in any suitable manner (and/or any suitable form). As an example, the card user identification device 386 may communicate the verification code 406 to the card user telephone device 382 in the same manner of communication (and/or form) by which the card user identification device 386 received the challenge code 338. In such an example, if the card user identification device
  • the card user identification device 386 may communicate the verification code 406 to the card user telephone device 382 as an audio signal.
  • the card user identification device 386 may communicate the verification code 406 to the card user telephone device 382 in a different manner of communication (and/or form) than that by which the card user identification device 386 received the challenge code 338. In such an example, if the card user identification device
  • the card user identification device 386 may communicate the verification code 406 to the merchant verification device 354 in a different radio frequency, an audio signal, a graphical image displayed or sent to the card user telephone device 382, any other manner (and/or form) different from that by which the card user identification device 386 received the challenge code 338, or any combination of the preceding. As illustrated, card user identification device
  • the card user identification device 386 communicates the verification code 406 as an audio tone (or any other audio signal).
  • the card user identification device 386 may be held (or otherwise positioned) by the card user in close proximity to card user telephone device 382 so that audio tones (which include the verification code 406) generated and/or transmitted by the card user identification device 386 (such as, for example, transmitted by a speaker in the card user identification device 386) may be received by the card user telephone device 382 (such as, for example, received by a microphone/speaker in the card user telephone device 382).
  • the selection and communication processes of the verification code 406 by the card user identification device 386 may occur without user intervention.
  • the card user identification device 386 may both automatically select and communicate the verification code 406 without any intervention by the card user (e.g., without the card user pressing a button, confirming a selection, pointing the card user identification device 386 in a particular direction, scanning the card user identification device 386, etc.).
  • verifying the telephone transaction using the card user identification device 386 may occur without any action by the user, other than the card user actually carrying the card user identification device 386 with them when performing the telephone transaction (such as carrying the card user identification device 386 in the card user's purse or attached to the card user's keys) and/or other than the card user performing the telephone transaction with a card user identification device 386 that is held (or otherwise positioned) within communication range to the card user telephone device 382 (such as within Bluetooth range, WiFi range, radio frequency identification range, infrared range, sound wave range, or any other suitable range).
  • one or more (or both) of the selection and communication processes of the verification code 406 by the card user identification device 386 may occur with user intervention.
  • selection of the verification code 406 may occur when the card user presses a button on the card user identification device 386 to select the verification code 406, when the card user performs any other manner of user intervention, or any combination of the preceding.
  • communication of the verification code 406 may occur when the card user presses a button to communicate the verification code 406, when the card user performs any other manner of user intervention, or any combination of the preceding.
  • the card user telephone device 382 may re- communicate the verification code 406 to the merchant telephone device 374 (via second verification response message 482).
  • the card user telephone device 382 may re- communicate the verification code 406 in the same form (and/or in the same manner) in which the card user telephone device 382 received the verification code 406.
  • the card user telephone device 382 may receive the verification code 406 as an audio signal, and may re-communicate the verification code 406 as the audio signal.
  • the card user telephone device 382 may re-communicate verification code 406 in a different form (and/or in a different manner) than what card user telephone device 382 received the verification code 406 as.
  • the card user telephone device 382 may receive the verification code 406 as an audio signal and re-communicate the verification code 406 in digital form over a wireless connection.
  • the card user telephone device 382 may receive the verification code 406 in a digital form over a wireless connection and re-communicate the verification code 406 as a graphical image.
  • the merchant telephone device 374 may re-communicate the verification code 406 to the merchant verification device 354 (via third verification response message 486).
  • the merchant telephone device 374 may re- communicate the verification code 406 in the same form (and/or in the same manner) in which the merchant telephone device 374 received the verification code 406.
  • the merchant telephone device 374 may receive the verification code 406 as an audio signal, and may re-communicate the verification code 406 as the audio signal.
  • the merchant telephone device 374 may re-communicate verification code 406 in a different form (and/or in a different manner) than what the merchant telephone device 374 received the verification code 406 as.
  • the merchant telephone device 374 may receive the verification code 406 in digital form over a wireless connection and re- communicate the verification code 406 as an audio signal.
  • the merchant telephone device 374 may receive the verification code 406 in a digital form over a wireless connection and re-communicate the verification code 406 as a graphical image.
  • merchant telephone device 374 communicates the verification code 406 as an audio tone (or any other audio signal).
  • the merchant verification device 354 may be held (or otherwise positioned) by the merchant in close proximity to merchant telephone device 374 so that audio tones (which include the verification code 406) generated and/or transmitted by the merchant telephone device 374 (such as, for example, transmitted by a speaker in the merchant telephone device 374) may be received by the merchant verification device 354 (such as, for example, received by a microphone/speaker in the merchant verification device 354).
  • audio tones which include the verification code 406 generated and/or transmitted by the merchant telephone device 374 (such as, for example, transmitted by a speaker in the merchant telephone device 374) may be received by the merchant verification device 354 (such as, for example, received by a microphone/speaker in the merchant verification device 354).
  • the merchant verification device 354 may re- communicate the verification code 406 for receipt by the verification entity device 314 (via fourth verification response message 490).
  • Merchant verification device 354 may re- communicate the verification code 406 in the same form (and/or communication manner) in which merchant verification device 354 received the verification code 406.
  • merchant verification device 354 may re-communicate the verification code 406 in a different form (and/or manner) than by which the merchant verification device 354 received the verification code 406.
  • the merchant verification device 354 may re-communicate the verification code 406 to the verification entity device 314 via a wired internet connection.
  • merchant verification device 354 may act as a converter to convert verification code 406 from a form (and/or communication manner) that cannot be received by the verification entity device 314 to a form (or communication manner) that can be received by the verification entity device 314.
  • a comparison code 342 represents any code that may be compared to a verification code 406 in order to verify a telephone transaction.
  • a comparison code 342 may be predefined code stored at the verification entity device 314 and that is configured to match a verification code 406 stored at the card user identification device 386.
  • the comparison code 342 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding.
  • the comparison code 342 may have any length, size, or dimension.
  • the comparison code 342 may be a 35 character password.
  • the comparison code 342 may match a verification code 406 when all or a portion of the comparison code 342 is identical to all or a portion of the verification code 406. Additionally, the comparison code 342 may match a verification code 406 in any of the manners of matching discussed above with regard to verification codes 406.
  • Verification entity device 314 may store (for each account 334) any suitable number of different comparison codes 342.
  • verification entity device 314 may store
  • verification entity device 314 may store (for each account 334) a matching comparison code 342 for each verification code 406 stored by the card user identification device 386 (and associated with an account 334). In such an example, if the card user identification device 386 stores 10 different verification codes 406, the verification entity device 314 may store 10 matching comparison codes 342.
  • the verification entity device 314 may select one of the comparison codes 342 according to the same predefined manner utilized by the card user identification device 386. For example, if the card user identification device 386 selects one of the verification codes 406 by sequentially rotating through each of the verification codes 406 (e.g., rotating from a first code to a second code), the verification entity device 314 may select one of the comparison codes 342 by sequentially rotating through each of the comparison codes 342 (e.g., rotating from a first code to a second code). As such, both the card user identification device 386 and the verification entity device 314 may utilize the same predefined manner (based on verification management applications 346b and 346a, respectively) to select a matching verification code 406 and comparison code 342.
  • selection of the comparison code 342 may further include modifying comparison code 342.
  • the comparison code 342 may be modified to include information from the challenge code 338, such as all or a portion of the challenge code 338, or details associated with the telephone transaction (e.g., the purchase amount, the merchant identification, the time and/or date associated with the telephone transaction or the challenge code 338, etc.).
  • the comparison code 342 may be modified to include information regarding the date and/or time associated with the reception of the verification code 406. Further details regarding examples of the selection of a comparison code 342 are discussed below with regard to FIG. 4.
  • the verification entity device 314 may select one of the comparison codes 342 in a different predefined manner than the card user identification device 386 (but in a manner that still causes the selected comparison code
  • the verification entity device 342 to match the selected verification code 406).
  • the verification entity device 342 to match the selected verification code 406).
  • the verification entity device 314 may store the comparison codes 342 in a different order than the card user identification device 386 stores the matching verification codes 406.
  • the verification entity device 314 may select the comparison code 342 using a first predefined manner (such as by sequentially rotating through each of the comparison codes 342, for example) while the card user identification device 386 may select the matching verification code 406 using a second predefined manner (such as by skipping over a predefined number of the verification codes 406, for example).
  • selection of the comparison code 342 has been discussed above as occurring after reception of the verification code 406, the comparison code 342 may be selected any time after indication 458 is received by the verification entity device 314.
  • the comparison code 342 may be selected before the challenge code 338 is communicated for receipt by the card user identification device 386.
  • the comparison code 342 may be selected after the challenge code 338 is communicated for receipt by the card user identification device 386, but before the verification entity device 314 receives the verification code 406.
  • the verification entity device 314 may compare the verification code 406 to the comparison code 342 in order to determine whether the verification code 406 matches the comparison code 342. If the verification code 406 does not match the comparison code 342 (or a verification code 406 is never received in response to a challenge code 338), verification entity device 314 may deny the telephone transaction. This denial may result in a denial message (not shown) being sent to merchant verification device 354, merchant telephone device 374, card user telephone device 382, and/or card user identification device 386. As a result, the telephone transaction will not be allowed to occur.
  • verification entity device 314 may verify the telephone transaction (or otherwise approve the processing of the telephone transaction) by communicating a verification signal 494 to merchant verification device 354 (and/or one or more of merchant telephone device 374, card user telephone device 382, and card user identification device 386). As such, the telephone transaction may be allowed to occur.
  • the verification signal 494 may allow the transaction to occur in any suitable manner.
  • the verification signal 494 may provide a signal to the merchant (such as a flashing green light on the merchant verification device 354) that indicates that the merchant may now process the payment card using the payment device (such as a cash register).
  • the merchant may now enter the payment card information into the payment device (or any other device that may cause the transaction to be processed).
  • the payment card information may already be in the middle of being processed (as a result of the payment card information having been entered into merchant verification device 354), and the verification signal 494 may cause (automatically or by signaling the merchant to finalize the transaction by, for example, pushing a button) the processing of the payment card information to be completed.
  • the merchant may not need to enter the payment card information into the payment device (or any other device) again.
  • verification entity device 314 may compare more than one verification code 406 to more than one comparison code 342 in order to verify the particular telephone transaction. For example, for each telephone transaction, two or more verification codes 406 and two or more comparison codes 342 may be selected for the verification process. In such an example, verification entity device 314 may only verify (or otherwise allow) the telephone transaction if each of the selected verification codes 406 match each of the selected comparison codes 342.
  • verification entity device 314 has been illustrated as verifying (or otherwise approving) the telephone transaction if the verification code 406 matches the comparison code 342, in particular embodiments, verification (or approval) of the telephone transaction may include various additional steps. For example, verification entity device 314 may determine whether the payment card has been reported lost or stolen, whether the telephone transaction appears suspicious based on the card user's typical purchases, whether there is a sufficient balance associated with the payment card to approve the telephone transaction, whether the online transaction will cause a credit limit associated with the payment card (or account 334) to be overdrawn, whether a billing address listed in the payment card information received from the card user matches the billing address listed in account 334 for the card user, any other suitable method for detemiining whether to verify (or approve) the telephone transaction, or any combination of the preceding.
  • verification entity device 314 has been illustrated as storing and communicating challenge codes 338, storing and selecting comparison codes 342, and verifying the telephone transactions by comparing comparison codes 342 to verification codes 406, in particular embodiments, one or more (or all) of these actions may be performed by other devices or components of system 310, such as merchant verification device 354 and/or one or more third party devices or components.
  • merchant verification device 354 may store and communicate challenge codes 338, store and select comparison codes 342, and verify the telephone transactions by comparing comparison codes 342 to verification codes 406.
  • verification entity device 314 may approve the telephone transaction (or otherwise allow the telephone transaction to occur) if the merchant verification device 354 verifies the telephone transaction and communicates a verification signal (such as verification signal 494) to the verification entity device 314.
  • the above-described method of verifying a telephone transaction may provide additional protection against fraud. For example, even if a person (or a device) is able to steal or copy a card user's payment card information (such as the payment card number, expiration date, and verification code) or the payment card (itself), the person may be unable to conduct one or more telephone transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 386.
  • a card user's payment card information such as the payment card number, expiration date, and verification code
  • the person may be unable to conduct one or more telephone transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 386.
  • the code provided by the fraudulent device may not match the comparison code 342 utilized by the verification entity device 314 because the fraudulent device may not have access to verification codes 406 or the verification management application 346b that results in a verification code 406 being selected in a predefined manner.
  • verification entity device 314 may verify any number of telephone transactions that are performed using any number of verification entity devices 314, networks 350, merchant verification devices 354, merchant telephone devices 374, networks 378, card user telephone devices 382, card user identification devices 386, card users, and/or merchants.
  • system 310 may include any number of verification entity devices 314, networks 350, merchant verification devices 354, merchant telephone devices 374, networks 378, card user telephone devices 382, and/or card user identification devices 386 (and/or any number of components, such as processors or memory units illustrated in the above described devices).
  • any suitable logic may perform the functions of system 310 and the components and/or devices within system 310.
  • system 310 may be combined. Also, system
  • a payment processor such as a payment processing system run by, for example, First Data Merchant Services Corporation
  • a payment processor may be communicatively located in-between the merchant verification device 354 and the verification entity device 314.
  • all or a portion of one or more communications between merchant verification device 354 and verification entity device 314 may be communicated through (and/or modified by) the payment processor.
  • one or more of the communications may be encrypted (or otherwise secured in any suitable manner), providing protection against fraudulent attempts to access the information included in the communications.
  • one or more of the communications may further include one or more codes that may assist in identifying the communication as being sent by one of the devices or components of system 310.
  • the merchant verification device 354 may generate a random code, and insert the code into any communication with the card user identification device 386. Based on this random code, card user identification device 386 may be able to identify the communication as having been sent by the merchant verification device 354, and thus the card user identification device 386 may respond to the communication. In such an example, the card user identification device 386 may also generate a random code, and insert the code into any communication with the merchant verification device 354. Based on this random code, merchant verification device 354 may be able to identify the communication as having been sent by the card user identification device 386, and thus the merchant verification device 354 may re-communicate the communication for receipt by the verification entity device 314.
  • FIG. 3 illustrates an example selection 300 of verification codes 406 and comparison codes 342.
  • Verification codes 406 are selected by the card user identification device 386 of FIG. 3, and comparison codes 342 are selected by the verification entity device 314 of FIG. 3, for example.
  • verification entity device 314 may compare verification codes 406 to comparison codes 342 in order to determine whether to allow a telephone transaction to occur, as is discussed above.
  • Verification codes 406 and comparison codes 342 may each be selected according to a predefined manner based on verification management applications 346.
  • verification codes 406 and comparison codes 342 may be selected by sequentially rotating through each of the verification codes 406 and comparison codes 342 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes 406 and comparison codes 342 (e.g., skipping from the first code to the fifth code), by selecting a position of one of the verification codes 406 and comparison codes 342 (e.g., selecting the code positioned in column five, row ten), any other manner of selecting one of the verification codes 406 and one of the comparison codes 342 according to a predefined manner based on verification management applications 346, or any combination of the preceding.
  • verification codes 406 and comparison codes 342 may each be selected by sequentially rotating through each of the verification codes 406 and comparison codes 342.
  • the card user identification device 386 may store the following verification codes 406: Code A, Code B, Code C, Code D, ... Code n.
  • the verification entity device 314 may store the following comparison codes 342, each of which match a respective verification code 406: Code A, Code B, Code C, Code D, ... Code n.
  • the predefined manner may cause the card user identification device 386 to select Code A as the verification code 406 for communication to the verification entity device 314.
  • the same predefined manner may cause the verification entity device 314 to select the matching Code A as the comparison code 342.
  • the verification code 406 i.e., Code A
  • comparison code 342 i.e., Code A
  • the first telephone transaction will be allowed to proceed.
  • the predefined manner may cause the card user identification device 386 to sequentially rotate to and select Code B as the verification code 406 for communication to the verification entity device 314. That is, the sequential rotation may cause the card user identification device 386 to rotate to and select the next verification code 406 (i.e., Code B) in the sequence of verification codes 406.
  • the same predefined manner may cause the verification entity device 314 to sequentially rotate to and select the matching Code B as the comparison code 342. As such, the verification code 406 (i.e., Code B) will match the comparison code 342 (i.e., Code B), and the second telephone transaction will be allowed to proceed.
  • This sequential rotation through (and selection of) the verification codes 406 and comparison codes 342 may continue until Code n is selected for both the verification code 406 and the comparison code 342. After Code n is selected, the process of selecting verification codes 406 and comparison codes 342 may be reset (as is seen by resets 404a and 404b) back to Code A. Therefore, for the next potential telephone transaction of the card user (such as when the card user attempts to pay for a hair cut from merchant O), the predefined manner (based on verification management application 346b) may cause the card user identification device 386 to sequentially rotate to (via reset 404a) and re-select Code A as the verification code 406 for communication to the verification entity device 314.
  • the same predefined manner may cause the verification entity device 314 to sequentially rotate to (via reset 404b) and re-select the matching Code A as the comparison code 342.
  • the verification code 406 i.e., Code A
  • the comparison code 342 i.e., Code A
  • the verification codes 406 and comparison codes 342 may be rotated through continuously. This may allow the same code to be re-used as the verification code 406 and comparison code 342 at a later date and/or time from the original use of the code. As such, the card user identification device 386 may not need to receive new verification codes 406 from verification entity device 314 (or some other device associated with the verification entity) when all of the verification codes 406 have already been used.
  • selection 400 may be performed using any number of verification codes 406 and comparison codes 342.
  • FIG. 5 illustrates an example transaction verification system 510 that verifies transactions between card users and merchants.
  • System 510 includes a verification entity device 514 that stores comparison codes 542, and further includes a card user device 586 that stores verification codes 606.
  • the verification entity device 514 may compare a comparison code 542 (which is selected in a predefined manner by the verification entity device 514) with a verification code 606 (which is selected in the same predefined manner by the card user device 586 and then communicated to the verification entity device 514) in order to determine whether to approve the transaction. In particular embodiments, this may provide additional protection against fraud.
  • a verification entity represents an entity that communicates with customers and/or merchants in order to verify transactions between the customers and merchants.
  • a verification entity may be a financial institution, such as a credit card company, credit card servicer, debit card company, debit card servicer, bank, any other institution that communicates with customers and/or merchants in order to facilitate transactions between the customers and merchants, or any combination of the preceding.
  • the verification entity verifies transactions for customers that have a credit card account, a savings account, a debit card account, a checking account, any other account associated with the financial institution (or a merchant), or any combination of the preceding.
  • the verification entity may be a third party entity, such as a clearinghouse, payment processing institution, any other entity that may communicate with a financial institution in order to assist in facilitating transactions between the customers and merchants, or any combination of the preceding.
  • the verification entity verifies transactions for customers (and/or merchants) associated with the financial institution.
  • a verification entity may be a combination of a financial institution and a third party entity.
  • a merchant represents an entity in any suitable industry that conducts a transaction with a customer.
  • the merchant may include a retailer, a wholesaler, a service company, or any other suitable entity that has customers and conducts transactions with the customers.
  • the transaction may include receiving payment for goods or services from the customer or crediting a refund to the customer.
  • the merchant interacts with the verification entity associated with a customer in order to facilitate each transaction.
  • a payment card represents a credit card, a debit card, a check, a coupon linked to an account, a gift card linked to an account, a money order, a promissory note, or any other manner of non-cash payment.
  • a card user i.e., a customer using the payment card
  • a customer In order to conduct a transaction with a merchant, a customer typically pays for goods or services received from the merchant using money, a check, and/or credit/debit cards. Payments using credit/debit cards may be problematic for various reasons. For example, credit/debit cards are susceptible to fraud, which can affect the customer, merchant, and/or the verification entity associated with the customer. To prevent fraud with credit/debit cards, a merchant typically checks whether the name and/or picture on the credit/debit card matches identification provided by the customer. Such typical techniques for preventing fraud with credit/debit cards may be deficient. As such, in particular embodiments, system 510 of FIG. 5 may verify transactions between card users and merchants in a manner that provide various advantages.
  • the verification entity device 514 may compare a comparison code 542 selected by the verification entity device 514 with a verification code 606 selected by a card user device 586 carried by the card user.
  • a comparison code 542 selected by the verification entity device 514 may be able to steal or copy a card user's payment card, the person may be unable to conduct one or more transactions using the payment card because the person may not also have the card user device 586.
  • the provided code may not match the comparison code 542 utilized by the verification entity device 514 because the fraudulent device may not have access to verification codes 606 or a verification management application 546b that results in a verification code 606 being selected in a predefined manner.
  • the card user device 586 may select a particular verification code
  • a verification code 606 for a transaction by sequentially rotating through each of the verification codes 606 stored at the card user device 586.
  • this may allow the same code to be re-used as the verification code 606 at a later date and/or time from the original use of the code.
  • this may prevent the card user device 586 from needing to receive new verification codes 606 from verification entity device 514 (or some other device associated with the verification entity) when all of the verification codes 606 have already been used.
  • a verification code 606 stored in the card user device 586 may be selected and/or communicated for receipt by the verification entity device 514 without intervention by the card user.
  • the verification process may be easier for the card user because the card user may not need to perform any type of action to assist in the verification of the transaction, other than the card user actually carrying the card user device 586 with them when performing the transaction (such as carrying the card user device 586 in the card user's purse or attached to the card user's keys).
  • system 510 may verify transactions between card users and merchants in a manner that is advantageous.
  • Verification entity device 514 represents any suitable components that verify transactions between card users and merchants.
  • Verification entity device 514 may include a network server, any suitable remote server, a mainframe, a host computer, a workstation, a web server, a personal computer, a file server, or any other suitable device for verifying transactions between card users and merchants.
  • the functions of verification entity device 514 may be performed by any suitable combination of one or more servers or other components at one or more locations.
  • the server may be a private server, and the server may be a virtual or physical server.
  • the server may include one or more servers at the same or remote locations.
  • verification entity device 514 may include any suitable component that functions as a server.
  • verification entity device 514 includes a network interface 518, a processor 522, and a memory unit 526.
  • Network interface 518 represents any suitable device operable to receive information from network 550, transmit information through network 550, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 518 receives transaction information associated with a transaction between a card user and a merchant. As another example, network interface 518 communicates a challenge code 538 for receipt by a card user device 586.
  • Network interface 518 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), or other communication system that allows verification entity device 514 to exchange information with network 550, transaction environment 54, transaction device 558, merchant verification device 562, network 582, card user device 586, or other components of system 510.
  • LAN local area network
  • MAN metropolitan area network
  • WAN wide area network
  • verification entity device 514 to exchange information with network 550, transaction environment 54, transaction device 558, merchant verification device 562, network 582, card user device 586, or other components of system 510.
  • Processor 522 communicatively couples to network interface 518 and memory unit 526, and controls the operation and administration of verification entity device 514 by processing information received from network interface 518 and memory unit 526.
  • Processor 522 includes any hardware and/or software that operates to control and process information.
  • processor 522 executes verification entity device management application 530 to control the operation of verification entity device 514.
  • Processor 522 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
  • Memory unit 526 stores, either permanently or temporarily, data, operational software, or other information for processor 522.
  • Memory unit 526 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information.
  • memory unit 526 may include random access memory (RAM), read only memory (ROM), magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding.
  • RAM random access memory
  • ROM read only memory
  • magnetic storage devices magnetic storage devices
  • optical storage devices any other suitable information storage device, or any combination of the preceding.
  • memory unit 526 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 526. While illustrated as including particular information modules, memory unit 526 may include any suitable information for use in the operation of verification entity device 514.
  • memory unit 526 includes verification entity device management application 530 and accounts 534.
  • Verification entity device management application 530 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of verification entity device 514.
  • Accounts 534 represent any information regarding personal, commercial, and/or corporate accounts handled by verification entity device 514 with regard to one or more payment cards.
  • accounts 534 includes account numbers, nicknames for accounts, account identifiers associated with an account, balance information of an account (and/or a payment card linked to the account), limits of an account (and/or a payment card linked to the account), disclaimers associated with an account, card user preferences, data associated with one or more transactions performed (or in the process of being performed) by a card user, any other suitable data, or any combination of the preceding.
  • Account 534 for each different card user may include challenge codes 538, comparison codes 542, and verification management application 546a.
  • Challenge codes 538 represent any code that may be used to interrogate card user device 586 for a verification code 606. Examples of challenge codes 538 are discussed in further detail below.
  • Comparison codes 542 represent any code that may be compared to a verification code 606 in order to verify a transaction. Examples of comparison codes 542 are discussed in further detail below.
  • Verification management application 546a represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting comparison codes 542, verification codes 606, and/or verifying a transaction using comparison codes 542 and verification codes 606. Examples of verification management application 546a are discussed in further detail below.
  • Network 550 represents any suitable network operable to facilitate communication between the components of system 510, such as verification entity device 514, transaction environment 554, transaction device 558, and merchant verification device 562.
  • Network 550 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding.
  • Network 550 may include all or a portion of a public switched telephone network (PSTN), a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components.
  • PSTN public switched telephone network
  • Transaction environment 554 represents any suitable components that allow card users to perform transactions with merchants. As illustrated, transaction environment 554 includes transaction device 558 and merchant verification device 562. Transaction device
  • transaction device 558 represents any suitable components that process a transaction between a card user and a merchant.
  • transaction device 558 may include a cash register, a vending machine, a point-of-sale terminal, a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 510 in order to input, verify, and process a transaction between a card user and a merchant, or any combination of the preceding.
  • a mobile telephone such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone
  • an electronic notebook such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone
  • personal digital assistant any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of
  • Transaction device 558 may further allow transaction information to be generated and communicated to verification entity device 514 in order to perform a transaction.
  • transaction device 558 may include a card reader (such as a credit card reader) that reads a card user's payment card for the purchase, communicates the payment card information to the verification entity device 514, and processes the transaction following an indication by the verification entity device 514 that the transaction has been verified (or otherwise approved).
  • Transaction device 558 may be associated with a merchant.
  • a particular merchant may be a retail chain that sells goods to card users. In such an example, this merchant may have one or more transaction devices 558 that allow card users to pay for the goods purchased from the merchant.
  • Transaction device 558 may include a user interface, such as a display, a microphone, keypad, credit/debit card terminal, a scanner (such as a barcode scanner), or other appropriate terminal equipment usable by a merchant or other user.
  • Merchant verification device 562 represents any suitable components that communicate with verification entity device 514 and card user device 586 in order to assist in the verification of transactions between card users and merchants.
  • Merchant verification device 562 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a radio frequency transceiver, a smart card reader, a wired identification tag transceiver, a wireless identification tag transceiver, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 510, or any combination of the preceding.
  • Merchant verification device 562 may act as an intermediary between verification entity device 514 and card user device 586.
  • verification entity device 514 may communicate a challenge code 538 for receipt by the card user device 586.
  • merchant verification device 562 may receive the challenge code 538 (prior to the card user device 586 receiving the challenge code 538) and may re-communicate the challenge code 538 to the card user device 586.
  • the card user device 586 may communication a verification code 606 for receipt by the verification entity device 514.
  • the merchant verification device 562 may receive the verification code 606 (prior to the verification entity device 514 receiving the verification code 606) and may re-communicate the verification code 606 to the verification entity device 514.
  • Merchant verification device 562 may be associated with a merchant.
  • a particular merchant may be a retail chain that sells goods to card users.
  • this merchant may have one or more merchant verification devices 562 that may be connected (or otherwise associated with) a transaction device 558.
  • the merchant verification device 562 may be located at the merchant's location, and may act as an intermediary between the verification entity device 514 and the card user device 586.
  • Merchant verification device 562 may include a user interface, such as a display, a microphone, keypad, a scanner (such as a barcode scanner), or other appropriate terminal equipment usable by a merchant or other user.
  • merchant verification device 562 includes a network interface 566, a processor 570, and a memory unit 574.
  • Network interface 566 represents any suitable device operable to receive information from network 550 and/or network 582, transmit information through network 550 and/or network 582, perform processing of information, communicate to other devices, or any combination of the preceding.
  • network interface 562 receives a challenge code 538 from the verification entity device 514 and re-communicates the challenge code 538 to the card user device 586.
  • network interface 562 receives a verification code 606 from the card user device 586 and re-communicates the verification code 606 to the verification entity device 514.
  • Network interface 566 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 566 to exchange information with verification entity device 514, network 550, transaction environment 554, transaction device 558, merchant verification device 562, network 582, card user device 586, or other components of system 510.
  • network interface 566 may be (or may further include) a radio frequency transceiver for communicating radio frequencies to and from the card user device 586.
  • network interface 566 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from the card user device 586.
  • network interface 566 may be (or may further include) a display screen for capturing images (such as a quick response (QR) code) generated and displayed on the card user device 586, or for generating and displaying images (such as a QR code) for capture by the card user device 586.
  • Processor 570 communicatively couples to network interface 566 and memory unit 574, and controls the operation and administration of merchant verification device 562 by processing information received from network interface 566 and memory unit 574.
  • Processor 570 includes any hardware and/or software that operates to control and process information.
  • processor 570 executes merchant verification device management application 578 to control the operation of merchant verification device 562.
  • Processor 570 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
  • Memory unit 574 stores, either permanently or temporarily, data, operational software, or other information for processor 570.
  • Memory unit 574 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information.
  • memory unit 574 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding.
  • memory unit 574 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 574. While illustrated as including particular information modules, memory unit 574 may include any suitable information for use in the operation of merchant verification device 562.
  • memory unit 574 includes merchant verification device management application 578.
  • Merchant verification device management application 578 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of merchant verification device 562.
  • merchant verification device 562 is illustrated as a separate device from transaction device 558, merchant verification device 562 may the same device as transaction device 558. In such an example, a single device may be used to process the transaction and to communicate with verification entity device 514 and card user device 586 in order to assist in the verification of transactions between card users and merchants.
