JPS62237570A - Offline risk evaluation transaction system - Google Patents

Abstract

(57) [Summary] This bulletin contains application data before electronic filing, so abstract data is not recorded.

Description

DETAILED DESCRIPTION OF THE INVENTION The present invention relates to a transaction system that allows an issuer of a transaction card to adjust the cost of transmitting an authentication request.

Specifically, this approach allows issuers to specify for each cardholder the types of transactions that will be authenticated remotely. This deployment reduces the number of authentication requests that must be transmitted to a remote authorization site, thereby reducing communication costs.

In recent years, the use of transaction cards has increased significantly. In many cases, transaction cards are used in place of cash when purchasing goods or services.

These transaction cards can take the form of credit cards, where a record of transactions is maintained and a bill is later sent to the cardholder. In one recent scheme, the cardholder deposits money into an account and then has the transaction amount directly deducted from it. These latter types of accounts are referred to as "debit cards." The banking industry has also begun using transaction cards that allow common banking functions to be performed without a teller using automatic terminals. Lost or stolen cards often
Used to purchase goods or services without the authorization of the authorized holder. Additionally, many counterfeit cards were created for fraudulent purchases. The industry is responding in a number of ways designed to reduce losses associated with such fraudulent transactions.

An early practice in the transaction card industry was to periodically print and distribute lists of lost or stolen cards. When a card is presented for a transaction, the card number is checked against this list before the transaction is approved.

Unfortunately, this approach is time consuming and error prone. More importantly, this information is distributed on a regular basis so that after a card is reported lost, stolen, or counterfeited, and prior to the time it is listed on the bulletin board, fraudulent use of the card cannot be detected using this method. is not detected.

Recently, various automatic online verification schemes have been developed. In these schemes, information about the cardholder and the transaction is transmitted via a communications link to a central control center for approval or further processing. In some cases, a central control center may be provided with information about the cardholder to make an approval decision. In smaller transaction schemes, the central department equals the card issuer. In larger, multi-card issuer schemes, transaction information is forwarded from a central department to one of the remote issuers for final approval.

When the first automated systems were developed, transaction information was entered into the authorized network, typically by the merchant calling a local recipient who entered the data into the terminal. In relatively recent times, a number of electronic terminals have been designed that automatically trigger transactions. These terminals, located at merchant locations, are designed to directly accept transaction information.

The terminal is equipped with a device for reading transaction cards. For example, many transaction cards are provided with a magnetic stripe that encodes information such as the cardholder's account number and the name of the institution that issued the card. These terminals have magnetic transducers to read this information. The terminal transmits the data on the magnetic stripe to the authentication scheme along with other details of the transaction, such as the transaction amount.

The approval procedure is then followed as described above.

As can be seen, if the issuer of the transaction card is located far from the point of transaction, each authorization can incur significant communication costs. Additionally, approvals take time, slowing down the sales process. Although electronic authorization processes are appropriate from a fraud reduction standpoint, it would be desirable to balance the risk of fraud with the cost of authorizing each transaction.

One way to reduce communication costs for approved networks is 19
It is disclosed in US Pat. No. 4,485,300, dated Nov. 27, 1984. The invention is directed to large transaction card systems that include multiple card issuers and one central communications center. Prior to that invention, each transaction was routed by a management center to the respective issuer for approval. To reduce the need for this step, a method was provided in which various parameters were supplied to the management center. These parameters will define the types of transactions that can be approved directly by the management center instead of sending an approval request to the issuer.

These parameters are based on the overall typology of the issuer's cardholder accounts. For example, transaction parameters may be set relatively high if the issuing institution has a small group of high credit worthy customers. In this case, only transactions with higher amounts are referred to the issuer for approval. Conversely, if the issuer has a large number of customers representing a high degree of risk, the parameters will be set relatively low to minimize the potential for bad debts and fraud losses. In the latter case, communication costs will probably be higher, but
This will be offset by lower losses. Obviously issuers can make decisions based on their own needs.

