WO2000046724A1 - Method for authorizing access to a secure online financial transaction system - Google Patents

Method for authorizing access to a secure online financial transaction system Download PDF

Info

Publication number
WO2000046724A1
WO2000046724A1 PCT/US2000/002935 US0002935W WO0046724A1 WO 2000046724 A1 WO2000046724 A1 WO 2000046724A1 US 0002935 W US0002935 W US 0002935W WO 0046724 A1 WO0046724 A1 WO 0046724A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
method
user
system
access
financial institution
Prior art date
Application number
PCT/US2000/002935
Other languages
French (fr)
Other versions
WO2000046724B1 (en )
Inventor
John A. Burns
Zane T. Rockenbaugh
Linda Scott Aramil
David S. Blumenthal
Original Assignee
Fundsxpress, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transaction

Abstract

A method for receiving and approving requests from customers to access a secure online system (10). First, a communication link is established between a user and the online system (10) over a communications network (14) in a secure session. Necessary user information is then gathered over the network (14) and an access ID and password are chosen by the user. The gathered information is stored in the system (10) along with the chosen access ID and password. Next, the stored user information is accessed and evaluated, and approval for access to the system (10) is granted to the user if certain criteria are met.

Description

METHOD FOR AUTHORIZING ACCESS TO A SECURE ONLINE FINANCIAL TRANSACTION SYSTEM

TECHNICAL FIELD

This invention relates to a method for registering customers to use a secure online financial transaction system, and more particularly to an online sign up process for customers of participating financial institutions.

BACKGROUND OF THE INVENTION Until recently, bank and other financial institutions offered limited online banking capabilities to a small percentage of their banking customers from the customer's computer through proprietary dial up systems. Such proprietary systems gave the customer the ability to conduct basic financial transactions, such as account balance inquiry, transfer of funds between accounts and electronic bill payment, without the assistance of a teller. With the rapid growth in popularity of the Internet, it has become almost a necessity for large banks and other large financial institutions to be able to offer their customers these services through the Internet. These online banking systems permit the bank customer to perform financial transactions at the customer's convenience rather than during normal banking hours. As more and more financial institutions offer such services to their customers, there is increased pressure on small financial institutions such as, for example, community banks, not currently offering online banking services to add them in order to compete effectively in the marketplace. The effort to create a custom online banking system from the ground up is enormous and quite costly, and this effort has prevented many small and medium size financial institutions from being able to offer online banking services to their customers. Furthermore, many banks that would like to offer online banking services to their customers do not currently have a web site set up on the Internet to allow their customers access to online banking. In addition, electronic fund transfer (EFT) systems presently provide limited banking services through automated teller machines ("ATM"s) and point-of-sale ("POS") terminals for participating bank customers holding ATM debit cards. Such ATM cardholders could potentially use an online banking system if one were made available to them. If an online banking system that took advantage of the existing EFT networks to process online financial transactions were in place, there exists a related problem of managing secure access to the online banking system by all interested banking and EFT network users. Employees in the customer service department of a bank that offers either dial-up or Internet-based online banking to its customers typically have to process a paper application completed by each customer desiring access to the online banking system. The amount of time that passes from when the customer fills out the application until approval to use the online banking system is granted can vary widely and is dependent on many factors. A customer can typically expect to wait several days before being able to access the online banking system, and for banks with many requests, this waiting time can be significantly higher. Further, financial institutions incur the labor costs of hiring and training mailroom and customer service personnel to handle these requests and the attendant phone calls from customers. Some existing systems have tried to reduce the turn-around time by enabling customers to request access to the online banking system via email. However, the bank customer service department still has to review and verify the information submitted in the email application, issue an access ID and a password, and send this information to the customer through regular mail before access can be granted.

Besides the labor cost, an obvious disadvantage of the existing online banking systems described above is that each customer's access ID and password are disclosed to customer service personnel from the time these codes are assigned until the customer receives them and can change the password on the online banking system. There is also a risk of fraud caused by sending the access ID and password to the customer through the mail. Even requiring customers to change their password the first time they log on to the system does not completely eliminate the possibility of access to the customer's accounts by an unscrupulous individual. The authorization process would greatly benefit from automated procedures granting access to the online banking system in a secure manner especially when dealing with large numbers of banking customers and EFT network cardholders.

SUMMARY OF THE INVENTION The method of the present invention reduces the complexity, implementation time and related cost typically associated with approving and managing access to an online system, such as a financial transaction system, in a secure manner to a large number of potential system users. The method consists of establishing a communication link between a user and the online system over a network in a secure session, gathering necessary user information over the network, assigning an access ID and password to the user, storing the gathered information along with the access ID and password in the system, accessing the stored information, and approving user access to the system based on an evaluation of the stored information.