  • Network 582 represents any suitable network operable to facilitate communication between the components of system 510, such as merchant verification device 562 and card user device 586.
  • Network 582 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding.
  • Network 582 may include all or a portion of a PSTN, a public or private data network, a
  • network 582 may be the same type of network as network 550, or network 582 may be a different type of network than network 550.
  • both network 582 and network 550 may be a combination of wireless and wireline networks.
  • network 582 may be only a wireless network (such as only a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network), while network 550 may be a combination of wireless and wireline networks.
  • network 582 and network 550 are illustrated as separate networks, network 582 and network 550 may be the same network.
  • a single network may communicate a challenge code 538 from verification entity device 514 to merchant verification device 562, and may further re-communicate the challenge code 538 from merchant verification device 562 to card user device 586.
  • Card user device 586 represents any suitable components that communicate with verification entity device 514 and merchant verification device 562 in order to provide verification codes 606 to the verification entity device 514 to verify transactions between card users and merchants.
  • Card user device 562 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a wired identification tag, a wireless identification tag, a radio frequency identification device, an audio-generation device, a smart card, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with merchant verification device 562 (and/or other components of system 510), or any combination of the preceding.
  • card user device 586 may include a user interface, such as a display, a microphone, keypad, a scanner (such as a QR code scanner), or other appropriate terminal equipment usable by the card user.
  • Card user device 586 may be carried by the card user (or otherwise associated with the card user). As such, when the card user attempts to conduct a transaction with a merchant using a payment card, card user device 586 may communicate with merchant verification device 562 (and verification entity device 514) in order to provide verification codes 606 that may allow the verification entity device 514 to verify the transaction. Card user device 586 may be carried by the card user (or otherwise associated with the card user) in any suitable manner.
  • the card user device 586 may be a wireless identification tag that is attached to the card user's keys, wallet, purse, wearable items (such as a wearable wristband), and/or article of clothing (such as a belt).
  • the card user device 586 may be a smart card that is carried within the card user's wallet, purse, or pocket.
  • the card user device 586 may be the card user's mobile phone.
  • card user device 586 includes a network interface 590, a processor 594, and a memory unit 598.
  • Network interface 590 represents any suitable device operable to receive information from network 582, transmit information through network 582, perform processing of information, communicate to other devices, or any combination of the preceding.
  • network interface 590 receives a challenge code 538 from the verification entity device 514 (via the merchant verification device 562) and communicates a verification code 606 to the verification entity device 514 (via the merchant verification device 562).
  • Network interface 590 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 590 to exchange information with network 582, merchant verification device 562, verification entity device 514, or other components of system 510.
  • network interface 590 may be (or may further include) a radio frequency transceiver (such as a radio frequency identification transceiver, a Bluetooth transceiver, a WiFi transceiver, etc.) for communicating radio frequencies to and from the merchant verification device 562.
  • a radio frequency transceiver such as a radio frequency identification transceiver, a Bluetooth transceiver, a WiFi transceiver, etc.
  • network interface 590 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from merchant verification device 562.
  • network interface 590 may be (or may further include) a card user display screen for capturing images (such as a QR code) generated and displayed on the merchant verification device 562, or for generating and displaying images (such as a QR code) for capture by the merchant verification device 562.
  • Processor 594 communicatively couples to network interface 590 and memory unit 598, and controls the operation and administration of card user device 586 by processing information received from network interface 590 and memory unit 598.
  • Processor 594 includes any hardware and/or software that operates to control and process information.
  • processor 594 executes card user device management application 602 to control the operation of card user device 586.
  • Processor 594 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
  • Memory unit 598 stores, either permanently or temporarily, data, operational software, or other information for processor 594.
  • Memory unit 598 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information.
  • memory unit 598 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding.
  • memory unit 598 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 598. While illustrated as including particular information modules, memory unit 598 may include any suitable information for use in the operation of card user device 586.
  • memory unit 598 includes card user device management application
  • Card user device management application 602 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of card user device 586.
  • Verification codes 606 represent any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card). Examples of verification codes 606 are discussed in further detail below.
  • Verification management application 546b may be substantially similar to verification management application 546a (stored in memory unit 534 of verification entity device 514). As such, verification management application 546b represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting verification codes
  • Verification management application 546b may be received by (and stored by) card user device 586 prior to card user device 586 receiving a challenge code 538.
  • verification management application 546b may be received by (and stored by) card user device 586 when card user device 586 is manufactured, programmed, and/or updated to operate with system 510.
  • verification management application 546b may be received by (and stored by) card user device 586 at any other time.
  • verification management application 546b may be a portion of the challenge code 538 communicated for receipt by the card user device 586.
  • the card user device 586 may receive (and store) the verification management application 546b the first time it receives the challenge code 538 (or every time it receives the challenge code 538).
  • verification management application 546b may be communicated to the card user device 586 in the same message as a challenge code 538, in a message prior to the communication of the challenge code 538, or in a message after the communication of the challenge code 538.
  • the card user device 586 may receive (and store) the verification management application 546b prior to receiving a challenge code 538, at the same time (or substantially the same time) as receiving a challenge code 538, or after receiving a challenge code 538. Examples of verification management application 546b are discussed in further detail below.
  • a card user may desire to conduct a transaction with a particular merchant. For example, a card user may desire to purchase an item (such as a shirt) using a payment card (such as a credit card). In order to do so, the card user may provide the merchant with the payment card (via payment 650). The merchant may then begin processing payment for the transaction by running the payment card through transaction device 558 (such as by swiping the credit card through a card reader of transaction device 558). As a result of running the payment card through transaction device 558, transaction device 558 may provide an indication (via indication 654) to verification entity device 514 that the card user is attempting to perform a transaction with the merchant using the payment card.
  • transaction device 558 may provide an indication (via indication 654) to verification entity device 514 that the card user is attempting to perform a transaction with the merchant using the payment card.
  • the verification entity may desire to verify that the person attempting to perform the transaction with the payment card is the card user that is authorized to use the payment card.
  • the credit card company may desire to verify that a card issued to John Doe is being used by John Doe, as opposed to someone that may have fraudulently obtained the card issued to John Doe.
  • verification entity device 514 may communicate a challenge code 538 to a merchant verification device 562 (via initial challenge message 658) that is associated with the merchant.
  • Merchant verification device 562 may receive the challenge code 538 and re-communicate the challenge code 538 (via subsequent challenge message 662) to a card user device 586 carried by the card user (such as a wireless identification tag attached to the keys of John Doe).
  • the challenge code 538 may interrogate the card user device 586, causing the card user device 586 to select a verification code 606 (via a predefined manner of verification management application 546b) and communicate (via initial verification response message 666) the verification code 606 back to merchant verification device 562.
  • Merchant verification device 562 may then re-communicate the verification code 606 to verification entity device 514 (via subsequent verification response message 670).
  • verification entity device 514 may select a comparison code 542 (via the predefined manner of verification application 546a) to compare to the verification code 606 received from the card user device 586. If the verification code 606 does not match the comparison code 542 (or a verification code 606 is never received in response to a challenge code 538), verification entity device 514 may deny the processing of the transaction by transaction device 558. On the other hand, if the verification code 606 does match the comparison code 542, verification entity device 514 may verify the transaction (or otherwise approve the processing of the transaction) via verification signal 674 communicated to transaction device 558, and the transaction may be allowed to occur. In particular embodiments, this method of verifying a transaction may provide additional protection against fraud.
  • the person may be unable to conduct one or more transactions using the payment card because the person may not also have the card user device 586.
  • the code provided by the fraudulent device may not match the comparison code 542 utilized by the verification entity device 514 because the fraudulent device may not have access to verification codes 606 or the verification management application 546b that results in a verification code 606 being selected in a predefined manner. Further details regarding particular examples of these sequences illustrated in FIG. 5 are discussed below.
  • a card user may begin a transaction with a merchant by providing a payment card to the merchant via payment 650.
  • Payment 650 may be performed in any suitable manner.
  • the card user may hand the payment card to the merchant to process the payment card.
  • the card user (or the merchant) may swipe the payment card through a card reader.
  • the card user (or the merchant) may enter information from the payment card (via, for example, typing) in order to process the payment card.
  • Payment 650 may be processed using transaction device 558.
  • transaction device 558 may communicate indication 654 to verification entity device 514, indicating that that the card user is attempting to perform a transaction with the merchant using the payment card.
  • Indication 654 may include any information about the attempted transaction.
  • indication 654 may include information associated with the payment card (such as the card number, expiration date, and verification number), information associated with the merchant (such as information that identifies the merchant), information associated with the transaction (such as the purchase amount for the transaction and details about what is being purchased), any other information desired by a verification entity for approving a payment card transaction, or any combination of the preceding.
  • indication 654 may be communicated by merchant verification device 562.
  • the payment card may first be processed for verification by the merchant verification device 562 (such as by the merchant swiping the payment card through a card reader of the merchant verification device 562).
  • the merchant verification device 562 may provide the indication 654 to verification entity device 514, which will verify the transaction (as is discussed herein).
  • the merchant verification device 562 may signal to the merchant that the payment card may be processed for payment.
  • the merchant may then process the payment card for payment using, for example, the transaction device 558.
  • indication 654 has been illustrated as being communicated directly from transaction device 558 to verification entity device 514, in particular embodiments, indication 654 may be communicated to one or more additional devices (not shown) before indication 654 is received by verification entity device 514.
  • indication 654 may first be communicated to a payment processor (such as a payment processing system run by, for example, First Data Merchant Services Corporation), and then the payment processor may re-communicate the indication 654 to verification entity device 514.
  • the payment processor may re-communicate all or a portion of indication 654.
  • the payment processor may perform one or more payment processing actions (using the information in indication 654) prior to re-communicating indication 654. In such an example, the payment processor may add information associated with these additional payment processing actions to indication 654 prior to re-communicating indication 654 to verification entity device 514.
  • verification entity device 514 may communicate a challenge code 538 (via initial challenge message 658) for receipt by the card user device
  • a challenge code 538 represents any code that may be used to interrogate card user device 586 for a verification code 606.
  • a challenge code 538 may be a computer-readable code that forces, requests, or causes a response from card user device 586.
  • the challenge code 538 may force, request, or cause the card user device 586 to select a verification code 606 stored at the card user device 586 and communicate the verification code 606 for receipt by the verification entity device 514.
  • a challenge code 538 may be the same code for all card user devices 586, or may be unique for each card user device 586 (or for one or more card user devices 586). For example, a challenge code 538 for a card user device 586 carried by John Doe may be different than a challenge code 538 for a card user device 586 carried by Jane Doe.
  • Challenge code 538 may be the same challenge code every time it is sent for receipt by a particular card user device 586, or it may be different every time it is sent for receipt by a particular card user device 586.
  • challenge code 538 may include one or more details associated with the transaction (such as the purchase amount, the merchant identification, the time and/or date associated with the transaction or the challenge code 538, etc.), thereby causing it to be different every time it is sent for receipt by the card user device 586 carried by John Doe.
  • challenge code 538 may include a particular verification management application 546b for use by the card user device 586 for that transaction.
  • challenge code 538 may include particular instructions for responding to the challenge code 538 (such as a particular question that is to be answered using the verification code 606).
  • the challenge code 538 may be received by merchant verification device 562.
  • merchant verification device 562 may act as an intermediary between verification entity device 514 and card user device 586. By doing so, merchant verification device 562 may receive the challenge code 538 from verification entity device 514 (via initial challenge message 658) and re-communicate the challenge code 538 to card user device 586 (via subsequent challenge message 662). Merchant verification device 562 may re- communicate challenge code 538 in the same form (and/or in the same manner) in which merchant verification device 562 received the challenge code 538.
  • merchant verification device 562 may act as an amplifier (or an access point) that provides a network connection between verification entity device 514 and card user device 586. Additionally (or alternatively), merchant verification device 562 may re-communicate challenge code 538 in a different form (and/or in a different manner) than what merchant verification device 562 received the challenge code 538 as. For example, merchant verification device 562 may receive the challenge code 538 in digital form over a wired connection and re-communicate the challenge code 538 in analog form over a wireless connection.
  • merchant verification device 562 may receive the challenge code 538 in digital form over a wireless connection and re-communicate the challenge code 538 in a radio frequency (or as a particular audio tone or as an infrared signal) over a different wireless connection.
  • merchant verification device 562 may receive the challenge code 538 in a digital form over a wired connection and re-communicate the challenge code 538 as a graphical image (such as a barcode, a Q code, a universal product code (UPC), a matrix bar code, a MaxiCode, or a ShotCode) that may be scanned or copied by the card user device 562.
  • a graphical image such as a barcode, a Q code, a universal product code (UPC), a matrix bar code, a MaxiCode, or a ShotCode
  • merchant verification device 562 may act as a converter to convert challenge code 538 from a form (and/or a communication manner) that cannot be received by the card user device 586 to a form (and/or a communication manner) that can be received by the card user device 86.
  • challenge code 538 has been illustrated as being communicated from verification entity device 514 to merchant verification device 562 and then re-communicated from the merchant verification device 562 to the card user device 586
  • the challenge code 538 may be communicated directly from verification entity device 514 to the card user device 586.
  • the card user device 586 may be a mobile phone that receives the challenge code 538 directly.
  • the mobile phone may be running a mobile phone application associated with the verification entity device 514, and the verification entity device 514 may push the challenge code 538 directly to the mobile phone.
  • the mobile phone may communicate a verification code 606 to the merchant verification device 562, which may then re-communicate the verification code 606 to the verification entity device 514.
  • challenge code 538 has been illustrated as being automatically re-communicated from the merchant verification device 562 to the card user device 586, in particular embodiments, the re-communication (and/or even the original communication) of the challenge code 538 to the card user device 586 may only occur after a signal is first received from the card user device 586. For example, before the challenge code 538 may be received by the card user device 586 (and/or even communicated to the card user device 586), the card user may activate the card user device 586 (such as by pushing a button on the card user device 586 or performing any other user action with the card user device 586).
  • This activation by the card user may cause the card user device 586 to send a signal to the merchant verification device 562 (and/or the verification entity device 514) indicating that the card user device 586 is ready to receive the challenge code 538. Following receipt of this signal from the card user device 586, the challenge code 538 may be communicated to (and received by) the card user device 586.
  • a verification code 606 represents any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card).
  • a verification code 606 may be a predefined code stored at the card user device 586, and may be configured to match a comparison code 542 stored at the verification entity device 514.
  • the verification code 606 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding.
  • the verification code 606 may have any length, size, or dimension.
  • the verification code 606 may be a 35 character password.
  • the verification code 606 may match a comparison code 542 when all or a portion of the verification code 606 is identical to all or a portion of the comparison code 542.
  • the verification code 606 may match the comparison code 542 when the last 30 digits of the verification code 606 are identical to the last 30 digits of the comparison code 542.
  • the verification code 606 may match a comparison code 542 when the verification code 606 is an answer to the comparison code 542 (such as an answer to a question), when the verification code 606 completes the comparison code 542 (such as a final piece of a puzzle), when the verification code 606 is the opposite of the comparison code 542 (such as the term "up” is the opposite of "down"), any other manner of matching, or any combination of the preceding.
  • Card user device 586 may store any suitable number of different verification codes
  • card user device 586 may store 2 different verification codes 606, 5 different verification codes 606, 10 different verification codes 606, 15 different verification codes 606, 25 different verification codes 606, 50 different verification codes 606, 100 different verification codes 606, 1,000 different verification codes 606, 10,000 different verification codes 606, 1 million different verification codes 606, or any other number of different verification codes 606. Furthermore, following receipt of the challenge code 538 by the card user device 586, the card user device 586 may select one of the verification codes
  • the card user device 586 may select one of the verification codes 606 according to a predefined manner based on verification management application 546b. For example, card user device 586 may select one of the verification codes
  • each of the verification codes 606 by sequentially rotating through each of the verification codes 606 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes
  • the verification codes 606 e.g., skipping from the first code to the fifth code
  • a position of one of the verification codes 606 e.g., selecting the code positioned in column five, row ten
  • any other manner of selecting one of the verification codes 606 according to a predefined manner based on verification management application 546b, or any combination of the preceding.
  • selection of the verification code 606 may further include modifying the verification code 606.
  • the verification code 606 may be modified to include information from the challenge code 538, such as all or a portion of the challenge code 538, or details associated with the transaction (e.g., the purchase amount, the merchant identification, the date and/or time associated with the transaction or the challenge code 538, etc.).
  • the verification code 606 may be modified to include information regarding the date and/or time associated with the selection of the verification code 606.
  • the card user device 586 may communicate the verification code 606 to the merchant verification device 562 via initial verification response message 666.
  • the card user device 586 may communicate the verification code 606 to the merchant verification device 562 in any suitable manner (and/or any suitable form).
  • the card user device 586 may communicate the verification code 606 to the merchant verification device 562 in the same manner of communication (and/or form) by which the card user device 586 received the challenge code
  • the card user device 586 may communicate the verification code
  • the card user device 586 may communicate the verification code 606 to the merchant verification device 562 in a different manner of communication (and/or form) than that by which the card user device 586 received the challenge code 538.
  • the card user device 586 may communicate the verification code 606 to the merchant verification device 562 in a different audio tone, a radio frequency, an infrared signal, a graphical image displayed or sent to the merchant verification device 562, any other manner (and/or form) different from that by which the card user device 586 received the challenge code 538, or any combination of the preceding.
  • the selection and communication processes of the verification code 606 by the card user device 586 may occur without user intervention.
  • the card user device 586 may both automatically select and communicate the verification code 606 without any intervention by the card user (e.g., without the card user pressing a button, confirming a selection, pointing the card user device 586 in a particular direction, scanning the card user device 586, etc.).
  • verifying the transaction using the card user device 586 may occur without any action by the user, other than the card user actually carrying the card user device 586 with them when performing the transaction (such as carrying the card user device 586 in the card user's purse or attached to the card user's keys).
  • one or more (or both) of the selection and communication processes of the verification code 606 by the card user device 586 may occur with user intervention.
  • selection of the verification code 606 may occur when the card user presses a button on the card user device 586 to select the verification code 606, when the card user points the card user device 586 at the merchant verification device 562 (or hovers the card user device 586 over a scanner at the merchant verification device 562), when the card user performs any other manner of user intervention, or any combination of the preceding.
  • communication of the verification code 606 may occur when the card user points the card user device 586 at the merchant verification device 562 (or hovers the card user device 586 over a scanner at the merchant verification device 562), when the card user swipes the card user device 586 (such as a smart card) through a card reader on the merchant verification device 562, when the card user presses a button to communicate the verification code 606, any other manner of user intervention, or any combination of the preceding.
  • the merchant verification device 562 may re-communicate the verification code 606 to verification entity device 514 via subsequent verification response message 670.
  • Merchant verification device 562 may re-communicate the verification code 606 in the same form (and/or communication manner) in which merchant verification device 562 received the verification code 606.
  • merchant verification device 562 may re-communicate the verification code 606 in a different form (and/or manner) than by which the merchant verification device 562 received the verification code 606.
  • the merchant verification device 562 may re-communicate the verification code 606 to the verification entity device 514 via a wired internet connection.
  • merchant verification device 562 may act as a converter to convert verification code 606 from a form (and/or communication manner) that cannot be received by the verification entity device 514 to a form (or communication manner) that can be received by the verification entity device 514.
  • a comparison code 542 represents any code that may be compared to a verification code 606 in order to verify a transaction.
  • a comparison code 542 may be predefined code stored at the verification entity device 514 and that is configured to match a verification code 606 stored at the card user device 586.
  • the comparison code 542 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding.
  • the comparison code 542 may have any length, size, or dimension.
  • the comparison code 542 may be a 35 character password.
  • the comparison code 542 may match a verification code 606 when all or a portion of the comparison code 542 is identical to all or a portion of the verification code 606. Additionally, the comparison code 542 may match a verification code 606 in any of the manners of matching discussed above with regard to verification codes 606.
  • Verification entity device 514 may store (for each account 534) any suitable number of different comparison codes 542.
  • verification entity device 514 may store
  • verification entity device 514 may store (for each account 534) a matching comparison code 542 for each verification code 606 stored by the card user device 586 (and associated with an account 534). In such an example, if the card user device 586 stores 10 different verification codes 606, the verification entity device 514 may store 10 matching comparison codes 542.
  • the verification entity device 514 may select one of the comparison codes 542 according to the same predefined manner utilized by the card user device 586. For example, if the card user device 586 selects one of the verification codes 606 by sequentially rotating through each of the verification codes 606 (e.g., rotating from a first code to a second code), the verification entity device 514 may select one of the comparison codes 542 by sequentially rotating through each of the comparison codes 542 (e.g., rotating from a first code to a second code). As such, both the card user device 586 and the verification entity device 514 may utilize the same predefined manner (based on verification management applications 546b and 546a, respectively) to select a matching verification code 606 and comparison code 542.
  • selection of the comparison code 542 may further include modifying comparison code 542.
  • the comparison code 542 may be modified to include information from the challenge code 538, such as all or a portion of the challenge code 538, or details associated with the transaction (e.g., the purchase amount, the merchant identification, the time and/or date associated with the transaction or the challenge code 538, etc.).
  • the comparison code 542 may be modified to include information regarding the date and/or time associated with the reception of the verification code 606. Further details regarding examples of the selection of a comparison code 542 are discussed below with regard to FIG. 6.
  • the verification entity device 514 may select one of the comparison codes 542 in a different predefined manner than the card user device 586
  • the verification entity device 514 may store the comparison codes 542 in a different order than the card user device 586 stores the matching verification codes 606.
  • the verification entity device 514 may select the comparison code 542 using a first predefined manner (such as by sequentially rotating through each of the comparison codes 542, for example) while the card user device 586 may select the matching verification code 606 using a second predefined manner (such as by skipping over a predefined number of the verification codes 606, for example).
  • the comparison code 542 may be selected any time after indication 654 is received by the verification entity device 514.
  • the comparison code 542 may be selected before the challenge code 538 is communicated for receipt by the card user device 586.
  • the comparison code 542 may be selected after the challenge code 538 is communicated for receipt by the card user device
  • the verification entity device 514 may compare the verification code 606 to the comparison code 542 in order to determine whether the verification code 606 matches the comparison code 542. If the verification code 606 does not match the comparison code 542
  • verification entity device 514 may deny the transaction. This denial may result in a denial message (not shown) being sent to transaction device 558, merchant verification device 562, and/or card user device 586. As a result, the transaction will not be allowed to occur. On the other hand, if the verification code 606 does match the comparison code 542, verification entity device
  • the 514 may verify the transaction (or otherwise approve the processing of the transaction) by communicating a verification signal 674 to transaction device 558 (and/or one or more of merchant verification device 562 and card user device 586). As such, the transaction may be allowed to occur.
  • the verification signal 674 may allow the transaction to occur in any suitable manner.
  • the verification signal 674 may provide a signal to the merchant (such as a flashing green light on the merchant verification device 562) that indicates that the merchant may now process the payment card using the payment device
  • the merchant may now run the payment card through the payment device (or any other card reader that may cause the transaction to be processed).
  • the payment card may already be in the middle of being processed (as a result of the payment card having been run through transaction device 558), and the verification signal 674 may cause (automatically or by signaling the merchant to finalize the transaction by, for example, pushing a button) the processing of the payment card to be completed.
  • the merchant may not need to run the payment card through the payment device (or any other card reader) again.
  • verification entity device 514 may compare more than one verification code 606 to more than one comparison code 542 in order to verify the particular transaction. For example, for each transaction, two or more verification codes 606 and two or more comparison codes 542 may be selected for the verification process. In such an example, verification entity device 514 may only verify (or otherwise allow) the transaction if each of the selected verification codes 606 match each of the selected comparison codes 542.
  • verification entity device 514 has been illustrated as verifying (or otherwise approving) the transaction if the verification code 606 matches the comparison code 542, in particular embodiments, verification (or approval) of the transaction may include various additional steps. For example, verification entity device 514 may determine whether the payment card has been reported lost or stolen, whether the transaction appears suspicious based on the card user's typical purchases, whether there is a sufficient balance associated with the payment card to approve the transaction, whether the transaction will cause a credit limit associated with the payment card (or account 534) to be overdrawn, any other suitable method for determining whether to verify (or approve) the transaction, or any combination of the preceding.
  • verification entity device 514 has been illustrated as storing and communicating challenge codes 538, storing and selecting comparison codes 542, and verifying the transactions by comparing comparison codes 542 to verification codes 606, in particular embodiments, one or more (or all) of these actions may be performed by other devices or components of system 510, such as transaction device 558, merchant verification device 562, and/or one or more third party devices or components.
  • merchant verification device 562 may store and communicate challenge codes 538, store and select comparison codes 542, and verify the transactions by comparing comparison codes 542 to verification codes 606.
  • verification entity device 514 may approve the transaction (or otherwise allow the transaction to occur) if the merchant verification device 562 verifies the transaction and communicates a verification signal (such as verification signal 694) to the verification entity device 514.
  • the above-described method of verifying a transaction may provide additional protection against fraud. For example, even if a person (or a device) is able to steal or copy a card user's payment card, the person may be unable to conduct one or more transactions using the payment card because the person may not also have the card user device 586. As another example, even if a person (or a device) is also able to attempt to respond to a challenge code 538 using a fraudulent device, the code provided by the fraudulent device may not match the comparison code 542 utilized by the verification entity device 514 because the fraudulent device may not have access to verification codes 606 or the verification management application 546b that results in a verification code 606 being selected in a predefined manner.
  • verification entity device 514 may verify any number of transactions that are performed using any number of transaction environments 554, transaction devices 558, merchant verification devices 562, card user devices 586, card users, and/or merchants.
  • system 510 may include any number of verification entity devices 514, networks 550, transaction environments 554, transaction devices 558, merchant verification devices 562, networks 582, and/or card user devices 586 (and/or any number of components, such as processors or memory units illustrated in the above described devices).
  • any suitable logic may perform the functions of system 510 and the components and/or devices within system 510.
  • system 510 may be combined.
  • verification entity device 514 and merchant verification device 562 are illustrated as being separate devices, verification entity device 514 and merchant verification device 562 (and/or transaction device 558) may be the same device.
  • the single device may be associated with the merchant (e.g., located at the merchant's store) and may verify the transaction.
  • system 510 may include additional components.
  • a payment processor such as a payment processing system run by, for example, First Data Merchant Services Corporation
  • all or a portion of one or more communications between transaction device 558 and verification entity device 514 may be communicated through (and/or modified by) the payment processor.
  • one or more of the communications may be encrypted (or otherwise secured in any suitable manner), providing protection against fraudulent attempts to access the information included in the communications.
  • one or more of the communications may further include one or more codes that may assist in identifying the communication as being sent by one of the devices or components of system 510.
  • the merchant verification device 562 may generate a random code, and insert the code into any communication with the card user device 586. Based on this random code, card user device 586 may be able to identify the communication as having been sent by the merchant verification device 562, and thus the card user device 586 may respond to the communication. In such an example, the card user device 586 may also generate a random code, and insert the code into any communication with the merchant verification device 562. Based on this random code, merchant verification device 562 may be able to identify the communication as having been sent by the card user device 586, and thus the merchant verification device 562 may re-communicate the communication for receipt by the verification entity device 514.
  • FIG. 6 illustrates an example selection 600 of verification codes 606 and comparison codes 542.
  • Verification codes 606 are selected by the card user device 586 of FIG. 5, and comparison codes 542 are selected by the verification entity device 514 of FIG. 5, for example.
  • verification entity device 514 may compare verification codes 606 to comparison codes 542 in order to determine whether to allow a transaction to occur, as is discussed above.
  • Verification codes 606 and comparison codes 542 may each be selected according to a predefined manner based on verification management applications 546.
  • verification codes 606 and comparison codes 542 may be selected by sequentially rotating through each of the verification codes 606 and comparison codes 542 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes 606 and comparison codes 542 (e.g., skipping from the first code to the fifth code), by selecting a position of one of the verification codes 606 and comparison codes 542 (e.g., selecting the code positioned in column five, row ten), any other manner of selecting one of the verification codes 606 and one of the comparison codes 542 according to a predefined manner based on verification management applications 546, or any combination of the preceding.
  • verification codes 606 and comparison codes 542 may each be selected by sequentially rotating through each of the verification codes 606 and comparison codes 542.
  • the card user device 586 may store the following verification codes 606: Code A, Code B, Code C, Code D, ... Code n.
  • the verification entity device 514 may store the following comparison codes 542, each of which match a respective verification code 606: Code A, Code B, Code C, Code D, ... Code n.
  • the predefined manner may cause the card user device 586 to select Code A as the verification code 606 for communication to the verification entity device 514.
  • the same predefined manner may cause the verification entity device 514 to select the matching Code A as the comparison code 542.
  • the verification code 606 i.e., Code A
  • comparison code 542 i.e., Code A
  • the first transaction will be allowed to proceed.
  • the predefined manner may cause the card user device 586 to sequentially rotate to and select Code B as the verification code 606 for communication to the verification entity device 514. That is, the sequential rotation may cause the card user device 586 to rotate to and select the next verification code 606 (i.e., Code B) in the sequence of verification codes 606. Furthermore, the same predefined manner (based on verification management application 546a) may cause the verification entity device 514 to sequentially rotate to and select the matching Code B as the comparison code 542.
  • the verification code 606 i.e., Code B
  • the comparison code 542 i.e., Code B
  • the second transaction will be allowed to proceed.
  • This sequential rotation through (and selection of) the verification codes 606 and comparison codes 542 may continue until Code n is selected for both the verification code 606 and the comparison code 542. After Code n is selected, the process of selecting verification codes 606 and comparison codes 542 may be reset (as is seen by resets 604a and 604b) back to Code A.
  • the predefined manner (based on verification management application 546b) may cause the card user device 586 to sequentially rotate to (via reset 604a) and re-select Code A as the verification code 606 for communication to the verification entity device 514.
  • the same predefined manner (based on verification management application 546a) may cause the verification entity device 514 to sequentially rotate to (via reset 604b) and re-select the matching Code A as the comparison code 542.
  • the verification code 606 i.e., Code A
  • the comparison code 542 i.e., Code A
  • the verification codes 606 and comparison codes 542 may be rotated through continuously. This may allow the same code to be re-used as the verification code 606 and comparison code 542 at a later date and/or time from the original use of the code. As such, the card user device 586 may not need to receive new verification codes 606 from verification entity device 514 (or some other device associated with the verification entity) when all of the verification codes 606 have already been used.
  • selection 600 may be performed using any number of verification codes 606 and comparison codes 542.