The above scheme has been found to be very successful in helping issuers balance communication costs with bad debt and fraud losses. but,
The latter approach still requires communication of transaction parameters from the merchant to a central management department that performs the decision-making process. Moreover, the parameters supplied to the data management center are based on the issuer's general evaluation of the cardholder. In other words, these parameters are not directly linked to the credit worthiness of each individual cardholder, but only represent a general evaluation.

Based on the above, it would be desirable to provide a method by which various transactions could be approved at the transaction site without incurring any communication costs. The decision is within the control of the issuer and should preferably be based on the creditworthiness of the individual cardholder.

Accordingly, it is an object of the present invention to provide a new and improved scheme by which an issuer can adjust the type of authentication requests sent from a transaction site.

It is another object of the present invention to provide a new and improved method by which transaction authorization can be generated off-line at a remote terminal based on criteria provided by a transaction card issuer. .

It is a further object of the present invention to provide a new and improved method by which a card issuer can encode information onto a transaction card so that each transaction can be evaluated at a remote terminal. be.

It is another object of the present invention to provide an authorization scheme that significantly reduces communication costs.

In accordance with the above and other objectives, the present invention provides a transaction scheme that allows a transaction card issuer to adjust the type of authentication request sent from the transaction site. In this method,
A file device containing cardholder information is generated.

This file is maintained at a location remote from the trading site, such as at the issuer's location. A set of copies of this information may also be provided at the data management center in the manner described in the aforementioned US Pat. No. 4,485,300.

According to the invention, each transaction card is provided with data identifying the cardholder as well as data representing risk assessment information associated with the particular cardholder. The risk assessment information is intended to provide an assessment of the potential creditworthiness, or, more generally, of the potential liability associated with the card holder. For example, if the card holder has a history of card loss, the account may be at greater risk. Similarly, a history of exceeding credit limits will be taken into account when calculating risk assessment information. Conversely, if the cardholder has a high credit limit and no past history of problems, the risk assessment information will be created to reflect that situation.

This risk assessment information can be encoded on the magnetic stripe of the transaction card. This information can be encoded using cryptography so that unauthorized users cannot read it. As can be seen, transaction cards have been developed that do not use magnetic stripes to store cardholder information.

For example, various "smart cards" have been developed in which information is held in computer storage within the card. The invention is intended to include this type of transaction card and any other card in which risk assessment information provided by the issuer is placed on the card in a manner that can be read by the transaction terminal.

The invention further includes a terminal at the transaction site and a device for reading the data on the transaction card as described above. The terminal includes a processing unit to evaluate the transaction based on the risk assessment information carried on the card.

The terminal itself can issue an approval if the particular transaction falls within the parameters set by the issuer. However, if the transaction falls outside the boundaries established by the issuer, an authentication request is then sent to the communications network for approval by a department remote from the transaction site.

As mentioned above, this authorization is determined at the administrative center or issuer of the transaction card.

In a preferred embodiment of the invention, each transaction terminal is provided with a transaction amount limit. In this embodiment, the risk rating information placed on the card takes the form of a multiplier used to rate transactions. Specifically, the multiplier on the card is
Used to change in the terminal the limit on the amount by which a transaction will be transmitted for approval above a certain value.

Other objects and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings.

Referring to FIG. 1, the basic elements of the trading scheme (10) of the present invention are illustrated in block diagram form. In this scheme, an institution named "Issuer J (20)" distributes transaction cards (30) to a number of customers.

The issuer (20) can be a bank or other financial institution. Often, issuers collect information from cardholders to evaluate and assign credit limits to cardholders. This credit limit is stored in storage at the issuer along with the associated cardholder identification number. This information is used to determine whether a particular transaction should be approved.

Although there are many different types of transaction cards in use today, by far the ones distributed in the United States are plastic cards with embossed markings. Additionally, the card is provided with a magnetic stripe that can encode various accounting information. Parameters for these cards are standardized. For example, the card dimensions are from the ISO document ISO/TC97/5C17/WG4-N9.
5. The format of the encoded magnetic stripes has also been standardized and is shown in IsO standards 3554 and 4909.

The type of card and the method of data application are not important to the invention. For example, it is possible to use a newer type of smart card in which information about the cardholder is stored in internal storage rather than on a magnetic stripe. In the present invention, the transaction card need only be capable of carrying data representative of the risks associated with the cardholder.