The present invention has the added advantage of being designed so that existing financial institution customers can rely on the security and dependability of the method for accurately authorizing access to the online system. Thus, the invention provides a simple way to manage many access requests to a secure online system by institution customers while maintaining the security needed for granting such access.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 shows the major components in the present secure online system.

FIGS. 2 A and 2B are flowcharts depicting the steps for accepting and authorizing customer requests to access the system of FIG. 1.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The present invention is directed to a method for quickly and securely granting access to a secure online banking system for an untold number of banking customers who are existing customers of a financial institution and who want to access their accounts through the online banking system 10 shown in Fig. 1.

One of the significant features of the present invention is its ability to increase the automation of processing requests for access to an online system, such as a financial transaction system. Fig. 1 shows a representative online banking system 10 in which the current invention can be used. System 10 includes a data center 12. Physical access to the system 10 is typically accomplished through the Internet 14 by customers of a participating financial institution 16.

While most requesting customers may belong to a financial institution 16 that has contracted to participate in the online banking system 10 shown and has authorized their banking customers to use the system, some potential customers will belong to non-participating financial institutions 18, and such requesting customers may try and access the system 10 through the Internet sites operated by their EFT network 20 or by the data center 12 itself. Figs. 2A and 2B are a flowchart of the steps in the operation of the present invention to receive and approve customer requests for authorization to access the online banking system 10. The method of the present invention begins when a user 40 accesses the user's financial institution's or EFT network's web site by pointing a browser to the appropriate web site at step 42. Typically, the user 40 will be presented with a number of options for proceeding at step 44. At step 46, if user 40 has been previously authorized to use the online banking system 10, user 40 may securely log into the site using a previously assigned access ID and password and proceed with an online banking transaction at step 48. If user 40 is not yet authorized to use the system, user 40 may select at step 50 an option such as "Enroll now" to request approval. In one embodiment of the present invention, an unauthorized user requesting new access to the system uses an ATM or debit card issued by a financial institution in order to request approval to access the system 10. At step 50, the user may decide to enroll online, or the user may print out an application, filling out and submitting the application through the mail.

If continuing with online enrollment, at step 52 the user enters a secure session within the system 10 before being prompted to enter the first ten digits of the user's debit card. In the preferred embodiment, the secure session is created over the Internet through a Secure Socket Layer (SSL) encrypted session although other encryption methods known in the art may be used. The first ten digits of the debit card are referred to as the Bank Identification Number (BIN) and uniquely identify the financial institution that issued the debit card to the user. If the user does not have a debit card, the user must enter an identifier that allows the system to uniquely identify a financial institution. Assuming a BIN identifier is entered, at step 58 the system will verify that the identifier is valid and decode the identifier to determine the issuing financial institution. In the preferred embodiment, this verification is done through a BIN look-up table maintained by the system 10 although any other decode methods may be used. If the number is not a valid financial institution identifier, the system 10 will reject the number and may or may not permit the user to try and enter the correct number again. If a valid identifier is entered, the system 10 displays a confirmation page to the user containing information regarding the financial institution name and other identifying information for verification by the user that the correct financial institution has been found. At step 58, the system 10 also checks to see whether the user's financial institution participates in the system 10 and whether the bank's users can be enrolled online. Participation may result from a contract between an individual financial institution and the system operator, or between an EFT network and the operator of system 10. Either way, all customers of the individual financial institution as well as those customers who use the EFT network can receive authorization to use the system 10 through the online sign-up process of the present invention.

If the user's financial institution is not a pre-existing participant in the system 10, then the user is notified at step 60 that the user is currently unable to bank online using the system 10. In addition, the system 10 may generate various emails or other correspondence at step 60. In particular, e-mail correspondence may be sent to the financial institution informing it of the request for online banking by one of its customers. Likewise, the marketing department of the nearest EFT network may be notified so that it can target the bank to encourage the bank to sign up with the EFT network and thereby be able to offer online banking to its customers. The system may even prompt the user to enter his full name at step 62. If the user's name is provided, it may be used at step 64 in the correspondence described above or in an email to the EFT network's marketing department. The EFT network can then send an email containing the customer's name directly to the customer's financial institution so the financial institution can contact that user once access to the system 10 becomes available.