Abstract

According to one embodiment, an online transaction verification system includes one or more processors configured to receive an indication that a card user is attempting to perform an online transaction using payment card information. The processors are also configured to transmit a challenge code configured to interrogate a card user identification device for a first verification code, and to receive the first verification code. The first verification code is selected, by the card user identification device, from a plurality of verification codes, and according to a predefined manner. The processors are further configured to select a first comparison code according to the predefined manner, and compare the first comparison code to the first verification code. The processors are further configured to, following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the online transaction has been verified.

Description

TRANSACTION VERIFICATION SYSTEMS
TECHNICAL FIELD
This disclosure relates generally to the field of transactions and more specifically to transaction verification systems.
BACKGROUND
In order to conduct an online transaction with a merchant, a customer typically pays for goods or services received from the merchant using online payment accounts (such as PayPal), electronic funds (such as bitcoins), or credit/debit cards. Payments using credit/debit cards for an online transaction typically involve the customer entering their credit/debit card information into a secured web browser for transmittal to the merchant for processing. Such online transactions, however, may be susceptible to fraud. Furthermore, typical techniques for preventing fraud in online transactions with credit/debit cards may be deficient.
Additionally, when conducting a telephone transaction with a merchant, a customer typically pays for goods or services received from the merchant using credit/debit cards. Payments using credit/debit cards for a telephone transaction typically involve the customer verbally communicating their credit/debit card information to an employee of the merchant during a telephone conversation. Such telephone transactions, however, may be susceptible to fraud. Furthermore, typical techniques for preventing fraud in telephone transactions with credit/debit cards may be deficient.
Also, in order to conduct a transaction with a merchant, a customer typically pays for goods or services received from the merchant using money, a check, and/or credit/debit cards. Payments using credit/debit cards may be problematic for various reasons. For example, credit/debit cards are susceptible to fraud, which can affect the customer, merchant, and/or the financial institution associated with the customer. To prevent fraud with credit/debit cards, a merchant typically checks whether the name and/or picture on the credit/debit card matches identification provided by the customer. Such typical techniques for preventing fraud with credit/debit cards may be deficient. SUMMARY
According to one embodiment, an online transaction verification system includes one or more memory units and one or more processors. The memory units are configured to store a plurality of comparison codes. The processors are configured to receive an indication that a card user is attempting to perform an online transaction using payment card information and a transaction device. The transaction device is communicatively coupled to a merchant device with which the card user is attempting to perform the online transaction. The processors are also configured to, following reception of the indication, transmit a challenge code configured to interrogate a card user identification device for a first verification code. The challenge code is received by a card user verification device communicatively coupled to the transaction device, and the challenge code is re-transmitted from the card user verification device to the card user identification device. The processors are further configured to, following transmittal of the challenge code, receive the first verification code from the card user identification device. The first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, and according to a predefined manner. The processors are further configured to select a first comparison code from a plurality of comparison codes according to the predefined manner, and compare the first comparison code to the first verification code from the card user identification device. The processors are further configured to, following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the online transaction has been verified.
Certain embodiments of the disclosure may provide one or more technical advantages.
For example, in order for an online transaction to be approved, a verification entity device may compare a comparison code selected by the verification entity device with a verification code selected by a card user identification device. As such, even if a person (or a device) is able to steal or copy a card user's payment card information or the payment card, the person may be unable to conduct one or more online transactions using the payment card information (or the payment card) because the person may not also have the card user identification device, the verification code stored and selected by the card user identification device, and/or the card user verification device that may allow the card user identification device to communicate the verification code to the verification entity device. As another example, the card user identification device may select a particular verification code for an online transaction by sequentially rotating through each of the verification codes stored by the card user identification device. As such, the same code may be re-used as the verification code at a later date and/or time, and the card user identification device may not need to receive new verification codes from the verification entity device when all of the verification codes have already been used. As a further example, a verification code stored in the card user identification device may be selected and/or communicated for receipt by the verification entity device without intervention by the card user. As such, the verification process may be easier for the card user. As a further example, the card user verification device may easily install onto the transaction device, such as by the card user connecting the card user verification device to a universal serial bus port of the transaction device. As such, the card user may be able to perform verified online transactions without any complicated installation procedures.
According to one embodiment, a telephone transaction verification system includes one or more memory units and one or more processors. The memory units are configured to store a plurality of comparison codes. The processors are configured to receive an indication that a card user is attempting to perform a telephone transaction using payment card information and a card user telephone device. The card user telephone device is communicatively coupled to a merchant telephone device with which the card user is attempting to perform the telephone transaction. The processors are also configured to, following reception of the indication, transmit a challenge code configured to interrogate a card user identification device for a first verification code. The challenge code is received by the card user telephone device and re-transmitted by the card user telephone device to the card user identification device. The processors are further configured to, following transmittal of the challenge code, receive the first verification code from the card user identification device. The first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, and according to a predefined manner. The first verification code is transmitted by the card user identification device to the card user telephone device and re-transmitted by the card user telephone device to the merchant telephone device. The processors are further configured to select a first comparison code from the plurality of comparison codes according to the predefined manner, and compare the first comparison code to the first verification code from the card user identification device. The processors are further configured to, following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the telephone transaction has been verified. Certain embodiments of the disclosure may provide one or more technical advantages. For example, in order for a telephone transaction to be approved, a verification entity device may compare a comparison code selected by the verification entity device with a verification code selected by a card user identification device. As such, even if a person (or a device) is able to steal or copy a card user's payment card information or the payment card, the person may be unable to conduct one or more telephone transactions using the payment card information (or the payment card) because the person may not also have the card user identification device and/or the verification code stored and selected by the card user identification device. As another example, the card user identification device may select a particular verification code for a telephone transaction by sequentially rotating through each of the verification codes stored by the card user identification device. As such, the same code may be re-used as the verification code at a later date and/or time, and the card user identification device may not need to receive new verification codes from the verification entity device when all of the verification codes have already been used. As a further example, a verification code stored in the card user identification device may be selected and/or communicated for receipt by the verification entity device without intervention by the card user. As such, the verification process may be easier for the card user. As a further example, a merchant verification device may be communicatively coupled to the card user identification device by a merchant telephone device and the card user telephone device. This may allow the telephone transaction to be verified even though it is performed over a telephone connection.
According to one embodiment, a transaction verification system includes one or more memory units and one or more processors coupled to the memory units. The memory units store a plurality of comparison codes. The processors are configured to receive an indication that a card user is attempting to perform a transaction with a payment card. The processors are also configured to, following reception of the indication, transmit a challenge code for reception by a card user device. The challenge code is configured to interrogate the card user device for a first verification code. The processors are further configured to, following transmittal of the challenge code, receive the first verification code from the card user device.
The first verification code is selected, by the card user device, from a plurality of verification codes stored by the card user device. Furthermore, the first verification code is selected, by the card user device, according to a predefined manner. The processors are further configured to select a first comparison code from the plurality of comparison codes according to the predefined manner, and compare the first comparison code to the first verification code received from the card user device. The processors are further configured to, following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the transaction has been verified.
Certain embodiments of the disclosure may provide one or more technical advantages. For example, in order for a transaction to be approved, the verification entity device may compare a comparison code selected by the verification entity device with a verification code selected by a card user device. As such, even if a person (or a device) is able to steal or copy a card user's payment card, the person may be unable to conduct one or more transactions using the payment card because the person may not also have the card user device (or the verification code selected by the card user device in a predefined manner). As another example, the card user device may select a particular verification code for a transaction by sequentially rotating through each of the verification codes stored by the card user device. As such, the same code may be re-used as the verification code at a later date and/or time, and the card user device may not need to receive new verification codes from the verification entity device when all of the verification codes have already been used. As a further example, a verification code stored in the card user device may be selected and/or communicated for receipt by the verification entity device without intervention by the card user. As such, the verification process may be easier for the card user.
Certain embodiments of the disclosure may include none, some, or all of the above technical advantages. One or more other technical advantages may be readily apparent to one skilled in the art from the figures, descriptions, and claims included herein.
BRIEF DESCRIPTION OF THE FIGURES
For a more complete understanding of the present disclosure and its features and advantages, reference is now made to the following description, taken in conjunction with the accompanying drawings, in which:
FIG. 1 illustrates an example online transaction verification system that verifies online transactions between card users and merchants;
FIG. 2 illustrates an example selection of verification codes and comparison codes of
FIG. 1.
FIG. 3 illustrates an example telephone transaction verification system that verifies telephone transactions between card users and merchants; FIG. 4 illustrates an example selection of verification codes and comparison codes of
FIG. 3.
FIG. 5 illustrates an example transaction verification system that verifies transactions between card users and merchants; and
FIG. 6 illustrates an example selection of verification codes and comparison codes of
FIG. 5.
DETAILED DESCRIPTION
Embodiments of the present disclosure are best understood by referring to FIGS. 1-6 of the drawings, like numerals being used for like and corresponding parts of the various drawings.
FIG. 1 illustrates an example online transaction verification system 10 that verifies online transactions between card users and merchants. System 10 includes a verification entity device 14 that stores comparison codes 42, and further includes a card user identification device 94 that stores verification codes 114. When a card user attempts to perform an online transaction using a payment card (e.g., a credit card) and a transaction device 62 (e.g., a laptop computer or a mobile phone), the verification entity device 14 may compare a comparison code 42 (which is selected in a predefined manner by the verification entity device 14) with a verification code 114 (which is selected in the same predefined manner by the card user identification device 94 and then communicated to the verification entity device 14) in order to determine whether to approve the online transaction. In particular embodiments, this may provide additional protection against fraud. Furthermore, system 10 also includes a card user verification device 70 that is communicatively coupled to the card user identification device 94 and also communicatively coupled to the transaction device 62 (such as connected to the universal serial bus port of the transaction device 62). In particular embodiments, this may provide an easily installed card user verification device 70 that allows communication of verification codes 114 to the verification entity device 14, thereby allowing system 10 to provide additional protection against fraud in an online transaction.
A verification entity represents an entity that communicates with customers and/or merchants in order to verify online transactions between the customers and merchants. For example, a verification entity may be a financial institution, such as a credit card company, credit card servicer, debit card company, debit card servicer, bank, any other institution that communicates with customers and/or merchants in order to facilitate online transactions between the customers and merchants, or any combination of the preceding. In such an example, the verification entity verifies online transactions for customers that have a credit card account, a savings account, a debit card account, a checking account, any other account associated with the financial institution (or a merchant), or any combination of the preceding. As another example, the verification entity may be a third party entity, such as a clearinghouse, payment processing institution, any other entity that may communicate with a financial institution in order to assist in facilitating online transactions between the customers and merchants, or any combination of the preceding. In such an example, the verification entity verifies online transactions for customers (and/or merchants) associated with the financial institution. As a further example, a verification entity may be a combination of a financial institution and a third party entity.
A merchant represents an entity in any suitable industry that conducts an online transaction with a customer. The merchant may include a retailer, a wholesaler, a service company, or any other suitable entity that has customers and conducts online transactions with the customers. The merchant interacts with the verification entity associated with a customer in order to facilitate each online transaction.
An online transaction represents a transaction made between a customer and merchant over an electronic (or online) communication network, and may include receiving payment from the customer for goods or services provided by the merchant (or crediting a refund to the customer). An example of an online transaction may be a customer purchasing goods from the merchant over the Internet using a web browser displayed on a computing device (such as a laptop computer).
A payment card represents a credit card, a debit card, a check, a coupon linked to an account, a gift card linked to an account, a money order, a promissory note, or any other manner of non-cash payment. A card user (i.e., a customer using the payment card) may use the payment card in order to pay for goods or services from a merchant. For example, for an online transaction, the card user may enter payment card information into a merchant's web page in order to pay for goods or services from the merchant. Payment card information may represent any information associated with the payment card, the card user, and/or an account of the card user. For example, payment card information may include the payment card number, the payment card expiration date, the payment card verification code, the billing address associated with the payment card, the card user, and/or the account of the card user, the shipping address associated with the card user, any other information that may be used to process an online transaction, or any combination of the preceding.
In order to conduct an online transaction with a merchant, a customer typically pays for goods or services received from the merchant using online payment accounts (such as PayPal), electronic funds (such as bitcoins), or credit/debit cards. Payments using credit/debit cards for an online transaction typically involve the customer entering their credit/debit card information into a secured web browser for transmittal to the merchant for processing. Such online transactions, however, may be susceptible to fraud. Furthermore, typical techniques for preventing fraud in online transactions with credit/debit cards may be deficient. As such, in particular embodiments, system 10 of FIG. 1 may verify online transactions between card users and merchants in a manner that provide various advantages. For example, in order for an online transaction to be approved, the verification entity device 14 may compare a comparison code 42 selected by the verification entity device 14 with a verification code 114 selected by a card user identification device 94 carried by the card user. In such an example, even if a person (or a device) is able to steal or copy a card user's payment card information or the payment card, the person may be unable to conduct one or more online transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 94 and/or the card user verification device 70 that may allow the card user identification device 94 to communicate with the verification entity device 14. Furthermore, even if a person (or a device) is also able to attempt to provide a code to the verification entity device 14 (using a fraudulent device, for example), the provided code may not match the comparison code 42 utilized by the verification entity device 14 because the fraudulent device may not have access to verification codes 114 or a verification management application 46b that results in a verification code 114 being selected in a predefined manner.
As another example, the card user identification device 94 may select a particular verification code 114 for an online transaction by sequentially rotating through each of the verification codes 114 stored at the card user identification device 94. In such an example, this may allow the same code to be re-used as the verification code 114 at a later date and/or time from the original use of the code. Furthermore, this may prevent the card user identification device 94 from needing to receive new verification codes 114 from verification entity device 14 (or some other device associated with the verification entity) when all of the verification codes 114 have already been used. As a further example, a verification code 114 stored in the card user identification device 94 may be selected and/or communicated for receipt by the verification entity device 14 without intervention by the card user. In such an example, the verification process may be easier for the card user because the card user may not need to perform any type of action to assist in the verification of the online transaction, other than the card user actually carrying the card user identification device 94 with them when performing the online transaction (such as carrying the card user identification device 94 in the card user's purse or attached to the card user's keys) and/or other than the card user performing the online transaction with a transaction device 62 (and/or card user verification device 70) that is within communication range to the card user identification device 94 (such as within Bluetooth range, WiFi range, radio frequency identification range, infrared range, or any other suitable range). As a further example, the card user verification device 70 may easily install onto (or otherwise communicate with) the transaction device 62, such as by the card user connecting the card user verification device 70 to a universal serial bus port (or other connection) of the transaction device 62. As such, the card user may be able to perform verified online transactions without any complicated installation procedures. Therefore, system 10 may verify online transactions between card users and merchants in a manner that is advantageous.
Verification entity device 14 represents any suitable components that verify online transactions between card users and merchants. Verification entity device 14 may include a network server, any suitable remote server, a mdnframe, a host computer, a workstation, a web server, a personal computer, a file server, or any other suitable device for verifying online transactions between card users and merchants. The functions of verification entity device 14 may be performed by any suitable combination of one or more servers or other components at one or more locations. In the embodiment where the verification entity device 14 is a server, the server may be a private server, and the server may be a virtual or physical server. The server may include one or more servers at the same or remote locations. Also, verification entity device 14 may include any suitable component that functions as a server. As illustrated, verification entity device 14 includes a network interface 18, a processor 22, and a memory unit 26.
Network interface 18 represents any suitable device operable to receive information from network 50, transmit information through network 50, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 18 receives transaction information associated with an online transaction between a card user and a merchant. As another example, network interface 18 communicates a challenge code 38 for receipt by a card user identification device 94. Network interface 18 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), or other communication system that allows verification entity device 14 to exchange information with network 50, merchant device 54, card user environment 58, transaction device 62, card user verification device 70, network 90, card user identification device 94, or other components of system 10.
Processor 22 communicatively couples to network interface 18 and memory unit 26, and controls the operation and administration of verification entity device 14 by processing information received from network interface 18 and memory unit 26. Processor 22 includes any hardware and/or software that operates to control and process information. For example, processor 22 executes verification entity device management application 30 to control the operation of verification entity device 14. Processor 22 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
Memory unit 26 stores, either permanently or temporarily, data, operational software, or other information for processor 22. Memory unit 26 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information. For example, memory unit 26 may include random access memory (RAM), read only memory (ROM), magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 26 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 26. While illustrated as including particular information modules, memory unit 26 may include any suitable information for use in the operation of verification entity device 14.
As illustrated, memory unit 26 includes verification entity device management application 30 and accounts 34. Verification entity device management application 30 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of verification entity device 14.
Accounts 34 represent any information regarding personal, commercial, and/or corporate accounts handled by verification entity device 14 with regard to one or more payment cards. For example, accounts 34 includes account numbers, nicknames for accounts, account identifiers associated with an account, balance information of an account (and/or a payment card linked to the account), limits of an account (and/or a payment card linked to the account), disclaimers associated with an account, card user preferences, data associated with one or more online transactions performed (or in the process of being performed) by a card user, any other suitable data, or any combination of the preceding. Account 34 for each different card user (or for each account that includes multiple authorized card users) may include challenge codes 38, comparison codes 42, and verification management application 46a.
Challenge codes 38 represent any code that may be used to interrogate card user identification device 94 for a verification code 114. Examples of challenge codes 38 are discussed in further detail below. Comparison codes 42 represent any code that may be compared to a verification code 114 in order to verify an online transaction. Examples of comparison codes 42 are discussed in further detail below. Verification management application 46a represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting comparison codes 42, verification codes 114, and/or verifying an online transaction using comparison codes 42 and verification codes 114. Examples of verification management application 46a are discussed in further detail below.
Network 50 represents any suitable network operable to facilitate communication between the components of system 10, such as verification entity device 14, merchant device 54, card user environment 58, transaction device 62, card user verification device 70, network 90, and card user identification device 94. Network 50 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding. Network 50 may include all or a portion of a public switched telephone network (PSTN), a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components.
Merchant device 54 represents any suitable components that communicate with a transaction device 62 in order to allow a card user to perform (or attempt to perform) an online transaction with a merchant. Merchant device 54 may include a network server, any suitable remote server, a mainframe, a host computer, a workstation, a web server, a personal computer, a file server, or any other suitable device for communicating with the transaction device 62 in order to allow a card user to perform (or attempt to perform) an online transaction with a merchant. The functions of merchant device 54 may be performed by any suitable combination of one or more servers or other components at one or more locations. In the embodiment where the merchant device 54 is a server, the server may be a private server, and the server may be a virtual or physical server. The server may include one or more servers at the same or remote locations. Also, merchant device 54 may include any suitable component that functions as a server.
Merchant device 54 may store any information that may assist in allowing a card user to perform (or attempt to perform) an online transaction with a merchant. For example, merchant device 54 may store web page information (such information and/or files that may be utilized by a web browser to create and/or display a web page), online transaction information (such as the number and type of goods or services purchased, payment card information, the card user's shipping information, etc.), online transaction processing information (such as encryption or security information that may allow the payment card information entered by the card user to be encrypted or otherwise secured), any other information that may assist in allowing a card user to perform (or attempt to perform) an online transaction with a merchant, or any combination of the preceding. Additionally, merchant device 54 may further communicate with verification entity device 14 in order to process an online transaction between a card user and a merchant.
Merchant device 54 may be associated with a merchant. For example, a particular merchant may be a retail chain that sells goods to customers. This merchant may offer to sell their goods through an electronic (or online) connection network (such as the Internet) using a web page accessible by a web browser. In such an example, merchant device 54 may store the information utilized by a web browser to create and display the merchant's web page. Merchant device 54 may be owned by the merchant. For example, the merchant may own one or more merchant devices 54 in order to host the merchant's web page information. Furthermore, merchant device 54 (or all or a portion of the storage and/or processing capabilities of merchant device 54) may be temporarily purchased by the merchant, rented by the merchant, or otherwise obtained by the merchant.
Card user environment 58 represents any suitable components that allow card users to perform online transactions with merchants. As illustrated, card user environment 58 includes transaction device 62, card user verification device 70, network 90, and card user identification device 94. Transaction device 62 represents any suitable components that communicate with merchant device 14 in order to allow a card user to perform (or attempt to perform) an online transaction between a card user and a merchant. Transaction device 62 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 10 in order to allow a card user to perform (or attempt to perform) an online transaction between a card user and a merchant, or any combination of the preceding. Transaction device 62 may include a user interface, such as a display, a microphone, keypad, or other appropriate terminal equipment usable by a card user.
As illustrated, in order to allow a card user to perform (or attempt to perform) an online transaction between a card user and a merchant, transaction device 62 may generate and display merchant interface 66. Merchant interface 66 represents any interface between transaction device 62 and merchant device 54 that allows a card user to perform (or attempt to perform) an online transaction with a merchant. For example, merchant interface 66 may be a web page, a graphical user interface, a text-based interface, an application (such as a mobile phone application) that allows a card user to perform (or attempt to perform) an online transaction with a merchant, any other interface that allows a card user to perform (or attempt to perform) an online transaction with a merchant, or any combination of the preceding. As illustrated, merchant interface 66 may be a web page associated with the merchant. The card user may access the web page by entering the web page's uniform resource locator (URL) into a web browser (such as Firefox, Internet Explorer, Google Chrome, Opera, or Safari). The web browser may access the web page's information (stored on merchant device 54) and use the accessed information to render the web page for display to the card user on transaction device 62. The card user may then use the web page to browse through one or more goods or services sold by the merchant, select one or more goods or services for purchase, enter payment card information for purchasing the goods or services, and submit the purchase to merchant device 54.
In addition to communicating with merchant device 54 in order to allow a card user to perform (or attempt to perform) an online transaction between a card user and a merchant, transaction device 62 may further communicate with card user verification device 70 in order to assist in the verification of online transactions between card users and merchants. Transaction device 62 may communicate with the card user verification device 70 in any suitable manner. For example, transaction device 62 may include (or be coupled to) one or more interfaces, connections, or ports (such as a serial port, a parallel port, a universal serial bus (USB) port, or any other communication port) that may communicatively couple transaction device 62 to the card user verification device 70. In such an example, the card user verification device 70 may be plugged into the interface, connection, or port (such as the
USB port), allowing the transaction device 62 to communicate with the card user verification device 70. As another example, transaction device 62 may include a network interface similar to network interface 18 (discussed above). The network interface may be any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a
MAN, a WAN, or other communication system that allows transaction device 62 to exchange information with card user verification device 70. In such an example, transaction device 62 may be communicatively coupled to card user verification device 70 by a network similar to network 50 (discussed above).
Card user verification device 70 represents any suitable components that communicate with verification entity device 14 and card user identification device 94 in order to assist in the verification of online transactions between card users and merchants. Card user verification device 70 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a radio frequency transceiver, a smart card reader, a wired identification tag transceiver, a wireless identification tag transceiver, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 10, or any combination of the preceding. Card user verification device 70 may act as an intermediary between verification entity device 14 and card user identification device 94.
As an example, verification entity device 14 may communicate a challenge code 38 for receipt by the card user identification device 94. In such an example, card user verification device 70 may receive the challenge code 38 (prior to the card user identification device 94 receiving the challenge code 38) and may re-communicate the challenge code 38 to the card user identification device 94. Additionally, the card user identification device 94 may communication a verification code 114 for receipt by the verification entity device 14. In such an example, the card user verification device 70 may receive the verification code 114 (prior to the verification entity device 14 receiving the verification code 114) and may re- communicate the verification code 114 to the verification entity device 14.
Card user verification device 70 may be associated with a card user. For example, card user verification device 70 may be carried by the user (such as in the card user's pocket or purse), stored (or otherwise located) in the card user's office or residence, coupled to the transaction device 62 of the card user (such as connected to the USB port of the transaction device 62), any other manner of association with the card user, or any combination of the preceding. In such an example, the card user verification device 70 may assist in the verification of online transactions between card users and merchants, no matter where the card user is located. Furthermore, card user verification device 70 may include a user interface, such as a display, a microphone, keypad, or other appropriate terminal equipment usable by a card user.
As illustrated, card user verification device 70 includes a network interface 74, a processor 78, and a memory unit 82. Network interface 74 represents any suitable device operable to receive information from network 90 and/or network 50, transmit information through network 90 and/or network 50, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 74 receives a challenge code 38 from the verification entity device 14 and re-communicates the challenge code 38 to the card user identification device 94. As another example, network interface 74 receives a verification code 114 from the card user identification device 94 and re-communicates the verification code 1 14 for receipt by the verification entity device 14.
Network interface 74 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 74 to exchange information with verification entity device 14, network 50, merchant device 54, card user environment 58, transaction device 62, network 90, card user identification device 94, or other components of system 10. As an example, network interface 74 may be (or may further include) a radio frequency transceiver (such as a radio frequency identification transceiver, a Bluetooth transceiver, a WiFi transceiver, etc.) for communicating radio frequencies to and from the card user identification device 94. As another example, network interface 74 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from the card user identification device 94. As a further example, network interface 74 may be (or may further include) a display screen for capturing images (such as a quick response (QR) code) generated and displayed on the card user identification device 94, or for generating and displaying images (such as a QR code) for capture by the card user identification device 94.
Processor 78 communicatively couples to network interface 74 and memory unit 82, and controls the operation and administration of card user verification device 70 by processing information received from network interface 74 and memory unit 82. Processor 78 includes any hardware and/or software that operates to control and process information. For example, processor 78 executes card user verification device management application 86 to control the operation of card user verification device 70. Processor 78 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
Memory unit 82 stores, either permanently or temporarily, data, operational software, or other information for processor 78. Memory unit 82 includes any one or a combination of volatile or non- volatile local or remote devices suitable for storing information. For example, memory unit 82 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 82 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 82. While illustrated as including particular information modules, memory unit 82 may include any suitable information for use in the operation of card user verification device 70. As illustrated, memory unit 82 includes card user verification device management application 86. Card user verification device management application 86 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of card user verification device 70.
Although card user verification device 70 is illustrated as a separate device from transaction device 62, card user verification device 70 may the same device as transaction device 62. In such an example, a single device may be used to communicate with merchant device 54 in order to allow a card user to perform (or attempt to perform) an online transaction between a card user and a merchant, and also communicate with card user identification device 94 in order to assist in the verification of online transactions between card users and merchants. Network 90 represents any suitable network operable to facilitate communication between the components of system 10, such as card user verification device 70 and card user identification device 94. Network 90 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding. Network 90 may include all or a portion of a PSTN, a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components. Furthermore, network 90 may be the same type of network as network 50, or network 90 may be a different type of network than network 50. For example, both network 90 and network 50 may be a combination of wireless and wireline networks. As another example, network 90 may be only a wireless network (such as only a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network), while network 50 may be a combination of wireless and wireline networks. Additionally, although network 90 and network 50 are illustrated as separate networks, network 90 and network 50 may be the same network. In such an example, a single network may communicate a challenge code 38 from verification entity device 14 to card user verification device 70 (and/or transaction device 62), and may further re-communicate the challenge code 38 from card user verification device 70 to card user identification device 94.
Card user identification device 94 represents any suitable components that communicate with card user verification device 70 in order to provide verification codes 114 to the verification entity device 14 to verify online transactions between card users and merchants. Card user identification device 94 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a wired identification tag, a wireless identification tag, a radio frequency identification device, an audio-generation device, a smart card, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with card user verification device 70 (and/or other components of system 10), or any combination of the preceding. Additionally, card user identification device 94 may include a user interface, such as a display, a microphone, keypad, a scanner (such as a QR code scanner), or other appropriate terminal equipment usable by the card user. Card user identification device 94 may be carried by the card user (or otherwise associated with the card user). As such, when the card user attempts to conduct an online transaction with a merchant using payment card information (or the payment card), card user identification device 94 may communicate with card user verification device 70 (and verification entity device 14) in order to provide verification codes 114 that may allow the verification entity device 14 to verify the online transaction. Card user identification device 94 may be carried by the card user (or otherwise associated with the card user) in any suitable manner. For example, the card user identification device 94 may be a wireless identification tag that is attached to the card user's keys, wallet, purse, wearable items (such as a wearable wristband), and/or article of clothing (such as a belt). As another example, the card user identification device 94 may be a smart card that is carried within the card user's wallet, purse, or pocket. As a further example, the card user identification device 94 may be the card user's mobile phone.
As illustrated, card user identification device 94 includes a network interface 98, a processor 102, and a memory unit 106. Network interface 98 represents any suitable device operable to receive information from network 90, transmit information through network 90, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 98 receives a challenge code 38 from the verification entity device 14 (via the card user verification device 70) and commumcates a verification code 114 to the verification entity device 14 (via the card user verification device 70). Network interface 98 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 98 to exchange information with network 90, card user verification device 70, verification entity device 14, or other components of system 10. As an example, network interface 90 may be (or may further include) a radio frequency transceiver (such as a radio frequency identification transceiver, a Bluetooth transceiver, a WiFi transceiver, etc.) for communicating radio frequencies to and from the card user verification device 70. As another example, network interface 90 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from card user verification device 70. As a further example, network interface 90 may be (or may further include) a card user display screen for capturing images (such as a QR code) generated and displayed on the card user verification device 70, or for generating and displaying images (such as a QR code) for capture by the card user verification device 70.
Processor 102 communicatively couples to network interface 98 and memory unit 106, and controls the operation and administration of card user identification device 94 by processing information received from network interface 98 and memory unit 106. Processor 102 includes any hardware and/or software that operates to control and process information. For example, processor 102 executes card user identification device management application 110 to control the operation of card user identification device 94. Processor 102 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
Memory unit 106 stores, either permanently or temporarily, data, operational software, or other information for processor 102. Memory unit 106 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information. For example, memory unit 106 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 106 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 106. While illustrated as including particular information modules, memory unit 106 may include any suitable information for use in the operation of card user identification device 94.
As illustrated, memory unit 106 includes card user identification device management application 110, verification codes 114, and verification management application 46b. Card user identification device management application 110 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of card user identification device 94. Verification codes 114 represent any code that may be used to identify the card user as the approved user of the payment card
(as opposed to another person who may have fraudulently obtained the payment card).
Examples of verification codes 114 are discussed in further detail below. Verification management application 46b may be substantially similar to verification management application 46a (stored in memory unit 34 of verification entity device 14). As such, verification management application 46b represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting verification codes 114. Verification management application 46b may be received by (and stored by) card user identification device 94 prior to card user identification device 94 receiving a challenge code 38. For example, verification management application 46b may be received by (and stored by) card user identification device 94 when card user identification device 94 is manufactured, programmed, and/or updated to operate with system 10. Furthermore, verification management application 46b may be received by (and stored by) card user identification device 94 at any other time. For example, verification management application 46b may be a portion of the challenge code 38 communicated for receipt by the card user identification device 94. In such an example, the card user identification device 94 may receive (and store) the verification management application 46b the first time it receives the challenge code 38 (or every time it receives the challenge code 38). As another example, verification management application 46b may be communicated to the card user identification device 94 in the same message as a challenge code 38, in a message prior to the communication of the challenge code 38, or in a message after the communication of the challenge code 38. As such, the card user identification device 94 may receive (and store) the verification management application 46b prior to receiving a challenge code 38, at the same time (or substantially the same time) as receiving a challenge code 38, or after receiving a challenge code 38. Examples of verification management application 46b are discussed in further detail below.
In an exemplary embodiment of operation, a card user may desire to conduct an online transaction with a particular merchant. For example, a card user may desire to purchase an item (such as a shirt) using a payment card (such as a credit card) and a transaction device 62 (such as the card user's laptop computer or mobile phone). In order to do so, the card user may access the merchant interface 66 associated with the merchant in order to select the item, and may provide the merchant with payment card information (via online payment 150). As a result of receiving the payment card information, the merchant device may begin processing the payment card information by providing an indication (via indication 154) to verification entity device 14 that the card user is attempting to perform an online transaction with the merchant using the payment card.
In order to protect against fraud, the verification entity (such as a credit card company or a clearinghouse that communicates with a credit card company) may desire to verify that the person attempting to perform the online transaction with the payment card is the card user that is authorized to use the payment card. For example, the credit card company may desire to verify that a card issued to John Doe is being used by John Doe, as opposed to someone that may have fraudulently obtained the card (or information about the card) issued to John Doe. To verify the identity of the person using the payment card, verification entity device 14 may communicate a challenge code 38 configured to interrogate a card user identification device 94 carried by (or otherwise associated with) the card user, such as a wireless identification tag attached to the keys of John Doe. The challenge code 38 may be first communicated to merchant device 54 (via first challenge message 158), which may then re- communicate the challenge code 38 to transaction device 62 (via second challenge message 162). The transaction device 62 may then re-communicate the challenge code 38 (via third challenge message 166) to a card user verification device 70, such as a wireless radio frequency identification transceiver connected to the USB port of the transaction device 62. Card user verification device 70 may receive the challenge code 38 and re-communicate the challenge code 38 to the card user identification device 94 (via fourth challenge message 170) carried by the card user, such as the wireless identification tag attached to the keys of John Doe. The challenge code 38 may interrogate the card user identification device 94, causing the card user identification device 94 to select a verification code 114 (via a predefined manner of verification management application 46b) and communicate (via first verification response message 174) the verification code 114 back to card user verification device 70. The card user verification device 70 may receive the verification code 114 and then re- communicate the verification code 114 to transaction device 62 (via second verification response message 178). The transaction device 62 may re-communicate the verification code 114 to merchant device 54 (via third verification response message 182), and the merchant device 54 may re-communicate the verification code 114 to verification entity device 14 (via fourth verification response message 186).