In the basic embodiment of the invention, the issuer has a communication line (2
4) to a plurality of transaction terminals (40).

A terminal (40) is located at the point of transaction. These transaction terminals are typically located at merchant locations where sales or services are sought. However, it can also be used at banks or airports where cash or traveler's checks are handed out.

The transaction terminal (40) of the present invention has many elements similar to automated transaction terminals available today. More specifically, today's point-of-sale terminals have equipment for reading information encoded on cards. Typically, the device includes a transducer for reading information encoded on the magnetic stripe. Alternatively, the terminal may have contacts for interfacing with the mechanical contacts of the smart card. The terminal also has a processing unit for controlling operations such as formatting procedures, dialing, and sending information to the issuer. Typically, the terminal also has a keypad input that accepts supplemental information about the transaction, such as the transaction amount.

According to the invention, a processing unit within the terminal is programmed to provide a comparison function for evaluating transactions based on risk assessment information placed on the card. A preferred embodiment of this comparison function is described below. Terminals with electronic systems suitable to perform all of the functions disclosed in this document are available from International Verifact, Inc.
ionalVerifact, Inc.). Used with an Intel 80c31 microprocessor, this terminal is designed to perform numerous trading functions. This terminal could be easily modified to perform the functions disclosed herein by adding software instructions.

The terminal can also be adapted to read information encoded in different tracks of the magnetic stripe that can contain risk assessment information. If other security characteristics are desired, supplemental hardware, such as a Watermark Mag
netics).

In operation of prior art systems such as those described above, a cardholder presents his card (30) to a merchant. The merchant swipes the card through a terminal that reads the information on the card.

The merchant then enters the transaction amount and this information is then transmitted to the issuer by communication line (24). The issuer compares the information sent by the terminal with the cardholder's information stored in the storage device (22). If the evaluation is positive, an authorization code is sent back to the merchant, who completes the transaction.

If this evaluation is bad, the transaction will be rejected. Obviously, this route is time consuming and expensive.

In the prior art, some of the communication costs are reduced by providing a minimum value or floor limit to the terminal. More specifically, the terminal can be easily programmed to automatically approve transactions within certain monetary limits. This way of getting there is directly connected to the merchant's evaluation. Specifically, if the merchant is popular, the types of transactions that are automatically approved can be set to a relatively high level.

Unfortunately, this route is not controllable based on cardholder ratings. Furthermore, in larger schemes, as described below, the amount is controlled by the [merchant member] rather than the issuer. Therefore, it is desirable for card issuers to be able to control communication costs and manage the risk of loss.

To meet these objectives, each transaction card is provided with data representing risk assessment information (32).

This risk assessment data can be encoded onto the magnetic stripe on the card. As mentioned above, this information may also be stored in the card's storage, or provided in any other manner.

Risk assessment data (32) is generated to clarify the cardholder's potential liability capacity. Therefore, customers with good credit qualifications are given significantly higher evaluation values.

Conversely, cardholders with bad credit history are given lower reputation values. Each issuer can make decisions based on the history of individual cardholders.

According to the invention, the processing unit within the terminal will have the ability to read the risk assessment information on the card and compare this information with the transaction amount. This information is compared to determine whether approval can be issued without communicating with the issuer. If the evaluation is good, the terminal will generate an approval "offline".

If the rating exceeds the limit recorded on the card, an authentication request will be sent to the issuer (20) via the communication line (24).

In the preferred embodiment, the terminal has a transaction amount limit (4
2) is given. This numerical value is stored in a storage device in the processing unit of the terminal. The amount of the transaction amount limit may be a function in part of the merchant's potential liability capacity or the particular location where the terminal is located. In this case, the risk rating data on the card is determined by the multiplier used to increase or decrease the transaction amount limit stored in the terminal.