Returning to step 58, if the user's financial institution participates in the system 10 and the user has confirmed that the bank found based on the entered BIN is the user's bank, the user is presented with a detailed customer information page at step 66 where necessary information is filled in and verified by the system 10. In particular, data such as the additional numbers of the user's debit card number, and the user's name, address and e-mail address may be entered. At this point in the process, the user also specifies by account number the particular accounts the user wants to use within the online banking system 10. Next, the user is presented with a security information entry page wherein the user chooses an access ID, password, and any other security information needed by the user's financial institution. Such additional information may consist of a validation question and secret answer, user's mother's maiden name, or other user unique data. The security information is used by customer service at the user's financial institution to identify the customer over the telephone if the user should call in with a problem. Once an access ID and password are chosen, the system 10 at step 68 will ensure that the access ID is not already in use by another user. If the access ID is already in use, the system 10 will prompt the user to enter another access ID at step 70. Once a unique access ID is found, the user is presented with a page summarizing all of the information the user entered for verification purposes. This page may also contain other relevant information for the user such as a link to a disclosure page or a signature line. Once the information is verified, the user submits the application at step 72. The system 10 then informs the user through a confirmation page that the user will be notified once the application is approved. Due to the automated nature of the method, the approval process proceeds without any employees of the financial institution or the operators of the system 10 ever seeing the access ID and password combination submitted by each customer.

At this point, the system 10 takes over further processing of the application. As shown in Fig. 2B, the customer's application information is stored within the system 10, and the access ID is reserved across the financial institution and all other financial institutions belonging to that EFT network at step 74. In the preferred embodiment, the application information is stored in a relational database system, such as one licensed by Oracle, used by the system 10. Employees of the financial institution who have the proper authorization can access information stored in new user applications over a secure connection to the system 10. Personnel responsible for reviewing and approving such applications for access to the online system 10 verify the information contained in the application at step 76. Certain financial institutions may choose to add an additional level of security to the process by confirming with the customer via e-mail, a telephone call, or other contact that the user has indeed requested access to the online banking system, thereby implementing the "Know Your Customer" rule requirement of Regulation E of the Board of Governors of the Federal Reserve System. If additional information is needed, the employee can investigate the request further or deny the application at step 78. If everything appears in order, the employee approves the request and authorizes the customer to use the online banking system 10 at step 80, and confirmation is sent to the customer via regular mail.

Thus, it can be seen that the present invention expedites the process of authorizing customers to use an online banking system 10. In fact, the process may be generalized to a variety of circumstances where a vendor or financial institution needs to authenticate and authorize an applicant before being able to grant access to confidential information over the Internet to that applicant. For example, access to online brokerage or insurance systems could also be authorized using the described method. The method may also be broadened to users without a debit card. This can be done by substituting a credit card number, information from a check (bank routing number and customer account number), or bank routing and transit numbers.

It is intended that the description of the preferred embodiment of the present invention is but one embodiment for implementing the invention. Variations in the description likely to be conceived of by those skilled in the art still fall within the breadth and scope of the disclosure of the present invention. While specific alternatives to components of the invention have been described herein, additional alternatives not specifically disclosed but known in the art are intended to fall within the scope of the invention. It is understood that other applications of the present invention will be apparent to those skilled in the art upon the reading of the preferred embodiment and a consideration of the appended claims and drawings.

Claims

We claim:
1. A method for granting approval to access user financial information, maintained by an institution, through a secure online system, the method comprising: establishing a communications link between the user and the online system over a network in a secure session wherein the online system includes information about the institution; gathering necessary user information over the network; assigning an access ID and password to the user; storing the gathered information along with the access ID and password in the online system; accessing the stored information; evaluating the stored information; and approving user access to the online system based on the evaluation of the stored information.
2. The method of claim 1 wherein the assigning an access ID and password is based on an access ID and password chosen by the user.
3. The method of claim 1 wherein evaluating the stored information is performed by the institution.
4. The method of claim 1 further comprising confirming access to the system with the user after the approval step.
5. The method of claim 1 wherein the online system is a financial transaction system.
6. The method of claim 5 further comprising: entering a financial institution identifier to select a single financial institution; and verifying that the selected financial institution participates in the system.
7. The method of claim 6 wherein accessing stored information occurs via a secure session.
8. The method of claim 7 wherein establishing the communications link includes pointing a web browser to an appropriate web site.
9. The method of claim 7 wherein the financial institution identifier is a BIN.
10. The method of claim 7 wherein the financial institution identifier is obtained from a debit card.
11. The method of claim 7 wherein the financial institution identifier is obtained from a credit card number.
12. The method of claim 7 wherein the financial institution identifier is a bank routing number.
13. The method of claim 7 wherein the secure sessions are created over the Internet through a Secure Socket Layer (SSL) session.
PCT/US2000/002935 1999-02-05 2000-02-03 Method for authorizing access to a secure online financial transaction system WO2000046724B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US24601999 true 1999-02-05 1999-02-05
US09/246,019 1999-02-05