Following receipt of verification code 114, verification entity device 14 may select a comparison code 42 (via the predefined manner of verification management application 46a) to compare to the verification code 114 received from the card user identification device 94. If the verification code 114 does not match the comparison code 42 (or a verification code 114 is never received in response to a challenge code 38), verification entity device 14 may deny the processing of the online transaction. On the other hand, if the verification code 114 does match the comparison code 42, verification entity device 14 may verify the online transaction (or otherwise approve the processing of the online transaction) via verification signal 190 communicated to merchant device 54, and the online transaction may be allowed to occur. In particular embodiments, this method of verifying an online transaction may provide additional protection against fraud. For example, even if a person (or a device) is able to steal or copy a card user's payment card information (such as the payment card number, expiration date, and verification code) or the payment card (itself), the person may be unable to conduct one or more online transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 94 (or the card user verification device 70). As another example, even if a person (or a device) is also able to attempt to respond to a challenge code 38 using a fraudulent device, the code provided by the fraudulent device may not match the comparison code 42 utilized by the verification entity device 14 because the fraudulent device may not have access to verification codes 114 or the verification management application 46b that results in a verification code 114 being selected in a predefined manner. Further details regarding particular examples of these sequences illustrated in FIG. 1 are discussed below.
As is stated above, a card user may initiate an online transaction with a merchant by providing payment card information to the merchant via online payment 150. Online payment 150 may be performed in any suitable manner. As an example, the card user may type (or otherwise enter) the payment card information into merchant interface 66, and then communicate the payment card information to the merchant device 54. As a further example, the payment card information may be automatically entered into merchant interface 54, such as when the payment card information is already saved (or otherwise on file with the merchant, the merchant device 54, the merchant interface 66, and/or the transaction device 62) for future online transactions. In such an example, once the payment card information is automatically entered, the card user may communicate the payment card information to the merchant device 54.
As a result of merchant device 54 receiving the payment card information, merchant device 54 may communicate indication 154 to verification entity device 14, indicating that that the card user is attempting to perform an online transaction with the merchant using the payment card. Indication 154 may include any information about the attempted online transaction. For example, indication 154 may include all (or a portion) of the payment card information received by the merchant device 54, information associated with the merchant
(such as information that identifies the merchant), information associated with the online transaction (such as the purchase amount for the online transaction and details about what is being purchased), any other information desired by a verification entity for approving an online transaction, or any combination of the preceding. Although indication 154 has been illustrated as being communicated directly from merchant device 54 to verification entity device 14, in particular embodiments, indication 154 may be communicated to one or more additional devices (not shown) before indication 154 is received by verification entity device 14. For example, indication 154 may first be communicated to a payment processor (such as a payment processing system run by, for example, First Data Merchant Services Corporation), and then the payment processor may re- communicate the indication 154 to verification entity device 14. The payment processor may re-communicate all or a portion of indication 154. Additionally, the payment processor may perform one or more payment processing actions (using the information in indication 154) prior to re-communicating indication 154. In such an example, the payment processor may add information associated with these additional payment processing actions to indication 154 prior to re-communicating indication 154 to verification entity device 14.
Following receipt of indication 154, verification entity device 14 may communicate a challenge code 38 (via first challenge message 158) for receipt by the card user identification device 94. As is discussed above, a challenge code 38 represents any code that may be used to interrogate card user identification device 94 for a verification code 114. For example, a challenge code 38 may be a computer-readable code that forces, requests, or causes a response from card user identification device 94. In such an example, the challenge code 38 may force, request, or cause the card user identification device 94 to select a verification code 114 stored at the card user identification device 94 and communicate the verification code 114 for receipt by the verification entity device 14.
A challenge code 38 may be the same code for all card user identification devices 94, or may be unique for each card user identification device 94 (or for one or more card user identification devices 94). For example, a challenge code 38 for a card user identification device 94 carried by John Doe may be different than a challenge code 38 for a card user identification device 94 carried by Jane Doe. Challenge code 38 may be the same challenge code every time it is sent for receipt by a particular card user identification device 94, or it may be different every time it is sent for receipt by a particular card user identification device
94. For example, challenge code 38 may include one or more details associated with the online transaction (such as the purchase amount, the merchant identification, the time and/or date associated with the online transaction or the challenge code 38, etc.), thereby causing it to be different every time it is sent for receipt by the card user identification device 94 carried by John Doe. As another example, the challenge code 38 may include a particular verification management application 46b for use by the card user identification device 94 for that online transaction. As a further example, the challenge code 38 may include particular instructions for responding to the challenge code 38 (such as a particular question that is to be answered using the verification code 114).
Following communication of challenge code 38 for receipt by a card user identification device 94, the challenge code 38 may be received by merchant device 54. Merchant device 54 may then re-communicate the challenge code 38 to transaction device 62 (via second challenge message 162), and transaction device 62 may re-communicate the challenge code 38 to card user verification device 70 (via third challenge message 166). Card user verification device 70 may act as an intermediary between verification entity device 14 and card user identification device 94. By doing so, card user verification device 70 may receive the challenge code 38 from verification entity device 14 (via first challenge message 158, second challenge message 162, and third challenge message 166) and re-communicate the challenge code 38 to card user identification device 94 (via fourth challenge message 170). Card user verification device 70 may re-communicate challenge code 38 in the same form (and/or in the same manner) in which card user verification device 70 received the challenge code 38. For example, card user verification device 70 may act as an amplifier (or an access point) that provides a network connection between verification entity device 14 and card user identification device 94. Additionally (or alternatively), card user verification device 70 may re-communicate challenge code 38 in a different form (and/or in a different manner) than what card user verification device 70 received the challenge code 38 as. For example, card user verification device 70 may receive the challenge code 38 in digital form over a wired connection and re-communicate the challenge code 38 in analog form over a wireless connection. As another example, card user verification device 70 may receive the challenge code 38 in digital form over a wireless connection and re-communicate the challenge code 38 in a radio frequency (or as a particular audio tone) over a different wireless connection. As a further example, card user verification device 70 may receive the challenge code 38 in a digital form over a wired connection and re-communicate the challenge code 38 as a graphical image (such as a barcode, a QR code, a universal product code (UPC), a matrix bar code, a MaxiCode, or a ShotCode) that may be scanned or copied by the card user identification device 94. In such examples, card user verification device 70 may act as a converter to convert challenge code 38 from a form (and/or a communication manner) that cannot be received by the card user identification device 94 to a form (and/or a communication manner) that can be received by the card user identification device 94.
Although challenge code 38 has been illustrated as being communicated from verification entity device 14 to card user verification device 70 (via various devices and messages) for re-communication to card user identification device 94, in particular embodiments, the challenge code 38 may be communicated directly from verification entity device 14 to the card user verification device 70 (for re-communication to card user identification device 94). For example, the card user verification device 70 may be a mobile phone that receives the challenge code 38 directly from the verification entity device 14. In such an example, the mobile phone may be running a mobile phone application associated with the verification entity device 14, and the verification entity device 14 may push the challenge code 38 directly to the mobile phone. Furthermore, the card user verification device 70 (such as a mobile phone) may be connected directly to the verification entity device 14 via a communication network, such as a network similar to network 50 (discussed above).
Additionally, although challenge code 38 has been illustrated as being communicated from verification entity device 14 to card user identification device 94 (via various devices and various messages), in particular embodiments, the challenge code 38 may be communicated directly from verification entity device 14 to the card user identification device 94. For example, the card user identification device 94 may be a mobile phone that receives the challenge code 38 directly. In such an example, the mobile phone may be running a mobile phone application associated with the verification entity device 14, and the verification entity device 14 may push the challenge code 38 directly to the mobile phone. Furthermore, the card user identification device 94 (such as a mobile phone) may be connected directly to the verification entity device 14 via a communication network, such as a network similar to network 50 (discussed above). In response to receiving the challenge code 38 directly from the verification entity device 14, the card user identification device 94 may communicate a verification code 114 to the card user verification device 70, which may then re-communicate the verification code 114 to the verification entity device 14 (either directly or via various devices and/or messages).
Furthermore, although challenge code 38 has been illustrated as being automatically re-communicated from the card user verification device 70 to the card user identification device 94, in particular embodiments, the re-communication (and/or even the original communication) of the challenge code 38 to the card user identification device 94 may only occur after a signal is first received from the card user identification device 94. For example, before the challenge code 38 may be received by the card user identification device 94 (and/or even communicated to the card user identification device 94), the card user may activate the card user identification device 94 (such as by pushing a button on the card user identification device 94 or performing any other user action with the card user identification device 94). This activation by the card user may cause the card user identification device 94 to send a signal to the card user verification device 70 (and/or the verification entity device 14) indicating that the card user identification device 94 is ready to receive the challenge code 38. Following receipt of this signal from the card user identification device 94, the challenge code 38 may be communicated to (and received by) the card user identification device 94.
Following receipt of the challenge code 38 by the card user identification device 94, the card user identification device 94 may (in response to the interrogation provided by the challenge code 38) select one of the verification codes 1 14 stored at the card user identification device 94. Furthermore, the card user identification device 94 may communicate the verification code 114 for receipt by the verification entity device 14. As is discussed above, a verification code 114 represents any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card information and/or the payment card). For example, a verification code 114 may be a predefined code stored at the card user identification device 94, and may be configured to match a comparison code 42 stored at the verification entity device 14. The verification code 114 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding. The verification code 114 may have any length, size, or dimension. For example, the verification code 114 may be a 35 character password.
The verification code 114 may match a comparison code 42 when all or a portion of the verification code 114 is identical to all or a portion of the comparison code 42. For example, the verification code 114 may match the comparison code 42 when the last 30 digits of the verification code 114 are identical to the last 30 digits of the comparison code 42.
Additionally (or alternatively), the verification code 114 may match a comparison code 42 when the verification code 114 is an answer to the comparison code 42 (such as an answer to a question), when the verification code 114 completes the comparison code 42 (such as a final piece of a puzzle), when the verification code 114 is the opposite of the comparison code 42 (such as the term "up" is the opposite of "down"), any other manner of matching, or any combination of the preceding.
Card user identification device 94 may store any suitable number of different verification codes 114. For example, card user identification device 94 may store 2 different verification codes 114, 5 different verification codes 114, 10 different verification codes 114, 15 different verification codes 114, 25 different verification codes 114, 50 different verification codes 114, 100 different verification codes 114, 1,000 different verification codes 114, 10,000 different verification codes 114, 1 million different verification codes 114, or any other number of different verification codes 114. Furthermore, following receipt of the challenge code 38 by the card user identification device 94, the card user identification device 94 may select one of the verification codes 114 stored at the card user identification device 94. The card user identification device 94 may select one of the verification codes 114 according to a predefined manner based on verification management application 46b. For example, card user identification device 94 may select one of the verification codes 114 by sequentially rotating through each of the verification codes 114 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes 114 (e.g., skipping from the first code to the fifth code), by selecting a position of one of the verification codes 114 (e.g., selecting the code positioned in column five, row ten), any other manner of selecting one of the verification codes 114 according to a predefined manner based on verification management application 46b, or any combination of the preceding. Furthermore, selection of the verification code 114 may further include modifying the verification code 114. For example, the verification code 114 may be modified to include information from the challenge code 38, such as all or a portion of the challenge code 38, or details associated with the online transaction (e.g., the purchase amount, the merchant identification, the date and/or time associated with the online transaction or the challenge code 38, etc.). As another example, the verification code 114 may be modified to include information regarding the date and/or time associated with the selection of the verification code 114. Further details regarding examples of the selection of a verification code 114 are discussed below with regard to FIG. 2.
Following the selection of the verification code 114, the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 via first verification response message 174. The card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in any suitable manner (and/or any suitable form). As an example, the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in the same manner of communication (and/or form) by which the card user identification device 94 received the challenge code 38. In such an example, if the card user identification device 94 received the challenge code 38 in a particular radio frequency, the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in the same radio frequency. As another example, the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in a different manner of communication (and/or form) than that by which the card user identification device 94 received the challenge code 38. In such an example, if the card user identification device 94 received the challenge code 38 as a particular audio tone, the card user identification device 94 may communicate the verification code 114 to the card user verification device 70 in a different audio tone, a radio frequency, a graphical image displayed or sent to the card user verification device 70, any other manner (and/or form) different from that by which the card user identification device 94 received the challenge code 38, or any combination of the preceding.
Furthermore, the selection and communication processes of the verification code 114 by the card user identification device 94 may occur without user intervention. For example, following the reception of the challenge code 38 by the card user identification device 94, the card user identification device 94 may both automatically select and communicate the verification code 114 without any intervention by the card user (e.g., without the card user pressing a button, confirming a selection, pointing the card user identification device 94 in a particular direction, scanning the card user identification device 94, etc.). As such, verifying the online transaction using the card user identification device 94 may occur without any action by the user, other than the card user actually carrying the card user identification device 94 with them when performing the online transaction (such as carrying the card user identification device 94 in the card user's purse or attached to the card user's keys) and/or other than the card user performing the online transaction with a transaction device 62 (and/or card user verification device 70) that is within communication range to the card user identification device 94 (such as within Bluetooth range, WiFi range, radio frequency identification range, infrared range, or any other suitable range). Alternatively, one or more (or both) of the selection and communication processes of the verification code 114 by the card user identification device 94 may occur with user intervention. For example, selection of the verification code 114 may occur when the card user presses a button on the card user identification device 94 to select the verification code 114, when the card user points the card user identification device 94 at the card user verification device 70 (or hovers the card user identification device 94 over a scanner at the card user verification device 70), when the card user performs any other manner of user intervention, or any combination of the preceding. As another example, communication of the verification code 114 may occur when the card user points the card user identification device 94 at the card user verification device 70 (or hovers the card user identification device 94 over a scanner at the card user verification device 70), when the card user swipes the card user identification device 94 (such as a smart card) through a card reader on the card user verification device 70, when the card user presses a button to communicate the verification code 114, any other manner of user intervention, or any combination of the preceding.
Following receipt of the verification code 114 by card user verification device 70, the card user verification device 70 may re-communicate the verification code 114 for receipt by the verification entity device 14 via second verification response message 174. Card user verification device 70 may re-communicate the verification code 114 in the same form (and/or communication manner) in which card user verification device 70 received the verification code 114. Furthermore (or alternatively), card user verification device 70 may re-communicate the verification code 114 in a different form (and/or manner) than by which the card user verification device 70 received the verification code 114. For example, if the card user verification device 70 received the verification code 114 via a wireless radio frequency, the card user verification device 70 may re-communicate the verification code 114 to the verification entity device 14 via a wired internet connection. In such an example, card user verification device 70 may act as a converter to convert verification code 114 from a form (and or communication manner) that cannot be received by the verification entity device 14 to a form (or communication manner) that can be received by the verification entity device 14. Following re-communication of the verification code 114 from card user verification device 70 (via second verification response message 174), transaction device 62 may receive the verification code 114, and re-communicate the verification code 114 to merchant device 54 (via third verification response message 182). Furthermore, merchant device 54 may then re-communicate the verification code 114 to the verification entity device 14 (via fourth verification response message 186).
Following receipt of the verification code 114 by the verification entity device 14, the verification entity device 14 may select one of the comparison codes 42 stored at the verification entity device 14 for comparison with the verification code 114. As is discussed above, a comparison code 42 represents any code that may be compared to a verification code 114 in order to verify an online transaction. For example, a comparison code 42 may be predefined code stored at the verification entity device 14 and that is configured to match a verification code 114 stored at the card user identification device 94. Similar to the verification code 114, the comparison code 42 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding. The comparison code 42 may have any length, size, or dimension. For example, the comparison code 42 may be a 35 character password. The comparison code 42 may match a verification code 114 when all or a portion of the comparison code 42 is identical to all or a portion of the verification code 114. Additionally, the comparison code 42 may match a verification code 114 in any of the manners of matching discussed above with regard to verification codes 114.
Verification entity device 14 may store (for each account 34) any suitable number of different comparison codes 42. For example, verification entity device 14 may store (for each account 34) 2 different comparison codes 42, 5 different comparison codes 42, 10 different comparison codes 42, 15 different comparison codes 42, 25 different comparison codes 42, 50 different comparison codes 42, 100 different comparison codes 42, 1,000 different comparison codes 42, 10,000 different comparison codes 42, 1 million different comparison codes 42, or any other number of different comparison codes 42. As another example, verification entity device 14 may store (for each account 34) a matching comparison code 42 for each verification code 114 stored by the card user identification device 94 (and associated with an account 34). In such an example, if the card user identification device 94 stores 10 different verification codes 114, the verification entity device 14 may store 10 matching comparison codes 42.
The verification entity device 14 may select one of the comparison codes 42 according to the same predefined manner utilized by the card user identification device 94.
For example, if the card user identification device 94 selects one of the verification codes 114 by sequentially rotating through each of the verification codes 114 (e.g., rotating from a first code to a second code), the verification entity device 14 may select one of the comparison codes 42 by sequentially rotating through each of the comparison codes 42 (e.g., rotating from a first code to a second code). As such, both the card user identification device 94 and the verification entity device 14 may utilize the same predefined manner (based on verification management applications 46b and 46a, respectively) to select a matching verification code 114 and comparison code 42. Furthermore, selection of the comparison code 42 may further include modifying comparison code 42. For example, the comparison code 42 may be modified to include information from the challenge code 38, such as all or a portion of the challenge code 38, or details associated with the online transaction (e.g., the purchase amount, the merchant identification, the time and/or date associated with the online transaction or the challenge code 38, etc.). As another example, the comparison code 42 may be modified to include information regarding the date and/or time associated with the reception of the verification code 114. Further details regarding examples of the selection of a comparison code 42 are discussed below with regard to FIG. 2.
Although the verification entity device 14 has been discussed above as selecting one of the comparison codes 42 according to the same predefined manner utilized by the card user identification device 94, in particular embodiments, the verification entity device 14 may select one of the comparison codes 42 in a different predefined manner than the card user identification device 94 (but in a manner that still causes the selected comparison code 42 to match the selected verification code 114). For example, the verification entity device 14 may store the comparison codes 42 in a different order than the card user identification device 94 stores the matching verification codes 114. In such an example, the verification entity device
14 may select the comparison code 42 using a first predefined manner (such as by sequentially rotating through each of the comparison codes 42, for example) while the card user identification device 94 may select the matching verification code 114 using a second predefined manner (such as by skipping over a predefined number of the verification codes
114, for example). Furthermore, although selection of the comparison code 42 has been discussed above as occurring after reception of the verification code 114, the comparison code 42 may be selected any time after indication 154 is received by the verification entity device 14. For example, the comparison code 42 may be selected before the challenge code
38 is communicated for receipt by the card user identification device 94. As another example, the comparison code 42 may be selected after the challenge code 38 is communicated for receipt by the card user identification device 94, but before the verification entity device 14 receives the verification code 114.
Following receipt of the verification code 114 by the verification entity device 14 and further following selection of the comparison code 42 by the verification entity device 14, the verification entity device 14 may compare the verification code 114 to the comparison code 42 in order to determine whether the verification code 114 matches the comparison code 42. If the verification code 114 does not match the comparison code 42 (or a verification code 114 is never received in response to a challenge code 38), verification entity device 14 may deny the online transaction. This denial may result in a denial message (not shown) being sent to merchant device 54, transaction device 62, card user verification device 70, and/or card user identification device 94. As a result, the online transaction will not be allowed to occur. On the other hand, if the verification code 114 does match the comparison code 42, verification entity device 14 may verify the online transaction (or otherwise approve the processing of the online transaction) by communicating a verification signal 190 to merchant device 54 (and/or one or more of transaction device 62, card user verification device 70, and card user identification device 94). As such, the online transaction may be allowed to occur.
Although verification entity device 14 has been illustrated as comparing a single verification code 114 to a single comparison code 42 in order to verify a particular online transaction, in particular embodiments, verification entity device 14 may compare more than one verification code 114 to more than one comparison code 42 in order to verify the particular online transaction. For example, for each online transaction, two or more verification codes 114 and two or more comparison codes 42 may be selected for the verification process. In such an example, verification entity device 14 may only verify (or otherwise allow) the online transaction if each of the selected verification codes 114 match each of the selected comparison codes 42.
Furthermore, although verification entity device 14 has been illustrated as verifying
(or otherwise approving) the online transaction if the verification code 114 matches the comparison code 42, in particular embodiments, verification (or approval) of the online transaction may include various additional steps. For example, verification entity device 14 may determine whether the payment card has been reported lost or stolen, whether the online transaction appears suspicious based on the card user's typical purchases, whether there is a sufficient balance associated with the payment card to approve the online transaction, whether the online transaction will cause a credit limit associated with the payment card (or account 34) to be overdrawn, whether a billing address listed in the payment card information received from the card user matches the billing address listed in account 34 for the card user, any other suitable method for determining whether to verify (or approve) the online transaction, or any combination of the preceding.
Additionally, although verification entity device 14 has been illustrated as storing and communicating challenge codes 38, storing and selecting comparison codes 42, and verifying the online transactions by comparing comparison codes 42 to verification codes 114, in particular embodiments, one or more (or all) of these actions may be performed by other devices or components of system 10, such as card user verification device 74, transaction device 62, merchant device 54, and/or one or more third party devices or components. For example, card user verification device 70 may store and communicate challenge codes 38, store and select comparison codes 42, and verify the online transactions by comparing comparison codes 42 to verification codes 114. In such an example, verification entity device 14 may approve the online transaction (or otherwise allow the online transaction to occur) if the card user verification device 70 verifies the online transaction and communicates a verification signal (such as verification signal 190) to the verification entity device 14. As another example, merchant device 54 and/or the transaction device 62 (using merchant interface 66) may store and communicate challenge codes 38 for receipt by the card user identification device 94. In such an example, the transaction device 62 may include a plug in application installed on a web browser, and the plug in application may communicate a challenge code 38 for receipt by the card user identification device 94 after the payment card information has been entered into merchant interface 66).
In particular embodiments, the above-described method of verifying an online transaction may provide additional protection against fraud. For example, even if a person (or a device) is able to steal or copy a card user's payment card information (such as the payment card number, expiration date, and verification code) or the payment card (itself), the person may be unable to conduct one or more online transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 94 (or the card user verification device 70). As another example, even if a person (or a device) is also able to attempt to respond to a challenge code 38 using a fraudulent device, the code provided by the fraudulent device may not match the comparison code 42 utilized by the verification entity device 14 because the fraudulent device may not have access to verification codes 114 or the verification management application 46b that results in a verification code 114 being selected in a predefined manner.
Modifications, additions, or omissions may be made to system 10 without departing from the scope of the invention. For example, verification entity device 14 may verify any number of online transactions that are performed using any number of merchant devices 54, card user environments 58, transaction devices 62, card user verification devices 70, card user identification devices 94, card users, and/or merchants. Additionally, system 10 may include any number of verification entity devices 14, networks 50, merchant devices 54, card user environments 58, transaction devices 62, card user verification devices 70, networks 90, and/or card user identification devices 94 (and/or any number of components, such as processors or memory units illustrated in the above described devices). Also, any suitable logic may perform the functions of system 10 and the components and/or devices within system 10. Furthermore, one or more components of system 10 may be combined. For example, transaction device 62 may be a virtual processing system that utilizes a portion of merchant device 54 (and/or the processing capability of merchant device 54) to perform (or attempt to perform) an online transaction.
Additionally, system 10 may include additional components. For example, as is discussed above, a payment processor (such as a payment processing system run by, for example, First Data Merchant Services Corporation) may be communicatively located in- between the merchant device 54 and the verification entity device 14. In such an example, all or a portion of one or more communications between merchant device 54 and verification entity device 14 may be communicated through (and/or modified by) the payment processor. As another example, system 10 may further include one or more additional secured devices (such as additional secured servers) that receive all or a portion of the payment card information communicated by the card user when performing (or attempting to perform) the online transaction. In such an example, the payment card information entered by the card user may not be communicated to the merchant device 54, but instead may be communicated to an additional secured server that is associated with the merchant. As such, the payment card information may be even further protected from fraudulent attempts to access it.
Furthermore, one or more of the communications (such as all of the communications) between one or more components of system 10 (such as verification entity device 14, network 50, merchant device 54, card user environment 58, transaction device 62, card user verification device 70, network 90, and/or card user identification device 94) may be encrypted (or otherwise secured in any suitable manner), providing protection against fraudulent attempts to access the information included in the communications. Additionally, one or more of the communications (such as all of the communications) between one or more components of system 10 (such as verification entity device 14, network 50, merchant device 54, card user environment 58, transaction device 62, card user verification device 70, network 90, and/or card user identification device 94) may further include one or more codes that may assist in identifying the communication as being sent by one of the devices or components of system 10. For example, the card user verification device 70 may generate a random code, and insert the code into any communication with the card user identification device 94. Based on this random code, card user identification device 94 may be able to identify the communication as having been sent by the card user verification device 70, and thus the card user identification device 94 may respond to the communication. In such an example, the card user identification device 94 may also generate a random code, and insert the code into any communication with the card user verification device 70. Based on this random code, card user verification device 70 may be able to identify the communication as having been sent by the card user identification device 94, and thus the card user verification device 70 may re-communicate the communication for receipt by the verification entity device 14.
FIG. 2 illustrates an example selection 200 of verification codes 114 and comparison codes 42. Verification codes 114 are selected by the card user identification device 94 of FIG. 1, and comparison codes 42 are selected by the verification entity device 14 of FIG. 1, for example. Furthermore, following selection (and communication) of verification codes 114 and comparison codes 42, verification entity device 14 may compare verification codes 114 to comparison codes 42 in order to determine whether to allow an online transaction to occur, as is discussed above.
Verification codes 114 and comparison codes 42 may each be selected according to a predefined manner based on verification management applications 46. For example, verification codes 114 and comparison codes 42 may be selected by sequentially rotating through each of the verification codes 114 and comparison codes 42 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes
114 and comparison codes 42 (e.g., skipping from the first code to the fifth code), by selecting a position of one of the verification codes 114 and comparison codes 42 (e.g., selecting the code positioned in column five, row ten), any other manner of selecting one of the verification codes 114 and one of the comparison codes 42 according to a predefined manner based on verification management applications 46, or any combination of the preceding.
As illustrated, verification codes 114 and comparison codes 42 may each be selected by sequentially rotating through each of the verification codes 114 and comparison codes 42. For example, the card user identification device 94 may store the following verification codes 114: Code A, Code B, Code C, Code D, ... Code n. Furthermore, the verification entity device 14 may store the following comparison codes 42, each of which match a respective verification code 114: Code A, Code B, Code C, Code D, ... Code n.
In one example of the operation of selection 200, when a card user attempts to perform a first potential online transaction using a payment card (such as when a card user attempts to purchase a shirt from merchant A), the predefined manner (based on verification management application 46b) may cause the card user identification device 94 to select Code A as the verification code 114 for communication to the verification entity device 14. Furthermore, the same predefined manner (based on verification management application 46a) may cause the verification entity device 14 to select the matching Code A as the comparison code 42. As such, the verification code 114 (i.e., Code A) will match comparison code 42 (i.e., Code A), and the first online transaction will be allowed to proceed.
For the second potential online transaction of the card user (such as when the card user attempts to purchase shoes from merchant B), the predefined manner (based on verification management application 46b) may cause the card user identification device 94 to sequentially rotate to and select Code B as the verification code 114 for communication to the verification entity device 14. That is, the sequential rotation may cause the card user identification device 94 to rotate to and select the next verification code 114 (i.e., Code B) in the sequence of verification codes 114. Furthermore, the same predefined manner (based on verification management application 46a) may cause the verification entity device 14 to sequentially rotate to and select the matching Code B as the comparison code 42. As such, the verification code 114 (i.e., Code B) will match the comparison code 42 (i.e., Code B), and the second online transaction will be allowed to proceed.
This sequential rotation through (and selection of) the verification codes 114 and comparison codes 42 may continue until Code n is selected for both the verification code 114 and the comparison code 42. After Code n is selected, the process of selecting verification codes 114 and comparison codes 42 may be reset (as is seen by resets 204a and 204b) back to
Code A. Therefore, for the next potential online transaction of the card user (such as when the card user attempts to pay for a hair cut from merchant O), the predefined manner (based on verification management application 46b) may cause the card user identification device 94 to sequentially rotate to (via reset 204a) and re-select Code A as the verification code 114 for communication to the verification entity device 14. Furthermore, the same predefined manner (based on verification management application 46a) may cause the verification entity device 14 to sequentially rotate to (via reset 204b) and re-select the matching Code A as the comparison code 42. As such, the verification code 114 (i.e., Code A) will match the comparison code 42 (i.e., Code A), and the next online transaction will be allowed to proceed.
Based on the sequential rotation through verification codes 114 and comparison codes 42, the verification codes 114 and comparison codes 42 may be rotated through continuously. This may allow the same code to be re-used as the verification code 114 and comparison code 42 at a later date and/or time from the original use of the code. As such, the card user identification device 94 may not need to receive new verification codes 114 from verification entity device 14 (or some other device associated with the verification entity) when all of the verification codes 114 have already been used.
Modifications, additions, or omissions may be made to selection 200 without departing from the scope of the invention. For example, although selection 200 illustrates a sequential rotation for selecting verification codes 114 and comparison codes 42, any other manner of selecting one of the verification codes 114 and one of the comparison codes 42 may be utilized (such as a reverse sequential rotation where the rotation process rotates from Code B to Code A; skipping over a predefined number of the verification codes 114 and comparison codes 42; selecting a position of one of the verification codes 114 and comparison codes 42; or any combination of the preceding). Additionally, selection 200 may be performed using any number of verification codes 114 and comparison codes 42.
FIG. 3 illustrates an example telephone transaction verification system 310 that verifies telephone transactions between card users and merchants. System 310 includes a verification entity device 314 that stores comparison codes 342, and further includes a card user identification device 386 that stores verification codes 406. When a card user attempts to perform a telephone transaction using payment card information (e.g., credit card information) and a card user telephone device (e.g., the card user's mobile phone), the verification entity device 314 may compare a comparison code 342 (which is selected in a predefined manner by the verification entity device 314) with a verification code 406 (which is selected in the same predefined manner by the card user identification device 386 and then communicated to the verification entity device 314) in order to determine whether to approve the telephone transaction. In particular embodiments, this may provide additional protection against fraud. Furthermore, system 310 also includes a merchant verification device 354 that is communicatively coupled to the card user identification device 386 by the merchant telephone device 374 and the card user telephone device 382. In particular embodiments, this may allow the telephone transaction to be verified even though it is performed over a telephone connection, thereby allowing system 310 to provide additional protection against fraud in a telephone transaction.
A verification entity represents an entity that communicates with customers and/or merchants in order to verify telephone transactions between the customers and merchants. For example, a verification entity may be a financial institution, such as a credit card company, credit card servicer, debit card company, debit card servicer, bank, any other institution that communicates with customers and/or merchants in order to facilitate telephone transactions between the customers and merchants, or any combination of the preceding. In such an example, the verification entity verifies telephone transactions for customers that have a credit card account, a savings account, a debit card account, a checking account, any other account associated with the financial institution (or a merchant), or any combination of the preceding. As another example, the verification entity may be a third party entity, such as a clearinghouse, payment processing institution, any other entity that may communicate with a financial institution in order to assist in facilitating telephone transactions between the customers and merchants, or any combination of the preceding. In such an example, the verification entity verifies telephone transactions for customers (and/or merchants) associated with the financial institution. As a further example, a verification entity may be a combination of a financial institution and a third party entity.
A merchant represents an entity in any suitable industry that conducts a transaction (such as a telephone transaction) with a customer. The merchant may include a retailer, a wholesaler, a service company, or any other suitable entity that has customers and conducts transactions with the customers. The merchant may interact with the verification entity associated with a customer in order to facilitate each transaction.
A telephone transaction represents a transaction made between a customer and merchant over a telephone communication network (or any other audio communication network), and may include receiving payment from the customer for goods or services provided by the merchant (or crediting a refund to the customer). An example of a telephone transaction may be a customer calling a merchant over the phone in order to purchase goods from the merchant.
A payment card represents a credit card, a debit card, a check, a coupon linked to an account, a gift card linked to an account, a money order, a promissory note, or any other manner of non-cash payment. A card user (i.e., a customer using the payment card) may use the payment card in order to pay for goods or services from a merchant. For example, for a telephone transaction, the card user may verbally communicate their payment card information to an employee of the merchant in order to pay for goods or services from the merchant. Payment card information may represent any information associated with the payment card, the card user, and/or an account of the card user. For example, payment card information may include the payment card number, the payment card expiration date, the payment card verification code, the billing address associated with the payment card, the card user, and/or the account of the card user, the shipping address associated with the card user, any other information that may be used to process a telephone transaction, or any combination of the preceding.
When conducting a telephone transaction with a merchant, a customer typically pays for goods or services received from the merchant using credit/debit cards. Payments using credit/debit cards for a telephone transaction typically involve the customer verbally communicating their credit/debit card information to an employee of the merchant during a telephone conversation. Such telephone transactions, however, may be susceptible to fraud. Furthermore, typical techniques for preventing fraud in telephone transactions with credit/debit cards may be deficient. As such, in particular embodiments, system 310 of FIG. 3 may verify telephone transactions between card users and merchants in a manner that provide various advantages. For example, in order for a telephone transaction to be approved, the verification entity device 314 may compare a comparison code 342 selected by the verification entity device 314 with a verification code 406 selected by a card user identification device 386 carried by (or otherwise associated with) the card user. In such an example, even if a person (or a device) is able to steal or copy a card user's payment card information or the payment card, the person may be unable to conduct one or more telephone transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 386. Furthermore, even if a person (or a device) is also able to attempt to provide a code to the verification entity device 314 (using a fraudulent device, for example), the provided code may not match the comparison code 342 utilized by the verification entity device 314 because the fraudulent device may not have access to verification codes 406 or a verification management application 346b that results in a verification code 406 being selected in a predefined manner.