For example, assume that the issuer has assigned a risk evaluation value of "2" to the cardholder. After reading the card, the terminal (40
) multiplies the transaction amount limit stored in the terminal by this value. Therefore, if the transaction amount limit is $50, the result of the multiplication will be $100. The amount of transactions in progress is 1
If the amount is less than $0.00, an automatic approval will be issued. If the transaction amount exceeds $100, the authorization request will be forwarded to the issuer. By choosing the value of the multiplier to be less than 1, the number of values stored in the terminal can be reduced. The multiplier value can be set to O to send all transactions for that cardholder to the issuer for authentication.

As can be seen, the scheme of the invention allows the issuer to manage the requests that are transmitted. An arrangement in which the issuer bears the cost of such communication requests allows the costs to be balanced against the potential for bad debt and fraud losses.

To further increase security, it is desirable to provide each card with a secret code or identification number (PIN). The cardholder is required to enter their PIN to obtain approval for the transaction. Such secret code systems are known in the prior art. Typically, the issuer stores a list of secret numbers in storage (32) for use when verifying the PIN.

As can be seen, since the present invention provides remote offline authentication, one must choose a PIN route that allows authentication of the PIH within the terminal.

This requirement is met by placing a portion of the identification number (partial PIN) on the card. This part PU
N can then be compared with the overall PIN entered into the terminal. Of course, if the authentication request is sent back to the issuer, the overall PIN input by the user can be checked against the overall PIN stored by the issuer. partial PI
N Verification Verification - Details for enforcing the model can be found in the Interbank Card Association (Interbank Card Association).
This is stated in the PIN manual of RD AS5ocation. If the PIN is encrypted, an offline encryption key management scheme may be required. One such approach is described in U.S. Patent Application No. 529,461, filed September 2, 1983, which is incorporated herein by reference. In a preferred embodiment of the invention, both the risk assessment information and the partial PIN are encoded on the card.

Referring now to FIG. 2, a full-fledged transaction card system is illustrated. Although the method of the present invention finds application in the simplified method shown in FIG.
For example, the full-fledged method shown in Figure 2 has been implemented all over the world, and today it is rapidly spreading to overseas markets.

As illustrated in FIG. 2, a large-scale scheme includes multiple issuers (120a, b, and C). Each issuer distributes cards to its own cardholders. Thus, in this example:
Each issuer maintains a respective file (122A, B and C) to store cardholder information. Each issuer's card includes data identifying the cardholder, issuing institution, and risk assessment data.

In the system shown in Figure 2, generally a large number of "merchant members"
There is. To make it easier to understand, there are only - merchant members (50)
is shown. Typically, the merchant member (50) is another financial institution responsible for contracting with various merchants. Many publishers play a dual role with merchant members. The diagram shows that the publisher and most cart holders may be located in New York, and the merchant members and their associated merchants may be located in California.

Each merchant member (50) has a number of merchants (60A, B and C)
), that is, have them participate. Each merchant (6
0) is provided with one or more terminals of the type described with reference to FIG. Once the merchant (60) signs up, the merchant member (50) determines the likelihood of a fraudulent transaction.

Based on this assessment, terminals supplied to merchants are provided with transaction amount limits designed to be a compromise between communication costs and potential loss. This transaction amount limit can be updated periodically based on the merchant's (60) performance.

In the illustrated example, a data management center (70) is shown. The data management center acts as a network switch that routes transaction information.

In a typical conventional transaction, cardholder data and transaction amount would be entered by the merchant at the merchant's location. This information will be forwarded to the merchant member (50). If the merchant member and card issuer were the same, the transaction could be authorized at that location. However, typically the issuer and merchant member are not the same, so the transaction information is then provided to a data management center (70).

In this situation, the data management center identifies the card issuer. Next, the transaction information is sent to the authorized issuer (120) for comparison with the cardholder information (122) held by the issuer.
is supplied to As described above, the issuer responds to the merchant by determining whether to approve the transaction.

As is obvious, the above route involves very high communication costs. One way to reduce this cost is in U.S. Pat.
No. 5,300. In the patent, each issuer sends an issuer parameter (72) to a data management center (70).
give. These parameters are based on general cardholder performance for that issuer. Therefore, if the issuer has customers with relatively high credit value,
Set the parameter to a high level to allow the data management center to grant automatic approval. Although this approach helps save money, it is clear that the present invention has additional advantages. Specifically, many transactions are approved immediately at the merchant's site without communicating with a data management center. Additionally, risk assessment information can be tailored directly to individual cardholders.

The operation of the invention shown in FIG. 2 is substantially equivalent to that of FIG. More specifically, when the customer presents the card to the merchant, the data on it is read by the terminal. Merchants also input the transaction amount.

In a preferred embodiment, the processing device is operative to multiply the transaction amount stored on the terminal by the risk rating value on the card. The transaction amounts are then compared to determine whether the transaction can be approved without any communication outside the terminal. If the transaction is approved, the terminal issues the approval directly.

If the transaction is rejected, it will be sent according to the procedure for further evaluation.

In a preferred embodiment, the terminal can be programmed to add additional security features. for example,
Random selectors within the processing device may be used to automatically designate transmission of certain transactions regardless of the outcome of the evaluation. In this way, we regularly check for fraudsters who carefully select transactions that fall below the estimated level.

Another feature is the inclusion of geographical evaluation. More specifically, if the terminal determines that the issuer is located in a geographically proximate area, a higher percentage of these transactions can be automatically forwarded because communication costs are lower.

However, if the terminal determines that the issuer is in a remote location, a different amount may be used to reduce long-distance communications.

In conclusion, a new and improved way of trading method is given. In this approach, transaction card issuers can manage communication costs based on their assessment of cardholders. In this scheme, each transaction card is provided with risk assessment information provided by the issuer. The terminal is equipped with a device for comparing and evaluating this information with current transactions.

If the evaluation is positive, the transaction can be approved at the terminal. If the transaction is not possible, the terminal sends the transaction information to the issuer for approval.

Although the invention has been described with reference to preferred embodiments, it will be apparent to those skilled in the art that various other changes and modifications can be made without departing from the scope and spirit of the invention as defined by the claims. it is obvious.

[Brief explanation of drawings]

FIG. 1 is a block diagram illustrating the transaction system of the present invention, and FIG. 2 is a block diagram illustrating the arrangement typically seen in a large-scale transaction card system. patent application agent

Claims (1)

[Scope of Patent Claims] (1) A method that allows a transaction card issuer to adjust the type of authentication requests related to transactions transmitted from a transaction site, which is maintained at a location remote from the transaction site, a first processing device having a filing device containing cardholder information provided by said issuer for evaluating said cardholder; and carrying data identifying said cardholder and representing risk assessment information associated with said cardholder. , a transaction card further comprising data provided by the issuer; and a device located at the transaction site and connected to the first processing device for reading the data carried on the card; further comprising a second processing device for evaluating the transaction based on the posted risk evaluation information, and functioning to generate an approval code if the evaluation is positive; if the evaluation is negative; , a terminal device for transmitting the transaction information to the first processing device for evaluation. (2) The terminal device further includes a device for inputting a transaction amount, and the second processing device evaluates the transaction amount and the risk evaluation information on the card. ) Method described in section. (3) A transaction amount limit is set in the terminal device, the risk evaluation information is defined by one multiplier, and the second
3. The method of claim 2, wherein the processing device is operative to multiply the transaction amount limit by the multiplier, and the result of the multiplication is compared to the transaction amount under evaluation. (4) The system of claim (1), wherein the transaction card includes a magnetic stripe. (5) The method according to claim (4), wherein the risk assessment information is encoded on the magnetic stripe. (6) The processing device further comprises a random selector device for identifying certain types of transactions to be forwarded to the first processing device regardless of the outcome of the evaluation. The method described in paragraph (1). (7) the processing device further includes a geographic selection device, wherein the processing device further includes a geographic selection device for evaluating the location of the transaction relative to the location of the first processing device in determining whether to forward the transaction to the first processing device; The method according to claim (1) as contemplated in . (8) The system according to claim (1), further comprising a data management center connected between the terminal device and the first processing device. (9) a third processor, such that the data management center forwards the transaction information to the first processor only if the transaction does not fall within evaluation parameters maintained at the data management center; 9. A method according to claim 8, wherein the data management center includes evaluation parameters provided by a publisher.