Integration of secure protocols into a fraud detection system
Abstract
Embodiments of the present invention are directed to methods and systems for performing a secure authentication process by leveraging the historical transaction data associated with an issuer. The historical transaction data stored at a fraud detection system may include the types of frequency of past authentication processes performed by the issuer, allowing for a determination of the likelihood of an authentication challenge process being applied to a current transaction. A merchant may define merchant rules that define what authentication process, if any, should then be applied to the current transaction based on the likelihood of an authentication challenge process being applied to the current transaction.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method comprising:
receiving, by a server computer, a transaction message for a transaction performed between a user device and a merchant computer; determining, by the server computer, a likelihood of an authentication challenge process being performed by an authorizing system to the user device based on historical transaction data for previous transactions processed by the authorizing system; based on a set of rules, determining, by the server computer, a likelihood threshold value for the likelihood of the authentication challenge process and a risk threshold value for a risk level of the transaction; and routing, by the server computer, an authorization request message for the transaction directly to the authorizing system, bypassing a secure authentication process between the user device and the authorizing system, when the likelihood of the authentication challenge process being performed by the authorizing system is above the likelihood threshold value and when the risk level of the transaction is below the risk threshold established in the set of rules.
2 . The method of claim 1 , wherein the transaction message includes transaction data for the transaction and an authorizing system identifier of the authorizing system, the method further comprising:
retrieving, by the server computer, authorizing system data using the authorizing system identifier, the authorizing system data including the historical transaction data; analyzing, by the server computer, the transaction data for the transaction with the historical transaction data retrieved from the authorizing system database; and determining, by the server computer, the likelihood value of the authentication challenge process being performed by the authorizing system based on the analyzing of the transaction data.
3 . The method of claim 2 , wherein the determining of the likelihood value of the authentication challenge process being performed by the authorizing system is further based on a transaction history of a user of the user device or a transaction history of an account used in performing the transaction.
4 . The method of claim 1 , further comprising:
determining, by the server computer, the risk level for the transaction based on one or both of stored risk data and external risk data.
5 . The method of claim 1 , wherein the transaction message further includes a plurality of transaction characteristics, the method further comprising:
evaluating, by the server computer, each transaction characteristic of the transaction message with an associated rule of the set of rules, the associated rule indicating whether or not to proceed with the secure authentication process based on a characteristic threshold for the transaction characteristic, and determining, by the server computer, the risk level for the transaction based on the evaluating of each transaction characteristic.
6 . The method of claim 5 , wherein the plurality of transaction characteristics included in the transaction message include a time, wherein the set of rules includes a first rule indicating to bypass the secure authentication process when the time is above a first time threshold and below a second time threshold.
7 . The method of claim 1 , wherein the transaction message includes a merchant identifier, the method further comprising:
retrieving, by the server computer, the set of rules using the merchant identifier.
8 . The method of claim 1 , wherein the likelihood of the authentication challenge process being performed by the authorizing system being above the likelihood threshold value indicates a higher abandonment risk of the transaction being abandoned, wherein a likelihood of the authentication challenge process being performed by the authorizing system being below the likelihood threshold value indicates a lower abandonment risk of the transaction being abandoned.
9 . The method of claim 1 , wherein the secure authentication process is a passive authentication process, the passive authentication process not including prompting or challenging of the user for authentication information or a challenge response, wherein the transaction may proceed or be halted based on results of the secure authentication process.
10 . The method of claim 1 , wherein the secure authentication process is an active authentication process, the active authentication process including prompting or challenging of the user for the authentication information or the challenge response, wherein the transaction may proceed or be halted based on results of the secure authentication process.
11 . A server computer, comprising:
a processor; and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, to implement a method comprising:
receiving a transaction message for a transaction performed between a user device and a merchant computer;
determining a likelihood of an authentication challenge process being performed by an authorizing system based on historical transaction data for previous transactions processed by the authorizing system;
based on a set of rules, determining a likelihood threshold value for the likelihood of the authentication challenge process and a risk threshold value for a risk level of the transaction; and
routing an authorization request message for the transaction directly to the authorizing system, bypassing a secure authentication process between the user device and the authorizing system, when the likelihood of the authentication challenge process being performed by the authorizing system is above the likelihood threshold value and when the risk level of the transaction is below the risk threshold established in the set of rules.
12 . The server computer of claim 11 , wherein the transaction message includes transaction data for the transaction and an authorizing system identifier of the authorizing system, the method further comprising:
retrieving authorizing system data using the authorizing system identifier, the authorizing system data including the historical transaction data; analyzing the transaction data for the transaction with the historical transaction data retrieved from the authorizing system database; and determining the likelihood value of the authentication challenge process being performed by the authorizing system based on the analyzing of the transaction data.
13 . The server computer of claim 12 , wherein the determining of the likelihood value of the authentication challenge process being performed by the authorizing system is further based on a transaction history of a user of the user device or a transaction history of an account used in performing the transaction.
14 . The server computer of claim 11 , further comprising:
determining the risk level for the transaction based on one or both of stored risk data and external risk data.
15 . The server computer of claim 11 , wherein the transaction message further includes a plurality of transaction characteristics, the method further comprising:
evaluating each transaction characteristic of the transaction message with an associated rule of the set of rules, the associated rule indicating whether or not to proceed with the secure authentication process based on a characteristic threshold for the transaction characteristic, and determining the risk level for the transaction based on the evaluating of each transaction characteristic.
16 . The server computer of claim 15 , wherein the plurality of transaction characteristics included in the transaction message include a time, wherein the set of rules includes a first rule indicating to bypass the secure authentication process when the time is above a first time threshold and below a second time threshold.
17 . The server computer of claim 11 , wherein the transaction message includes a merchant identifier, the method further comprising:
retrieving the set of rules using the merchant identifier.
18 . The server computer of claim 11 , wherein the likelihood of the authentication challenge process being performed by the authorizing system being above the likelihood threshold value indicates a higher abandonment risk of the transaction being abandoned, wherein a likelihood of the authentication challenge process being performed by the authorizing system being below the likelihood threshold value indicates a lower abandonment risk of the transaction being abandoned.
19 . The method of claim 11 , wherein the secure authentication process is a passive authentication process, the passive authentication process not including prompting or challenging of the user for authentication information or a challenge response, wherein the transaction may proceed or be halted based on results of the secure authentication process.
20 . The method of claim 11 , wherein the secure authentication process is an active authentication process, the active authentication process including prompting or challenging of the user for the authentication information or the challenge response, wherein the transaction may proceed or be halted based on results of the secure authentication process.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.