As another example, the card user identification device 386 may select a particular verification code 406 for a telephone transaction by sequentially rotating through each of the verification codes 406 stored at the card user identification device 386. In such an example, this may allow the same code to be re-used as the verification code 406 at a later date and/or time from the original use of the code. Furthermore, this may prevent the card user identification device 386 from needing to receive new verification codes 406 from verification entity device 314 (or some other device associated with the verification entity) when all of the verification codes 406 have already been used. As a further example, a verification code 406 stored in the card user identification device 386 may be selected and/or communicated for receipt by the verification entity device 314 without intervention by the card user. In such an example, the verification process may be easier for the card user because the card user may not need to perform any type of action to assist in the verification of the telephone transaction, other than the card user actually carrying the card user identification device 386 with them when performing the telephone transaction (such as carrying the card user identification device 386 in the card user's purse or attached to the card user's keys) and/or other than the card user performing the telephone transaction with a card user identification device 386 that is held (or otherwise positioned) within communication range to the card user telephone device 382 (such as within Bluetooth range, WiFi range, radio frequency identification range, infrared range, sound wave range, or any other suitable range).
As a further example, system 310 also includes a merchant verification device 354 that is communicatively coupled to the card user identification device 386 by the merchant telephone device 374 and the card user telephone device 382. In particular embodiments, this may allow the telephone transaction to be verified even though it is performed over a telephone connection, thereby allowing system 310 to provide additional protection against fraud in a telephone transaction. Therefore, system 310 may verify telephone transactions between card users and merchants in a manner that is advantageous.
Verification entity device 314 represents any suitable components that verify telephone transactions between card users and merchants. Verification entity device 314 may include a network server, any suitable remote server, a mainframe, a host computer, a workstation, a web server, a personal computer, a file server, or any other suitable device for verifying telephone transactions between card users and merchants. The functions of verification entity device 314 may be performed by any suitable combination of one or more servers or other components at one or more locations. In the embodiment where the verification entity device 314 is a server, the server may be a private server, and the server may be a virtual or physical server. The server may include one or more servers at the same or remote locations. Also, verification entity device 314 may include any suitable component that functions as a server. As illustrated, verification entity device 314 includes a network interface 318, a processor 322, and a memory unit 326.
Network interface 318 represents any suitable device operable to receive information from network 350, transmit information through network 350, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 318 receives an indication that the card user is attempting to perform a telephone transaction using payment card information and a card user telephone device. As another example, network interface 318 communicates a challenge code 338 for receipt by a card user identification device 386. Network interface 318 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), or other communication system that allows verification entity device 314 to exchange information with network 350, merchant verification device 354, merchant telephone device 374, network 378, card user telephone device 382, card user identification device 386, or other components of system 310.
Processor 322 communicatively couples to network interface 318 and memory unit 326, and controls the operation and administration of verification entity device 314 by processing information received from network interface 318 and memory unit 326. Processor 322 includes any hardware and/or software that operates to control and process information. For example, processor 322 executes verification entity device management application 330 to control the operation of verification entity device 314. Processor 322 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding. Memory unit 326 stores, either permanently or temporarily, data, operational software, or other information for processor 322. Memory unit 326 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information. For example, memory unit 326 may include random access memory (RAM), read only memory (ROM), magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 326 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 326. While illustrated as including particular information modules, memory unit 326 may include any suitable information for use in the operation of verification entity device 314.
As illustrated, memory unit 326 includes verification entity device management application 330 and accounts 334. Verification entity device management application 330 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of verification entity device 314. Accounts 334 represent any information regarding personal, commercial, and/or corporate accounts handled by verification entity device 314 with regard to one or more payment cards. For example, accounts 334 includes account numbers, nicknames for accounts, account identifiers associated with an account, balance information of an account (and/or a payment card linked to the account), limits of an account (and/or a payment card linked to the account), disclaimers associated with an account, card user preferences, data associated with one or more telephone transactions performed (or in the process of being performed) by a card user, any other suitable data, or any combination of the preceding. Account 334 for each different card user (or for each account that includes multiple authorized card users) may include challenge codes 338, comparison codes 342, and verification management application 346a.
Challenge codes 338 represent any code that may be used to interrogate card user identification device 386 for a verification code 406. Examples of challenge codes 338 are discussed in further detail below. Comparison codes 342 represent any code that may be compared to a verification code 406 in order to verify a telephone transaction. Examples of comparison codes 342 are discussed in further detail below. Verification management application 346a represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting comparison codes 342, verification codes 406, and/or verifying a telephone transaction using comparison codes 342 and verification codes 406. Examples of verification management application 346a are discussed in further detail below.
Network 350 represents any suitable network operable to facilitate communication between the components of system 310, such as verification entity device 314, network 350, merchant verification device 354, merchant telephone device 374, network 378, card user telephone device 382, and card user identification device 386. Network 350 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding. Network 350 may include all or a portion of a public switched telephone network (PSTN), a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components.
Merchant verification device 354 represents any suitable components that communicate with verification entity device 314 and card user identification device 386 in order to assist in the verification of telephone transactions between card users and merchants.
Merchant verification device 354 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a radio frequency transceiver, an audio-generation device (such as an audio sound modulator or an analog modem), any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 310, or any combination of the preceding. Merchant verification device 354 may act as an intermediary between verification entity device 314 and card user identification device 386.
As an example, verification entity device 314 may communicate a challenge code 338 for receipt by the card user identification device 386. In such an example, merchant verification device 354 may receive the challenge code 338 (prior to the card user identification device
386 receiving the challenge code 338) and may re-communicate the challenge code 338 for receipt by the card user identification device 386. Additionally, the card user identification device 386 may communicate a verification code 406 for receipt by the verification entity device 314. In such an example, the merchant verification device 354 may receive the verification code 406 (prior to the verification entity device 314 receiving the verification code 406) and may re-communicate the verification code 406 for receipt by the verification entity device 314.
Merchant verification device 354 may be associated with a merchant. For example, a particular merchant may be a retail chain that sells goods to card users. In such an example, this merchant may have one or more merchant verification devices 354 that allow the merchant to perform telephone transactions with a card user. The merchant verification device 354 may be connected to, combined with, or otherwise associated with the merchant telephone device 374, a cash register (or other device used to process purchases, such as a point-of-sale device) of the merchant, and/or a payment card reader (or other device used to process a payment card). As such, the merchant verification device 354 may be located at the merchant's location (and/or at the location of an employee of the merchant), and may act as an intermediary between the verification entity device 314 and the card user identification device 386. Merchant verification device 354 may include a user interface, such as a display, a microphone, a speaker, a keypad, a scanner (such as a barcode scanner), or other appropriate terminal equipment usable by a merchant or other user.
As illustrated, merchant verification device 354 includes a network interface 358, a processor 362, and a memory unit 366. Network interface 358 represents any suitable device operable to receive information from network 350 and/or network 378, transmit information through network 350 and/or network 378, perform processing of information, communicate with other devices, or any combination of the preceding. For example, network interface 358 receives a challenge code 338 from the verification entity device 314 and re-communicates the challenge code 338 for receipt by the card user identification device 386. As another example, network interface 358 receives a verification code 406 from the card user identification device 386 and re-communicates the verification code 406 for receipt by the verification entity device 314. Network interface 358 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 358 to exchange information with verification entity device 314, network 350, merchant telephone device 374, network 378, card user telephone device 382, card user identification device 386, or other components of system 310. As an example, network interface 358 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from the card user identification device 386. Processor 362 communicatively couples to network interface 358 and memory unit 366, and controls the operation and administration of merchant verification device 354 by processing information received from network interface 358 and memory unit 366. Processor 362 includes any hardware and/or software that operates to control and process information. For example, processor 362 executes merchant verification device management application 370 to control the operation of merchant verification device 354. Processor 362 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
Memory unit 366 stores, either permanently or temporarily, data, operational software, or other information for processor 362. Memory unit 366 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information. For example, memory unit 366 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 366 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 366. While illustrated as including particular information modules, memory unit 366 may include any suitable information for use in the operation of merchant verification device 354. As illustrated, memory unit 366 includes merchant verification device management application 370. Merchant verification device management application 370 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of merchant verification device 354.
Merchant telephone device 374 represents any suitable components that provide for telephone communication (or any other verbal communication) between card users and merchants. Merchant telephone device 374 may include a landline (or wired) telephone, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), a voice over internet protocol (VoIP) device (such as a VoIP telephone, a personal computer with VoIP capabilities, a workstation with VoIP capabilities, a laptop with VoIP capabilities), a telephone with video capabilities, a telephone with text-based capabilities (such as text-based hearing-impaired telephones), a two-way radio device, any other device (wireless, wireline, or otherwise) capable of providing for telephone communication (or other verbal communication) between card users and merchants, or any combination of the preceding. Merchant telephone device 374 may be associated with a merchant. For example, a particular merchant may be a retail chain that sells goods to card users. In such an example, this merchant may have one or more merchant telephone devices 374 that allow the merchant to receive/place calls with customers, communicate with customers, and/or perform telephone transactions with a card user (or other customer). As such, the merchant telephone device 374 may be located at the merchant's location (and/or at the location of an employee of the merchant). Merchant telephone device 374 may include a user interface, such as a display, a keypad, a microphone, an earphone, a speaker, a headset, or other appropriate terminal equipment usable by a merchant or other user.
As illustrated, merchant telephone device 374 is communicatively coupled to merchant verification device 354. Merchant telephone device 374 may communicate with merchant verification device 354 (or vice versa) in any suitable manner. For example, merchant telephone device 374 may include (or be coupled to) one or more interfaces, connections, or ports (such as an audio input port) that may communicatively couple merchant verification device 354 to merchant telephone device 374. In such an example, the merchant verification device 354 may be plugged into the interface, connection, or port, allowing the merchant verification device 354 to communicate with (or through) the merchant telephone device 374. As another example, a user of merchant verification device
354 and or merchant telephone device 374 may position merchant verification device 354 in a close proximity to merchant telephone device 374 so that audio signals generated and/or transmitted by merchant verification device 354 may be received by the merchant telephone device 374. In such an example, the merchant (or other user) may hold the merchant verification device 354 up to (or otherwise position the merchant verification device 354 near) the microphone/speaker of the merchant telephone device 374 so that the microphone/speaker may hear (or otherwise receive) an audio signal generated by the merchant verification device 354 (or so that the merchant verification device 354 may hear, or otherwise receive, an audio signal communicated by the merchant telephone device 374).
As another example, merchant telephone device 374 and merchant verification device 354 may be communicatively coupled through a network similar to network 350 (discussed above) and/or network 378 (discussed below). In such an example, merchant telephone device 374 and merchant verification device 354 may be communicatively coupled through a wireless network (such as a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network). Although merchant telephone device 374 is illustrated as a separate device from merchant verification device 354, merchant telephone device 374 may the same device as merchant verification device 354. In such an example, a single device may be used to provide for telephone communication between card users and merchants, and also to communicate with verification entity device 314 and card user identification device 386 in order to assist in the verification of telephone transactions between card users and merchants. As an example, the merchant telephone device 374 may be mobile phone running a mobile phone application that allows the merchant telephone device 374 to perform one or more (or all) of the functions of the merchant verification device 354.
Network 378 represents any suitable network operable to facilitate a telephone communication (or any other communication) between the components of system 310, such as merchant telephone device 374 and card user telephone device 382. Network 378 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding. Network 378 may include all or a portion of a PSTN, a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate a telephone communication (or any other communication) between the components of system 310. Furthermore, network 378 may be the same type of network as network 350, or network 378 may be a different type of network than network 350. For example, both network 378 and network 350 may be a combination of wireless and wireline networks. As another example, network 378 may be only a PSTN network (or only a wireless network), while network 350 may be a combination of wireless and wireline networks. Additionally, although network 378 and network 350 are illustrated as separate networks, network 378 and network 350 may be the same network. In such an example, a single network may communicate a challenge code 338 from verification entity device 314 to merchant verification device 354, and may further re-communicate the challenge code 338 from merchant telephone device 374 to card user telephone device 382.
Card user telephone device 382 represents any suitable components that provide for telephone communication between card users and merchants. Card user telephone device
382 may include a landline (or wired) telephone, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), a voice over internet protocol
(VoIP) device (such as a VoIP telephone, a personal computer with VoIP capabilities, a workstation with VoIP capabilities, a laptop with VoIP capabilities), a telephone with video capabilities, a telephone with text-based capabilities (such as text-based hearing-impaired telephones), a two-way radio device, any other device (wireless, wireline, or otherwise) capable of providing for telephone communication (or other verbal communication) between card users and merchants, or any combination of the preceding. Card user telephone device 382 may include a user interface, such as a display, a keypad, a microphone, an earphone, a speaker, a headset, or other appropriate terminal equipment usable by a card user.
Card user telephone device 382 may be associated with a card user. For example, the card user may own (or have access to) the card user telephone device 382 in order to conduct telephone communications (or other verbal communications). As such, the card user telephone device 382 may be located at the card user's location. The card user may utilize the card user telephone device 382 to communicate with the merchant (via network 378 and merchant telephone device 374) in order to perform (or attempt to perform) a telephone transaction with the merchant.
Card user identification device 386 represents any suitable components that communicate with merchant verification device 354 in order to provide verification codes 406 to the verification entity device 314 to verify telephone transactions between card users and merchants. Card user identification device 386 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, an audio-generation device (such as an audio sound modulator or an analog modem), any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with merchant verification device 354 (and/or other components of system 310), or any combination of the preceding. Additionally, the card user identification device 386 may include a user interface, such as a display, a microphone, a speaker, a keypad, a scanner (such as a barcode scanner), or other appropriate terminal equipment usable by a card user.
Card user identification device 386 may be carried by the card user (or otherwise associated with the card user). As such, when the card user attempts to conduct a telephone transaction with a merchant using payment card information (or the payment card), card user identification device 386 may communicate with merchant verification device 354 (and verification entity device 314) in order to provide verification codes 406 that may allow the verification entity device 314 to verify the telephone transaction. Card user identification device 386 may be carried by the card user (or otherwise associated with the card user) in any suitable manner. For example, the card user identification device 386 may be an audio- generation device that is attached to the card user's keys, wallet, purse, wearable items (such as a wearable wristband), and/or article of clothing (such as a belt). As another example, the card user identification device 386 may be an audio-generation device that is stored (or otherwise positioned) near the card user telephone device 382. As a further example, the card user identification device 86 may be the card user's mobile phone.
As illustrated, card user identification device 386 includes a network interface 390, a processor 394, and a memory unit 398. Network interface 390 represents any suitable device operable to receive information from network 378, transmit information through network 378, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 390 receives a challenge code 338 from the verification entity device 314 (via the merchant verification device 354, merchant telephone device 374, network 378, and card user telephone device 382) and communicates a verification code 406 to the verification entity device 314 (via the card user telephone device 382, network 378, merchant telephone device 374, and merchant verification device 354). Network interface 390 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 390 to exchange information with verification entity device 314, network 350, merchant verification device 354, merchant telephone device 374, network 378, card user telephone device 382, or other components of system 310. As an example, network interface 358 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from the merchant verification device 354.
Processor 394 communicatively couples to network interface 390 and memory unit 398, and controls the operation and administration of card user identification device 386 by processing information received from network interface 390 and memory unit 398. Processor 394 includes any hardware and/or software that operates to control and process information. For example, processor 394 executes card user identification device management application 402 to control the operation of card user identification device 386. Processor 394 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding. Memory unit 398 stores, either permanently or temporarily, data, operational software, or other information for processor 394. Memory unit 398 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information. For example, memory unit 398 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 398 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 398. While illustrated as including particular information modules, memory unit 398 may include any suitable information for use in the operation of card user identification device 386.
As illustrated, memory unit 398 includes card user identification device management application 402, verification codes 406, and verification management application 346b. Card user identification device management application 402 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of card user identification device 386. Verification codes 406 represent any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card). Examples of verification codes 406 are discussed in further detail below.
Verification management application 346b may be substantially similar to verification management application 346a (stored in memory unit 326 of verification entity device 314).
As such, verification management application 346b represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting verification codes 406. Verification management application
346b may be received by (and stored by) card user identification device 386 prior to card user identification device 386 receiving a challenge code 338. For example, verification management application 346b may be received by (and stored by) card user identification device 386 when card user identification device 386 is manufactured, programmed, and/or updated to operate with system 310. Furthermore, verification management application 346b may be received by (and stored by) card user identification device 386 at any other time. For example, verification management application 346b may be a portion of the challenge code
338 communicated for receipt by the card user identification device 386. In such an example, the card user identification device 386 may receive (and store) the verification management application 346b the first time it receives the challenge code 338 (or every time it receives the challenge code 338). As another example, verification management application 346b may be communicated to the card user identification device 386 in the same message as a challenge code 338, in a message prior to the communication of the challenge code 338, or in a message after the communication of the challenge code 338. As such, the card user identification device 386 may receive (and store) the verification management application 346b prior to receiving a challenge code 348, at the same time (or substantially the same time) as receiving a challenge code 338, or after receiving a challenge code 338. Examples of verification management application 346b are discussed in further detail below.
As illustrated, card user identification device 386 is communicatively coupled to the card user telephone device 382. Card user identification device 386 may communicate with the card user telephone device 382 (or vice versa) in any suitable manner. For example, card user telephone device 382 may include (or be coupled to) one or more interfaces, connections, or ports (such as an audio input port) that may communicatively couple card user identification device 386 to card user telephone device 382. In such an example, the card user identification device 386 may be plugged into the interface, connection, or port, allowing the card user identification device 386 to communicate with (or through) the card user telephone device 382. As another example, a user of card user identification device 386 and/or card user telephone device 382 may position card user identification device 386 in a close proximity to card user telephone device 382 so that audio signals generated and/or transmitted by card user identification device 386 may be received by the card user telephone device 382. In such an example, the card user (or other user) may hold the card user identification device 386 up to (or otherwise position the card user identification device 386 near) the microphone/speaker of the card user telephone device 382 so that the microphone/speaker may hear (or otherwise receive) an audio signal generated by the card user identification device 386 (or so that the card user identification device 386 may hear, or otherwise receive, an audio signal communicated by the merchant verification device 354). As another example, card user identification device 386 and card user telephone device 382 may be communicatively coupled through a network similar to network 350 (discussed above) and/or network 378 (also discussed above). In such an example, card user identification device 386 and card user telephone device 382 may be communicatively coupled through a wireless network (such as a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network). Although card user identification device 386 is illustrated as a separate device from card user telephone device 382, card user identification device 386 may the same device as card user telephone device 382. In such an example, a single device may be used to provide for telephone communication between card users and merchants, and also to communicate with merchant verification device 354 in order to provide verification codes 406 to the verification entity device 314 to verify telephone transactions between card users and merchants. As an example, the card user telephone device 382 may be mobile phone running a mobile phone application that allows the card user telephone device 382 to perform one or more (or all) of the functions of the card user identification device 386.
In an exemplary embodiment of operation, a card user may desire to conduct a telephone transaction with a particular merchant. For example, a card user may desire to purchase an item (such as a shirt) using a payment card (such as a credit card) and a card user telephone device 382 (such as the card user's mobile phone). In order to do so, the card user may make a telephone call to the merchant, and may provide the merchant with payment card information (via telephone payment 450). As a result of receiving the payment card information, the merchant may provide the payment card information to the merchant verification device 354 (via payment entry 454), which may provide an indication (via indication 458) to verification entity device 314 that the card user is attempting to perform a telephone transaction with the merchant using the payment card.
In order to protect against fraud, the verification entity (such as a credit card company or a clearinghouse that communicates with a credit card company) may desire to verify that the person attempting to perform the telephone transaction using the payment card is the card user that is authorized to use the payment card. For example, the credit card company may desire to verify that a card issued to John Doe is being used by John Doe, as opposed to someone that may have fraudulently obtained the card (or information about the card) issued to John Doe. To verify the identity of the person using the payment card, verification entity device 314 may communicate a challenge code 338 configured to interrogate a card user identification device 386 carried by (or otherwise associated with) the card user, such as an audio-generation device that is attached to the keys of John Doe. The challenge code 338 may be first communicated to merchant verification device 354 (via first challenge message 462). Following receipt of the challenge code 338, merchant verification device 354 may re- communicate the challenge code 338 to merchant telephone device 374 (via second challenge message 466), such as by generating an audio signal for communication to the merchant telephone device 374. The merchant telephone device 374 may then re-communicate the challenge code 338 to card user telephone device 382 (via third challenge message 470), which may re-communicate the challenge code 338 to the card user identification device 386
(via fourth challenge message 474) carried by the card user, such as the audio-generation device that is attached to the keys of John Doe. The challenge code 338 may interrogate the card user identification device 386, causing the card user identification device 386 to select a verification code 406 (via a predefined manner of verification management application 346b).
The card user identification device 386 may then communicate the verification code 406 to the card user telephone device 382 (via first verification response message 478), such as by generating an audio signal for communication to the card user telephone device 382. The card user telephone device 382 may re-communicate the verification code 406 to the merchant telephone device 374 (via second verification response message 482), which may re-communicate the verification code 406 to the merchant verification device 354 (via third verification response message 486). The merchant verification device 354 may receive the verification code 406 and then re-communicate the verification code 406 to verification entity device 314 (via fourth verification response message 490).
Following receipt of verification code 406, verification entity device 314 may select a comparison code 342 (via the predefined manner of verification application 346a) to compare to the verification code 406 received from the card user identification device 386. If the verification code 406 does not match the comparison code 342 (or a verification code 406 is never received in response to a challenge code 338), verification entity device 314 may deny the processing of the telephone transaction. On the other hand, if the verification code 406 does match the comparison code 342, verification entity device 314 may verify the telephone transaction (or otherwise approve the processing of the telephone transaction) via verification signal 494 communicated to merchant verification device 354, and the telephone transaction may be allowed to occur. In particular embodiments, this method of verifying a telephone transaction may provide additional protection against fraud. For example, even if a person
(or a device) is able to steal or copy a card user's payment card information (such as the payment card number, expiration date, and verification code) or the payment card (itself), the person may be unable to conduct one or more telephone transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 386. As another example, even if a person (or a device) is also able to attempt to respond to a challenge code 338 using a fraudulent device, the code provided by the fraudulent device may not match the comparison code 342 utilized by the verification entity device 314 because the fraudulent device may not have access to verification codes 406 or the verification management application 346b that results in a verification code 406 being selected in a predefined manner. Further details regarding particular examples of these sequences illustrated in FIG. 3 are discussed below.
As is stated above, a card user may initiate a telephone transaction with a merchant by providing payment card information to the merchant via telephone payment 450. Telephone payment 450 may be performed in any suitable manner. As an example, the card user may call the merchant (or an employee of the merchant) on the card user telephone device 382, may verbally communicate what goods or services the card user desires to purchase, and may verbally communicate the payment card information to the merchant. As a further example, the payment card information may already be saved (or otherwise on file with the merchant). In such an example, telephone payment 450 may be performed by the card user verbally communicating their name (or other identifying information), which may allow the merchant to look-up (or otherwise access) the already saved payment card information.
Following receipt of telephone payment 450, the merchant may provide the payment card information to merchant verification device 354 via payment entry 454. Payment entry 454 may be performed in any suitable manner. As an example, the merchant may enter the payment card information directly into merchant verification device 354 by, for example, typing (or otherwise pressing one or more buttons) the payment card information into the merchant verification device 354. As another example, the merchant may enter the payment card information indirectly into merchant verification device 354 by, for example, typing (or otherwise pressing one or more buttons) the payment card information into a payment device (such as a cash register), which may then communicate the payment card information to merchant verification device 354. As a further example, the merchant may enter the payment card information indirectly into merchant verification device 354 by, for example, looking-up (or otherwise accessing) the payment card information saved (or otherwise on file) with the payment device (such as the cash register), which may then communicate the payment card information to merchant verification device 354.
As a result of merchant verification device 354 receiving the payment card information, merchant verification device 354 may communicate indication 458 to verification entity device 314, indicating that that the card user is attempting to perform a telephone transaction with the merchant using the payment card. Indication 458 may include any information about the attempted telephone transaction. For example, indication 458 may include all (or a portion) of the payment card information received by the merchant verification device 354, information associated with the merchant (such as information that identifies the merchant), information associated with the telephone transaction (such as the purchase amount for the telephone transaction and details about what is being purchased), any other information desired by a verification entity for approving a telephone transaction, or any combination of the preceding.
Although indication 458 has been illustrated as being communicated directly from merchant verification device 354 to verification entity device 314, in particular embodiments, indication 458 may be communicated to one or more additional devices (not shown) before indication 458 is received by verification entity device 314. For example, indication 458 may first be communicated to a payment processor (such as a payment processing system run by, for example, First Data Merchant Services Corporation), and then the payment processor may re-communicate the indication 458 to verification entity device 314. The payment processor may re-communicate all or a portion of indication 458. Additionally, the payment processor may perform one or more payment processing actions (using the information in indication 458) prior to re-communicating indication 458. In such an example, the payment processor may add information associated with these additional payment processing actions to indication 458 prior to re-communicating indication 458 to verification entity device 314. Furthermore, although the indication 458 has been illustrated as being communicated to the verification entity device 314 by merchant verification device 354, in particular embodiments, the indication 458 may be communicated to the verification entity device 314 by the payment device (such as the cash register), thereby bypassing merchant verification device 354.
Following receipt of indication 458, verification entity device 314 may communicate a challenge code 338 (via first challenge message 462) for receipt by the card user identification device 386. As is discussed above, a challenge code 338 represents any code that may be used to interrogate card user identification device 386 for a verification code 406.
For example, a challenge code 338 may be a computer-readable code that forces, requests, or causes a response from card user identification device 386. In such an example, the challenge code 338 may force, request, or cause the card user identification device 386 to select a verification code 406 stored at the card user identification device 386 and communicate the verification code 406 for receipt by the verification entity device 314. A challenge code 338 may be the same code for all card user identification devices 386, or may be unique for each card user identification device 386 (or for one or more card user identification devices 386). For example, a challenge code 338 for a card user identification device 386 carried by John Doe may be different than a challenge code 338 for a card user identification device 386 carried by Jane Doe. Challenge code 338 may be the same challenge code every time it is sent for receipt by a particular card user identification device 386, or it may be different every time it is sent for receipt by a particular card user identification device 386. For example, challenge code 338 may include one or more details associated with the telephone transaction (such as the purchase amount, the merchant identification, the time and/or date associated with the telephone transaction or the challenge code 338, etc.), thereby causing it to be different every time it is sent for receipt by the card user identification device 386 carried by John Doe. As another example, the challenge code 338 may include a particular verification management application 346b for use by the card user identification device 386 for that telephone transaction. As a further example, the challenge code 338 may include particular instructions for responding to the challenge code 338 (such as a particular question that is to be answered using the verification code 406).
Following communication of challenge code 338 for receipt by a card user identification device 386, the challenge code 338 may be received by merchant verification device 354 (via first challenge message 462). Merchant verification device 354 may act as an intermediary between verification entity device 314 and card user identification device 386.
By doing so, merchant verification device 354 may receive the challenge code 338 from verification entity device 314 (via first challenge message 462) and re-communicate the challenge code 338 for receipt by card user identification device 386 (via second challenge message 466, third challenge message 470, and fourth challenge message 474). Merchant verification device 354 may re-communicate challenge code 338 in the same form (and/or in the same manner) in which merchant verification device 354 received the challenge code 338.
For example, merchant verification device 354 may act as an amplifier (or an access point) that provides a network connection between verification entity device 314 and card user identification device 386. Additionally (or alternatively), merchant verification device 354 may re-communicate challenge code 338 in a different form (and/or in a different manner) than what merchant verification device 354 received the challenge code 338 as. For example, merchant verification device 354 may receive the challenge code 338 in digital form over a wired connection and re-communicate the challenge code 338 in analog form over a wireless connection. As another example, merchant verification device 354 may receive the challenge code 338 in digital form over a wireless connection and re-communicate the challenge code 338 as an audio signal. As a further example, merchant verification device 354 may receive the challenge code 33 in a digital form over a wired connection and re-communicate the challenge code 338 as a graphical image (such as a barcode, a QR code, a universal product code (UPC), a matrix bar code, a MaxiCode, or a ShotCode) that may be scanned or copied by the merchant telephone device 374 for transmittal to the card user telephone device 382 and the card user identification device 386. In such examples, merchant verification device 354 may act as a converter to convert challenge code 338 from a form (and/or a communication manner) that cannot be received by the card user identification device 386 to a form (and/or a communication manner) that can be received by the card user identification device 386.
As illustrated, merchant verification device 354 re-communicates the challenge code 338 as an audio tone (or other audio signal). For example, merchant verification device 354 be an audio-generation device that is held (or otherwise positioned) by the merchant in close proximity to merchant telephone device 374 so that audio tones (which include the challenge code 338) generated and/or transmitted by the merchant verification device 354 may be received by the merchant telephone device 374 (via, for example, a microphone/speaker in the merchant telephone device 374).
Following receipt of the challenge code 338 from the merchant verification device 354, the merchant telephone device 374 may re-communicate the challenge code 338 to the card user telephone device 382 (via third challenge message 470). Merchant telephone device 374 may re-communicate challenge code 338 in the same form (and/or in the same manner) in which merchant telephone device 374 received the challenge code 338. For example, merchant telephone device 374 may receive the challenge code as an audio signal, and may re-communicate the challenge code 338 as the audio signal. Additionally (or alternatively), merchant telephone device 374 may re-communicate challenge code 338 in a different form (and/or in a different manner) than what merchant telephone device 374 received the challenge code 338 as. For example, merchant telephone device 374 may receive the challenge code 338 in digital form over a wired connection and re-communicate the challenge code 338 as an audio signal. As a further example, merchant telephone device 374 may receive the challenge code 338 in a digital form over a wired connection and re- communicate the challenge code 338 as a graphical image. Following receipt of the challenge code 338 from the merchant telephone device 374, the card user telephone device 382 may re-communicate the challenge code 338 to the card user identification device 386 (via fourth challenge message 474). Card user telephone device 382 may re-communicate challenge code 338 in the same form (and/or in the same manner) in which card user telephone device 382 received the challenge code 338. For example, card user telephone device 382 may receive the challenge code as an audio signal, and may re-communicate the challenge code 338 as the audio signal. Additionally (or alternatively), card user telephone device 382 may re-communicate challenge code 338 in a different form (and/or in a different manner) than what card user telephone device 382 received the challenge code 338 as. For example, card user telephone device 382 may receive the challenge code 338 in digital form over a wireless connection and re- communicate the challenge code 338 as an audio signal. As a further example, merchant telephone device 374 may receive the challenge code 338 in a digital form over a wireless connection and re-communicate the challenge code 338 as a graphical image.
As illustrated, card user telephone device 382 re-communicates the challenge code 338 as an audio tone (or other audio signal). For example, the card user identification device 386 may be held (or otherwise positioned) by the card user in close proximity to the card user telephone device 382 so that audio tones (which include the challenge code 338) generated and/or transmitted by the card user telephone device 382 (such as, for example, transmitted by a speaker in the card user telephone device 382) may be received by the card user identification device 386 (such as, for example, received by a microphone/speaker in the card user identification device 386).
Although challenge code 338 has been illustrated as being indirectly communicated from verification entity device 314 to card user identification device 386 (via various devices and various messages), in particular embodiments, the challenge code 338 may be communicated directly from verification entity device 314 to the card user identification device 386. For example, the card user identification device 386 may be a mobile phone that receives the challenge code 338 directly. In such an example, the mobile phone may be running a mobile phone application associated with the verification entity device 314, and the verification entity device 314 may push the challenge code 338 directly to the mobile phone.
Furthermore, the card user identification device 386 (such as a mobile phone) may be connected directly to the verification entity device 314 via a communication network, such as a network similar to network 350 (discussed above). In response to receiving the challenge code 338 directly from the verification entity device 314, the card user identification device 386 may communicate a verification code 406 to the merchant verification device 354 (either directly or via various devices and/or messages), which may then re-communicate the verification code 406 to the verification entity device 314.
Furthermore, although challenge code 338 has been illustrated as being automatically re-communicated from the merchant verification device 354 to the card user identification device 386, in particular embodiments, the re-communication (and/or even the original communication) of the challenge code 338 to the card user identification device 386 may only occur after a signal is first received from the card user identification device 386. For example, before the challenge code 338 may be received by the card user identification device 386 (and/or even communicated to the card user identification device 386), the card user may activate the card user identification device 386 (such as by pushing a button on the card user identification device 386 or performing any other user action with the card user identification device 386). This activation by the card user may cause the card user identification device 386 to send a signal to the merchant verification device 354 (and/or the verification entity device 314) indicating that the card user identification device 386 is ready to receive the challenge code 338. Following receipt of this signal from the card user identification device 386, the challenge code 338 may be communicated to (and received by) the card user identification device 386.
Following receipt of the challenge code 338 by the card user identification device
386, the card user identification device 386 may (in response to the interrogation provided by the challenge code 338) select one of the verification codes 406 stored at the card user identification device 386. Furthermore, the card user identification device 386 may communicate the verification code 406 for receipt by the verification entity device 314. As is discussed above, a verification code 406 represents any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card information and/or the payment card). For example, a verification code 406 may be a predefined code stored at the card user identification device 386, and may be configured to match a comparison code 342 stored at the verification entity device 314. The verification code 406 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding. The verification code 406 may have any length, size, or dimension. For example, the verification code 406 may be a 35 character password.
The verification code 406 may match a comparison code 342 when all or a portion of the verification code 406 is identical to all or a portion of the comparison code 342. For example, the verification code 406 may match the comparison code 342 when the last 30 digits of the verification code 406 are identical to the last 30 digits of the comparison code 342. Additionally (or alternatively), the verification code 406 may match a comparison code 342 when the verification code 406 is an answer to the comparison code 342 (such as an answer to a question), when the verification code 406 completes the comparison code 342 (such as a final piece of a puzzle), when the verification code 406 is the opposite of the comparison code 342 (such as the term "up" is the opposite of "down"), any other manner of matching, or any combination of the preceding.
Card user identification device 386 may store any suitable number of different verification codes 406. For example, card user identification device 386 may store 2 different verification codes 406, 5 different verification codes 406, 10 different verification codes 406,
15 different verification codes 406, 25 different verification codes 406, 50 different verification codes 406, 100 different verification codes 406, 1,000 different verification codes
406, 10,000 different verification codes 406, 1 million different verification codes 406, or any other number of different verification codes 406. Furthermore, following receipt of the challenge code 338 by the card user identification device 386, the card user identification device 386 may select one of the verification codes 406 stored at the card user identification device 386. The card user identification device 386 may select one of the verification codes
406 according to a predefined manner based on verification management application 346b.
For example, card user identification device 386 may select one of the verification codes 406 by sequentially rotating through each of the verification codes 406 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes 406
(e.g., skipping from the first code to the fifth code), by selecting a position of one of the verification codes 406 (e.g., selecting the code positioned in column five, row ten), any other manner of selecting one of the verification codes 406 according to a predefined manner based on verification management application 346b, or any combination of the preceding.
Furthermore, selection of the verification code 406 may further include modifying the verification code 406. For example, the verification code 406 may be modified to include information from the challenge code 338, such as all or a portion of the challenge code 338, or details associated with the telephone transaction (e.g., the purchase amount, the merchant identification, the date and/or time associated with the telephone transaction or the challenge code 338, etc.). As another example, the verification code 406 may be modified to include information regarding the date and/or time associated with the selection of the verification code 406. Further details regarding examples of the selection of a verification code 406 are discussed below with regard to FIG. 4.
Following the selection of the verification code 406, the card user identification device 386 may communicate the verification code 406 to the card user telephone device 382
(via first verification response message 478). The card user identification device 386 may communicate the verification code 406 to the card user telephone device 382 in any suitable manner (and/or any suitable form). As an example, the card user identification device 386 may communicate the verification code 406 to the card user telephone device 382 in the same manner of communication (and/or form) by which the card user identification device 386 received the challenge code 338. In such an example, if the card user identification device
386 received the challenge code 338 as an audio signal, the card user identification device
386 may communicate the verification code 406 to the card user telephone device 382 as an audio signal. As another example, the card user identification device 386 may communicate the verification code 406 to the card user telephone device 382 in a different manner of communication (and/or form) than that by which the card user identification device 386 received the challenge code 338. In such an example, if the card user identification device
386 received the challenge code 338 in a particular radio frequency, the card user identification device 386 may communicate the verification code 406 to the merchant verification device 354 in a different radio frequency, an audio signal, a graphical image displayed or sent to the card user telephone device 382, any other manner (and/or form) different from that by which the card user identification device 386 received the challenge code 338, or any combination of the preceding. As illustrated, card user identification device
386 communicates the verification code 406 as an audio tone (or any other audio signal). For example, the card user identification device 386 may be held (or otherwise positioned) by the card user in close proximity to card user telephone device 382 so that audio tones (which include the verification code 406) generated and/or transmitted by the card user identification device 386 (such as, for example, transmitted by a speaker in the card user identification device 386) may be received by the card user telephone device 382 (such as, for example, received by a microphone/speaker in the card user telephone device 382). Furthermore, the selection and communication processes of the verification code 406 by the card user identification device 386 may occur without user intervention. For example, following the reception of the challenge code 338 by the card user identification device 386, the card user identification device 386 may both automatically select and communicate the verification code 406 without any intervention by the card user (e.g., without the card user pressing a button, confirming a selection, pointing the card user identification device 386 in a particular direction, scanning the card user identification device 386, etc.). As such, verifying the telephone transaction using the card user identification device 386 may occur without any action by the user, other than the card user actually carrying the card user identification device 386 with them when performing the telephone transaction (such as carrying the card user identification device 386 in the card user's purse or attached to the card user's keys) and/or other than the card user performing the telephone transaction with a card user identification device 386 that is held (or otherwise positioned) within communication range to the card user telephone device 382 (such as within Bluetooth range, WiFi range, radio frequency identification range, infrared range, sound wave range, or any other suitable range). Alternatively, one or more (or both) of the selection and communication processes of the verification code 406 by the card user identification device 386 may occur with user intervention. For example, selection of the verification code 406 may occur when the card user presses a button on the card user identification device 386 to select the verification code 406, when the card user performs any other manner of user intervention, or any combination of the preceding. As another example, communication of the verification code 406 may occur when the card user presses a button to communicate the verification code 406, when the card user performs any other manner of user intervention, or any combination of the preceding.
Following receipt of the verification code 406 from the card user identification device 386 (via first verification response message 478), the card user telephone device 382 may re- communicate the verification code 406 to the merchant telephone device 374 (via second verification response message 482). The card user telephone device 382 may re- communicate the verification code 406 in the same form (and/or in the same manner) in which the card user telephone device 382 received the verification code 406. For example, the card user telephone device 382 may receive the verification code 406 as an audio signal, and may re-communicate the verification code 406 as the audio signal. Additionally (or alternatively), the card user telephone device 382 may re-communicate verification code 406 in a different form (and/or in a different manner) than what card user telephone device 382 received the verification code 406 as. For example, the card user telephone device 382 may receive the verification code 406 as an audio signal and re-communicate the verification code 406 in digital form over a wireless connection. As a further example, the card user telephone device 382 may receive the verification code 406 in a digital form over a wireless connection and re-communicate the verification code 406 as a graphical image.
Following receipt of the verification code 406 from the card user telephone device 382 (via second verification response message 482), the merchant telephone device 374 may re-communicate the verification code 406 to the merchant verification device 354 (via third verification response message 486). The merchant telephone device 374 may re- communicate the verification code 406 in the same form (and/or in the same manner) in which the merchant telephone device 374 received the verification code 406. For example, the merchant telephone device 374 may receive the verification code 406 as an audio signal, and may re-communicate the verification code 406 as the audio signal. Additionally (or alternatively), the merchant telephone device 374 may re-communicate verification code 406 in a different form (and/or in a different manner) than what the merchant telephone device 374 received the verification code 406 as. For example, the merchant telephone device 374 may receive the verification code 406 in digital form over a wireless connection and re- communicate the verification code 406 as an audio signal. As a further example, the merchant telephone device 374 may receive the verification code 406 in a digital form over a wireless connection and re-communicate the verification code 406 as a graphical image. As illustrated, merchant telephone device 374 communicates the verification code 406 as an audio tone (or any other audio signal). For example, the merchant verification device 354 may be held (or otherwise positioned) by the merchant in close proximity to merchant telephone device 374 so that audio tones (which include the verification code 406) generated and/or transmitted by the merchant telephone device 374 (such as, for example, transmitted by a speaker in the merchant telephone device 374) may be received by the merchant verification device 354 (such as, for example, received by a microphone/speaker in the merchant verification device 354).
Following receipt of the verification code 406 by merchant verification device 354 (via third verification response message 486), the merchant verification device 354 may re- communicate the verification code 406 for receipt by the verification entity device 314 (via fourth verification response message 490). Merchant verification device 354 may re- communicate the verification code 406 in the same form (and/or communication manner) in which merchant verification device 354 received the verification code 406. Furthermore (or alternatively), merchant verification device 354 may re-communicate the verification code 406 in a different form (and/or manner) than by which the merchant verification device 354 received the verification code 406. For example, if the merchant verification device 354 received the verification code 406 as an audio signal, the merchant verification device 354 may re-communicate the verification code 406 to the verification entity device 314 via a wired internet connection. In such an example, merchant verification device 354 may act as a converter to convert verification code 406 from a form (and/or communication manner) that cannot be received by the verification entity device 314 to a form (or communication manner) that can be received by the verification entity device 314.
Following receipt of the verification code 406 by the verification entity device 314, the verification entity device 314 may select one of the comparison codes 342 stored at the verification entity device 314 for comparison with the verification code 406. As is discussed above, a comparison code 342 represents any code that may be compared to a verification code 406 in order to verify a telephone transaction. For example, a comparison code 342 may be predefined code stored at the verification entity device 314 and that is configured to match a verification code 406 stored at the card user identification device 386. Similar to the verification code 406, the comparison code 342 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding. The comparison code 342 may have any length, size, or dimension. For example, the comparison code 342 may be a 35 character password. The comparison code 342 may match a verification code 406 when all or a portion of the comparison code 342 is identical to all or a portion of the verification code 406. Additionally, the comparison code 342 may match a verification code 406 in any of the manners of matching discussed above with regard to verification codes 406.
Verification entity device 314 may store (for each account 334) any suitable number of different comparison codes 342. For example, verification entity device 314 may store
(for each account 334) 2 different comparison codes 342, 5 different comparison codes 342,
10 different comparison codes 342, 15 different comparison codes 342, 25 different comparison codes 342, 50 different comparison codes 342, 100 different comparison codes
342, 1,000 different comparison codes 342, 10,000 different comparison codes 342, 1 million different comparison codes 342, or any other number of different comparison codes 342. As another example, verification entity device 314 may store (for each account 334) a matching comparison code 342 for each verification code 406 stored by the card user identification device 386 (and associated with an account 334). In such an example, if the card user identification device 386 stores 10 different verification codes 406, the verification entity device 314 may store 10 matching comparison codes 342.
The verification entity device 314 may select one of the comparison codes 342 according to the same predefined manner utilized by the card user identification device 386. For example, if the card user identification device 386 selects one of the verification codes 406 by sequentially rotating through each of the verification codes 406 (e.g., rotating from a first code to a second code), the verification entity device 314 may select one of the comparison codes 342 by sequentially rotating through each of the comparison codes 342 (e.g., rotating from a first code to a second code). As such, both the card user identification device 386 and the verification entity device 314 may utilize the same predefined manner (based on verification management applications 346b and 346a, respectively) to select a matching verification code 406 and comparison code 342. Furthermore, selection of the comparison code 342 may further include modifying comparison code 342. For example, the comparison code 342 may be modified to include information from the challenge code 338, such as all or a portion of the challenge code 338, or details associated with the telephone transaction (e.g., the purchase amount, the merchant identification, the time and/or date associated with the telephone transaction or the challenge code 338, etc.). As another example, the comparison code 342 may be modified to include information regarding the date and/or time associated with the reception of the verification code 406. Further details regarding examples of the selection of a comparison code 342 are discussed below with regard to FIG. 4.
Although the verification entity device 314 has been discussed above as selecting one of the comparison codes 342 according to the same predefined manner utilized by the card user identification device 386, in particular embodiments, the verification entity device 314 may select one of the comparison codes 342 in a different predefined manner than the card user identification device 386 (but in a manner that still causes the selected comparison code
342 to match the selected verification code 406). For example, the verification entity device
314 may store the comparison codes 342 in a different order than the card user identification device 386 stores the matching verification codes 406. In such an example, the verification entity device 314 may select the comparison code 342 using a first predefined manner (such as by sequentially rotating through each of the comparison codes 342, for example) while the card user identification device 386 may select the matching verification code 406 using a second predefined manner (such as by skipping over a predefined number of the verification codes 406, for example). Furthermore, although selection of the comparison code 342 has been discussed above as occurring after reception of the verification code 406, the comparison code 342 may be selected any time after indication 458 is received by the verification entity device 314. For example, the comparison code 342 may be selected before the challenge code 338 is communicated for receipt by the card user identification device 386. As another example, the comparison code 342 may be selected after the challenge code 338 is communicated for receipt by the card user identification device 386, but before the verification entity device 314 receives the verification code 406.
Following receipt of the verification code 406 by the verification entity device 314 and further following selection of the comparison code 342 by the verification entity device 314, the verification entity device 314 may compare the verification code 406 to the comparison code 342 in order to determine whether the verification code 406 matches the comparison code 342. If the verification code 406 does not match the comparison code 342 (or a verification code 406 is never received in response to a challenge code 338), verification entity device 314 may deny the telephone transaction. This denial may result in a denial message (not shown) being sent to merchant verification device 354, merchant telephone device 374, card user telephone device 382, and/or card user identification device 386. As a result, the telephone transaction will not be allowed to occur. On the other hand, if the verification code 406 does match the comparison code 342, verification entity device 314 may verify the telephone transaction (or otherwise approve the processing of the telephone transaction) by communicating a verification signal 494 to merchant verification device 354 (and/or one or more of merchant telephone device 374, card user telephone device 382, and card user identification device 386). As such, the telephone transaction may be allowed to occur.
The verification signal 494 may allow the transaction to occur in any suitable manner.
For example, the verification signal 494 may provide a signal to the merchant (such as a flashing green light on the merchant verification device 354) that indicates that the merchant may now process the payment card using the payment device (such as a cash register). In such an example, the merchant may now enter the payment card information into the payment device (or any other device that may cause the transaction to be processed). As another example, the payment card information may already be in the middle of being processed (as a result of the payment card information having been entered into merchant verification device 354), and the verification signal 494 may cause (automatically or by signaling the merchant to finalize the transaction by, for example, pushing a button) the processing of the payment card information to be completed. In such an example, the merchant may not need to enter the payment card information into the payment device (or any other device) again.
Although verification entity device 314 has been illustrated as comparing a single verification code 406 to a single comparison code 342 in order to verify a particular telephone transaction, in particular embodiments, verification entity device 314 may compare more than one verification code 406 to more than one comparison code 342 in order to verify the particular telephone transaction. For example, for each telephone transaction, two or more verification codes 406 and two or more comparison codes 342 may be selected for the verification process. In such an example, verification entity device 314 may only verify (or otherwise allow) the telephone transaction if each of the selected verification codes 406 match each of the selected comparison codes 342.
Furthermore, although verification entity device 314 has been illustrated as verifying (or otherwise approving) the telephone transaction if the verification code 406 matches the comparison code 342, in particular embodiments, verification (or approval) of the telephone transaction may include various additional steps. For example, verification entity device 314 may determine whether the payment card has been reported lost or stolen, whether the telephone transaction appears suspicious based on the card user's typical purchases, whether there is a sufficient balance associated with the payment card to approve the telephone transaction, whether the online transaction will cause a credit limit associated with the payment card (or account 334) to be overdrawn, whether a billing address listed in the payment card information received from the card user matches the billing address listed in account 334 for the card user, any other suitable method for detemiining whether to verify (or approve) the telephone transaction, or any combination of the preceding.
Additionally, although verification entity device 314 has been illustrated as storing and communicating challenge codes 338, storing and selecting comparison codes 342, and verifying the telephone transactions by comparing comparison codes 342 to verification codes 406, in particular embodiments, one or more (or all) of these actions may be performed by other devices or components of system 310, such as merchant verification device 354 and/or one or more third party devices or components. For example, merchant verification device 354 may store and communicate challenge codes 338, store and select comparison codes 342, and verify the telephone transactions by comparing comparison codes 342 to verification codes 406. In such an example, verification entity device 314 may approve the telephone transaction (or otherwise allow the telephone transaction to occur) if the merchant verification device 354 verifies the telephone transaction and communicates a verification signal (such as verification signal 494) to the verification entity device 314.
In particular embodiments, the above-described method of verifying a telephone transaction may provide additional protection against fraud. For example, even if a person (or a device) is able to steal or copy a card user's payment card information (such as the payment card number, expiration date, and verification code) or the payment card (itself), the person may be unable to conduct one or more telephone transactions using the payment card information (or the payment card) because the person may not also have the card user identification device 386. As another example, even if a person (or a device) is also able to attempt to respond to a challenge code 338 using a fraudulent device, the code provided by the fraudulent device may not match the comparison code 342 utilized by the verification entity device 314 because the fraudulent device may not have access to verification codes 406 or the verification management application 346b that results in a verification code 406 being selected in a predefined manner.
Modifications, additions, or omissions may be made to system 310 without departing from the scope of the invention. For example, verification entity device 314 may verify any number of telephone transactions that are performed using any number of verification entity devices 314, networks 350, merchant verification devices 354, merchant telephone devices 374, networks 378, card user telephone devices 382, card user identification devices 386, card users, and/or merchants. Additionally, system 310 may include any number of verification entity devices 314, networks 350, merchant verification devices 354, merchant telephone devices 374, networks 378, card user telephone devices 382, and/or card user identification devices 386 (and/or any number of components, such as processors or memory units illustrated in the above described devices). Also, any suitable logic may perform the functions of system 310 and the components and/or devices within system 310.
Furthermore, one or more components of system 310 may be combined. Also, system
310 may include additional components. For example, as is discussed above, a payment processor (such as a payment processing system run by, for example, First Data Merchant Services Corporation) may be communicatively located in-between the merchant verification device 354 and the verification entity device 314. In such an example, all or a portion of one or more communications between merchant verification device 354 and verification entity device 314 may be communicated through (and/or modified by) the payment processor.
Furthermore, one or more of the communications (such as all of the communications) between one or more components of system 310 (such as verification entity devices 314, networks 350, merchant verification devices 354, merchant telephone devices 374, networks 378, card user telephone devices 382, and/or card user identification devices 386) may be encrypted (or otherwise secured in any suitable manner), providing protection against fraudulent attempts to access the information included in the communications. Additionally, one or more of the communications (such as all of the communications) between one or more components of system 310 (such as verification entity devices 314, networks 350, merchant verification devices 354, merchant telephone devices 374, networks 378, card user telephone devices 382, and/or card user identification devices 386) may further include one or more codes that may assist in identifying the communication as being sent by one of the devices or components of system 310. For example, the merchant verification device 354 may generate a random code, and insert the code into any communication with the card user identification device 386. Based on this random code, card user identification device 386 may be able to identify the communication as having been sent by the merchant verification device 354, and thus the card user identification device 386 may respond to the communication. In such an example, the card user identification device 386 may also generate a random code, and insert the code into any communication with the merchant verification device 354. Based on this random code, merchant verification device 354 may be able to identify the communication as having been sent by the card user identification device 386, and thus the merchant verification device 354 may re-communicate the communication for receipt by the verification entity device 314.
FIG. 3 illustrates an example selection 300 of verification codes 406 and comparison codes 342. Verification codes 406 are selected by the card user identification device 386 of FIG. 3, and comparison codes 342 are selected by the verification entity device 314 of FIG. 3, for example. Furthermore, following selection (and communication) of verification codes 406 and comparison codes 342, verification entity device 314 may compare verification codes 406 to comparison codes 342 in order to determine whether to allow a telephone transaction to occur, as is discussed above.
Verification codes 406 and comparison codes 342 may each be selected according to a predefined manner based on verification management applications 346. For example, verification codes 406 and comparison codes 342 may be selected by sequentially rotating through each of the verification codes 406 and comparison codes 342 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes 406 and comparison codes 342 (e.g., skipping from the first code to the fifth code), by selecting a position of one of the verification codes 406 and comparison codes 342 (e.g., selecting the code positioned in column five, row ten), any other manner of selecting one of the verification codes 406 and one of the comparison codes 342 according to a predefined manner based on verification management applications 346, or any combination of the preceding.
As illustrated, verification codes 406 and comparison codes 342 may each be selected by sequentially rotating through each of the verification codes 406 and comparison codes 342. For example, the card user identification device 386 may store the following verification codes 406: Code A, Code B, Code C, Code D, ... Code n. Furthermore, the verification entity device 314 may store the following comparison codes 342, each of which match a respective verification code 406: Code A, Code B, Code C, Code D, ... Code n.
In one example of the operation of selection 400, when a card user attempts to perform a first potential telephone transaction using a payment card (such as when a card user attempts to purchase a shirt from merchant A), the predefined manner (based on verification management application 346b) may cause the card user identification device 386 to select Code A as the verification code 406 for communication to the verification entity device 314. Furthermore, the same predefined manner (based on verification management application 346a) may cause the verification entity device 314 to select the matching Code A as the comparison code 342. As such, the verification code 406 (i.e., Code A) will match comparison code 342 (i.e., Code A), and the first telephone transaction will be allowed to proceed.
For the second potential telephone transaction of the card user (such as when the card user attempts to purchase shoes from merchant B), the predefined manner (based on verification management application 346b) may cause the card user identification device 386 to sequentially rotate to and select Code B as the verification code 406 for communication to the verification entity device 314. That is, the sequential rotation may cause the card user identification device 386 to rotate to and select the next verification code 406 (i.e., Code B) in the sequence of verification codes 406. Furthermore, the same predefined manner (based on verification management application 346a) may cause the verification entity device 314 to sequentially rotate to and select the matching Code B as the comparison code 342. As such, the verification code 406 (i.e., Code B) will match the comparison code 342 (i.e., Code B), and the second telephone transaction will be allowed to proceed.
This sequential rotation through (and selection of) the verification codes 406 and comparison codes 342 may continue until Code n is selected for both the verification code 406 and the comparison code 342. After Code n is selected, the process of selecting verification codes 406 and comparison codes 342 may be reset (as is seen by resets 404a and 404b) back to Code A. Therefore, for the next potential telephone transaction of the card user (such as when the card user attempts to pay for a hair cut from merchant O), the predefined manner (based on verification management application 346b) may cause the card user identification device 386 to sequentially rotate to (via reset 404a) and re-select Code A as the verification code 406 for communication to the verification entity device 314. Furthermore, the same predefined manner (based on verification management application 346a) may cause the verification entity device 314 to sequentially rotate to (via reset 404b) and re-select the matching Code A as the comparison code 342. As such, the verification code 406 (i.e., Code A) will match the comparison code 342 (i.e., Code A), and the next telephone transaction will be allowed to proceed.
Based on the sequential rotation through verification codes 406 and comparison codes 342, the verification codes 406 and comparison codes 342 may be rotated through continuously. This may allow the same code to be re-used as the verification code 406 and comparison code 342 at a later date and/or time from the original use of the code. As such, the card user identification device 386 may not need to receive new verification codes 406 from verification entity device 314 (or some other device associated with the verification entity) when all of the verification codes 406 have already been used.
Modifications, additions, or omissions may be made to selection 400 without departing from the scope of the invention. For example, although selection 400 illustrates a sequential rotation for selecting verification codes 406 and comparison codes 342, any other manner of selecting one of the verification codes 406 and one of the comparison codes 342 may be utilized (such as a reverse sequential rotation where the rotation process rotates from Code B to Code A; skipping over a predefined number of the verification codes 406 and comparison codes 342; selecting a position of one of the verification codes 406 and comparison codes 342; or any combination of the preceding). Additionally, selection 400 may be performed using any number of verification codes 406 and comparison codes 342.
FIG. 5 illustrates an example transaction verification system 510 that verifies transactions between card users and merchants. System 510 includes a verification entity device 514 that stores comparison codes 542, and further includes a card user device 586 that stores verification codes 606. When a card user attempts to perform a transaction with a payment card (e.g., a credit card), the verification entity device 514 may compare a comparison code 542 (which is selected in a predefined manner by the verification entity device 514) with a verification code 606 (which is selected in the same predefined manner by the card user device 586 and then communicated to the verification entity device 514) in order to determine whether to approve the transaction. In particular embodiments, this may provide additional protection against fraud.
A verification entity represents an entity that communicates with customers and/or merchants in order to verify transactions between the customers and merchants. For example, a verification entity may be a financial institution, such as a credit card company, credit card servicer, debit card company, debit card servicer, bank, any other institution that communicates with customers and/or merchants in order to facilitate transactions between the customers and merchants, or any combination of the preceding. In such an example, the verification entity verifies transactions for customers that have a credit card account, a savings account, a debit card account, a checking account, any other account associated with the financial institution (or a merchant), or any combination of the preceding. As another example, the verification entity may be a third party entity, such as a clearinghouse, payment processing institution, any other entity that may communicate with a financial institution in order to assist in facilitating transactions between the customers and merchants, or any combination of the preceding. In such an example, the verification entity verifies transactions for customers (and/or merchants) associated with the financial institution. As a further example, a verification entity may be a combination of a financial institution and a third party entity.
A merchant represents an entity in any suitable industry that conducts a transaction with a customer. The merchant may include a retailer, a wholesaler, a service company, or any other suitable entity that has customers and conducts transactions with the customers. The transaction may include receiving payment for goods or services from the customer or crediting a refund to the customer. The merchant interacts with the verification entity associated with a customer in order to facilitate each transaction.
A payment card represents a credit card, a debit card, a check, a coupon linked to an account, a gift card linked to an account, a money order, a promissory note, or any other manner of non-cash payment. A card user (i.e., a customer using the payment card) may use the payment card in order to pay for goods or services from a merchant.
In order to conduct a transaction with a merchant, a customer typically pays for goods or services received from the merchant using money, a check, and/or credit/debit cards. Payments using credit/debit cards may be problematic for various reasons. For example, credit/debit cards are susceptible to fraud, which can affect the customer, merchant, and/or the verification entity associated with the customer. To prevent fraud with credit/debit cards, a merchant typically checks whether the name and/or picture on the credit/debit card matches identification provided by the customer. Such typical techniques for preventing fraud with credit/debit cards may be deficient. As such, in particular embodiments, system 510 of FIG. 5 may verify transactions between card users and merchants in a manner that provide various advantages. For example, in order for a transaction to be approved, the verification entity device 514 may compare a comparison code 542 selected by the verification entity device 514 with a verification code 606 selected by a card user device 586 carried by the card user. In such an example, even if a person (or a device) is able to steal or copy a card user's payment card, the person may be unable to conduct one or more transactions using the payment card because the person may not also have the card user device 586. Furthermore, even if a person (or a device) is also able to attempt to provide a code to the verification entity device 514 (using a fraudulent device, for example), the provided code may not match the comparison code 542 utilized by the verification entity device 514 because the fraudulent device may not have access to verification codes 606 or a verification management application 546b that results in a verification code 606 being selected in a predefined manner.
As another example, the card user device 586 may select a particular verification code
606 for a transaction by sequentially rotating through each of the verification codes 606 stored at the card user device 586. In such an example, this may allow the same code to be re-used as the verification code 606 at a later date and/or time from the original use of the code. Furthermore, this may prevent the card user device 586 from needing to receive new verification codes 606 from verification entity device 514 (or some other device associated with the verification entity) when all of the verification codes 606 have already been used. As a further example, a verification code 606 stored in the card user device 586 may be selected and/or communicated for receipt by the verification entity device 514 without intervention by the card user. In such an example, the verification process may be easier for the card user because the card user may not need to perform any type of action to assist in the verification of the transaction, other than the card user actually carrying the card user device 586 with them when performing the transaction (such as carrying the card user device 586 in the card user's purse or attached to the card user's keys). As such, system 510 may verify transactions between card users and merchants in a manner that is advantageous.
Verification entity device 514 represents any suitable components that verify transactions between card users and merchants. Verification entity device 514 may include a network server, any suitable remote server, a mainframe, a host computer, a workstation, a web server, a personal computer, a file server, or any other suitable device for verifying transactions between card users and merchants. The functions of verification entity device 514 may be performed by any suitable combination of one or more servers or other components at one or more locations. In the embodiment where the verification entity device 514 is a server, the server may be a private server, and the server may be a virtual or physical server. The server may include one or more servers at the same or remote locations. Also, verification entity device 514 may include any suitable component that functions as a server. As illustrated, verification entity device 514 includes a network interface 518, a processor 522, and a memory unit 526.
Network interface 518 represents any suitable device operable to receive information from network 550, transmit information through network 550, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 518 receives transaction information associated with a transaction between a card user and a merchant. As another example, network interface 518 communicates a challenge code 538 for receipt by a card user device 586. Network interface 518 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), or other communication system that allows verification entity device 514 to exchange information with network 550, transaction environment 54, transaction device 558, merchant verification device 562, network 582, card user device 586, or other components of system 510.
Processor 522 communicatively couples to network interface 518 and memory unit 526, and controls the operation and administration of verification entity device 514 by processing information received from network interface 518 and memory unit 526. Processor 522 includes any hardware and/or software that operates to control and process information. For example, processor 522 executes verification entity device management application 530 to control the operation of verification entity device 514. Processor 522 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
Memory unit 526 stores, either permanently or temporarily, data, operational software, or other information for processor 522. Memory unit 526 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information. For example, memory unit 526 may include random access memory (RAM), read only memory (ROM), magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 526 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 526. While illustrated as including particular information modules, memory unit 526 may include any suitable information for use in the operation of verification entity device 514.
As illustrated, memory unit 526 includes verification entity device management application 530 and accounts 534. Verification entity device management application 530 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of verification entity device 514.
Accounts 534 represent any information regarding personal, commercial, and/or corporate accounts handled by verification entity device 514 with regard to one or more payment cards.
For example, accounts 534 includes account numbers, nicknames for accounts, account identifiers associated with an account, balance information of an account (and/or a payment card linked to the account), limits of an account (and/or a payment card linked to the account), disclaimers associated with an account, card user preferences, data associated with one or more transactions performed (or in the process of being performed) by a card user, any other suitable data, or any combination of the preceding. Account 534 for each different card user (or for each account that includes multiple authorized card users) may include challenge codes 538, comparison codes 542, and verification management application 546a.
Challenge codes 538 represent any code that may be used to interrogate card user device 586 for a verification code 606. Examples of challenge codes 538 are discussed in further detail below. Comparison codes 542 represent any code that may be compared to a verification code 606 in order to verify a transaction. Examples of comparison codes 542 are discussed in further detail below. Verification management application 546a represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting comparison codes 542, verification codes 606, and/or verifying a transaction using comparison codes 542 and verification codes 606. Examples of verification management application 546a are discussed in further detail below.
Network 550 represents any suitable network operable to facilitate communication between the components of system 510, such as verification entity device 514, transaction environment 554, transaction device 558, and merchant verification device 562. Network 550 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding. Network 550 may include all or a portion of a public switched telephone network (PSTN), a public or private data network, a LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components.
Transaction environment 554 represents any suitable components that allow card users to perform transactions with merchants. As illustrated, transaction environment 554 includes transaction device 558 and merchant verification device 562. Transaction device
558 represents any suitable components that process a transaction between a card user and a merchant. For example, transaction device 558 may include a cash register, a vending machine, a point-of-sale terminal, a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 510 in order to input, verify, and process a transaction between a card user and a merchant, or any combination of the preceding. Transaction device 558 may further allow transaction information to be generated and communicated to verification entity device 514 in order to perform a transaction. For example, transaction device 558 may include a card reader (such as a credit card reader) that reads a card user's payment card for the purchase, communicates the payment card information to the verification entity device 514, and processes the transaction following an indication by the verification entity device 514 that the transaction has been verified (or otherwise approved). Transaction device 558 may be associated with a merchant. For example, a particular merchant may be a retail chain that sells goods to card users. In such an example, this merchant may have one or more transaction devices 558 that allow card users to pay for the goods purchased from the merchant. Transaction device 558 may include a user interface, such as a display, a microphone, keypad, credit/debit card terminal, a scanner (such as a barcode scanner), or other appropriate terminal equipment usable by a merchant or other user.
Merchant verification device 562 represents any suitable components that communicate with verification entity device 514 and card user device 586 in order to assist in the verification of transactions between card users and merchants. Merchant verification device 562 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a radio frequency transceiver, a smart card reader, a wired identification tag transceiver, a wireless identification tag transceiver, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with other components of system 510, or any combination of the preceding. Merchant verification device 562 may act as an intermediary between verification entity device 514 and card user device 586. As an example, verification entity device 514 may communicate a challenge code 538 for receipt by the card user device 586. In such an example, merchant verification device 562 may receive the challenge code 538 (prior to the card user device 586 receiving the challenge code 538) and may re-communicate the challenge code 538 to the card user device 586. Additionally, the card user device 586 may communication a verification code 606 for receipt by the verification entity device 514. In such an example, the merchant verification device 562 may receive the verification code 606 (prior to the verification entity device 514 receiving the verification code 606) and may re-communicate the verification code 606 to the verification entity device 514. Merchant verification device 562 may be associated with a merchant. For example, a particular merchant may be a retail chain that sells goods to card users. In such an example, this merchant may have one or more merchant verification devices 562 that may be connected (or otherwise associated with) a transaction device 558. As such, the merchant verification device 562 may be located at the merchant's location, and may act as an intermediary between the verification entity device 514 and the card user device 586. Merchant verification device 562 may include a user interface, such as a display, a microphone, keypad, a scanner (such as a barcode scanner), or other appropriate terminal equipment usable by a merchant or other user.
As illustrated, merchant verification device 562 includes a network interface 566, a processor 570, and a memory unit 574. Network interface 566 represents any suitable device operable to receive information from network 550 and/or network 582, transmit information through network 550 and/or network 582, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 562 receives a challenge code 538 from the verification entity device 514 and re-communicates the challenge code 538 to the card user device 586. As another example, network interface 562 receives a verification code 606 from the card user device 586 and re-communicates the verification code 606 to the verification entity device 514. Network interface 566 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 566 to exchange information with verification entity device 514, network 550, transaction environment 554, transaction device 558, merchant verification device 562, network 582, card user device 586, or other components of system 510. As an example, network interface 566 may be (or may further include) a radio frequency transceiver for communicating radio frequencies to and from the card user device 586. As another example, network interface 566 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from the card user device 586. As a further example, network interface 566 may be (or may further include) a display screen for capturing images (such as a quick response (QR) code) generated and displayed on the card user device 586, or for generating and displaying images (such as a QR code) for capture by the card user device 586. Processor 570 communicatively couples to network interface 566 and memory unit 574, and controls the operation and administration of merchant verification device 562 by processing information received from network interface 566 and memory unit 574. Processor 570 includes any hardware and/or software that operates to control and process information. For example, processor 570 executes merchant verification device management application 578 to control the operation of merchant verification device 562. Processor 570 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
Memory unit 574 stores, either permanently or temporarily, data, operational software, or other information for processor 570. Memory unit 574 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information. For example, memory unit 574 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 574 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 574. While illustrated as including particular information modules, memory unit 574 may include any suitable information for use in the operation of merchant verification device 562. As illustrated, memory unit 574 includes merchant verification device management application 578. Merchant verification device management application 578 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of merchant verification device 562.
Although merchant verification device 562 is illustrated as a separate device from transaction device 558, merchant verification device 562 may the same device as transaction device 558. In such an example, a single device may be used to process the transaction and to communicate with verification entity device 514 and card user device 586 in order to assist in the verification of transactions between card users and merchants.
Network 582 represents any suitable network operable to facilitate communication between the components of system 510, such as merchant verification device 562 and card user device 586. Network 582 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding.
Network 582 may include all or a portion of a PSTN, a public or private data network, a
LAN, a MAN, a WAN, a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components. Furthermore, network 582 may be the same type of network as network 550, or network 582 may be a different type of network than network 550. For example, both network 582 and network 550 may be a combination of wireless and wireline networks. As another example, network 582 may be only a wireless network (such as only a Bluetooth network, a WiFi network, a radio frequency identification network, or an infrared network), while network 550 may be a combination of wireless and wireline networks. Additionally, although network 582 and network 550 are illustrated as separate networks, network 582 and network 550 may be the same network. In such an example, a single network may communicate a challenge code 538 from verification entity device 514 to merchant verification device 562, and may further re-communicate the challenge code 538 from merchant verification device 562 to card user device 586.
Card user device 586 represents any suitable components that communicate with verification entity device 514 and merchant verification device 562 in order to provide verification codes 606 to the verification entity device 514 to verify transactions between card users and merchants. Card user device 562 may be a personal computer, a workstation, a laptop, a mobile telephone (such as a Smartphone, or any other wireless, cellular, cordless, or satellite telephone), an electronic notebook, a personal digital assistant, a transceiver node, a wired identification tag, a wireless identification tag, a radio frequency identification device, an audio-generation device, a smart card, any other device (wireless, wireline, or otherwise) capable of receiving, processing, storing, and/or communicating information with merchant verification device 562 (and/or other components of system 510), or any combination of the preceding. Additionally, card user device 586 may include a user interface, such as a display, a microphone, keypad, a scanner (such as a QR code scanner), or other appropriate terminal equipment usable by the card user.
Card user device 586 may be carried by the card user (or otherwise associated with the card user). As such, when the card user attempts to conduct a transaction with a merchant using a payment card, card user device 586 may communicate with merchant verification device 562 (and verification entity device 514) in order to provide verification codes 606 that may allow the verification entity device 514 to verify the transaction. Card user device 586 may be carried by the card user (or otherwise associated with the card user) in any suitable manner. For example, the card user device 586 may be a wireless identification tag that is attached to the card user's keys, wallet, purse, wearable items (such as a wearable wristband), and/or article of clothing (such as a belt). As another example, the card user device 586 may be a smart card that is carried within the card user's wallet, purse, or pocket. As a further example, the card user device 586 may be the card user's mobile phone.
As illustrated, card user device 586 includes a network interface 590, a processor 594, and a memory unit 598. Network interface 590 represents any suitable device operable to receive information from network 582, transmit information through network 582, perform processing of information, communicate to other devices, or any combination of the preceding. For example, network interface 590 receives a challenge code 538 from the verification entity device 514 (via the merchant verification device 562) and communicates a verification code 606 to the verification entity device 514 (via the merchant verification device 562). Network interface 590 represents any port or connection, real or virtual, including any suitable hardware and/or software, including protocol conversion and data processing capabilities, to communicate through a LAN, a MAN, a WAN, or other communication system that allows network interface 590 to exchange information with network 582, merchant verification device 562, verification entity device 514, or other components of system 510. As an example, network interface 590 may be (or may further include) a radio frequency transceiver (such as a radio frequency identification transceiver, a Bluetooth transceiver, a WiFi transceiver, etc.) for communicating radio frequencies to and from the merchant verification device 562. As another example, network interface 590 may be (or may further include) a speaker/microphone for communicating audio signals (such as audio tones) to and from merchant verification device 562. As a further example, network interface 590 may be (or may further include) a card user display screen for capturing images (such as a QR code) generated and displayed on the merchant verification device 562, or for generating and displaying images (such as a QR code) for capture by the merchant verification device 562.
Processor 594 communicatively couples to network interface 590 and memory unit 598, and controls the operation and administration of card user device 586 by processing information received from network interface 590 and memory unit 598. Processor 594 includes any hardware and/or software that operates to control and process information. For example, processor 594 executes card user device management application 602 to control the operation of card user device 586. Processor 594 may be a programmable logic device, a microcontroller, a microprocessor, any suitable processing device, or any combination of the preceding.
Memory unit 598 stores, either permanently or temporarily, data, operational software, or other information for processor 594. Memory unit 598 includes any one or a combination of volatile or non-volatile local or remote devices suitable for storing information. For example, memory unit 598 may include RAM, ROM, magnetic storage devices, optical storage devices, any other suitable information storage device, or any combination of the preceding. Additionally, memory unit 598 may be an encrypted storage device (or a storage device secured in any suitable manner), providing protection against fraudulent attempts to access the information stored in memory unit 598. While illustrated as including particular information modules, memory unit 598 may include any suitable information for use in the operation of card user device 586.
As illustrated, memory unit 598 includes card user device management application
602, verification codes 606, and verification management application 546b. Card user device management application 602 represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to facilitate the operation of card user device 586. Verification codes 606 represent any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card). Examples of verification codes 606 are discussed in further detail below. Verification management application 546b may be substantially similar to verification management application 546a (stored in memory unit 534 of verification entity device 514). As such, verification management application 546b represents any suitable set of instructions, logic, or code embodied in a computer-readable storage medium and operable to provide a predefined manner of selecting verification codes
606. Verification management application 546b may be received by (and stored by) card user device 586 prior to card user device 586 receiving a challenge code 538. For example, verification management application 546b may be received by (and stored by) card user device 586 when card user device 586 is manufactured, programmed, and/or updated to operate with system 510. Furthermore, verification management application 546b may be received by (and stored by) card user device 586 at any other time. For example, verification management application 546b may be a portion of the challenge code 538 communicated for receipt by the card user device 586. In such an example, the card user device 586 may receive (and store) the verification management application 546b the first time it receives the challenge code 538 (or every time it receives the challenge code 538). As another example, verification management application 546b may be communicated to the card user device 586 in the same message as a challenge code 538, in a message prior to the communication of the challenge code 538, or in a message after the communication of the challenge code 538. As such, the card user device 586 may receive (and store) the verification management application 546b prior to receiving a challenge code 538, at the same time (or substantially the same time) as receiving a challenge code 538, or after receiving a challenge code 538. Examples of verification management application 546b are discussed in further detail below.
In an exemplary embodiment of operation, a card user may desire to conduct a transaction with a particular merchant. For example, a card user may desire to purchase an item (such as a shirt) using a payment card (such as a credit card). In order to do so, the card user may provide the merchant with the payment card (via payment 650). The merchant may then begin processing payment for the transaction by running the payment card through transaction device 558 (such as by swiping the credit card through a card reader of transaction device 558). As a result of running the payment card through transaction device 558, transaction device 558 may provide an indication (via indication 654) to verification entity device 514 that the card user is attempting to perform a transaction with the merchant using the payment card.
In order to protect against fraud, the verification entity (such as a credit card company or a clearinghouse that communicates with a credit card company) may desire to verify that the person attempting to perform the transaction with the payment card is the card user that is authorized to use the payment card. For example, the credit card company may desire to verify that a card issued to John Doe is being used by John Doe, as opposed to someone that may have fraudulently obtained the card issued to John Doe. To verify the identity of the person using the payment card, verification entity device 514 may communicate a challenge code 538 to a merchant verification device 562 (via initial challenge message 658) that is associated with the merchant. Merchant verification device 562 may receive the challenge code 538 and re-communicate the challenge code 538 (via subsequent challenge message 662) to a card user device 586 carried by the card user (such as a wireless identification tag attached to the keys of John Doe). The challenge code 538 may interrogate the card user device 586, causing the card user device 586 to select a verification code 606 (via a predefined manner of verification management application 546b) and communicate (via initial verification response message 666) the verification code 606 back to merchant verification device 562. Merchant verification device 562 may then re-communicate the verification code 606 to verification entity device 514 (via subsequent verification response message 670).
Following receipt of verification code 606, verification entity device 514 may select a comparison code 542 (via the predefined manner of verification application 546a) to compare to the verification code 606 received from the card user device 586. If the verification code 606 does not match the comparison code 542 (or a verification code 606 is never received in response to a challenge code 538), verification entity device 514 may deny the processing of the transaction by transaction device 558. On the other hand, if the verification code 606 does match the comparison code 542, verification entity device 514 may verify the transaction (or otherwise approve the processing of the transaction) via verification signal 674 communicated to transaction device 558, and the transaction may be allowed to occur. In particular embodiments, this method of verifying a transaction may provide additional protection against fraud. For example, even if a person (or a device) is able to steal or copy a card user's payment card, the person may be unable to conduct one or more transactions using the payment card because the person may not also have the card user device 586. As another example, even if a person (or a device) is also able to attempt to respond to a challenge code 538 using a fraudulent device, the code provided by the fraudulent device may not match the comparison code 542 utilized by the verification entity device 514 because the fraudulent device may not have access to verification codes 606 or the verification management application 546b that results in a verification code 606 being selected in a predefined manner. Further details regarding particular examples of these sequences illustrated in FIG. 5 are discussed below.
As is stated above, a card user may begin a transaction with a merchant by providing a payment card to the merchant via payment 650. Payment 650 may be performed in any suitable manner. As an example, the card user may hand the payment card to the merchant to process the payment card. As another example, the card user (or the merchant) may swipe the payment card through a card reader. As a further example, the card user (or the merchant) may enter information from the payment card (via, for example, typing) in order to process the payment card. Payment 650 may be processed using transaction device 558.
As a result of transaction device 558 processing payment 650, transaction device 558 may communicate indication 654 to verification entity device 514, indicating that that the card user is attempting to perform a transaction with the merchant using the payment card. Indication 654 may include any information about the attempted transaction. For example, indication 654 may include information associated with the payment card (such as the card number, expiration date, and verification number), information associated with the merchant (such as information that identifies the merchant), information associated with the transaction (such as the purchase amount for the transaction and details about what is being purchased), any other information desired by a verification entity for approving a payment card transaction, or any combination of the preceding.
Although indication 654 has been illustrated as being communicated by transaction device 558, in particular embodiments, indication 654 may be communicated by merchant verification device 562. For example, the payment card may first be processed for verification by the merchant verification device 562 (such as by the merchant swiping the payment card through a card reader of the merchant verification device 562). In such an example, the merchant verification device 562 may provide the indication 654 to verification entity device 514, which will verify the transaction (as is discussed herein). Once the transaction is verified, the merchant verification device 562 may signal to the merchant that the payment card may be processed for payment. The merchant may then process the payment card for payment using, for example, the transaction device 558.
Furthermore, although indication 654 has been illustrated as being communicated directly from transaction device 558 to verification entity device 514, in particular embodiments, indication 654 may be communicated to one or more additional devices (not shown) before indication 654 is received by verification entity device 514. For example, indication 654 may first be communicated to a payment processor (such as a payment processing system run by, for example, First Data Merchant Services Corporation), and then the payment processor may re-communicate the indication 654 to verification entity device 514. The payment processor may re-communicate all or a portion of indication 654. Additionally, the payment processor may perform one or more payment processing actions (using the information in indication 654) prior to re-communicating indication 654. In such an example, the payment processor may add information associated with these additional payment processing actions to indication 654 prior to re-communicating indication 654 to verification entity device 514.
Following receipt of indication 654, verification entity device 514 may communicate a challenge code 538 (via initial challenge message 658) for receipt by the card user device
586. As is discussed above, a challenge code 538 represents any code that may be used to interrogate card user device 586 for a verification code 606. For example, a challenge code 538 may be a computer-readable code that forces, requests, or causes a response from card user device 586. In such an example, the challenge code 538 may force, request, or cause the card user device 586 to select a verification code 606 stored at the card user device 586 and communicate the verification code 606 for receipt by the verification entity device 514.
A challenge code 538 may be the same code for all card user devices 586, or may be unique for each card user device 586 (or for one or more card user devices 586). For example, a challenge code 538 for a card user device 586 carried by John Doe may be different than a challenge code 538 for a card user device 586 carried by Jane Doe. Challenge code 538 may be the same challenge code every time it is sent for receipt by a particular card user device 586, or it may be different every time it is sent for receipt by a particular card user device 586. For example, challenge code 538 may include one or more details associated with the transaction (such as the purchase amount, the merchant identification, the time and/or date associated with the transaction or the challenge code 538, etc.), thereby causing it to be different every time it is sent for receipt by the card user device 586 carried by John Doe. As another example, challenge code 538 may include a particular verification management application 546b for use by the card user device 586 for that transaction. As a further example, challenge code 538 may include particular instructions for responding to the challenge code 538 (such as a particular question that is to be answered using the verification code 606).
Following communication of challenge code 538 for receipt by a card user device 586, the challenge code 538 may be received by merchant verification device 562. As is discussed above, merchant verification device 562 may act as an intermediary between verification entity device 514 and card user device 586. By doing so, merchant verification device 562 may receive the challenge code 538 from verification entity device 514 (via initial challenge message 658) and re-communicate the challenge code 538 to card user device 586 (via subsequent challenge message 662). Merchant verification device 562 may re- communicate challenge code 538 in the same form (and/or in the same manner) in which merchant verification device 562 received the challenge code 538. For example, merchant verification device 562 may act as an amplifier (or an access point) that provides a network connection between verification entity device 514 and card user device 586. Additionally (or alternatively), merchant verification device 562 may re-communicate challenge code 538 in a different form (and/or in a different manner) than what merchant verification device 562 received the challenge code 538 as. For example, merchant verification device 562 may receive the challenge code 538 in digital form over a wired connection and re-communicate the challenge code 538 in analog form over a wireless connection. As another example, merchant verification device 562 may receive the challenge code 538 in digital form over a wireless connection and re-communicate the challenge code 538 in a radio frequency (or as a particular audio tone or as an infrared signal) over a different wireless connection. As a further example, merchant verification device 562 may receive the challenge code 538 in a digital form over a wired connection and re-communicate the challenge code 538 as a graphical image (such as a barcode, a Q code, a universal product code (UPC), a matrix bar code, a MaxiCode, or a ShotCode) that may be scanned or copied by the card user device 562. In such examples, merchant verification device 562 may act as a converter to convert challenge code 538 from a form (and/or a communication manner) that cannot be received by the card user device 586 to a form (and/or a communication manner) that can be received by the card user device 86.
Although challenge code 538 has been illustrated as being communicated from verification entity device 514 to merchant verification device 562 and then re-communicated from the merchant verification device 562 to the card user device 586, in particular embodiments, the challenge code 538 may be communicated directly from verification entity device 514 to the card user device 586. For example, the card user device 586 may be a mobile phone that receives the challenge code 538 directly. In such an example, the mobile phone may be running a mobile phone application associated with the verification entity device 514, and the verification entity device 514 may push the challenge code 538 directly to the mobile phone. In response to the challenge code 538, the mobile phone may communicate a verification code 606 to the merchant verification device 562, which may then re-communicate the verification code 606 to the verification entity device 514.
Furthermore, although challenge code 538 has been illustrated as being automatically re-communicated from the merchant verification device 562 to the card user device 586, in particular embodiments, the re-communication (and/or even the original communication) of the challenge code 538 to the card user device 586 may only occur after a signal is first received from the card user device 586. For example, before the challenge code 538 may be received by the card user device 586 (and/or even communicated to the card user device 586), the card user may activate the card user device 586 (such as by pushing a button on the card user device 586 or performing any other user action with the card user device 586). This activation by the card user may cause the card user device 586 to send a signal to the merchant verification device 562 (and/or the verification entity device 514) indicating that the card user device 586 is ready to receive the challenge code 538. Following receipt of this signal from the card user device 586, the challenge code 538 may be communicated to (and received by) the card user device 586.
Following receipt of the challenge code 538 by the card user device 586, the card user device 586 may (in response to the interrogation provided by the challenge code 538) select one of the verification codes 606 stored at the card user device 586. Furthermore, the card user device 586 may communicate the verification code 606 for receipt by the verification entity device 514. As is discussed above, a verification code 606 represents any code that may be used to identify the card user as the approved user of the payment card (as opposed to another person who may have fraudulently obtained the payment card). For example, a verification code 606 may be a predefined code stored at the card user device 586, and may be configured to match a comparison code 542 stored at the verification entity device 514. The verification code 606 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding. The verification code 606 may have any length, size, or dimension. For example, the verification code 606 may be a 35 character password.
The verification code 606 may match a comparison code 542 when all or a portion of the verification code 606 is identical to all or a portion of the comparison code 542. For example, the verification code 606 may match the comparison code 542 when the last 30 digits of the verification code 606 are identical to the last 30 digits of the comparison code 542. Additionally (or alternatively), the verification code 606 may match a comparison code 542 when the verification code 606 is an answer to the comparison code 542 (such as an answer to a question), when the verification code 606 completes the comparison code 542 (such as a final piece of a puzzle), when the verification code 606 is the opposite of the comparison code 542 (such as the term "up" is the opposite of "down"), any other manner of matching, or any combination of the preceding.
Card user device 586 may store any suitable number of different verification codes
606. For example, card user device 586 may store 2 different verification codes 606, 5 different verification codes 606, 10 different verification codes 606, 15 different verification codes 606, 25 different verification codes 606, 50 different verification codes 606, 100 different verification codes 606, 1,000 different verification codes 606, 10,000 different verification codes 606, 1 million different verification codes 606, or any other number of different verification codes 606. Furthermore, following receipt of the challenge code 538 by the card user device 586, the card user device 586 may select one of the verification codes
606 stored at the card user device 586. The card user device 586 may select one of the verification codes 606 according to a predefined manner based on verification management application 546b. For example, card user device 586 may select one of the verification codes
606 by sequentially rotating through each of the verification codes 606 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes
606 (e.g., skipping from the first code to the fifth code), by selecting a position of one of the verification codes 606 (e.g., selecting the code positioned in column five, row ten), any other manner of selecting one of the verification codes 606 according to a predefined manner based on verification management application 546b, or any combination of the preceding.
Furthermore, selection of the verification code 606 may further include modifying the verification code 606. For example, the verification code 606 may be modified to include information from the challenge code 538, such as all or a portion of the challenge code 538, or details associated with the transaction (e.g., the purchase amount, the merchant identification, the date and/or time associated with the transaction or the challenge code 538, etc.). As another example, the verification code 606 may be modified to include information regarding the date and/or time associated with the selection of the verification code 606.
Further details regarding examples of the selection of a verification code 606 are discussed below with regard to FIG. 6.
Following the selection of the verification code 606, the card user device 586 may communicate the verification code 606 to the merchant verification device 562 via initial verification response message 666. The card user device 586 may communicate the verification code 606 to the merchant verification device 562 in any suitable manner (and/or any suitable form). As an example, the card user device 586 may communicate the verification code 606 to the merchant verification device 562 in the same manner of communication (and/or form) by which the card user device 586 received the challenge code
538. In such an example, if the card user device 586 received the challenge code 538 in a particular radio frequency, the card user device 586 may communicate the verification code
606 to the merchant verification device 562 in the same radio frequency. As another example, the card user device 586 may communicate the verification code 606 to the merchant verification device 562 in a different manner of communication (and/or form) than that by which the card user device 586 received the challenge code 538. In such an example, if the card user device 586 received the challenge code 538 as a particular audio tone, the card user device 586 may communicate the verification code 606 to the merchant verification device 562 in a different audio tone, a radio frequency, an infrared signal, a graphical image displayed or sent to the merchant verification device 562, any other manner (and/or form) different from that by which the card user device 586 received the challenge code 538, or any combination of the preceding.
Furthermore, the selection and communication processes of the verification code 606 by the card user device 586 may occur without user intervention. For example, following the reception of the challenge code 538 by the card user device 586, the card user device 586 may both automatically select and communicate the verification code 606 without any intervention by the card user (e.g., without the card user pressing a button, confirming a selection, pointing the card user device 586 in a particular direction, scanning the card user device 586, etc.). As such, verifying the transaction using the card user device 586 may occur without any action by the user, other than the card user actually carrying the card user device 586 with them when performing the transaction (such as carrying the card user device 586 in the card user's purse or attached to the card user's keys). Alternatively, one or more (or both) of the selection and communication processes of the verification code 606 by the card user device 586 may occur with user intervention. For example, selection of the verification code 606 may occur when the card user presses a button on the card user device 586 to select the verification code 606, when the card user points the card user device 586 at the merchant verification device 562 (or hovers the card user device 586 over a scanner at the merchant verification device 562), when the card user performs any other manner of user intervention, or any combination of the preceding. As another example, communication of the verification code 606 may occur when the card user points the card user device 586 at the merchant verification device 562 (or hovers the card user device 586 over a scanner at the merchant verification device 562), when the card user swipes the card user device 586 (such as a smart card) through a card reader on the merchant verification device 562, when the card user presses a button to communicate the verification code 606, any other manner of user intervention, or any combination of the preceding.
Following receipt of the verification code 606 by merchant verification device 562, the merchant verification device 562 may re-communicate the verification code 606 to verification entity device 514 via subsequent verification response message 670. Merchant verification device 562 may re-communicate the verification code 606 in the same form (and/or communication manner) in which merchant verification device 562 received the verification code 606. Furthermore (or alternatively), merchant verification device 562 may re-communicate the verification code 606 in a different form (and/or manner) than by which the merchant verification device 562 received the verification code 606. For example, if the merchant verification device 562 received the verification code 606 via a wireless radio frequency, the merchant verification device 562 may re-communicate the verification code 606 to the verification entity device 514 via a wired internet connection. In such an example, merchant verification device 562 may act as a converter to convert verification code 606 from a form (and/or communication manner) that cannot be received by the verification entity device 514 to a form (or communication manner) that can be received by the verification entity device 514.
Following receipt of the verification code 606 by the verification entity device 514, the verification entity device 514 may select one of the comparison codes 542 stored at the verification entity device 514 for comparison with the verification code 606. As is discussed above, a comparison code 542 represents any code that may be compared to a verification code 606 in order to verify a transaction. For example, a comparison code 542 may be predefined code stored at the verification entity device 514 and that is configured to match a verification code 606 stored at the card user device 586. Similar to the verification code 606, the comparison code 542 may be a password, a set of numbers, a set of alphanumeric characters, a set of symbols, one or more audible tones, one or more radio frequencies, one or more graphical images, any other type of code or representation, or any combination of the preceding. The comparison code 542 may have any length, size, or dimension. For example, the comparison code 542 may be a 35 character password. The comparison code 542 may match a verification code 606 when all or a portion of the comparison code 542 is identical to all or a portion of the verification code 606. Additionally, the comparison code 542 may match a verification code 606 in any of the manners of matching discussed above with regard to verification codes 606.
Verification entity device 514 may store (for each account 534) any suitable number of different comparison codes 542. For example, verification entity device 514 may store
(for each account 534) 2 different comparison codes 542, 5 different comparison codes 542,
10 different comparison codes 542, 15 different comparison codes 542, 25 different comparison codes 542, 50 different comparison codes 542, 100 different comparison codes 542, 1,000 different comparison codes 542, 10,000 different comparison codes 542, 1 million different comparison codes 542, or any other number of different comparison codes 542. As another example, verification entity device 514 may store (for each account 534) a matching comparison code 542 for each verification code 606 stored by the card user device 586 (and associated with an account 534). In such an example, if the card user device 586 stores 10 different verification codes 606, the verification entity device 514 may store 10 matching comparison codes 542.
The verification entity device 514 may select one of the comparison codes 542 according to the same predefined manner utilized by the card user device 586. For example, if the card user device 586 selects one of the verification codes 606 by sequentially rotating through each of the verification codes 606 (e.g., rotating from a first code to a second code), the verification entity device 514 may select one of the comparison codes 542 by sequentially rotating through each of the comparison codes 542 (e.g., rotating from a first code to a second code). As such, both the card user device 586 and the verification entity device 514 may utilize the same predefined manner (based on verification management applications 546b and 546a, respectively) to select a matching verification code 606 and comparison code 542. Furthermore, selection of the comparison code 542 may further include modifying comparison code 542. For example, the comparison code 542 may be modified to include information from the challenge code 538, such as all or a portion of the challenge code 538, or details associated with the transaction (e.g., the purchase amount, the merchant identification, the time and/or date associated with the transaction or the challenge code 538, etc.). As another example, the comparison code 542 may be modified to include information regarding the date and/or time associated with the reception of the verification code 606. Further details regarding examples of the selection of a comparison code 542 are discussed below with regard to FIG. 6.
Although the verification entity device 514 has been discussed above as selecting one of the comparison codes 542 according to the same predefined manner utilized by the card user device 586, in particular embodiments, the verification entity device 514 may select one of the comparison codes 542 in a different predefined manner than the card user device 586
(but in a manner that still causes the selected comparison code 542 to match the selected verification code 606). For example, the verification entity device 514 may store the comparison codes 542 in a different order than the card user device 586 stores the matching verification codes 606. In such an example, the verification entity device 514 may select the comparison code 542 using a first predefined manner (such as by sequentially rotating through each of the comparison codes 542, for example) while the card user device 586 may select the matching verification code 606 using a second predefined manner (such as by skipping over a predefined number of the verification codes 606, for example). Furthermore, although selection of the comparison code 542 has been discussed above as occurring after reception of the verification code 606, the comparison code 542 may be selected any time after indication 654 is received by the verification entity device 514. For example, the comparison code 542 may be selected before the challenge code 538 is communicated for receipt by the card user device 586. As another example, the comparison code 542 may be selected after the challenge code 538 is communicated for receipt by the card user device
586, but before the verification entity device 514 receives the verification code 606.
Following receipt of the verification code 606 by the verification entity device 514 and further following selection of the comparison code 542 by the verification entity device
514, the verification entity device 514 may compare the verification code 606 to the comparison code 542 in order to determine whether the verification code 606 matches the comparison code 542. If the verification code 606 does not match the comparison code 542
(or a verification code 606 is never received in response to a challenge code 538), verification entity device 514 may deny the transaction. This denial may result in a denial message (not shown) being sent to transaction device 558, merchant verification device 562, and/or card user device 586. As a result, the transaction will not be allowed to occur. On the other hand, if the verification code 606 does match the comparison code 542, verification entity device
514 may verify the transaction (or otherwise approve the processing of the transaction) by communicating a verification signal 674 to transaction device 558 (and/or one or more of merchant verification device 562 and card user device 586). As such, the transaction may be allowed to occur. The verification signal 674 may allow the transaction to occur in any suitable manner. For example, the verification signal 674 may provide a signal to the merchant (such as a flashing green light on the merchant verification device 562) that indicates that the merchant may now process the payment card using the payment device
(such as a cash register). In such an example, the merchant may now run the payment card through the payment device (or any other card reader that may cause the transaction to be processed). As another example, the payment card may already be in the middle of being processed (as a result of the payment card having been run through transaction device 558), and the verification signal 674 may cause (automatically or by signaling the merchant to finalize the transaction by, for example, pushing a button) the processing of the payment card to be completed. In such an example, the merchant may not need to run the payment card through the payment device (or any other card reader) again.
Although verification entity device 514 has been illustrated as comparing a single verification code 606 to a single comparison code 542 in order to verify a particular transaction, in particular embodiments, verification entity device 514 may compare more than one verification code 606 to more than one comparison code 542 in order to verify the particular transaction. For example, for each transaction, two or more verification codes 606 and two or more comparison codes 542 may be selected for the verification process. In such an example, verification entity device 514 may only verify (or otherwise allow) the transaction if each of the selected verification codes 606 match each of the selected comparison codes 542.
Furthermore, although verification entity device 514 has been illustrated as verifying (or otherwise approving) the transaction if the verification code 606 matches the comparison code 542, in particular embodiments, verification (or approval) of the transaction may include various additional steps. For example, verification entity device 514 may determine whether the payment card has been reported lost or stolen, whether the transaction appears suspicious based on the card user's typical purchases, whether there is a sufficient balance associated with the payment card to approve the transaction, whether the transaction will cause a credit limit associated with the payment card (or account 534) to be overdrawn, any other suitable method for determining whether to verify (or approve) the transaction, or any combination of the preceding.
Additionally, although verification entity device 514 has been illustrated as storing and communicating challenge codes 538, storing and selecting comparison codes 542, and verifying the transactions by comparing comparison codes 542 to verification codes 606, in particular embodiments, one or more (or all) of these actions may be performed by other devices or components of system 510, such as transaction device 558, merchant verification device 562, and/or one or more third party devices or components. For example, merchant verification device 562 may store and communicate challenge codes 538, store and select comparison codes 542, and verify the transactions by comparing comparison codes 542 to verification codes 606. In such an example, verification entity device 514 may approve the transaction (or otherwise allow the transaction to occur) if the merchant verification device 562 verifies the transaction and communicates a verification signal (such as verification signal 694) to the verification entity device 514.
In particular embodiments, the above-described method of verifying a transaction may provide additional protection against fraud. For example, even if a person (or a device) is able to steal or copy a card user's payment card, the person may be unable to conduct one or more transactions using the payment card because the person may not also have the card user device 586. As another example, even if a person (or a device) is also able to attempt to respond to a challenge code 538 using a fraudulent device, the code provided by the fraudulent device may not match the comparison code 542 utilized by the verification entity device 514 because the fraudulent device may not have access to verification codes 606 or the verification management application 546b that results in a verification code 606 being selected in a predefined manner.
Modifications, additions, or omissions may be made to system 510 without departing from the scope of the invention. For example, verification entity device 514 may verify any number of transactions that are performed using any number of transaction environments 554, transaction devices 558, merchant verification devices 562, card user devices 586, card users, and/or merchants. Additionally, system 510 may include any number of verification entity devices 514, networks 550, transaction environments 554, transaction devices 558, merchant verification devices 562, networks 582, and/or card user devices 586 (and/or any number of components, such as processors or memory units illustrated in the above described devices). Also, any suitable logic may perform the functions of system 510 and the components and/or devices within system 510.
Furthermore, one or more components of system 510 may be combined. For example, although verification entity device 514 and merchant verification device 562 (and/or transaction device 558) are illustrated as being separate devices, verification entity device 514 and merchant verification device 562 (and/or transaction device 558) may be the same device. In such an example, the single device may be associated with the merchant (e.g., located at the merchant's store) and may verify the transaction. Additionally, system 510 may include additional components. For example, as is discussed above, a payment processor (such as a payment processing system run by, for example, First Data Merchant Services Corporation) may be communicatively located in-between the transaction device 558 and the verification entity device 514. In such an example, all or a portion of one or more communications between transaction device 558 and verification entity device 514 may be communicated through (and/or modified by) the payment processor.
Furthermore, one or more of the communications (such as all of the communications) between verification entity device 514, network 550, transaction environment 554, transaction device 558, merchant verification device 562, network 582, and/or card user device 586 may be encrypted (or otherwise secured in any suitable manner), providing protection against fraudulent attempts to access the information included in the communications. Additionally, one or more of the communications (such as all of the communications) between one or more components of system 510 (such as verification entity devices 514, networks 550, transaction environments 554, transaction devices 558, merchant verification devices 562, networks 582, and/or card user devices 586) may further include one or more codes that may assist in identifying the communication as being sent by one of the devices or components of system 510. For example, the merchant verification device 562 may generate a random code, and insert the code into any communication with the card user device 586. Based on this random code, card user device 586 may be able to identify the communication as having been sent by the merchant verification device 562, and thus the card user device 586 may respond to the communication. In such an example, the card user device 586 may also generate a random code, and insert the code into any communication with the merchant verification device 562. Based on this random code, merchant verification device 562 may be able to identify the communication as having been sent by the card user device 586, and thus the merchant verification device 562 may re-communicate the communication for receipt by the verification entity device 514.
FIG. 6 illustrates an example selection 600 of verification codes 606 and comparison codes 542. Verification codes 606 are selected by the card user device 586 of FIG. 5, and comparison codes 542 are selected by the verification entity device 514 of FIG. 5, for example. Furthermore, following selection (and communication) of verification codes 606 and comparison codes 542, verification entity device 514 may compare verification codes 606 to comparison codes 542 in order to determine whether to allow a transaction to occur, as is discussed above.
Verification codes 606 and comparison codes 542 may each be selected according to a predefined manner based on verification management applications 546. For example, verification codes 606 and comparison codes 542 may be selected by sequentially rotating through each of the verification codes 606 and comparison codes 542 (e.g., rotating from a first code to a second code), by skipping over a predefined number of the verification codes 606 and comparison codes 542 (e.g., skipping from the first code to the fifth code), by selecting a position of one of the verification codes 606 and comparison codes 542 (e.g., selecting the code positioned in column five, row ten), any other manner of selecting one of the verification codes 606 and one of the comparison codes 542 according to a predefined manner based on verification management applications 546, or any combination of the preceding.
As illustrated, verification codes 606 and comparison codes 542 may each be selected by sequentially rotating through each of the verification codes 606 and comparison codes 542. For example, the card user device 586 may store the following verification codes 606: Code A, Code B, Code C, Code D, ... Code n. Furthermore, the verification entity device 514 may store the following comparison codes 542, each of which match a respective verification code 606: Code A, Code B, Code C, Code D, ... Code n.
In one example of the operation of selection 600, when a card user attempts to perform a first potential transaction using a payment card (such as when a card user attempts to purchase a shirt from merchant A), the predefined manner (based on verification management application 546b) may cause the card user device 586 to select Code A as the verification code 606 for communication to the verification entity device 514. Furthermore, the same predefined manner (based on verification management application 546a) may cause the verification entity device 514 to select the matching Code A as the comparison code 542. As such, the verification code 606 (i.e., Code A) will match comparison code 542 (i.e., Code A), and the first transaction will be allowed to proceed.
For the second potential transaction of the card user (such as when the card user attempts to purchase shoes from merchant B), the predefined manner (based on verification management application 546b) may cause the card user device 586 to sequentially rotate to and select Code B as the verification code 606 for communication to the verification entity device 514. That is, the sequential rotation may cause the card user device 586 to rotate to and select the next verification code 606 (i.e., Code B) in the sequence of verification codes 606. Furthermore, the same predefined manner (based on verification management application 546a) may cause the verification entity device 514 to sequentially rotate to and select the matching Code B as the comparison code 542. As such, the verification code 606 (i.e., Code B) will match the comparison code 542 (i.e., Code B), and the second transaction will be allowed to proceed. This sequential rotation through (and selection of) the verification codes 606 and comparison codes 542 may continue until Code n is selected for both the verification code 606 and the comparison code 542. After Code n is selected, the process of selecting verification codes 606 and comparison codes 542 may be reset (as is seen by resets 604a and 604b) back to Code A. Therefore, for the next potential transaction of the card user (such as when the card user attempts to pay for a hair cut from merchant O), the predefined manner (based on verification management application 546b) may cause the card user device 586 to sequentially rotate to (via reset 604a) and re-select Code A as the verification code 606 for communication to the verification entity device 514. Furthermore, the same predefined manner (based on verification management application 546a) may cause the verification entity device 514 to sequentially rotate to (via reset 604b) and re-select the matching Code A as the comparison code 542. As such, the verification code 606 (i.e., Code A) will match the comparison code 542 (i.e., Code A), and the next transaction will be allowed to proceed.
Based on the sequential rotation through verification codes 606 and comparison codes 542, the verification codes 606 and comparison codes 542 may be rotated through continuously. This may allow the same code to be re-used as the verification code 606 and comparison code 542 at a later date and/or time from the original use of the code. As such, the card user device 586 may not need to receive new verification codes 606 from verification entity device 514 (or some other device associated with the verification entity) when all of the verification codes 606 have already been used.
Modifications, additions, or omissions may be made to selection 600 without departing from the scope of the invention. For example, although selection 600 illustrates a sequential rotation for selecting verification codes 606 and comparison codes 542, any other manner of selecting one of the verification codes 606 and one of the comparison codes 542 may be utilized (such as a reverse sequential rotation where the rotation process rotates from Code B to Code A; skipping over a predefined number of the verification codes 606 and comparison codes 542; selecting a position of one of the verification codes 606 and comparison codes 542; or any combination of the preceding). Additionally, selection 600 may be performed using any number of verification codes 606 and comparison codes 542.
This specification has been written with reference to various non-limiting and non- exhaustive embodiments. However, it will be recognized by persons having ordinary skill in the art that various substitutions, modifications, or combinations of any of the disclosed embodiments (or portions thereof) may be made within the scope of this specification. Thus, it is contemplated and understood that this specification supports additional embodiments not expressly set forth in this specification. Such embodiments may be obtained, for example, by combining, modifying, or reorganizing any of the disclosed steps, components, elements, features, aspects, characteristics, limitations, and the like, of the various non-limiting and non-exhaustive embodiments described in this specification. In this manner, Applicant reserves the right to amend the claims during prosecution to add features as variously described in this specification.

Claims

1. An online transaction verification system, comprising:
one or more memory units configured to:
store one or more instructions; and
store a plurality of comparison codes; and
one or more processors coupled to the memory units and configured, upon executing the one or more instructions, to:
receive an indication that a card user is attempting to perform an online transaction using payment card information and a transaction device, the transaction device being communicatively coupled to a merchant device with which the card user is attempting to perform the online transaction;
following reception of the indication, transmit a challenge code configured to interrogate a card user identification device for a first verification code, wherein the challenge code is received by a card user verification device communicatively coupled to the transaction device, wherein the challenge code is re-transmitted from the card user verification device to the card user identification device;
following transmittal of the challenge code, receive the first verification code from the card user identification device, wherein the first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, wherein the first verification code is selected, by the card user identification device, according to a predefined manner;
select a first comparison code from the plurality of comparison codes according to the predefined manner;
compare the first comparison code to the first verification code from the card user identification device; and
following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the online transaction has been verified.
2. The online transaction verification system of Claim 1, wherein: in accordance with the predefined manner, the one or more processors are further configured to sequentially rotate through the plurality of comparison codes in order to select the first comparison code; and
in accordance with the predefined manner, the first verification code is selected, by the card user identification device, by sequentially rotating through the plurality of verification codes.
3. The online transaction verification system of Claim 2, wherein:
in accordance with the predefined manner, the one or more processors are further configured to re-select the first comparison code for use in verifying a subsequent transaction after each of the other comparison codes have been sequentially rotated to and selected; and in accordance with the predefined manner, the first verification code is re-selected, by the card user identification device, for use in verifying the subsequent transaction after each of the other verification codes have been sequentially rotated to and selected.
4. The online transaction verification system of Claim 1, wherein the card user verification device is physically coupled to a universal serial bus (USB) connector associated with the transaction device.
5. The online transaction verification system of Claim 1, wherein the card user identification device is communicatively coupled to the card user verification device by one of the following:
a wired communication network;
a wireless communication network;
a radio frequency identification communication network; or
an infrared communication network.
6. The online transaction verification system of Claim 1 , wherein the card user identification device comprises one of the following:
a wireless identification tag;
a wired identification tag;
a mobile telephone;
a radio frequency identification device; an audio-generation device; or
a smart card.
7. The online transaction verification system of Claim 1, wherein the card user verification device comprises a mobile telephone.
8. A tangible computer readable medium comprising logic configured, when executed by one or more processors, to:
store a plurality of comparison codes; and
receive an indication that a card user is attempting to perform an online transaction using payment card information and a transaction device, the transaction device being communicatively coupled to a merchant device with which the card user is attempting to perform the online transaction;
following reception of the indication, transmit a challenge code configured to interrogate a card user identification device for a first verification code, wherein the challenge code is received by a card user verification device communicatively coupled to the transaction device, wherein the challenge code is re-transmitted from the card user verification device to the card user identification device;
following transmittal of the challenge code, receive the first verification code from the card user identification device, wherein the first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, wherein the first verification code is selected, by the card user identification device, according to a predefined manner;
select a first comparison code from the plurality of comparison codes according to the predefined manner;
compare the first comparison code to the first verification code from the card user identification device; and
following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the online transaction has been verified.
9. The tangible computer readable medium of Claim 8, wherein: in accordance with the predefined manner, the logic is further configured to sequentially rotate through the plurality of comparison codes in order to select the first comparison code; and
in accordance with the predefined manner, the first verification code is selected, by the card user identification device, by sequentially rotating through the plurality of verification codes.
10. The tangible computer readable medium of Claim 9, wherein:
in accordance with the predefined manner, the logic is further configured to re-select the first comparison code for use in verifying a subsequent transaction after each of the other comparison codes have been sequentially rotated to and selected; and
in accordance with the predefined manner, the first verification code is re-selected, by the card user identification device, for use in verifying the subsequent transaction after each of the other verification codes have been sequentially rotated to and selected.
11. The tangible computer readable medium of Claim 8, wherein the card user verification device is physically coupled to a universal serial bus (USB) connector associated with the transaction device.
12. The tangible computer readable medium of Claim 8, wherein the card user identification device comprises one of the following:
a wireless identification tag;
a wired identification tag;
a mobile telephone;
a radio frequency identification device;
an audio-generation device; or
a smart card.
13. The tangible computer readable medium of Claim 8, wherein the card user verification device comprises a mobile telephone.
14. A method, comprising:
storing, by one or more processors, a plurality of comparison codes; receiving, by the one or more processors, an indication that a card user is attempting to perform an online transaction using payment card information and a transaction device, the transaction device being communicatively coupled to a merchant device with which the card user is attempting to perform the online transaction;
following reception of the indication, transmitting, by the one or more processors, a challenge code configured to interrogate a card user identification device for a first verification code, wherein the challenge code is received by a card user verification device communicatively coupled to the transaction device, wherein the challenge code is retransmitted from the card user verification device to the card user identification device;
following transmittal of the challenge code, receiving, by the one or more processors, the first verification code from the card user identification device, wherein the first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, wherein the first verification code is selected, by the card user identification device, according to a predefined manner; selecting, by the one or more processors, a first comparison code from the plurality of comparison codes according to the predefined manner;
comparing, by the one or more processors, the first comparison code to the first verification code from the card user identification device; and
following a determination that the first comparison code matches the first verification code, transmitting, by the one or more processors, a verification signal configured to indicate that the online transaction has been verified.
15. The method of Claim 14, wherein:
in accordance with the predefined manner, the first comparison code is selected, by the one or more processors, by sequentially rotating through the plurality of comparison codes; and
in accordance with the predefined manner, the first verification code is selected, by the card user identification device, by sequentially rotating through the plurality of verification codes.
16. The method of Claim 15, further comprising, in accordance with the predefined manner, re-selecting, by the one or more processors, the first comparison code for use in verifying a subsequent transaction after each of the other comparison codes have been sequentially rotated to and selected, wherein, in accordance with the predefined manner, the first verification code is re-selected, by the card user identification device, for use in verifying the subsequent transaction after each of the other verification codes have been sequentially rotated to and selected.
17. The method of Claim 14, wherein the card user verification device is physically coupled to a universal serial bus (USB) connector associated with the transaction device.
18. The method of Claim 14, wherein the card user identification device is communicatively coupled to the card user verification device by one of the following:
a wired communication network;
a wireless communication network;
a radio frequency identification communication network; or
an infrared communication network.
19. The method of Claim 14, wherein the card user identification device comprises one of the following:
a wireless identification tag;
a wired identification tag;
a mobile telephone;
a radio frequency identification device;
an audio-generation device; or
a smart card.
20. The method of Claim 14, wherein the card user verification device comprises a mobile telephone.
21. A telephone transaction verification system, comprising:
one or more memory units configured to:
store one or more instructions; and
store a plurality of comparison codes; and one or more processors coupled to the memory units and configured, upon executing the one or more instructions, to:
receive an indication that a card user is attempting to perform a telephone transaction using payment card information and a card user telephone device, wherein the card user telephone device is communicatively coupled to a merchant telephone device with which the card user is attempting to perform the telephone transaction;
following reception of the indication, transmit a challenge code configured to interrogate a card user identification device for a first verification code, wherein the challenge code is received by the card user telephone device and re-transmitted by the card user telephone device to the card user identification device;
following transmittal of the challenge code, receive the first verification code from the card user identification device, wherein the first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, wherein the first verification code is selected, by the card user identification device, according to a predefined manner, wherein the first verification code is transmitted by the card user identification device to the card user telephone device and re-transmitted by the card user telephone device to the merchant telephone device;
select a first comparison code from the plurality of comparison codes according to the predefined manner;
compare the first comparison code to the first verification code from the card user identification device; and
following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the telephone transaction has been verified.
22. The telephone transaction verification system of Claim 21, wherein:
in accordance with the predefined manner, the one or more processors are further configured to sequentially rotate through the plurality of comparison codes in order to select the first comparison code; and
in accordance with the predefined manner, the first verification code is selected, by the card user identification device, by sequentially rotating through the plurality of verification codes.
23. The telephone transaction verification system of Claim 22, wherein:
in accordance with the predefined manner, the one or more processors are further configured to re-select the first comparison code for use in verifying a subsequent telephone transaction after each of the other comparison codes have been sequentially rotated to and selected; and
in accordance with the predefined manner, the first verification code is re-selected, by the card user identification device, for use in verifying the subsequent telephone transaction after each of the other verification codes have been sequentially rotated to and selected.
24. The telephone transaction verification system of Claim 21, wherein:
the challenge code is received, from the one or more processors, by a merchant verification device and re-transmitted by the merchant verification device to the merchant telephone device;
the challenge code is received by the merchant telephone device and re-transmitted by the merchant telephone device to the card user telephone device;
the first verification code is received by the merchant telephone device and retransmitted by the merchant telephone device to the merchant verification device; and
the first verification code is received by the merchant verification device and retransmitted by the merchant verification device to the one or more processors.
25. The telephone transaction verification system of Claim 21 , wherein:
the challenge code is re-transmitted by the card user telephone device to the card user identification device in the form of a first audio signal; and
the first verification code is transmitted by the card user identification device to the card user telephone device in the form of a second audio signal.
26. The telephone transaction verification system of Claim 21, wherein the card user telephone device is selected from one of the following:
a landline telephone;
a mobile telephone; or
a voice over internet protocol device.
27. The telephone transaction verification system of Claim 21, wherein the one or more processors are included in a merchant verification device associated with a merchant.
28. A tangible computer readable medium comprising logic configured, when executed by one or more processors, to:
store a plurality of comparison codes;
receive an indication that a card user is attempting to perform a telephone transaction using payment card information and a card user telephone device, wherein the card user telephone device is communicatively coupled to a merchant telephone device with which the card user is attempting to perform the telephone transaction;
following reception of the indication, transmit a challenge code configured to interrogate a card user identification device for a first verification code, wherein the challenge code is received by the card user telephone device and re-transmitted by the card user telephone device to the card user identification device;
following transmittal of the challenge code, receive the first verification code from the card user identification device, wherein the first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, wherein the first verification code is selected, by the card user identification device, according to a predefined manner, wherein the first verification code is transmitted by the card user identification device to the card user telephone device and retransmitted by the card user telephone device to the merchant telephone device;
select a first comparison code from the plurality of comparison codes according to the predefined manner;
compare the first comparison code to the first verification code from the card user identification device; and
following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the telephone transaction has been verified.
29. The tangible computer readable medium of Claim 28, wherein:
in accordance with the predefined manner, the logic is further configured to sequentially rotate through the plurality of comparison codes in order to select the first comparison code; and in accordance with the predefined manner, the first verification code is selected, by the card user identification device, by sequentially rotating through the plurality of verification codes.
30. The tangible computer readable medium of Claim 29, wherein:
in accordance with the predefined manner, the logic is further configured to re-select the first comparison code for use in verifying a subsequent telephone transaction after each of the other comparison codes have been sequentially rotated to and selected; and
in accordance with the predefined manner, the first verification code is re-selected, by the card user identification device, for use in verifying the subsequent telephone transaction after each of the other verification codes have been sequentially rotated to and selected.
31. The tangible computer readable medium of Claim 28, wherein:
the challenge code is received, from the one or more processors, by a merchant verification device and re-transmitted by the merchant verification device to the merchant telephone device;
the challenge code is received by the merchant telephone device and re-transmitted by the merchant telephone device to the card user telephone device;
the first verification code is received by the merchant telephone device and retransmitted by the merchant telephone device to the merchant verification device; and
the first verification code is received by the merchant verification device and retransmitted by the merchant verification device to the one or more processors.
32. The tangible computer readable medium of Claim 28, wherein:
the challenge code is re-transmitted by the card user telephone device to the card user identification device in the form of a first audio signal; and
the first verification code is transmitted by the card user identification device to the card user telephone device in the form of a second audio signal.
33. The tangible computer readable medium of Claim 28, wherein the card user telephone device is selected from one of the following:
a landline telephone;
a mobile telephone; or a voice over internet protocol device.
34. A method, comprising:
storing, by one or more processors, a plurality of comparison codes;
receiving, by the one or more processors, an indication that a card user is attempting to perform a telephone transaction using payment card information and a card user telephone device, wherein the card user telephone device is communicatively coupled to a merchant telephone device with which the card user is attempting to perform the telephone transaction; following reception of the indication, transmitting, by the one or more processors, a challenge code configured to interrogate a card user identification device for a first verification code, wherein the challenge code is received by the card user telephone device and re-transmitted by the card user telephone device to the card user identification device; following transmittal of the challenge code, receiving, by the one or more processors, the first verification code from the card user identification device, wherein the first verification code is selected, by the card user identification device, from a plurality of verification codes stored by the card user identification device, wherein the first verification code is selected, by the card user identification device, according to a predefined manner, wherein the first verification code is transmitted by the card user identification device to the card user telephone device and re-transmitted by the card user telephone device to the merchant telephone device;
selecting, by the one or more processors, a first comparison code from the plurality of comparison codes according to the predefined manner;
comparing, by the one or more processors, the first comparison code to the first verification code from the card user identification device; and
following a determination that the first comparison code matches the first verification code, transmitting, by the one or more processors, a verification signal configured to indicate that the telephone transaction has been verified.
35. The method of Claim 34, wherein:
in accordance with the predefined manner, the first comparison code is selected, by the one or more processors, by sequentially rotating through the plurality of comparison codes; and in accordance with the predefined manner, the first verification code is selected, by the card user identification device, by sequentially rotating through the plurality of verification codes.
36. The method of Claim 35, further comprising, in accordance with the predefined manner, re-selecting, by the one or more processors, the first comparison code for use in verifying a subsequent telephone transaction after each of the other comparison codes have been sequentially rotated to and selected, wherein, in accordance with the predefined manner, the first verification code is re-selected, by the card user identification device, for use in verifying the subsequent telephone transaction after each of the other verification codes have been sequentially rotated to and selected.
37. The method of Claim 34, wherein:
the challenge code is received, from the one or more processors, by a merchant verification device and re-transmitted by the merchant verification device to the merchant telephone device;
the challenge code is received by the merchant telephone device and re-transmitted by the merchant telephone device to the card user telephone device;
the first verification code is received by the merchant telephone device and retransmitted by the merchant telephone device to the merchant verification device; and
the first verification code is received by the merchant verification device and retransmitted by the merchant verification device to the one or more processors.
38. The method of Claim 34, wherein:
the challenge code is re-transmitted by the card user telephone device to the card user identification device in the form of a first audio signal; and
the first verification code is transmitted by the card user identification device to the card user telephone device in the form of a second audio signal.
39. The method of Claim 34, wherein the card user telephone device is selected from one of the following:
a landline telephone;
a mobile telephone; or a voice over internet protocol device.
40. The method of Claim 34, wherein the one or more processors are included in a merchant verification device associated with a merchant.
41. A transaction verification system, comprising:
one or more memory units configured to:
store one or more instructions; and
store a plurality of comparison codes; and
one or more processors coupled to the memory units and configured, upon executing the one or more instructions, to:
receive an indication that a card user is attempting to perform a transaction with a payment card;
following reception of the indication, transmit a challenge code for reception by a card user device, the challenge code configured to interrogate the card user device for a first verification code;
following transmittal of the challenge code, receive the first verification code from the card user device, wherein the first verification code is selected, by the card user device, from a plurality of verification codes stored by the card user device, wherein the first verification code is selected, by the card user device, according to a predefined manner;
select a first comparison code from the plurality of comparison codes according to the predefined manner;
compare the first comparison code to the first verification code received from the card user device; and
following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the transaction has been verified.
42. The transaction verification system of Claim 41 , wherein:
in accordance with the predefined manner, the one or more processors are further configured to sequentially rotate through the plurality of comparison codes in order to select the first comparison code; and in accordance with the predefined manner, the first verification code is selected, by the card user device, by sequentially rotating through the plurality of verification codes.
43. The transaction verification system of Claim 43, wherein:
in accordance with the predefined manner, the one or more processors are further configured to re-select the first comparison code for use in verifying a subsequent transaction after each of the other comparison codes have been sequentially rotated to and selected; and in accordance with the predefined manner, the first verification code is re-selected, by the card user device, for use in verifying the subsequent transaction after each of the other verification codes have been sequentially rotated to and selected.
44. The transaction verification system of Claim 41, wherein the predefined manner comprises a second set of one or more instructions for selecting the first verification code; and wherein:
the second set of instructions are stored, by the card user device, prior to the card user device receiving the challenge code; or
the second set of instructions are received, by the card user device, as a portion of the challenge code; or
the second set of instructions are received, by the card user device, at substantially the same time or after reception of the challenge code.
45. The transaction verification system of Claim 41, further comprising a merchant verification device configured to act as an intermediary between the one or more processors and the card user device, the merchant verification device including a second set of one or more processors configured to:
receive the challenge code prior to the challenge code being received by the card user device;
re-transmit the challenge code for reception by the card user device;
receive the first verification code prior to the first verification code being received by the one or more processors; and
re-transmit the first verification code for reception by the one or more processors.
46. The transaction verification system of Claim 41 , wherein the card user device comprises one of the following:
a wireless identification tag;
a wired identification tag;
a mobile telephone;
a radio-frequency identification device;
an audio-generation device; or
a smart card.
47. The transaction verification system of Claim 41, wherein the first verification code is transmitted by the card user device without intervention by the card user.
48. A tangible computer readable medium comprising logic configured, when executed by one or more processors, to:
store a plurality of comparison codes in one or more memory units;
receive an indication that a card user is attempting to perform a transaction with a payment card;
following reception of the indication, transmit a challenge code for reception by a card user device, the challenge code configured to interrogate the card user device for a first verification code;
following transmittal of the challenge code, receive the first verification code from the card user device, wherein the first verification code is selected, by the card user device, from a plurality of verification codes stored by the card user device, wherein the first verification code is selected, by the card user device, according to a predefined manner;
select a first comparison code from the plurality of comparison codes according to the predefined manner;
compare the first comparison code to the first verification code received from the card user device; and
following a determination that the first comparison code matches the first verification code, transmit a verification signal configured to indicate that the transaction has been verified,
49. The tangible computer readable medium of Claim 48, wherein: in accordance with the predefined manner, the logic is further configured, when executed by the one or more processors, to sequentially rotate through the plurality of comparison codes in order to select the first comparison code; and
in accordance with the predefined manner, the first verification code is selected, by the card user device, by sequentially rotating through the plurality of verification codes.
50. The tangible computer readable medium of Claim 49, wherein:
in accordance with the predefined manner, the logic is further configured, when executed by the one or more processors, to re-select the first comparison code for use in verifying a subsequent transaction after each of the other comparison codes have been sequentially rotated to and selected; and
in accordance with the predefined manner, the first verification code is re-selected, by the card user device, for use in verifying the subsequent transaction after each of the other verification codes have been sequentially rotated to and selected.
51. The tangible computer readable medium of Claim 48, wherein the predefined manner comprises additional logic for selecting the first verification code; and wherein: the additional logic is stored, by the card user device, prior to the card user device receiving the challenge code; or
the additional logic is received, by the card user device, as a portion of the challenge code; or
the additional logic is received, by the card user device, at substantially the same time or after reception of the challenge code.
52. The tangible computer readable medium of Claim 48, wherein the card user device comprises one of the following:
a wireless identification tag;
a wired identification tag;
a mobile telephone;
a radio-frequency identification device;
an audio-generation device; or
a smart card.
53. The tangible computer readable medium of Claim 48, wherein the first verification code is transmitted by the card user device without intervention by the card user.
54. A method, comprising:
storing, by one or more processors, a plurality of comparison codes at one or more memory units;
receiving, by the one or more processors, an indication that a card user is attempting to perform a transaction with a payment card;
following reception of the indication, transmitting, by the one or more processors, a challenge code for reception by a card user device, the challenge code configured to interrogate the card user device for a first verification code;
following transmittal of the challenge code, receiving, by the one or more processors, the first verification code from the card user device, wherein the first verification code is selected, by the card user device, from a plurality of verification codes stored by the card user device, wherein the first verification code is selected, by the card user device, according to a predefined manner;
selecting, by the one or more processors, a first comparison code from the plurality of comparison codes according to the predefined manner;
comparing, by the one or more processors, the first comparison code to the first verification code received from the card user device; and
following a determination that the first comparison code matches the first verification code, transmitting, by the one or more processors, a verification signal configured to indicate that the transaction has been verified.
55. The method of Claim 54, wherein:
in accordance with the predefined manner, the first comparison code is selected, by the one or more processors, by sequentially rotating through the plurality of comparison codes; and
in accordance with the predefined manner, the first verification code is selected, by the card user device, by sequentially rotating through the plurality of verification codes.
56. The method of Claim 55, further comprising, in accordance with the predefined manner, re-selecting, by the one or more processors, the first comparison code for use in verifying a subsequent transaction after each of the other comparison codes have been sequentially rotated to and selected, wherein, in accordance with the predefined manner, the first verification code is re-selected, by the card user device, for use in verifying the subsequent transaction after each of the other verification codes have been sequentially rotated to and selected.
57. The method of Claim 54, wherein the predefined manner comprises one or more instructions for selecting the first verification code; and wherein:
the one or more instructions are stored, by the card user device, prior to the card user device receiving the challenge code; or
the one or more instructions are received, by the card user device, as a portion of the challenge code; or
the one or more instructions are received, by the card user device, at substantially the same time or after reception of the challenge code.
58. The method of Claim 54, further comprising:
receiving, by a merchant verification device, the challenge code prior to the challenge code being received by the card user device, wherein the merchant verification device is configured to act as an intermediary between the one or more processors and the card user device;
re-transmitting, by the merchant verification device, the challenge code for reception by the card user device;
receiving, by the merchant verification device, the first verification code prior to the first verification code being received by the one or more processors; and
re-transmitting, by the merchant verification device, the first verification code for reception by the one or more processors.
59. The method of Claim 54, wherein the card user device comprises one of the following:
a wireless identification tag;
a wired identification tag;
a mobile telephone;
a radio-frequency identification device; an audio-generation device; or
a smart card.
60. The method of Claim 54, wherein the first verification code is transmitted by card user device without intervention by the card user.
EP15848534.2A 2014-10-07 2015-10-06 Transaction verification systems Withdrawn EP3204906A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US14/508,732 US20160098726A1 (en) 2014-10-07 2014-10-07 Telephone transaction verification system
US14/508,706 US20160098712A1 (en) 2014-10-07 2014-10-07 Online transaction verification system
US14/508,664 US20160098715A1 (en) 2014-10-07 2014-10-07 Transaction verification system
PCT/US2015/054300 WO2016057559A1 (en) 2014-10-07 2015-10-06 Transaction verification systems

Publications (1)

Publication Number Publication Date
EP3204906A1 true EP3204906A1 (en) 2017-08-16

Family

ID=55653664

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15848534.2A Withdrawn EP3204906A1 (en) 2014-10-07 2015-10-06 Transaction verification systems

Country Status (2)

Country Link
EP (1) EP3204906A1 (en)
WO (1) WO2016057559A1 (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0725277D0 (en) * 2007-12-28 2008-02-06 Touch N Glo Ltd Secure transaction system
US20120191615A1 (en) * 2009-07-27 2012-07-26 Suridx, Inc. Secure Credit Transactions
US20110270925A1 (en) * 2010-04-28 2011-11-03 Magid Joseph Mina System to share credit information

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2016057559A1 *

Also Published As

Publication number Publication date
WO2016057559A1 (en) 2016-04-14

Similar Documents

Publication Publication Date Title
US9672518B2 (en) Systems, methods, and devices for improved transactions at a point of sale
US20170116596A1 (en) Mobile Communication Device with Proximity Based Communication Circuitry
US11580523B2 (en) NFC card verification
US20150254639A1 (en) Transactions utilizing multiple digital wallets
US20150278811A1 (en) Systems and Methods for Facilitating Authorisation of Payment
US20150371221A1 (en) Two factor authentication for invoicing payments
US10140657B2 (en) Wireless beacon connections for providing digital letters of credit on detection of a user at a location
US20140236838A1 (en) Account access at point of sale
US11379813B2 (en) System and method for point of sale transactions using wireless device with security circuit
US20230153780A1 (en) Open mobile payment systems and methods
US20150248676A1 (en) Touchless signature
JP2023524266A (en) cryptocurrency payment system
US20160098712A1 (en) Online transaction verification system
US20160098726A1 (en) Telephone transaction verification system
Almuairfi et al. Anonymous proximity mobile payment (APMP)
EP4020360A1 (en) Secure contactless credential exchange
US20140074710A1 (en) Consumer Processing of Payments for Merchants
US11893570B1 (en) Token based demand and remand system
US20160098715A1 (en) Transaction verification system
WO2016057559A1 (en) Transaction verification systems
US11250410B2 (en) Computer implemented method and a payment terminal for executing card present transaction dynamically from remote environment
JPWO2014020710A1 (en) Settlement system and settlement method

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20170508

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20180501