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU2981500A AU2981500A (en) 1999-02-05 2000-02-03 Method for authorizing access to a secure online financial transaction system

Publications (2)

Publication Number Publication Date
WO2000046724A1 true true WO2000046724A1 (en) 2000-08-10
WO2000046724B1 true WO2000046724B1 (en) 2000-09-28

Family

ID=22929014

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/002935 WO2000046724B1 (en) 1999-02-05 2000-02-03 Method for authorizing access to a secure online financial transaction system

Country Status (1)

Country Link
WO (1) WO2000046724B1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5276444A (en) * 1991-09-23 1994-01-04 At&T Bell Laboratories Centralized security control system
US5751812A (en) * 1996-08-27 1998-05-12 Bell Communications Research, Inc. Re-initialization of an iterated hash function secure password system over an insecure network connection
US5794230A (en) * 1996-03-15 1998-08-11 Microsoft Corporation Method and system for creating and searching directories on a server
US5870725A (en) * 1995-08-11 1999-02-09 Wachovia Corporation High volume financial image media creation and display system and method
US5890140A (en) * 1995-02-22 1999-03-30 Citibank, N.A. System for communicating with an electronic delivery system that integrates global financial services
US5971272A (en) * 1997-08-19 1999-10-26 At&T Corp. Secured personal identification number
US5987440A (en) * 1996-07-22 1999-11-16 Cyva Research Corporation Personal information security and exchange tool
US6023684A (en) * 1997-10-01 2000-02-08 Security First Technologies, Inc. Three tier financial transaction system with cache memory

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5276444A (en) * 1991-09-23 1994-01-04 At&T Bell Laboratories Centralized security control system
US5890140A (en) * 1995-02-22 1999-03-30 Citibank, N.A. System for communicating with an electronic delivery system that integrates global financial services
US5870725A (en) * 1995-08-11 1999-02-09 Wachovia Corporation High volume financial image media creation and display system and method
US5794230A (en) * 1996-03-15 1998-08-11 Microsoft Corporation Method and system for creating and searching directories on a server
US5987440A (en) * 1996-07-22 1999-11-16 Cyva Research Corporation Personal information security and exchange tool
US5751812A (en) * 1996-08-27 1998-05-12 Bell Communications Research, Inc. Re-initialization of an iterated hash function secure password system over an insecure network connection
US5971272A (en) * 1997-08-19 1999-10-26 At&T Corp. Secured personal identification number
US6023684A (en) * 1997-10-01 2000-02-08 Security First Technologies, Inc. Three tier financial transaction system with cache memory

Also Published As

Publication number Publication date Type
WO2000046724B1 (en) 2000-09-28 application

Similar Documents

Publication Publication Date Title
US7627531B2 (en) System for facilitating a transaction
US7383988B2 (en) System and method for locking and unlocking a financial account card
US5903878A (en) Method and apparatus for electronic commerce
US7437330B1 (en) System and method for categorizing transactions
US7269737B2 (en) System and method for biometric authorization for financial transactions
US6047887A (en) System and method for connecting money modules
US7707120B2 (en) Mobile account authentication service
US7269256B2 (en) Electronic-monetary system
US7624073B1 (en) System and method for categorizing transactions
US6282523B1 (en) Method and apparatus for processing checks to reserve funds
US20020138418A1 (en) Method and apparatus for providing pre-existing and prospective customers with an immediately accessible account
US20050246278A1 (en) Multiple party benefit from an online authentication service
US20060161435A1 (en) System and method for identity verification and management
US20040139004A1 (en) Secure online commerce transactions
US6685088B1 (en) System and method for selecting an account
US20080015988A1 (en) Proxy card authorization system
US20080319875A1 (en) System and method for facilitating value exchanges using mobile devices
US7430537B2 (en) System and method for verifying a financial instrument
US20060157557A1 (en) Method and apparatus for performing benefit transactions using a portable intergrated circuit device
US20020072942A1 (en) System and method for push-model fund transfers
US20120215688A1 (en) Demand deposit account payment system
US20080296368A1 (en) Stored-value instrument protection system and method
US20050153779A1 (en) Method and system for lottery transactions over an open network
US20050018883A1 (en) Systems and methods for facilitating transactions
US7280981B2 (en) Method and system for facilitating payment transactions using access devices

Legal Events

Date Code Title Description
AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA JP MX

AL Designated countries for regional patents

Kind code of ref document: B1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

B Later publication of amended claims
AK Designated states

Kind code of ref document: B1

Designated state(s): AU CA JP MX

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase