WO2018126283A1

WO2018126283A1 - Real time pin management

Info

Publication number: WO2018126283A1
Application number: PCT/US2018/012115
Authority: WO
Inventors: Dean Elliot SMOTHERS; Dane Terrell SMOTHERS
Original assignee: Vurify Group Llc
Priority date: 2017-01-02
Filing date: 2018-01-02
Publication date: 2018-07-05

Abstract

Systems and methods, including a method including receiving, from a first instance of a first application program executed on a first mobile wireless device, a user request for a personal identification number (PIN) to be generated for authenticating use of a selected account; causing a temporary PIN to be generated in response to at least the user request; providing the temporary PIN to a system used to verify that an entered PIN corresponds to the generated temporary PIN; identifying a second instance of a second application program installed on a second mobile wireless device as being associated with the account; and causing, in response to receiving the user request, the temporary PIN to be displayed on the second mobile wireless device via the second instance of the second application program.

Description

REAL TIME PIN MANAGEMENT

REFERENCE TO A RELATED APPLICATION

[0001] This application claims the benefit of priority from pending U.S. Patent Application Serial No. 62/441,534, filed on January 2, 2017, and entitled "Real Time Verification of Transfers of Funds and PIN Management," which is incorporated by reference herein in its entirety.

BACKGROUND

[0002] Fraudulent or otherwise improper transactions of funds are a pressing concern, particularly in view of high profile releases of account information, such as credit card information, in recent years. Systems and methods that reduce the impact of inadvertent or hostile releases of account information are accordingly valuable. Additionally, systems and methods that allow users to create personal identification numbers (PINs), create temporary PINs, selectively disable PINs, and selective enable PINs are also valuable for empowering user control over accounts and account information.

BRIEF DESCRIPTION OF THE DRAWINGS

[0003] The drawing figures depict one or more implementations in accord with the present teachings, by way of example only, not by way of limitation. In the figures, like reference numerals refer to the same or similar elements.

[0004] FIG. 1 illustrates examples of features that may be included in a system for verifying transfers of funds or other transactions.

[0005] FIG. 2 illustrates an example of a graphical user interface (GUI) to manage accounts associated with a user and additional users associated with the accounts.

[0006] FIGS. 3 A and 3B illustrate an example of a process for obtaining real time or near real time verification of transfers of funds.

[0007] FIG. 4A illustrates an example of a visual alert presented on a display unit included in a mobile wireless device.

[0008] FIG. 4B illustrates an example of a user prompt to verify a requested transfer of funds.

[0009] FIG. 5 illustrates an example of an alert presented on a mobile wireless device indicating that an account has been automatically disabled. [0010] FIG. 6 illustrates a configuration in which the issuer system utilizes the verification system to obtain real time or near real time verification of a requested transfer of funds.

[0011] FIG. 7A illustrates a configuration in which the acquirer system utilizes the verification system, before contacting the issuer system, to obtain real time or near real time verification of a requested transfer of funds.

[0012] FIG. 7B illustrates a configuration in which the verification system replaces the acquirer system illustrated in FIG. 7A.

[0013] FIG. 8 illustrates a configuration in which a merchant system utilizes the verification system to obtain real time or near real time verification of a requested transfer of funds.

[0014] FIG. 9 is a block diagram that illustrates a computer system upon which aspects of this disclosure may be implemented.

[0015] FIG. 10 illustrates an example of a process for generating a temporary PIN (personal identification number).

[0016] FIG. 11 illustrates an example of a process for locking or unlocking use of a PIN.

DETAILED DESCRIPTION

[0017] In the following detailed description, numerous specific details are set forth by way of examples in order to provide a thorough understanding of the relevant teachings. However, it should be apparent that the present teachings may be practiced without such details. In other instances, well known methods, procedures, components, and/or circuitry have been described at a relatively high-level, without detail, in order to avoid unnecessarily obscuring aspects of the present teachings.

[0018] FIG. 1 illustrates examples of features that may be included in a system 100 for verifying transfers of funds or other transactions. Such transfers of funds may include, for example, use of a credit card, credit card account, or a debit card by a consumer for purchasing goods or services from a merchant. FIG. 1 illustrates a home 110, in which is located a consumer 112 (which may also be referred to as a "user," such as a user of a mobile wireless device, a user of a program application executing on the mobile wireless device, or a user of a verification system that the program application interacts with), a mobile wireless device 114 associated with and used by the consumer 112, and a computer 116 used by the consumer 112. Examples of mobile wireless device 114 include, but are not limited to, smartphones (for example, Apple iPhone or iPad computing devices that utilize the iOS operating system, smartphones utilizing the Android operating system or derivatives thereof, smartphones utilizing Blackberry OS or derivatives thereof, and smartphones utilizing Microsoft Windows or

Windows Mobile operating systems), tablet computers (for example, the Apple iPad series of tablet computers utilizing the iOS operating system, and tablet computers utilizing the Android operating system or derivatives thereof), notebook computers, laptop computers, smartwatches (for example, the Apple iWatch, smartwatches utilizing the Android Wear operating system, and the Pebble Watch), augmented reality units (for example, Microsoft HoloLens and Google Glass), and wearable computing devices. Mobile wireless device 114 may configured to, such as via a transceiver or modem included therein, to perform data communication via mobile wireless communication network 115a, such as a cellular data network, which may include

communicating via wireless base station 156a. Mobile wireless device 114 may be configured to perform wireless data communication via other means, such as, but not limited to, 802.11 wireless, Bluetooth, and optical communication. Examples of computer 116 include, but are not limited to, a notebook computer, a laptop computer, a desktop computer, and a "smart TV." Although one home 110 is illustrated in FIG. 1, in practice a plurality of homes would be involved with system 100, and there may be one or more consumers, one or more mobile wireless devices, and one or more computers within each home. Additionally, interactions of consumer 112 and mobile wireless device 114 are not limited to within home 110, but may also occur in other environments outside of home 110. The interaction of these elements with other elements illustrated in FIG. 1 will be described in more detail below.

[0019] FIG. 1 also illustrates two merchant locations: an online merchant location 120 and retail merchant location 130. A "retail merchant" may also be referred to as a "retailer." A merchant operating via online merchant location 120 may provide goods and/or services for purchase via online merchant system 122, which may be accessed by consumers, such as consumers 112 and 132, via wide area network 150. An example of wide area network 150 is the Internet, although other examples may be utilized, separately or in addition to the Internet. Online merchant system 122 may include, for example, one or more consumer-facing systems, which may execute software such as web server or other server programs configured to interact with software programs (such as a web browser application or an application configured to make purchases) executing on, for example, mobile wireless devices 114 and 134 and/or computer 116. The consumer-facing system might, for example, identify goods and/or services available for purchase, and/or allow a consumer to identify goods and/or services to be purchased. Online merchant system 122 may also include one or more payment transaction systems configured to obtain payment information, such as, but not limited to, credit card information, for purchases, and/or obtain authorization for purchases.

[0020] A non-limiting example of retail merchant location 130 is a retail store, such as, but not limited to, a convenience store, a grocery store, and a clothing store. Although a traditional "brick and mortar" store, in which a retailer maintains a physical building for sales, is an example of retail merchant location 130, retail merchant location 130 is not limited to such examples. For example, a merchant may not operate a storefront, but instead bring goods and/or services directly to a consumer, such as a repair services company or lawn care company. As another example, goods and/or services may be procured and/or received via telephone or other communications technologies.

[0021] At the particular retail merchant location 130 illustrated in FIG. 1, consumer 132, with an associated mobile wireless device 134, is making a purchase of goods and/or services. Mobile wireless device 134 may be configured much as described above for mobile wireless device 114. Mobile wireless device 134 may configured to, such as via a transceiver or modem included therein, to perform data communication via mobile wireless communication network 115b, such as a cellular data network, which may include communicating via wireless base station 156b. Consumer 132 may interact with a salesperson 140, who may be operating register system 138 for performing a transfer of funds from consumer 132 as payment for the goods and/or services. Examples of register system include, but are not limited to, a computerized cash register configured to receive credit card information, a portable credit card terminal, and a smartphone or tablet computer including a credit card reader device and accompanying software for performing credit card-based transfers of funds (for example, the hardware, mobile device- based software, and Internet infrastructure provided by Square Inc. for providing payment services to merchants). Alternatively or in addition, consumer 132 may interact with a payment terminal 136 in order to provide payment information for the goods and/or services. Examples of payment terminal include, but are not limited to, a self-service terminal at a grocery or convenience store, a credit card terminal integrated into a gas pump, and a fixed install credit card terminal configured to interact with register system 138. Payment terminal 136 and/or register system 138 may be configured to perform payment transactions via merchant system 142, which may be configured to, for example, interact with acquirer system 160 via wide area network 150 in order to perform authorization, capture, and/or settlement of credit card purchases, as well as other forms of payment. A plurality of register systems and/or payment terminals, whether at a single merchant location or across a plurality of merchant systems, may be configured to utilize retail merchant system 142. In some examples, payment terminal 136 and/or register system 138 may be configured to perform payment transactions directly with acquirer system 160.

[0022] Merchants discussed in this disclosure are not necessarily limited to those that may operate at an online merchant location or a retail merchant location. Given the dynamic and wide-ranging nature of commercial activities, there is a vast range of goods and services available, there are many ways for delivering goods and services, and there are many ways for merchants and consumers to conduct transactions. However, all merchants discussed in this disclosure are interested in performing transfers of funds from consumers, such as, but not limited to, by way of credit card accounts associated with consumers.

[0023] Acquirer system 160 (which may also be referred to as a "payment processor" or "payment processor system") is a computer system involved in, for example, interacting with merchant systems, such as online merchant system 122 and retail merchant system 142, to perform credit card processing, including, for example, authorization of transfers of funds, capturing such transfers, clearing credit card transactions with issuers via a card network (not illustrated), providing transferred funds to merchant accounts. Although a single acquirer system 160 is illustrated in FIG. 1, there may be a plurality of different acquirer systems. For authorizing a transfer of funds via a credit card account, acquirer system 160 may be configured to receive from a merchant system details of a transaction and details of a credit card account via which funds are to be transferred to a merchant. In response to receiving such details, acquirer system 160 sends a request to an issuer system 170 associated with the credit card account to authorize the transaction. In response to this request, acquirer system 160 may receive a response from issuer system authorizing or denying the transaction, based on which acquirer system 160 provides a response to the merchant system requesting authorization of the transaction. As illustrated in FIGS. 7 A and 7B, and discussed below, acquirer system 160 may be configured to interact with verification system 180 as part of authorizing credit card or other transactions.

[0024] Issuer system 170 is a computer system operated by or on behalf of a financial institution that issued a payment account to a consumer. Among other things, issuer system 170 is configured to perform authorization of transfers of funds. In response to a request for authorization of a transfer of funds, issuer system 170 my respond with an approval or rejection based on, for example, the amount of the transfer, previously requested transfers, and an available balance on an account from which funds are to be transferred from. Issuer system 170 may be configured to identify and reject fraudulent or potentially fraudulent transaction requests.

[0025] Verification system 180 is a computer system configured to, among other things, verify that an authorized user of an account has affirmatively approved, in real time or near real time, a transfer of funds from the account. As is discussed in greater detail below, verification system 180 is configured to interact with an instance or instances of one or more application programs installed on one or more mobile wireless devices, such as for obtaining approval for transfers of funds. In the particular example illustrated in FIG. 1, each of mobile wireless devices 114 and 134 has installed thereon an instance of one or more application programs configured for interacting with verification system 180. In some examples, there may be a plurality of application programs that verification system 180 is configured to interact with. For example, a first application program may be provided for devices utilizing the iOS operating system and a second application program may be provided for devices utilizing the Android operating system. As another example, an API (application programming interface) may be provided to facilitate including capabilities for interacting with verification system 180 into application programs. As part of a registration process, an instance of an application program installed on a mobile wireless device contacts verification system 180 and provides information identifying a user and/or an account, which results in verification system 180 recording an association between the instance of the application program with the provided user and/or account. Based on this association, verification system 180 is configured to identify instances of one or more application programs that have been associated with an identified account. For example, in response to use of a credit card account associated with consumer 132, verification system 180 may identify an instance of an application installed on mobile wireless device 134. Additional aspects of verification system 180 are discussed in greater detail below.

[0026] Notification system 190 is a computer system utilized for sending to notifications to mobile wireless devices, such as mobile wireless devices 114 and 134. Examples services involving notification system 190 include, but are not limited to, the Apple Push Notification Service ("APNs") for delivering notifications to mobile wireless devices utilizing Apple's iOS operating system, and Google Cloud Messaging ("GCM") for delivering notifications to mobile wireless devices utilizing Google's Android operating system. In order for verification system 180 to send notifications to mobile wireless device 114 via notification system 190, an instance of an application program installed and executing on the mobile wireless device requests a token from notification system 190, and the instance of the application program provides the token, along with information identifying the instance of the application program, to verification system 180. With the token, verification system 180 may request that a notification, with an

accompanying payload, be delivered by notification system 190 to the instance of the application program installed on the mobile wireless device 114. Receipt of the notification by the instance of the application may result in an alert being presented via the mobile wireless device 114, such as displaying a message as illustrated in FIG. 4A.

[0027] FIG. 2 illustrates an example of a graphical user interface (GUI) 200 to manage accounts associated with a user and additional users associated with the accounts. An application program installed on a mobile wireless device, such as mobile wireless device 114, or computer 116 may be configured to provide GUI 200 on a display unit included therein. The application program may be configured to interact with verification system 180 to obtain information about accounts, associated users, and limitations on use of accounts. The application program may be configured to control access to, or use of, GUI 200 based on a passcode, password, or biometric input. In some examples, GUI 200 may be displayed via a web browser application running on mobile wireless device 114 or computer 116, for example, using a web server provided by verification system 180. In such examples, the web browser may be viewed as displaying GUI 200 via the web browser application, or causing GUI 200 to be displayed via the web browser application. Access to information for a user or accounts associated with the user may be controlled by a username/password, and/or two-factor authentication, such as, but not limited to, confirmation via an application program instance associated with a user or account.

[0028] GUI 200 displays a listing of accounts associated with a user of installed instance of an application program. In the example illustrated in FIG. 2, three accounts are associated with a user, and information about the first, second, and third accounts is displayed in respective account display portions 210, 220, and 230 of GUI 200. Account display portion 210 includes a brief label for the first account ("Card ...1256"), an interface element that allows additional details to be displayed for the first account, and account enable/disable interface element 211. Selection of the interface element that allows additional details to be displayed for the first account may cause a new GUI to be displayed in place of GUI 200, or additional elements to be displayed in GUI 200 to provide access to the additional details about the selected account, such as, but not limited to, identification of a financial institution associated with the account, contact information for the financial institution, an account identifier (such as, but not limited to, a credit card number for a credit card account), an account balance, a credit limit, and/or a remaining amount of credit. Account enable/disable interface element 211 may be used to selectively enable or disable its respective first account. In the example illustrated in FIG. 2, the first and second accounts are enabled, and the third account is disabled (as shown by account

enable/disable interface element 231). Verification system 180 may be configured to record whether the first account has been enabled or disabled in response to use of account

enable/disable interface element 211. Verification system 180 may be configured to enable or disable an account in response to information received from an issuer for the account.

Verification system 180 may be configured to indicate to another system, such as issuer system 170, that the first account should be enabled or disabled. Account enable/disable interface element 211 may be used to reenable an account that was automatically disabled by verification system 180 in response to receiving a request to verify a transfer. In some implementations, account enable/disable interface element 211 may only be used to reenable an account within a predetermined period of time after the account was automatically disabled; and after the predetermined period of time has elapsed it will be necessary to contact an issuer for the account or other service provider.

[0029] In the example illustrated in FIG. 2, an arrow is provided on the left hand side of each of account display portions 210, 220, and 230 to selectively display limitations and/or additional users associated with an account. Such information is displayed for the second account in account display portion 220, whereas although limitations and/or additional users may be associated with the first and/or third accounts, GUI 200 has not been arranged to display such information.

[0030] In some examples, verification system 180 may be configured to allow multiple users or instances of application programs to be associated with an account. In the particular example illustrated in FIG. 2, a total of five users are associated with the second account: the user for whom GUI 200 is being displayed, and four additional users: additional user #1 for whom details are displayed in user display portion 240, additional user #2 for whom details are displayed in user display portion 250, additional user #3 for whom details are displayed in user display portion 260, and additional user #4 for whom details are displayed in user display portion 270. User enable/disable interface element 241 may be used to selectively enable or disable its respective user, and user enable/disable interface elements are included in each of user display portions 240, 250, 260, and 270, with user enable/disable interface element 261 set to disable additional user #3. [0031] For each user, zero or more user-level limitations on use of an account may be recorded by verification system 180. In some examples, zero or more account- level limitations of use of an account may be recorded, which are applied to all requested transfers regardless of the user involved. These limitations may be displayed, added, removed, and/or modified via GUI 200. Examples of such limitations include, but are not limited to, spending limits (see limitation display portion 242), which may be per transaction (a limit of $50 per transaction is illustrated) or per day (a limit of $200 per day is illustrated); whitelisted merchants (see limitation display portion 252, in which additional user #2 is only permitted to make purchases from Super Warehouse and Paper Emporium); blacklisted merchants (identifying merchants for which requests will be denied); whitelisted merchant types/categories (see limitation display portion 272); blacklisted merchant types (for example, denying requests for merchants selling guns, tobacco, or alcohol); whitelisted types/categories of goods and/or services; blacklisted types/categories of goods and/or services; geographic limitations on merchant locations

(whitelisted and/or blacklisted); geographic limitations on shipment destinations (including specification of specific addresses); geographic limitations on a location of a mobile wireless device at the time of a transaction (including, for example, the actual location of the mobile wireless device or a distance from the merchant); limitations on allowed times and/or days of use (see limitation display portion 262), which may be whitelisted or blacklisted times and/or days; and a requirement that biometric information be captured (for example, via a mobile wireless device or a device operated by a merchant).

[0032] In another graphical user interface (not illustrated), which may also be displayed via mobile wireless device 112 or computer 116, for example, a listing of requested transfers may be displayed. Using this GUI, a user may identify a selected transfer as a reoccurring charge, and may set limitations for the reoccurring charge, such as, but not limited to, a maximum transfer amount or on timing between occurrences (such as, for example, only once per calendar month, of a minimum period of 3 weeks between occurrences). Verification system 180 may record a specification of the reoccurring charge, such as an identification of the merchant and limitations to be applied, in association with an account and automatically accept future requested transfers requested by the same merchant, so long as they meet any specified (or implied) limitations on the reoccurring transaction (see the discussion of 310 below for more details).

[0033] FIGS. 3 A and 3B illustrate an example of a process for obtaining real time or near real time verification of transfers of funds. It is noted that this disclosure is not limited to the particular arrangement or order of operations illustrated in FIGS. 3 A and 3B. Verification system 180 may be configured to perform some or all of the aspects of the procedure illustrated in FIGS. 3 A and 3B. At 305, verification system 180 receives a request to verify a requested transfer of funds from an account to a merchant. The request may be received in response to, for example, an authorization request for use of a credit card account issued by a merchant system. The request is received by verification system 180 prior to the merchant receiving an automated acceptance of the requested transfer of funds, which allows an authorized user of the account to perform real time or near real time verification of the requested transfer before providing the merchant with approval for the requested transfer. The request may provide, or verification system 180 may otherwise obtain, for example, an amount of the requested transfer of funds, an identifier for the account (for example, a credit card number for a credit card account), an identifier for the merchant (for example, a name of the merchant), an address or other location information for the merchant, and/or information about goods and/or services associated with the transfer. Verification system 180 is configured to identify, in response to the request received at 305, the account from which funds are to be transferred out of. In some examples, verification system 180 may be configured to determine whether the identified account is enabled or disabled, based on information recorded by verification system 180 and/or obtained from another system. Although not illustrated in FIGS. 3A and 3B, in response to the request received at 305, verification system 180 may respond to the request with a decline or rejection of the request if it is determined that the identified account is not enabled.

[0034] At 310, verification system 180 determines whether the transfer of funds matches a reoccurring charge recorded in verification system 180 in association with the identified account. The determination whether the transfer of funds matches a specification of a reoccurring charge may be based on an identification of a merchant for the transfer corresponds to a merchant for a recorded reoccurring charge. The determination whether the transfer of funds matches a reoccurring charge may additionally be based on whether an amount of the requested transfer is less than or equal to a maximum transaction amount recorded for the reoccurring charge. The determination whether the transfer of funds matches a reoccurring charge may additionally be based on whether a minimum period of time recorded for the reoccurring charge has elapsed since the last occurrence of the reoccurring charge (for example, the reoccurring charge may not occur more frequently than once a calendar month, or no more frequently than every 3 weeks).

[0035] If at 310 the requested transaction matches a reoccurring charge recorded in verification system 180 (Ύ'), the process continues at 315; otherwise ('Ν'), the process continues at 320. At 315, verification system 180 responds to the request received at 305 with an approval of the request. In some examples, verification system 180 may be configured to record when the reoccurring charge occurred, and this information may be used to ensure that the same reoccurring charge does not reoccur too soon. In some examples, if a merchant for the requested transfer corresponds to a merchant for a recorded reoccurring charge, but other aspects of the requested transfer violate limitations recorded for the reoccurring charge (such as a maximum transaction amount or a minimum amount of time between reoccurring charges to a single merchant), an alert presented at 325 may expressly indicate that the requested transfer violated a limitation for a reoccurring charge, to provide an indication to a user that there may be an issue to be resolved with the merchant.

[0036] As discussed with respect to FIG. 2, one or more users, and associated installed instances of one or more application programs, may be associated with each account (although in some examples, only a single user may be associated with each account). Verification system may be configured to, before 310, determine whether more than one user is associated with the identified account, and in response to more than one user being associated with the identified account, identify which user is believed to be using the account for the request received at 305. In response to the identified user being disabled with respect to the account, verification system 180 may respond to the request received at 205 with a decline or rejection of the request.

[0037] There are various techniques by which verification system 180 may identify which user is believed to be using the account. In some examples, verification system 180 may identify the user based on geographic proximity to the merchant, with geographic locations of users obtained via their respective mobile wireless devices. In some examples, verification system 180 may by default treat an account with multiple users as disabled, and allow an individual user, via their respective mobile wireless device, to indicate shortly before the request at 305 is received, that the user intends to initiate a transfer. As a result, verification system 180 may treat the account as enabled for the next incoming request to transfer funds from the account, if the next incoming request is received within a predetermined amount of time, such as five minutes. In some examples, request 305 may result in all enabled users being notified at 325, and a "accept" received from one of the users treated as use of the account by that user (which would also result in at least a portion of 320 being performed after the response is received from the identified user.

[0038] At 320, verification system 180 determines whether the requested transfer of funds violates any limitations set on use of the account. As discussed above with respect to FIG. 2, zero or more limitations may be recorded in association with an account (account- level limitations) and/or a user associated with an account (user-level limitations). If one or more account-level limitations are recorded, verification system 180 obtains information regarding the request received at 305 to determine whether any of the account-level limitations are violated. This information may be obtained from data included with the request, may be determined based on information included in one or more databases included in or accessible by verification system 180 (for example, a merchant name or merchant identifier included in a request may be used to identify a merchant type/category), may be obtained from another system (such as, but not limited to, acquirer system 160 or issuer system 170, and/or may be obtained via an instance of an application program installed on a mobile wireless device (for example, verification system 180 may request location information or that biometric information, such as a fingerprint, be captured). In some examples, if information is not available to access whether a particular limitation has been violated (for example, a merchant type/category may not be able to be determined), that limitation might be ignored. User-level limitations are handled in much the same manner, once a user has been identified. If at 320 it is determined that an account-level or user-level limitation has been violated (Ύ') the process proceeds to 325, otherwise ('Ν') the process proceeds to 330. At 325, verification system 180 responds to the request received at 305 with a decline. This may result in the merchant receiving an indication that the transfer has been declined.

[0039] At 330, verification system 180 identifies one or more instances of one or more application programs installed on one or more mobile wireless devices. Verification system 180 maintains a database that associates instances of application programs with accounts. The database is updated as part of registration/deregistration procedures performed between an instance of an application program and verification system 180. For example, on first running an installed instance of an application program (including during an installation or setup of the application program), the instance of the application program might register itself with verification system 180 as being associated with one or more accounts. As another example, an application program may be configured to allow adding an account, in response to which the application program may register itself with verification system 180 as being associated with the added account. Deregistration might occur, for example, as part of an account removal process provided by an application or an uninstall procedure implemented by an application. If multiple users (and associated instances of one or more application programs) are associated with the identified account, and a particular user has been identified for the request received at 305, an instance associated with the user may be identified. In some examples, a plurality of instances may be identified, such as where a user has installed appropriate application programs on multiple mobile wireless devices, or where a single user has not been selected from a plurality of enabled users associated with an account (in which case, all of the enabled users, and their associated instances, may be identified). An identification of an instance may comprise a token for transmitting a notification via notification system 190.

[0040] At 335, verification system 180 causes alert(s) to be presented via the application instance(s) identified at 330. For example, verification system 180 may be configured to, for each instance identified at 330, utilize notification system 190 to send a notification to the instance. The notification may include a data payload providing the receiving instance with details about the request received at 305; for example, the data payload may include a transaction amount and/or a merchant identifier (such as, but not limited to, a merchant name and/or location). In some examples, an application program may be configured to request additional information from verification system 180 in response to receiving a notification, or in response to a user inquiry for additional information.

[0041] In response to receiving a notification about the request received at 305, an instance of an application program presents an alert via the mobile wireless device on which the instance is installed. Thus, by having sent the notification, which in turn results in an alert having been displayed, verification system 180 causes the alert to be presented via the mobile wireless device. Examples of the alert include, but are not limited to, a visual alert on a display unit included in the mobile wireless device, an audible alert (such as a sound played through a speaker included the mobile wireless device), a vibratory alert, and a haptic alert. FIG. 4A illustrates an example of a visual alert 430 presented on a display unit 420 included in a mobile wireless device 410. In the particular example illustrated in FIG. 4A, visual alert 430 is displayed despite the mobile wireless device 410 being "locked." This allows the alert to be presented more quickly to a user of mobile wireless device 410. The application program causing visual alert 430 to be displayed may be configured to respond to user interaction visual alert 430 by displaying a user prompt regarding the request received at 305. FIG. 4B illustrates an example of a user prompt 440 to verify a requested transfer of funds. In this particular example, by sliding visual alert 430 to the left, user prompt 440 is displayed on the display unit 420. User prompt 440 presents three options to the user: accept button 442, deny button 444, and decline button 446. In some examples, user prompt 440 may not include decline button 446.

[0042] Selection of accept button 442 is intended to provide an express indication that the request received at 305 has been accepted (or approved) by an authorized user of the identified account. The application program may be configured to prompt a user to enter a pin, passcode, password, or provide biometric input in response to accept button 442 being selected. In some examples, the pin, passcode, password, biometric input, or data derived therefrom (such as, but not limited to, a hash) may be transmitted in a message to verification system 180 for validation, along with an indication that accept button 442 was selected. In some examples, the application program may validate the pin, passcode, password, or biometric input, and in response to it being valid, transmit a message to verification system 180 indicating that accept button 442 was selected. In some examples, the application program may not prompt for a pin, passcode, password, or biometric input in response to a determination that similar information was recently submitted, such as to "unlock" mobile wireless device 410 from a "locked" state.

[0043] Selection of deny button 444 is intended to provide an express indication that the request received at 305 has been rejected (or not approved) by an authorized user of the identified account. As is discussed in more detail below, selection of deny button 444 will prompt verification system 180 to disable the identified account, and may also notify an account issuer that the request at 305 was fraudulent. In view of such consequences, the user may be asked to confirm selection of deny button 444 to avoid the user inadvertently disabling the identified account. Selection of decline button 446 is intended to provide a mechanism for effectively cancelling a transfer without the consequences that may occur in connection with selecting deny button 444 (for example, disabling the identified account and/or notifying an account issuer of fraudulent activity).

[0044] The application program may be configured such that by sliding visual alert 430 to the right, a user can review more detailed information about the requested transfer of funds. This may require, in some examples, the user to enter a pin, passcode, password, or biometric input in order to "unlock" mobile wireless device 410 or to access a detailed information display mode of the application program. The detailed information display mode might display, for example, a listing of goods and/or services associated with the requested transfer, and/or a map showing a location of the merchant requesting the transfer.

[0045] At 340, verification system 180 determines whether a response message indicating express selection of one of the "accept," "deny," or "decline" options is received from a notified instance within a timeout period. In some examples, the timeout period is brief: for example, 5, 10, 15, 20, 25, 30, 40, 50, or 60 seconds, which assists verification system 180 in providing a real time or near real time response to the request received at 305. In some examples, the timeout period may be extended in response to an indication received from an instance that a user is interacting with the instance or the mobile wireless device the instance is installed on. For example, it may be helpful to provide a user with additional time to enter a pin, passcode, password, or biometric input, or to review details of the requested transfer of funds. In some implementations, an instance of an application program may display a numeric and/or graphical (for example, a bar graph) countdown timer on the mobile wireless device on which it is installed, to indicate to a user that a limited time is allowed to respond. If a response is not received within the timeout period ('Ν'), the process continues to 350 (via node B linking FIGS. 3A and 3B). Thus, as a result of a failure to receive an allow, deny, or decline message within the timeout period, verification system 180 determines that the requested transfer of funds is not approved by an authorized user of the identified account. If a response is received from the instance before the timeout period expires (Ύ'), the process continues to 345 (via node A linking FIGS. 3 A and 3B).

[0046] At 345, in response to receiving the message at 340, and based on the received message, verification system 180 determines whether the user chose the "deny" option (for example, by selecting deny button 444 illustrated in FIG. 4B). If not ('Ν'), the process continues to 360. Is so (Ύ'), the process continues to 350. At 350, verification system 180 causes the identified account to be disabled. For example, verification system 180 may record, in a database included in verification system 180 or otherwise accessible by verification system 180, that the identified account is disabled or not enabled. As another example, verification system 180 may send a message or other notification to another system, such as, but not limited to acquirer system 160 or issuer system 170, that causes the receiving system to disable the identified account. In some examples, verification system 180 may be configured to cause an alert to be presented on one or more mobile wireless devices associated with the identified account (via, for example, an instance of a program application installed on the mobile wireless device) indicating that the account was been disabled. For example, verification system 180 may be configured to send notifications, via notification system 190, to one or more application program instances associated with the identified account that the identified account was disabled, and a receiving instance may be configured to present an alert on the mobile wireless device on which it is installed in response to the notification. FIG. 5 illustrates an example of an alert 510 presented on a mobile wireless device indicating that an account has been automatically disabled. Much as discussed previously, in some examples, a user may reenable the disabled account via an instance of an application program installed on mobile wireless device 410, although a limited period of time may be allowed to reenable via the application program in some implementations. [0047] At 355, verification system 180 may be configured to notify an issuer system associated with the identified account that the requested transfer of funds is fraudulent. This notification may cause the receiving issuer to disable the identified account, investigate the requested transfer, and/or take other action. At 380, verification system 180 responds to the request received at 305 with a rejection of the request. In some examples, there is no difference between a decline (such as at 325 and 365) and a rejection (such as at 380). In other examples, a rejection may be indicated differently by verification system 180 to a system that issued the request received at 305, and this difference, or another difference, may be indicated to the requesting merchant versus a decline.

[0048] At 360, in response to receiving the message at 340, and based on the received message, verification system 180 determines whether the user chose the "decline" option (for example, by selecting decline button 446 illustrated in FIG. 4B). If not ('Ν'), the process continues to 370. Is so (Ύ'), the process continues to 365. At 365, verification system 180 responds to the request received at 305 with a decline of the request.

[0049] At 370, in response to receiving the message to 340, verification system 180 determines that the user chose the "accept" option (for example, by selecting accept button 442 illustrated in FIG. 4B). This determination may be based on the received message, or based on the message being neither for the "deny" or "decline" options. At 375, verification system 180 responds to the request received at 305 with an approval of the request. From each of 315 (via node C linking FIGS. 3A and 3B), 325 (via node C linking FIGS. 3A and 3B), 375, and 380, the process illustrated in FIGS. 3A and 3B continues at 385.

[0050] At 385, verification system 180 obtains a notification address, such as, but not limited to, an email address or a text messaging number or address, for the identified account. The notification address may be recorded by verification system 180 as part of a registration process in connection with the identified account. At 390, verification system 180 sends a notification, such as, but not limited to, an email or text message, of the request received at 305 and a result of verification system 180 handling the request (for example, whether the request was accepted, denied, declined, or timed out, or if the account was disabled). This notification may be sent immediately after verification system 180 responds to the request received at 305. Verification system 180 may be configured to send other notifications to the notification address; for example, in response to a disabled account being reenabled.

[0051] In some examples, verification system 180 may be configured to allow a user to temporarily transfer their ability to interact with verification system 180 to another mobile wireless device or a computer-based terminal. This may be useful in the event that the user experiences a battery, device, or other failure with the mobile wireless device ordinarily used by the user. For example, after authenticating with verification system 180, the user may obtain a temporary code from verification system 180 that may be provided to an instance of an application program installed on another mobile wireless device or computer-based terminal.

Using the temporary code, the instance of the application program may temporarily, such as for a single transfer of funds, become associated with the user or a particular account associated with the user. In some implementations, the application program may be configured to allow the user to authenticate with verification system 180 and associate an instance of the application program with the user or the account associated with the user without an intermediate step of the user obtaining and providing a temporary code. In some examples, a user may be provided in advance with one or more single use temporary codes, such as on a card that may be kept in a purse or a wallet, that may be used in connection with a pin, passcode, passphrase, or biometric input provided by the user.

[0052] FIG. 6 illustrates a configuration in which the issuer system utilizes the verification system 180 to obtain real time or near real time verification of a requested transfer of funds. Consumer 605, who is also in possession of mobile wireless device 610, initiates a transaction with a merchant that operates merchant system 615. Examples of mobile wireless device 610 include mobile wireless devices 114 and 134. Examples of merchant system 615 include online merchant system 122 and retail merchant system 142. Merchant system 615 requests

authorization of a transfer of funds via acquirer system 160. Acquirer system 160, via credit card network 620, requests issuer system 170 to authorize the transfer of funds. Issuer system 170, in the example illustrated in FIG. 6, transmits a request to verification system 180 to obtain real time or near real time verification of a requested transfer of funds. Much as discussed with respect to FIGS. 3A and 3B, verification system 180 interacts with mobile wireless device 610 and an instance of an application installed thereon to obtain an express or implied (in the event of an expiration of a time period for a reply from mobile wireless device 610 to verification system 170) indication of whether user 605 accepts, denies, or declines the transfer of funds.

[0053] FIG. 7A illustrates a configuration in which the acquirer system utilizes the verification system, before contacting the issuer system, to obtain real time or near real time verification of a requested transfer of funds. Consumer 605, merchant system 615, acquirer system 160, credit network 620, and issuer system 170 interact with each other much in the same way discussed with respect to FIG. 6. However, in this example it is acquirer system 160, rather than issuer system 170, that interacts with verification system 180. Acquirer system 160 may be configured to contact verification system 180 either prior to or after contacting issuer system 170. FIG. 7B illustrates a configuration in which the verification system replaces the acquirer system illustrated in FIG. 7A.

[0054] FIG. 8 illustrates a configuration in which a merchant system utilizes the verification system to obtain real time or near real time verification of a requested transfer of funds.

Consumer 605, merchant system 615, acquirer system 160, credit network 620, and issuer system 170 interact with each other much in the same way discussed with respect to FIG. 6. However, in this example it is merchant system 615, rather than issuer system 170, that interacts with verification system 180. This interaction occurs prior to merchant system 615 contacting acquirer system 160 regarding the transfer of funds.

[0055] FIG. 10 illustrates an example of a process for generating a temporary PIN (personal identification number). It is noted that this disclosure is not limited to the particular arrangement or order of operations illustrated in FIG. 10. By way of example, a user may be prompted by an automated teller machine (ATM) to provide a PIN to access a bank account associated with an ATM card supplied by the user to the ATM; however, there are many other contexts in which a PIN may be used for user authentication. For example, a PIN may also be used in connection with use of a debit card, a credit card, a gift card, or an access control device (for example, a numeric keypad configured to receive a PIN for unlocking a door). In some examples, a PIN is a multidigit numeric code; for example, a four- or six-digit numeric code. Conventionally, a user may specify a PIN, and the PIN may be left unchanged for an extended period of time. Such conventional implementations have been exploited in recent years by "card skimmers" designed by attackers to capture both information encoded in a magnetic stripe on a card and a user's entry of a PIN, enabling the attacker to "clone" the magnetic stripe information and reuse the PIN to make unauthorized use of an account. Additionally, users tend to choose easy to remember PINs (such as, for example, birthdates, anniversary dates, or numeric portions of addresses) that may be easily guessed by an attacker, or users may reuse a PIN across multiple accounts, which may multiply the damage resulting from exposure of a PIN.

[0056] The process illustrated in FIG. 10 allows a user to generate a temporary PIN for user authentication via a mobile wireless device. In some implementations, such processes may be performed via the mobile wireless devices, the application programs installed and executed thereon, and supporting systems discussed above in connection with FIGS. 1-8. For example, user interface elements similar to those illustrated in, and discussed in connection with, FIG. 2 may be used for specifying and managing cards and accounts involving usage of PINs. As another example, user interface elements similar to those illustrated, and those discussed in connection with, FIGS. 3A-5.

[0057] At 1010, a request is received to generate a PIN. For example, the request to generate a PIN may be received by a mobile wireless device (such as, but not limited to, mobile wireless device 610 illustrated in FIGS. 6-8) and/or a computer system (such as, but not limited to, verification system 180 discussed above). In some implementations, a user may access an application program executed on a mobile wireless device to submit the request to generate a PIN using a user interface provided by the application program. For example, the user interface may be configured to allow the user to select a card or an account, and then allow the user to request a PIN be generated for the selected card or account. In response to such user interaction with a user interface, the application program may transmit the request to generate a PIN to verification system 180. In some implementations, the request may be automatically generated by a computer system in response to an attempted use or access of an account or card; for example, in response to providing an ATM card to an ATM, a computer banking system associated with the user's account may issue the request to generate a PIN to verification system 180. In some examples, the request may specify a period of time that the generated PIN is to be effective, thereby allowing a user to control when the PIN will expire.

[0058] At 1020, a determination is made whether the request received at 1010 is authorized by an associated issuer, processor, or another entity associated with the card or account. For example, verification system 180 may transmit an electronic inquiry to issuer system 170 or to acquirer system 160 as to whether the request received at 1010 is authorized. Based on a response received for the inquiry, verification system 180 may determine whether the request received at 1010 is authorized. In some implementations, either a mobile wireless device or verification system 180 may be configured to make the determination without issuing an inquiry to another system. If at 1020 the request is not authorized ('Ν'), the process continues at 1025, where a response to the request received at 1010 is provided that declines the request. For example, where the request was submitted via an application program on a mobile wireless device, the application program may receive a response that the request was declined, and in response indicate to the user that the request was declined (and may further indicate a reason for the decline).

[0059] If at 1020 the request is authorized (Ύ'), the process continues at 1030. At 1030, a determination is made whether the request received at 1010 violates limitations set on use of the card or account. Much as discussed above with respect to FIG. 2, zero or more limitations may be recorded in association with an account (account-level limitations) and/or a user associated with an account (user-level limitations). If one or more account-level limitations are recorded, verification system 180 may determine whether any of the account- level limitations are violated by the request received at 1010. User-level limitations are handled in much the same manner, once a user has been identified. If at 1030 it is determined that an account-level or user-level limitation has been violated (Ύ') the process proceeds to 1035, otherwise ('Ν') the process proceeds to 1040. At 1035, a response to the request received at 1010 is provided that declines the request, much as at 1025.

[0060] At 1040, a PIN is generated in response to the request received at 1010. In some examples, the PIN may be randomly generated. In some examples, the generated PIN may be effective for a predetermined period of time; for example, the generated PIN may be effective only if used within 30 seconds, 60 seconds, 2 minutes, 3 minutes, 5 minutes, or 10 minutes. In some examples, in response to a first successful use of the generated PIN, the generated PIN may then be disabled, thereby disallowing a subsequent use of the same PIN even if the subsequent use is within the previously mentioned predetermined period of time. In some examples, if a PIN has already been set for a card or account, that PIN may be disabled, replaced, or cleared. The generated PIN may be generated at various computer systems, including, for example, a mobile wireless device that issued the request at 1010 (for example, mobile wireless device 610), verification system 180, merchant system 615, acquirer system 160, or issuer system 170.

Depending on where the generated PIN is generated, the generated PIN may be provided to other systems; for example, if generated by verification system 180, the generated PIN may be delivered from verification system 180 to mobile wireless device 610 for display to a user, and the generated PIN may also be delivered to a system used to verify that an entered PIN (such as a PIN manually entered into an ATM via a numeric keypad) corresponds to the generated PIN; for example, although a PIN may be entered into an ATM, the PIN may be verified at a system different from the ATM.

[0061] At 1050, the generated PIN is displayed to the user via one of more application instance(s) on one or more mobile wireless device(s). In some examples, an application instance used to generate the request at 1010 is also used to display the generated PIN. In some examples, one or more instances of one or more application programs installed on one or more mobile wireless devices may be identified much as discussed above for 330 in FIG. 3A. A displaying application instance may retain the generated PIN for redisplaying the PIN to the user at a later time.

[0062] At 1060, the user makes use of the generated PIN. For example, where the PIN is generated for use with an ATM, the user may manually enter the generated PIN into an ATM. A device that is supplied with the generated PIN may also be configured to receive a secondary user identification, such as, but not limited to, an ATM card, a card with a magnetic stripe, a cryptographic token, or an RFID chip. The PIN entered by the user is used to authenticate the user.

[0063] At 1070, verification system 180 obtains a notification address, much as discussed above for 385 in FIG. 3B. At 1080, verification system 180 sends a notification of the request received at 1010 and the subsequent usage of the PIN to the notification address obtained at 1070, much as discussed above for 390 in FIG. 3B. In some implementations, notification of the request received at 1010 may be performed even without subsequent use of the generated PIN.

[0064] In some implementations, even where a temporary PIN generated as discussed above is used to authenticate a user for an account, use of the account under that authentication, such as performing a transfer of funds, may be subject to real time verification according to the techniques discussed above in connection with FIGS. 1-8. In some implementations, in response to a temporary PIN generated as discussed above being used to authenticate a user for an account, use of the account under that authentication, such as performing a transfer of funds, may selectively not be subject to such real time verification.

[0065] FIG. 11 illustrates an example of a process for locking or unlocking use of a PIN. It is noted that this disclosure is not limited to the particular arrangement or order of operations illustrated in FIG. 11. In some implementations, such processes may be performed via the mobile wireless devices, the application programs installed and executed thereon, and supporting systems discussed above in connection with FIGS. 1-8. For example, user interface elements similar to those illustrated in, and discussed in connection with, FIG. 2 may be used for specifying and managing cards and accounts involving usage of PINs. As another example, user interface elements similar to those illustrated, and those discussed in connection with, FIGS. 3A- 5.

[0066] At 1110, a request is received to lock or unlock a PIN. For example, the request to lock or unlock a PIN may be received by a mobile wireless device (such as, but not limited to, mobile wireless device 610 illustrated in FIGS. 6-8) and/or a computer system (such as, but not limited to, verification system 180 discussed above). In some implementations, a user may access an application program executed on a mobile wireless device to submit the request to lock or unlock a PIN using a user interface provided by the application program. For example, the user interface may be configured to allow the user to select a card or an account, and then allow the user to lock or unlock a PIN be generated for the selected card or account. In response to such user interaction with a user interface, the application program may transmit the request to lock or unlock a PIN to verification system 180.

[0067] At 1120, a determination is made whether the request received at 1110 is authorized by an associated issuer, processor, or another entity associated with the card or account. For example, verification system 180 may transmit an electronic inquiry to issuer system 170 or to acquirer system 160 as to whether the request received at 1110 is authorized. Based on a response received for the inquiry, verification system 180 may determine whether the request received at 1110 is authorized. In some implementations, either a mobile wireless device or verification system 180 may be configured to make the determination without issuing an inquiry to another system. If at 1120 the request is not authorized ('Ν'), the process continues at 1125, where a response to the request received at 1110 is provided that declines the request. For example, where the request was submitted via an application program on a mobile wireless device, the application program may receive a response that the request was declined, and in response indicate to the user that the request was declined (and may further indicate a reason for the decline).

[0068] If at 1120 the request is authorized (Ύ'), the process continues at 1130. At 1130, a determination is made whether the request received at 1110 violates limitations set on use of the card or account. Much as discussed above with respect to FIG. 2, zero or more limitations may be recorded in association with an account (account-level limitations) and/or a user associated with an account (user-level limitations). If one or more account-level limitations are recorded, verification system 180 may determine whether any of the account- level limitations are violated by the request received at 1110. User-level limitations are handled in much the same manner, once a user has been identified. If at 1130 it is determined that an account-level or user-level limitation has been violated (Ύ') the process proceeds to 1135, otherwise ('Ν') the process proceeds to 1140. At 1135, a response to the request received at 1110 is provided that declines the request, much as at 1125.

[0069] At 1140, verification system 180 identifies one or more instances of one or more application programs installed on one or more mobile wireless devices, much as discussed above for 330 in FIG. 3A. At 1150, the one or more instances of the one or more application programs prompt for confirmation of the request to lock or unlock the PIN. At 1160, a confirmation of the request is received via one of the one or more instances of the one or more application programs. The prompting and confirmation at 1150 and 1160 may be performed much as illustrated and discussed in connection with FIGS. 4A and 4B.

[0070] At 1170, verification system 180 obtains a notification address, much as discussed above for 385 in FIG. 3B. At 1180, verification system 180 sends a notification of the request received at 1110 and its result to the notification address obtained at 1170, much as discussed above for 390 in FIG. 3B.

[0071] By use of the process illustrated in FIG. 11, a user can unlock a PIN before using an ATM, make use of the ATM, and then lock the PIN again, thereby avoiding unapproved use of the PIN for authorizing or authenticating use of an account via an ATM.

[0072] FIG. 9 is a block diagram that illustrates a computer system 900 upon which aspects of this disclosure may be implemented, such as, but not limited to mobile wireless devices 114 and 134, computer 116, online merchant system 122, payment terminal 136, register system 138, retail merchant system 142, acquirer system 160, issuer system 170, verification system 180, notification system 190, and the processes discussed in connection with FIGS. 10 and 11.

Computer system 900 includes a bus 902 or other communication mechanism for

communicating information, and a processor 904 coupled with bus 902 for processing information. Computer system 900 also includes a main memory 906, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 902 for storing information and instructions to be executed by processor 904. Main memory 906 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 904. Computer system 900 further includes a read only memory (ROM) 908 or other static storage device coupled to bus 902 for storing static information and instructions for processor 904. A storage device 910, such as a magnetic disk or optical disk, is provided and coupled to bus 902 for storing information and instructions.

[0073] Computer system 900 may be coupled via bus 902 to a display 912, such as a cathode ray tube (CRT) or liquid crystal display (LCD), for displaying information to a computer user. An input device 914, including alphanumeric and other keys, is coupled to bus 902 for communicating information and command selections to processor 904. Another type of user input device is cursor control 916, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 904 and for controlling cursor movement on display 912. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane. Another type of user input device is a touchscreen, which generally combines display 912 with hardware that registers touches upon display 912.

[0074] This disclosure is related to the use of computer systems such as computer system 900 for implementing the techniques described herein. In some examples, those techniques are performed by computer system 900 in response to processor 904 executing one or more sequences of one or more instructions contained in main memory 906. Such instructions may be read into main memory 906 from another machine-readable medium, such as storage device 910. Execution of the sequences of instructions contained in main memory 906 causes processor 904 to perform the process steps described herein. In some examples, hard-wired circuitry may be used in place of or in combination with software instructions to implement the various aspects of this disclosure. Thus, implementations are not limited to any specific combination of hardware circuitry and software.

[0075] The term "machine-readable medium" as used herein refers to any medium that participates in providing data that causes a machine to operation in a specific fashion. In some examples implemented using computer system 900, various machine-readable media are involved, for example, in providing instructions to processor 904 for execution. Such a medium may take many forms, including but not limited to, non- volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 910. Volatile media includes dynamic memory, such as main memory 906. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 902. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications. All such media must be tangible to enable the instructions carried by the media to be detected by a physical mechanism that reads the instructions into a machine.

[0076] Common forms of machine-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.

[0077] Various forms of machine-readable media may be involved in carrying one or more sequences of one or more instructions to processor 904 for execution. For example, the instructions may initially be carried on a magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 900 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus 902. Bus 902 carries the data to main memory 906, from which processor 904 retrieves and executes the instructions. The instructions received by main memory 906 may optionally be stored on storage device 910 either before or after execution by processor 904.

[0078] Computer system 900 also includes a communication interface 918 coupled to bus 902. Communication interface 918 provides a two-way data communication coupling to a network link 920 that is connected to a local network 922. For example, communication interface 918 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 918 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, communication interface 918 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.

[0079] Network link 920 typically provides data communication through one or more networks to other data devices. For example, network link 920 may provide a connection through local network 922 to a host computer 924 or to data equipment operated by an Internet Service Provider (ISP) 926. ISP 926 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the "Internet" 928. Local network 922 and Internet 928 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 920 and through communication interface 918, which carry the digital data to and from computer system 900, are exemplary forms of carrier waves transporting the information.

[0080] Computer system 900 can send messages and receive data, including program code, through the network(s), network link 920 and communication interface 918. In the Internet example, a server 930 might transmit a requested code for an application program through Internet 928, ISP 926, local network 922 and communication interface 918.

[0081] The received code may be executed by processor 904 as it is received, and/or stored in storage device 910, or other non- volatile storage for later execution. In this manner, computer system 900 may obtain application code in the form of a carrier wave. [0082] While the foregoing has described what are considered to be the best mode and/or other examples, it is understood that various modifications may be made therein and that the subject matter disclosed herein may be implemented in various forms and examples, and that the teachings may be applied in numerous applications, only some of which have been described herein. It is intended by the following claims to claim any and all applications, modifications and variations that fall within the true scope of the present teachings.

[0083] Unless otherwise stated, all measurements, values, ratings, positions, magnitudes, sizes, and other specifications that are set forth in this specification, including in the claims that follow, are approximate, not exact. They are intended to have a reasonable range that is consistent with the functions to which they relate and with what is customary in the art to which they pertain.

[0084] The scope of protection is limited solely by the claims that now follow. That scope is intended and should be interpreted to be as broad as is consistent with the ordinary meaning of the language that is used in the claims when interpreted in light of this specification and the prosecution history that follows and to encompass all structural and functional equivalents.

Notwithstanding, none of the claims are intended to embrace subject matter that fails to satisfy the requirement of Sections 101, 102, or 103 of the Patent Act, nor should they be interpreted in such a way. Any unintended embracement of such subject matter is hereby disclaimed.

[0085] Except as stated immediately above, nothing that has been stated or illustrated is intended or should be interpreted to cause a dedication of any component, step, feature, object, benefit, advantage, or equivalent to the public, regardless of whether it is or is not recited in the claims.

[0086] It will be understood that the terms and expressions used herein have the ordinary meaning as is accorded to such terms and expressions with respect to their corresponding respective areas of inquiry and study except where specific meanings have otherwise been set forth herein. Relational terms such as first and second and the like may be used solely to distinguish one entity or action from another without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. An element proceeded by "a" or "an" does not, without further constraints, preclude the existence of additional identical elements in the process, method, article, or apparatus that comprises the element.

[0087] The Abstract of the Disclosure is provided to allow the reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing Detailed Description, it can be seen that various features are grouped together in various examples for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claims require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed example. Thus, the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separately claimed subject matter.

Claims

WHAT IS CLAIMED IS:

1. A computer- implemented method comprising:

receiving, from a first instance of a first application program executed on a first mobile wireless device, a first user request for a personal identification number (PIN) to be generated for authenticating use of a selected first account;

causing a first temporary PIN to be generated in response to at least the first user request; providing the generated first temporary PIN to a system used to verify that an entered PIN corresponds to the generated first temporary PIN;

identifying a second instance of a second application program installed on a second mobile wireless device as being associated with the first account; and

causing, in response to receiving the first user request, the generated first temporary PIN to be displayed on the second mobile wireless device via the second instance of the second application program.

2. The computer-implemented method of claim 1, wherein:

the second mobile wireless device is the first mobile wireless device;

the second application program is the first application program; and

the second instance is the first instance.

3. The computer-implemented method of claim 1, further comprising:

transmitting a first electronic inquiry to a first system as to whether the first user request is authorized by a first issuer, processor, or other entity associated with the first account;

determining, based on a response received for the first inquiry, that the first user request is authorized by the first issuer, processor, or other entity;

receiving, from a third instance of a third application program executed on a third mobile wireless device, a second user request for a PIN to be generated for a selected second account; transmitting a second electronic inquiry to a second system as to whether the second user request is authorized by a second issuer, processor, or other entity associated with the second account;

determining, based on a response received for the second inquiry, that the second user request is not authorized by the second issuer, processor, or other entity; and providing, in response to the determination that the second user request is not authorized, a response to the second user request indicating that the second user request is declined,

wherein the causing the first temporary PIN to be generated is further in response to the determination that the first user request is authorized.

4. The computer-implemented method of claim 1, further comprising:

causing the generated first temporary PIN to be effective for authenticating use of the first account only if used within a first period of time; and

in response to a first successful use of the generated first temporary PIN for

authenticating use of the first account, disabling subsequent use of the generated first temporary PIN for authenticating use of the first account before an end of the first period of time.

5. The computer-implemented method of claim 1, further comprising:

obtaining a notification address associated with the first account; and

sending a notification of the first user request to the notification address.

6. The computer-implemented method of claim 1, further comprising:

determining that one or more first limitations set on use of the first account are recorded, the first limitations consisting of one or more account-level limitations and/or one or more user- level limitations for a user associated with the first account;

determining that the first user request does not violate the first limitations;

receiving, from a third instance of a third application program executed on a third mobile wireless device, a second user request for a PIN to be generated for a selected second account; determining that one or more second limitations set on use of the second account are recorded, the second limitations consisting of one or more account-level limitations and/or one or more user-level limitations for a user associated with the second account;

determining that the second user request violates one of the second limitations; and providing, in response to the determination that the second user request violates one of the second limitations, a response to the second user request indicating that the second user request is declined,

wherein the causing the first temporary PIN to be generated is further in response to the determination that the first user request does not violate the first limitations.

7. The computer-implemented method of claim 1, further comprising:

receiving a second user request to lock or unlock use of a PIN for authorizing use of a selected second account;

identifying a third instance of a third application program installed on a third mobile wireless device as being associated with the second account; and

causing, in response to receiving the second user request, a first notification of the second user request to be presented on the third mobile wireless device via the third instance of the third application program; and

determining that the second user request is not approved by a user of the second account based on a first message received from the third instance of the third application program or a failure to receive a message from the third instance of the third application program within a predetermined period of time.

8. The computer-implemented method of claim 7, further comprising:

obtaining a notification address associated with the second account; and

sending a notification of the second user request to the notification address.

9. The computer-implemented method of claim 1, further comprising:

receiving a second request to verify a first requested transfer of funds from the first account to a first merchant prior to the first merchant receiving an acceptance of the first requested transfer of funds, wherein the first requested transfer of funds has been authenticated using the generated first temporary PIN;

identifying a third instance of a third application program installed on a third mobile wireless device as being associated with the first account;

causing, in response to receiving the second request, a first notification of the first requested transfer of funds to be presented on the third mobile wireless device via the third instance of the third application program;

determining that the first requested transfer of funds is not approved by a user of the first account based on a first message received from the third instance of the third application program or a failure to receive a message from the third instance of the third application program within a predetermined period of time; and

causing use of the first account to be disabled in response to the determination that the first requested transfer of funds is not approved by a user of the first account.

10. A nontransitory machine-readable medium storing instructions which, when executed by one or more processors, cause the processors to perform the method of claim 1.

11. A system comprising:

one or more processors; and

one or more machine readable media including instructions, which when executed by the one or more processors, cause the one or more processors to:

receive, from a first instance of a first application program executed on a first mobile wireless device, a first user request for a personal identification number (PIN) to be generated for authenticating use of a selected first account,

cause a first temporary PIN to be generated in response to at least the first user request,

provide the generated first temporary PIN to a system used to verify that an entered PIN corresponds to the generated first temporary PIN,

identify a second instance of a second application program installed on a second mobile wireless device as being associated with the first account, and

cause, in response to receiving the first user request, the generated first temporary PIN to be displayed on the second mobile wireless device via the second instance of the second application program.

12. The system of claim 11, wherein:

the second mobile wireless device is the first mobile wireless device;

the second application program is the first application program; and

the second instance is the first instance.

13. The system of claim 11, wherein the instructions further cause the one or more processors to:

transmit a first electronic inquiry to a first system as to whether the first user request is authorized by a first issuer, processor, or other entity associated with the first account;

determine, based on a response received for the first inquiry, that the first user request is authorized by the first issuer, processor, or other entity;

receive, from a third instance of a third application program executed on a third mobile wireless device, a second user request for a PIN to be generated for a selected second account; transmit a second electronic inquiry to a second system as to whether the second user request is authorized by a second issuer, processor, or other entity associated with the second account;

determine, based on a response received for the second inquiry, that the second user request is not authorized by the second issuer, processor, or other entity;

provide, in response to the determination that the second user request is not authorized, a response to the second user request indicating that the second user request is declined,

14. The system of claim 11, wherein the instructions further cause the one or more processors to:

cause the generated first temporary PIN to be effective for authenticating use of the first account only if used within a first period of time; and

in response to a first successful use of the generated first temporary PIN for

authenticating use of the first account, disable subsequent use of the generated first temporary PIN for authenticating use of the first account before an end of the first period of time.

15. The system of claim 11, wherein the instructions further cause the one or more processors to:

obtain a notification address associated with the first account; and

send a notification of the first user request to the notification address.

16. The system of claim 11, wherein the instructions further cause the one or more processors to:

determine that one or more first limitations set on use of the first account are recorded, the first limitations consisting of one or more account-level limitations and/or one or more user- level limitations for a user associated with the first account;

determine that the first user request does not violate the first limitations;

receive, from a third instance of a third application program executed on a third mobile wireless device, a second user request for a PIN to be generated for a selected second account; determine that one or more second limitations set on use of the second account are recorded, the second limitations consisting of one or more account-level limitations and/or one or more user-level limitations for a user associated with the second account; and

determine that the second user request violates one of the second limitations;

provide, in response to the determination that the second user request violates one of the second limitations, a response to the second user request indicating that the second user request is declined,

17. The system of claim 11, wherein the instructions further cause the one or more processors to:

receive a second user request to lock or unlock use of a PIN for authorizing use of a selected second account;

identify a third instance of a third application program installed on a third mobile wireless device as being associated with the second account; and

cause, in response to receiving the second user request, a first notification of the second user request to be presented on the third mobile wireless device via the third instance of the third application program; and

determine that the second user request is not approved by a user of the second account based on a first message received from the third instance of the third application program or a failure to receive a message from the third instance of the third application program within a predetermined period of time.

18. The system of claim 17, wherein the instructions further cause the one or more processors to:

obtain a notification address associated with the second account; and

send a notification of the second user request to the notification address.

19. The system of claim 11, wherein the instructions further cause the one or more processors to:

receive a second request to verify a first requested transfer of funds from the first account to a first merchant prior to the first merchant receiving an acceptance of the first requested transfer of funds, wherein the first requested transfer of funds has been authenticated using the generated first temporary PIN;

identify a third instance of a third application program installed on a third mobile wireless device as being associated with the first account;

cause, in response to receiving the second request, a first notification of the first requested transfer of funds to be presented on the third mobile wireless device via the third instance of the third application program;

determine that the first requested transfer of funds is not approved by a user of the first account based on a first message received from the third instance of the third application program or a failure to receive a message from the third instance of the third application program within a predetermined period of time; and

cause use of the first account to be disabled in response to the determination that the first requested transfer of funds is not approved by a user of the first account.