GB2379045A - Account controller - Google Patents

Account controller Download PDF

Info

Publication number
GB2379045A
GB2379045A GB0120610A GB0120610A GB2379045A GB 2379045 A GB2379045 A GB 2379045A GB 0120610 A GB0120610 A GB 0120610A GB 0120610 A GB0120610 A GB 0120610A GB 2379045 A GB2379045 A GB 2379045A
Authority
GB
United Kingdom
Prior art keywords
account
controller
transaction
reply
alert message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0120610A
Other versions
GB0120610D0 (en
Inventor
Andrew Gadsby
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HP Inc
Original Assignee
Hewlett Packard Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Co filed Critical Hewlett Packard Co
Priority to GB0120610A priority Critical patent/GB2379045A/en
Publication of GB0120610D0 publication Critical patent/GB0120610D0/en
Publication of GB2379045A publication Critical patent/GB2379045A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An account controller is automatically operable to monitor transaction data relating to the financial account and determine whether a predefined criterion is satisfied warranting sending an alert message for receipt by an authorised user of the account. The criterion relates to a condition of a transaction parameter, or plurality of transaction parameters, indicative of potential unauthorised use of the account.

Description

<Desc/Clms Page number 1>
A System, Account Controller and Method for Controlling a Financial Account Field of the Invention The invention relates to a system, account controller and method for controlling a financial account.
Background of the Invention Unauthorised access to financial accounts, for example bank accounts and credit card accounts, is known to occur regularly. This problem is exacerbated in that there is often a significant delay between a debit request occurring, resulting in a payment from an account, and communication of information relating to the transaction to an authorised user of the account. Thus, there frequently exists a significant delay between unauthorised use of an account and an account user taking action to stop such use.
Some account providers offer remote access for authorised users to account balances and transactional information, and/or alert messages triggered by selected criteria such as when a predetermined account balance is reached. Such information may be transmitted to a mobile telecommunications device belonging to an authorised account user. However, the services described above do not assure timely warning of unauthorised use of an account, and/or do not facilitate timely action by an authorised user to prevent an identified unauthorised use and/or subsequent unauthorised uses.
Summary of the Invention.
In accordance with the invention, there is provided a system for controlling a financial account, the system comprising an account controller automatically operable to monitor transaction data relating to the financial account and determine whether a predefined criterion is satisfied warranting sending an alert message for receipt by an authorised user of the account; wherein the criterion relates to a condition of a transaction parameter, or plurality of transaction parameters, indicative of potential unauthorised use of the account.
<Desc/Clms Page number 2>
Figure lis a block diagram schematically representing a data processing and communications system operable by an account provider and connected with an external communications network; and Figure 2 is a flow diagram illustrating a method of controlling a financial account.
Best Mode of Carrying Out the Invention Referring to Figure 1, a data processing and communications system 1 is provided by an account provider, for processing and storing status and transaction information for handling at least one financial account on behalf of an authorised user of the account. It should be understood that the system will generally be used to handle many financial accounts for many respective users, and that each user may hold more than one account or sub-account. System functionality is provided by an account controller 2 in the form of at least one computer apparatus loaded with appropriate computer implementable instructions, for controlling the accounts. A data output interface 3 and data input interface 4 are also provided for transferring data to and from at least one external communications network 5. The network 5 enables communication with a wireless network such as a public land mobile network (PLMN), for example a global system for mobile telecommunications (GSM) network enabling short message service (SMS) text messages. It will be apparent, however, that communication could alternatively or additionally be with another type of wireless network such as a General Packet Radio Service (GPRS) network or a third generation communications network.
The controller 2 provides means for storing transaction data, in the form of a main data storage function 6 operable to store data relating to a present status of a plurality of financial accounts. The controller also provides means for processing transaction data, in the form of a main data processing function 7 operable to process transaction data received through the data input interface 4, to manipulate the stored data in accordance with information contained in the received data, and to store the manipulated data so as to reflect a new status of an account.
<Desc/Clms Page number 3>
In accordance with a still further aspect of the invention, there is provided a method of controlling a financial account, for enabling a timely response by an authorised user of the account to a potential unauthorised situation, the method comprising automatically monitoring debit request data from proposed payees of the account and determining whether selected parameters of the data satisfy a predefined condition warranting sending an alert message, wherein said condition is defined using at least one transaction parameter limit indicative of potential unauthorised use of the account.
In accordance with a still further aspect of the invention, there is provided a computer program element comprising computer implementable instructions which, when loaded into a computer, constitute the system for controlling a financial account or the data processing system or the account controller, or cause a computer to perform the method of controlling a financial account.
In accordance with a still further aspect of the invention, there is provided a carrier having thereon a computer program comprising the computer program element.
In accordance with a still further aspect of the invention, there is provided a web server comprising the system for controlling a financial account or the data processing system or the account controller.
In accordance with a still further aspect of the invention, there is provided a mobile communications device preregistered with and operable to receive an alert message from the system for controlling a financial account or the data processing system or the account controller.
Brief Description of the Drawings In order that the invention may be well understood, an embodiment thereof will now be described, by way of non-limiting example only, with reference to the accompanying drawings, in which:
<Desc/Clms Page number 4>
available to the comparing and determining means 11 for accessing the rules on which determination is based, and also to the identifying means 10 for ascertaining the or each selected parameter to be identified in respect of an account, corresponding to the or each limit value that is active for that account.
In a preferred embodiment, the selected parameter is a value of a debit request, and a corresponding rule provides that a potential unauthorised condition exists when a value of a single debit request exceeds a predetermined limit value.
Further optional selected parameters are (i) a cumulative value of a plurality of debit requests and (ii) a period of time, and a corresponding rule provides that a potential unauthorised condition exists when a predetermined cumulative limit value of a plurality of debit requests effected within a predetermined time limit exceeds a predetermined value.
Still further optional selected parameters are (i) a number of debit requests and (ii) a period of time, and a corresponding rule provides that a potential unauthorised condition exists when a number of debit requests effected within a predetermined time limit exceeds a predetermined number.
Additionally or alternatively, the selected parameter is country of origin of a debit request, and a corresponding rule provides that a potential unauthorised condition exists when the country of origin is not on a list of expected countries for an authorised user.
The selected parameters and rules described above are stored and operable concurrently, although they may respectively be activated or deactivated. Clearly, other rules than the specific rules described above could be implemented by the controller, including more sophisticated rules dependent on complex algorithms. Access to the controller 2 will be permitted to technical personnel as directed by the account holder, for activating, deactivating, deleting and adding rules and limit values as desired.
Clearly, a different arrangement of limits and rules is applicable to each respective account.
<Desc/Clms Page number 5>
A proposed account payee may send a request to the controller 2 on behalf of an authorised account user. The system 1 is thus also operable to be connected to, and to output and receive data formatted for transmission across, at least one alternative communications network such as a public switched telephone network (PSTN) for dealing with third parties. Third party payment requests may, for example, originate from in-store retailers, or from virtual retailers across the internet including the World Wide Web. For dealings with virtual retailers, the system 1 comprises a web server employing, for example, the TCP/IP protocol.
The controller 2 also includes identifying means 10 for automatically identifying a value of at least one selected parameter of the transaction data, in the form of computer implementable instructions which cause the controller 2 to identify and store values relating to at least one selected parameter from recent account transaction data. The parameters are selected in accordance with the requirements of at least one rule, described below.
The controller 2 further includes comparing and determining means 11 in the form of computer implementable instructions operable to cause the controller 2 to compare the or each selected parameter value with at least one respective stored parameter limit value for determining whether a predetermined potentially unauthorised condition exists. An unauthorised condition may arise for example from attempted fraudulent use of a stolen credit card or credit card details, or from attempted use by a permitted user, such as a relative of an authorised account user, which would exceed privately agreed guidelines.
The controller 2 further includes limit condition input/output and storage means 12 for storing (i) the or each limit value and (ii) at least one rule in the form of computer implementable instructions usable by the comparing and determining means 11 to determine whether a potentially unauthorised condition exists. The limit condition input/output and storage means 12 also enables limit values and rules to be changed and added. The contents of the limit condition input/output and storage means 12 are
<Desc/Clms Page number 6>
values relating to the same account, and use at least one criterion set by the stored rules relating to that account to determine whether a potential unauthorised use of the account is being attempted or has occurred. If a condition indicative of an unauthorised situation is determined, the comparing and determining means 11 is operable to automatically issue a signal to a message dispatch means 15, for initiating an alert message for receipt by an authorised user of the account.
The message dispatch means 15 comprises computer implementable instructions operable, on receipt of the signal from the comparing and determining means 11, to retrieve an appropriate SMS text message from message storage means 16, to retrieve details of the registered device 14 from the registered device data storage means 13, and to route the message to the data output interface 9 and thence to a registered device 14 across the network 5. The limit condition input/output and storage means 12 is operable to provide information to the message dispatch means regarding what message is appropriate, depending on which rule is satisfied. If there is more than one registered device 14, the message dispatch means is operable to initiate messages in sequence to the registered devices in a predetermined order of priority until a reply is received. The message dispatch means 15 ensures that the message is correctly formatted for the registered device 14.
Particularly if a requested transaction requires real-time authorisation by the account provider prior to payment, the controller 2 is operable immediately to cause the message dispatch means 15 to confirm that the registered device is contactable and initiate an alert message to the registered device 14 or, if there is more than one registered device 14, to the registered devices in the predetermined order of priority.
The registered device 14 may, for example, be pinged as confirmation that it is connected to the network 5. This alleviates potential problems which can occur when a registered device is temporarily located outside its geographical region of operation or is switched off.
<Desc/Clms Page number 7>
The controller 2 further comprises registered device data input/output and storage means 13 for storing data relating to at least one mobile entity in the form of a mobile telecommunications device 14 nominated by an authorised user. The or each nominated device 14 should be expected to be regularly in the authorised user's possession, and likely to be contactable without delay in the event a potentially unauthorised condition is determined by the controller 2. The or each mobile device 14 is capable of receiving and sending SMS messages and could be, for example, a personal handheld wireless communications device such as a mobile phone, smart phone or personal digital assistant (PDA). However, it will be apparent that other types of mobile device may usefully be employed, for example devices operable to use text messaging services other than SMS, devices operable to use e-mail and larger portable devices. Also, in some circumstances, wired communication devices such as telephones and desktop PCs could be used.
The data required for establishing communications with the or each nominated mobile communications device 14 is collected from the authorised user and input to the registered device data input/output and storage means 13. This establishes the device as a"registered device". More than one device 14 may be registered per authorised user.
The registered device data input/output and storage means 13 also includes means for inputting and outputting the data relating to the or each registered device 14. An authorised user may be allowed to access the registered device data directly for adding to or changing the data, a user interface being provided for this purpose. Auxiliary data may be collected and stored in the registered device data input/output and storage means 13 relating to alternative devices by which the account provider can attempt to contact an authorised user if a registered device is not contactable. For example, the number of an audio telephone device on a PSTN can be stored and contacted either automatically using a pre-recorded message or manually by a person, in the event a registered device 14 is not contactable.
The comparing and determining means 11 is operable to compare the value of the parameters identified by the identifying means 10 with corresponding stored limit
<Desc/Clms Page number 8>
appropriate standardised message wording in a readily understandable fashion, together with a detailed explanation of the alert procedure. Using certain types of devices, for example a GPRS compatible device enabling e-mail with hot links which act as a menu, the interface can further provide a menu of reply options with an explanation of their effects.
If the registered device 14 is not contactable, the controller 2 is operable to attempt to contact an authorised user by means of another device such as a telephone device over the PSTN, using a fully automated system including a recorded message. Alternatively, the controller 2 initiates a signal for the attention of the account provider to prompt a live operator to contact the authorised user by other means.
On receipt of no reply within a predetermined time period, the message receipt means 17 is operable automatically to initiate actions previously agreed with an authorised account user. For example, one such action could be to automatically refuse a transaction request, following the sequence of actions as for receipt of a"refuse"reply.
An alternative action is neither to process or refuse the request immediately, but to place the request on hold. The controller 2 is operable then to automatically issue a request to a potential payee to authenticate the identity of the purported authorised user prior to proceeding, or to automatically issue a prompt for the attention of the account provider, drawing attention to a need to contact the third party.
It will be apparent from the above that the system 1 facilitates automatic and speedy issue of an alert message and effective reply handling in a manner advantageous in combating fraud. Timely use of the system 1 facilitates real-time refusal of an unauthorised transaction, and/or refusal of future unauthorised transactions shortly after the early detection facilitated by the system 1. Moreover, smooth and timely processing of authorised transactions is nevertheless facilitated.
Particularly for situations where the authorised user is not present at the point of sale, for example internet transactions, the predetermined period for replying may be substantial, for example twenty-four hours. This would be particularly appropriate for
<Desc/Clms Page number 9>
The message contains details of the transaction relevant to the situation, for example the size, place, time and/or subject of a request, and requests the user to reply immediately using SMS's reply facility. The message may also point out any consequences of not replying immediately, for example refusal of the request.
Replies to the controller 2 are routed through the data input interface 4 to message receipt means 17. A reply may be required to include a password, for example a personal identification number (PIN), before it will be accepted as valid. The message receipt means 17 comprises computer implementable instructions operable to determine from the reply what action is required by the controller 2, and to provide signals for initiating the required action.
On receipt of a valid reply to"refuse"a transaction request, the message receipt means 17 is operable automatically (i) to instruct the data processing means 7 to refuse the transaction request and (ii) to instruct the message dispatch means 15 to send an information message to the registered device 14 and to communicate with a third party noting the refusal. A potentially fraudulent transaction may thus be averted in realtime.
On receipt of a valid reply to"accept"a transaction request, the message receipt means 17 is operable automatically (i) to instruct the data processing means 7 to process the transaction request and (ii) to instruct the message dispatch means 15 to send an information message to the registered device 14 and to communicate with a third party noting the acceptance. This facilitates avoidance of inconvenient refusal of a transaction authorised by the account holder.
The format of a reply can be used to facilitate reliable identification by the controller 2 of the action required. Thus, the alert message may carefully specify the format and wording required in the reply, for example"refuse"or"accept". Alternatively, prior to commencing transactions in an account, a user interface may be provided comprising computer implementable instructions downloadable to a registered device 14, enabling a message from the controller 2 to be formatted by the device 14 so as to incorporate
<Desc/Clms Page number 10>
If the registered device is not contactable, as shown at 26 the account provider attempts to contact an authorised user by means of another device such as a telephone device over the PSTN, using either a fully automated system including a recorded message or alternatively using a live operator. However, this step can be omitted if desired.
In one embodiment, the alert message takes the form of an SMS text message and provides details of the condition which has been determined, including the time, place and value of relevant debit transactions and requests. It will be apparent that other forms of message could be used, for example alternative text messaging systems, email, web page information or pre-recorded audio messages. The alert message also requires a reply from the device to the account controller, stating whether to authorise or refuse a pending transaction or further transactions in the account. The reply should be validated using a password. The alert message may also include auxiliary contact details for contacting an account provider other than by the SMS reply function, for example a PSTN telephone number for contacting a live operator.
In the case of a pending debit request which requires authorisation before it can be processed, the alert message is sent without delay and requests immediate refusal or authorisation of the request. It is recognised that in the case of alerts relating to multiple transaction requests, at least some of the transactions will have already been effected.
Nevertheless, the authorised user will be able to respond to previous unauthorised transactions by refusing further transactions, and this can be effected earlier using the present method than with conventional methods of controlling financial accounts.
If a valid reply authorising the request is received by the account controller within the predetermined time period, the transaction is processed as usual, as shown at 27,28 and 23. A valid reply within a predetermined time period refusing the request results in refusal of the pending transaction and/or future transactions. In case of refusal, third party potential payees of the account are informed as shown at 28 and 29.
<Desc/Clms Page number 11>
large purchases. Thus, the system may be responsive to the type of entity requesting payment from the account.
Figure 2 illustrates a method of controlling a financial account by an account controller.
As illustrated at reference sign 20, debit request data relating to the financial account is monitored. As shown at 21, a value of at least one parameter of the data is compared with at least one corresponding predefined limit value, agreed with an authorised account user. Next, at 22, it is determined on the basis of the comparison and in accordance with at least one predefined criterion, whether a predetermined condition is satisfied indicative of potential unauthorised use of the account and warranting sending of an alert message to an authorised user of the account.
If the condition is not satisfied, processing of the debit request proceeds unhindered as shown at reference sign 23. If, on the other hand, the condition is satisfied, tests are carried out as indicated at 24 to ascertain whether an authorised account user is contactable using a mobile entity in the form of a mobile communications device which has been preregistered with a provider of the account.
If the device, or an alternative preregistered device, is contactable an appropriate alert message is automatically sent to the contactable registered device as shown at reference sign 25, giving information about the debit request and requiring a reply stating whether the request is authorised or refused by the authorised user. The reply may also be required to include a valid password. The alert message is a text message selected from a preprepared store of text messages according to the type of condition that has been determined to exist.
A condition warranting sending an alert message can relate to an overstepping of any or all of the following limits: A single transaction value limit; a multiple transaction value limit with a time limitation; a multiple transaction occurrence limit with a time limitation; and a limit defined by processing transaction data using an algorithm. A transaction request originating from a country not on a list selected by an authorised user may also warrant sending an alert message.
<Desc/Clms Page number 12>
The carrier may be any entity or device capable of carrying the program or program element. For example, the carrier may comprise a storage medium such as a ROM, a magnetic recording medium, a transmissible carrier such as an electrical or optical signal conveyable by cable, radio or other means, or an integrated circuit.
The financial account should be understood to include any electronically stored record of monies owed by or to an account user. The term includes, for example, a bank account, a credit card account, or an account for services such as telephony or gambling services.
The term automatically is used herein to indicate that no manual intervention is necessary to perform an action or function. Typically, automatic actions might be carried out by the system 1 using a machine, for example electronic digital processor means.
The term data embraces all forms of mechanically stored data, including text, audio and video data.
The system 1 may be operable to format an alert message for a variety of communications mechanisms including, but not limited to, GSM SMS or e-mail, and the response can be delivered via mechanisms such as GSM SMS, e-mail or the world wide web.
<Desc/Clms Page number 13>
If no reply is received within the predetermined time period, either the pending transaction and/or future transactions are refused and any third party potential payee informed accordingly, or the third party is asked to verify a potential authorised user's identity before proceeding, as shown at 29.
For convenience, certain authorised users are allowed to personalise system response in connection with their respective accounts by providing information to the controller using a registered device. For example, an authorised user may be allowed to change or add to at least one of the following: rules and limits presently applicable to an account, details of and order of priority to contact a registered device, the predetermined time period before action is taken on no reply, and the action to take on no reply. At least one graphic user interface may be provided to facilitate convenient communication of this information. The or each interface may be provided for download to a registered device, and may provide for selection of various system response options from a menu.
It will be apparent that the system 1 described above is particularly well adapted to carrying out the method just described.
It will further be apparent that the system 1 and method are implementable by a computer program when loaded on a computer and that various functions of the system I and method are implementable by respective computer program elements when loaded on a computer. The term"computer"should be understood to relate to a unitary computer apparatus or to a plurality of interconnected computer apparatuses disposed in one or more locations.
However, the invention also extends to computer programs and computer program elements, particularly computer programs and computer program elements on or in a carrier, adapted for putting the invention into practice. The program or program elements may be in the form of source, object or intermediate, for example partially compiled, code, or any other suitable form.
<Desc/Clms Page number 14>
8. A system according to Claim 1, wherein the criterion is satisfied when a number of debit requests effected within a predetermined time period exceeds a predetermined number.
9. A data processing system operable to control transactions in an account, the system comprising : means for processing transaction data; means for storing the transaction data; means for automatically identifying a value of at least one selected parameter of the transaction data; means for automatically comparing the or each identified value with at least one limit value, for determining whether a condition exists indicative of a potential unauthorised situation, the or each selected parameter relating to (i) a value of a debit request and/or (ii) a number of debit requests and a time period in which the requests occur and/or (iii) a cumulative value of a series of debit requests and a time period in which the requests occur; means for accessing stored data relating to at least one telecommunications device nominated by an authorised user of the account, for enabling communication with said device; means for initiating an alert message to said device automatically when the system determines a said condition indicative of a potential unauthorised situation; means for receiving a reply from said device; and means for automatically making a decision regarding authorisation of a requested transaction based on information contained in any reply received from said device, or based on no reply being received from said device.
10. A data processing system according to Claim 9, further comprising means for automatically communicating information regarding the decision to a third party requesting the transaction.
11. A data processing system according to claim 9, further comprising means for automatically ascertaining, prior to sending the alert message, whether said device is presently contactable.
12. A data processing system according to claim 9, further comprising means for sending the alert message using short messaging service format.

Claims (1)

  1. CLAIMS 1. A system for controlling a financial account, the system comprising an account controller automatically operable to monitor transaction data relating to the financial account and determine whether a predefined criterion is satisfied warranting sending an alert message for receipt by an authorised user of the account; wherein the criterion relates to a condition of a transaction parameter, or plurality of transaction parameters, indicative of potential unauthorised use of the account.
    2. A system according to Claim 1, wherein the account controller is operable to generate an instruction for causing automatic timely sending of the alert message, in response to a determination by the controller that the criterion is satisfied, to a communications device preregistered with the controller by an authorised user of the account.
    3. A system according to Claim 2, further comprising an alert message stored for retrieval in accordance with instructions from the controller, the alert message including information regarding a potential unauthorised use of the account and a request for a reply to the message indicating whether the use is authorised by an authorised user of the account.
    4. A system according to Claim 3, wherein the controller is operable to automatically effect, hold or refuse an account transaction based on information contained in a reply, or on the absence of a reply, received by the controller from the preregistered communications device.
    5. A system according to Claim 4, wherein the controller is operable, responsive to a request for an account transaction by a third party on behalf of a purported authorised user of the account, to automatically send information to the third party regarding the status of the account transaction.
    6. A system according to Claim 1, wherein the criterion is satisfied when a value of a single debit request equals or exceeds a predetermined value.
    7. A system according to Claim 1, wherein the criterion is satisfied when a cumulative value of a plurality of debit requests effected within a predetermined time period exceeds a predetermined value.
    <Desc/Clms Page number 16>
    in a condition for receiving the message and, if the entity is not connected, automatically suspending sending the message and/or attempting to contact an authorised user of the account by other means.
    23. A method according to Claim 14, wherein the transaction parameter limit is a single transaction value limit and/or a multiple transaction value limit with a time limitation and/or a multiple transaction occurrence limit with a time limitation and/or a limit defined by processing transaction data using an algorithm.
    24. A computer program element comprising computer implementable instructions which, when loaded into a computer, constitute the system of Claim 1 or the data processing system of Claim 9 or the account controller of Claim 13, or cause a computer to perform the method of Claim 14.
    25. A carrier having thereon a computer program comprising a computer program element according to Claim 24.
    26. A web server comprising a system according to Claim 1 or a data processing system according to Claim 9 or an account controller according to Claim 13.
    27. A mobile communications device preregistered with and operable to receive an alert message from a system according to Claim 1 or a data processing system according to Claim 9 or an account controller according to Claim 13.
    <Desc/Clms Page number 17>
    13. An account controller for controlling a financial account, the controller being operable to access stored data relating to at least one telecommunications device nominated by an authorised user of the account, immediately initiate an alert message to said device automatically when a potential unauthorised transaction is requested, the message containing a request for a reply, and automatically make a decision regarding the transaction based on information contained in a reply from said device, or based on no reply from said device.
    14. A method of controlling a financial account, for enabling a timely response by an authorised user of the account to a potential unauthorised situation, the method comprising automatically monitoring debit request data from proposed payees of the account and determining whether selected parameters of the data satisfy a predefined condition warranting sending an alert message, wherein said condition is defined using at least one transaction parameter limit indicative of potential unauthorised use of the account.
    15. A method according to Claim 14, comprising automatically generating an instruction for causing timely sending of the alert message for receipt by the authorised user when the predefined condition is satisfied.
    16. A method according to Claim 14, wherein the alert message is sent to a mobile entity that is registered by the authorised user with a controller of the account.
    17. A method according to Claim 16, wherein the alert message is an SMS message.
    18. A method according to Claim 16, wherein the alert message requests a reply to the account controller from the mobile entity confirming or denying that the transaction is regular.
    19. A method according to Claim 18, wherein if no reply is received by the account controller within a predetermined time period, the account controller communicates with a proposed payee requesting it to verify a purported authorised account user's identity prior to authorisation of a debit transaction.
    20. A method according to Claim 16, wherein payment is authorised automatically on receipt by the account controller of a satisfactory and timely reply from the mobile entity.
    21. A method according to Claim 20, wherein the alert message requires the reply to include a secure identifier before authorising payment.
    22. A method according to Claim 16, comprising confirming prior to sending the alert message that the mobile entity is presently connected to a telecommunications network and
    <Desc/Clms Page number 18>
GB0120610A 2001-08-24 2001-08-24 Account controller Withdrawn GB2379045A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0120610A GB2379045A (en) 2001-08-24 2001-08-24 Account controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0120610A GB2379045A (en) 2001-08-24 2001-08-24 Account controller

Publications (2)

Publication Number Publication Date
GB0120610D0 GB0120610D0 (en) 2001-10-17
GB2379045A true GB2379045A (en) 2003-02-26

Family

ID=9920928

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0120610A Withdrawn GB2379045A (en) 2001-08-24 2001-08-24 Account controller

Country Status (1)

Country Link
GB (1) GB2379045A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009074847A1 (en) * 2007-12-11 2009-06-18 Xs Innovation Holdings Limited Account risk management and authorization system for preventing unauthorized usage of accounts
EP2344994A1 (en) * 2008-09-08 2011-07-20 Obopay Inc. Multi-factor authorization system and method
US20190171814A1 (en) * 2015-08-19 2019-06-06 Palantir Technologies Inc. Checkout system executable code monitoring, and user account compromise determination system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0540234A2 (en) * 1991-10-31 1993-05-05 AT&T Corp. Monitoring of charges debited to an account having an assigned limit
WO1994006103A1 (en) * 1992-09-08 1994-03-17 Hnc, Inc. Fraud detection using predictive modeling
WO2000046769A1 (en) * 1999-02-03 2000-08-10 Toman Paul M System and method for monitoring a credit account
EP1067492A2 (en) * 1999-06-30 2001-01-10 Lucent Technologies Inc. Transaction notification system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0540234A2 (en) * 1991-10-31 1993-05-05 AT&T Corp. Monitoring of charges debited to an account having an assigned limit
WO1994006103A1 (en) * 1992-09-08 1994-03-17 Hnc, Inc. Fraud detection using predictive modeling
WO2000046769A1 (en) * 1999-02-03 2000-08-10 Toman Paul M System and method for monitoring a credit account
EP1067492A2 (en) * 1999-06-30 2001-01-10 Lucent Technologies Inc. Transaction notification system and method

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009074847A1 (en) * 2007-12-11 2009-06-18 Xs Innovation Holdings Limited Account risk management and authorization system for preventing unauthorized usage of accounts
EA016321B1 (en) * 2007-12-11 2012-04-30 Трэнволл Холдингз Лтд. Account risk management and authorization system for preventing unauthorized usage of accounts
EP2344994A1 (en) * 2008-09-08 2011-07-20 Obopay Inc. Multi-factor authorization system and method
EP2344994A4 (en) * 2008-09-08 2012-08-29 Obopay Inc Multi-factor authorization system and method
US20190171814A1 (en) * 2015-08-19 2019-06-06 Palantir Technologies Inc. Checkout system executable code monitoring, and user account compromise determination system
US10922404B2 (en) * 2015-08-19 2021-02-16 Palantir Technologies Inc. Checkout system executable code monitoring, and user account compromise determination system

Also Published As

Publication number Publication date
GB0120610D0 (en) 2001-10-17

Similar Documents

Publication Publication Date Title
US8375096B2 (en) Alerts life cycle
US8666894B1 (en) Systems and methods for remotely authenticating credit card transactions
US8725605B1 (en) Method and system for managing service accounts
US20090204524A1 (en) Security system
US20020029193A1 (en) Method and system for facilitating the transfer of funds utilizing a telephonic identifier
US7793141B1 (en) eCommerce outage customer notification
US20110047075A1 (en) Location controls on payment card transactions
US20040073621A1 (en) Communication management using a token action log
US20020156746A1 (en) Method and arrangement for the transmission of an electronic sum of money from a credit reserve
MX2007002983A (en) Purchase notication alert forwarding system and method for preventing fraud.
KR20110020820A (en) Monetary transfer approval via mobile device
JP2001067421A (en) Actualizing method of dealing notification service
US7356515B2 (en) Method and system for transferring an electronic sum of money from a credit memory
US20210406909A1 (en) Authorizing transactions using negative pin messages
CN101071492A (en) Mobile phone fee payment method and system based on mobile phone bank
US20040117299A1 (en) Method and apparatus for screening financial transactions
US20080270279A1 (en) Method and system for automated skip tracing
JP2006338414A (en) Card usage authorization device, card usage information notification device, and its program
US20020156728A1 (en) Method and arrangement for the transmission of an electronic sum of money from a credit reserve by wap
WO2003036576A2 (en) Method and system of additional securing of payment card payments
KR100368921B1 (en) method for providing credit information management service using an internet
GB2379045A (en) Account controller
JP2005284869A (en) Transfer to incorrect account prevention system
US11436594B2 (en) Apparatus and method for reverse authorization
WO2003015043A1 (en) A credit card security system

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)