( 1 of 1 )
________________________________________
United States Patent 7,229,006
Babbi , et al. June 12, 2007
________________________________________
Systems and methods for remote account control
Abstract
Systems and methods for remotely causing a request for authorization to charge a card, that is otherwise active, to be denied. In one embodiment, an access controller receives a call from a card holder and analyzes ANI and DNIS data received during call setup for the call to select a card account and an action (e.g., turn account OFF) to be taken with respect to the card account. The access controller formulates and sends a message to an account authorization processing system to cause the account authorization processing system to thereafter deny requests for authorization to charge the card account. A subsequent call to the access controller from the same caller (i.e., a same ANI) will reverse account closure and allow card authorization to proceed. Feedback, in the form of an Instant Message (IM), email, or audible signal (busy, ringing) when making the call, may be provided to indicate the success of a change to the state of the account. Embodiments that do not rely on PSTN infrastructure are also disclosed.
________________________________________
Inventors: Babbi; Rene Pierre (Vancouver, WA), Silbernagel; Mark Mathias (Battle Ground, WA)
Assignee: RBA International, Inc. (Vancouver, WA)
Appl. No.: 11/130,131
Filed: May 17, 2005
________________________________________
Related U.S. Patent Documents
________________________________________
Application Number Filing Date Patent Number Issue Date<TD< TD>
60572347 May., 2004 <TD< TD>
________________________________________
Current U.S. Class: 235/375 ; 705/44
Current International Class: G06K 7/00 (20060101)
Field of Search: 705/1,16,18,21,26,35,39,42,44 235/375,379
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents
5357563
October 1994 Hamilton et al.
6836765
December 2004 Sussman
6853987
February 2005 Cook
7031939
April 2006 Gallagher et al.
Other References
International Search Report & Written Opinion, May 17, 2005. cited by other.
Primary Examiner: Lee; Michael G.
Assistant Examiner: Franklin; Jamara A.
Attorney, Agent or Firm: Paul, Hastings, Janofsky & Walker LLP
________________________________________
Parent Case Text
________________________________________
This application claims the benefit of U.S. Provisional Application No. 60/572,347, filed May 18, 2004, which is herein incorporated by reference in its entirety.
________________________________________
Claims
________________________________________
What is claimed is:
1. A method of remotely controlling authorization processing for an account, comprising the steps of: receiving call setup information, including Automatic Number Identification (ANI) and Dialed Number Identification Service (DNIS), related to a call directed to an access controller; extracting the ANI and DNIS from the setup information; associating at least one account with the ANI and determining a requested action based on the DNIS; forming and sending a message to an account authorization processing system, the message including identification of the at least one account and the requested action, the message causing one or more rules effecting authorization of transactions to be toggled ON or OFF.
2. The method of claim 1, further comprising forming and sending the message only when at least one rule that is caused to be enabled by the requested action is effective to disable subsequent transaction processing for the at least one account.
3. The method of claim 2, further comprising sending an indication to a holder of the account indicating that the at least one account is disabled.
4. The method of claim 3, wherein the indication is an instant Message (IM).
5. The method of claim 3, wherein the indication is an email.
6. The method of claim 3, wherein the indication is one of a busy signal and a ringing signal.
7. The method of claim 1, wherein a subsequent message causes the account to be enabled.
8. The method of claim 1, wherein the DNIS includes at least a portion of a number of the account.
9. The method of claim 1, further comprising denying a request for authorization received at the authorization processing system after the message is received at the authorization processing system.
10. The method of claim 1, wherein the ANI and DNIS are captured using ISDN services.
11. The method of claim 1, wherein the call is received from a cellular telephone.
12. The method of claim 1, wherein the call is received from a landline telephone.
13. The method of claim 1, wherein the account is disabled only in response to a caller's call, without further action by a caller who placed the call.
14. The method of claim 1, wherein the account is at least one of for a credit card, debit card, store branded card, security or access card, smart card,. stored value card and a prepaid card.
15. The method of claim 1, wherein at least one of the call and a custom sequence of numbers is initiated by speed-dialing.
16. The method of claim 1, wherein the access controller is operated by a stand-in processing entity.
17. The method of claim 1, wherein the access controller is operated by an issuing financial institution of a card associated with the account.
18. The method of claim 1, wherein the access controller and account authorization processing system communicate with each other via a communications network.
19. A method of remotely causing a request for authorization to charge an account, that is otherwise active, to be denied, comprising the steps of: providing an access controller; receiving at the access controller a call from an account holder; analyzing Automatic Number Identification (ANI) and Dialed Number Identification Service (DNIS) data received during call setup for the call, and selecting an account controlled by the account holder and an action to be taken with respect to the account controlled by the account holder in view of the ANI and DNIS data; and formulating and sending a message to an account authorization processing system to deny requests for authorization to charge the card account.
20. The method of claim 19, further comprising: receiving at the access controller a second call from the account holder; analyzing ANI and DNIS data received during call setup for the second call and selecting the account, controlled by the account holder and another action to be taken with respect to the account controlled by the account holder in view of the ANI and DNIS data of the second call; and formulating and sending a second message to the account authorization processing system to allow requests for authorization to charge the account controlled by the account holder.
21. The method of claim 19, further comprising sending an indication to the account holder indicating a state of the account controlled by the account holder.
22. The method of claim 21, wherein the indication is in the form of at least one of an Instant Message, an email, and an auditory cue during the call.
23. The method of claim 22, further comprising sending additional information about the account controlled by the account holder.
24. The method of claim 19, further comprising partnering with a cellular telephone service provider that supports shortened dialing functionality to reach the access controller.
25. The method of claim of claim 19, wherein the account controlled by the account holder is at least one of credit card, debit card, store branded card, security or access card, smart card, stored value card and a prepaid card.
________________________________________
Description
________________________________________
BACKGROUND
1. Field of the Invention
The present invention relates generally to systems and methods for countering fraudulent use of credit cards and the like. More specifically, the present invention relates to systems and methods for providing account holders real-time remote control over the availability of a given account using advanced telephony techniques.
2. Background of the Invention
There are many challenges in managing personal finances in today's world, including fraud, accidental transactions, avoidable fees, and other issues. There is thus a growing need to provide consumer driven tools that preferably provide the consumer with a high level of control over his/her financial accounts.
Card theft and fraud are, unfortunately, extremely pervasive. It is has been said that the cost of card fraud—to card holders and to card companies alike—may be as high as $500 million per year. Everyone pays for card fraud in higher prices, whether or not they are personally defrauded. Of course, when one does personally fall victim to this type of fraud, it can be devastating both financially and personally.
When a purse or wallet including cards is stolen, it may be only a matter of hours, or even minutes, before those cards are used to purchase hundreds, if not thousands of dollars worth of merchandise. While theft is probably the most obvious precursor to card fraud, it is not the only way fraud occurs. A more subtle form of fraud is "misappropriation," which is the use of a card number (and not necessarily the card itself) without the owner's permission. Unfortunately, obtaining someone else's card information is not particularly difficult. For example, telephone scams abound in which a caller might indicate that one need only provide a card number and associated expiration date to qualify for a "special discount vacation." Alternatively, thieves might simply sift through a homeowner's trash to find discarded receipts or carbons with credit numbers and expiration dates. Further, and perhaps less common, though not less damaging, is a scenario in which a dishonest sales clerk who, in the course of a legitimate transaction, makes an extra imprint of a card for subsequent fraudulent use.
In today's fast paced economy it is difficult to always carefully scrutinize every card transaction, especially when people are increasingly using cards for purchases worth only a few dollars. While companies have recently instituted better safeguards, including real-time, dial up, authorization, such safeguards do not necessarily protect against all possible fraudulent uses of someone's card. Indeed, in the case where a card is stolen, a subsequent transaction would still be "authorized" unless the owner of the card was able to first notify the issuer/company of the theft, so that the account could be closed.
There is therefore a critical need for improved safety and anti-fraud measures with respect to cards and the like. There is also a need to provide to the owner of the account improved overall control over the account.
BRIEF SUMMARY OF THE INVENTION
Embodiments of the present invention are designed, in at least one, focused, aspect, to reduce the likelihood of fraudulent or unauthorized use of a card or account by giving the account holder acute control over the account, through a novel use of telephony, to enable or disable normal authorization processing of transactions and, thereby, effectively turn the card OFF (and/or ON). In a broader aspect, embodiments of the present invention are designed to provide an account holder acute control over his/her account, through the use of one several possible consumer driven methods, to enable or disable one or more predetermined rules that control normal authorization processing of transactions. Such rules may be limited to enabling or disabling a particular account, but may also include more complicated rules, which can be toggled ON or OFF, to discern which of several individual transactions might be eligible for approval.
With a conventional card, once the card is issued to an account holder and is initially activated (sometimes via well-known Interactive Voice Response (IVR) systems), the card is thereafter always activated or ON. In accordance with embodiments of the present invention, on the other hand, the conventional paradigm of "always on," is shifted to an alternative paradigm in which a card or account can be reversibly switched OFF, and then back ON, by the account holder or consumer, at will, through telephony techniques or techniques that do not necessarily rely on the facilities inherent in the public switched telephone network. By turning a card ON, only when a consumer is likely to use the card, fraudulent/unauthorized use of the consumer's card can be effectively eliminated. Also in accordance with the present invention, an account holder preferably has the option of toggling ON or OFF one or several rules, one of which could be the complete disablement of a card.
Embodiments of the present invention are focused on simplicity for the consumer and thus preferably avoid standard telephony offerings, such as Interactive Voice Response (IVR) and others, which require leading a caller through a maze of confusing and frustrating voice prompts.
Nomenclature
In the instant description, the term "card" is used as an abbreviation and a generalization. As such, the term "card" should be broadly interpreted to comprise credit cards, debit cards, prepaid cards, closed loop cards, open loop cards, and private cards. The term "card" should also be interpreted to include "virtual cards" or "accounts" since the term "card" is often just a convenient way to refer to an account. An "account holder" is a person who has control over a given account, which is typically accessed using a "card" as defined above.
The term "call setup information" comprises data elements typically passed within the Public Switched Telephone Network (PSTN) during that portion of the call immediately prior to the call being answered. This segment of a call is sometimes referred to herein as "call setup."
The term "advanced telephony" is used in this description to refer, at least, to the use of a sequence of key presses (touch tone, or phone pad), which reduce the number of keys that must be pressed to accomplish an intended function. This functionality is similar to the concept of what people sometimes refer to as "speed dial." In embodiments of the present invention, a user may make use of advanced telephony, by prior arrangement with a carrier, to abbreviate a given necessary sequence of button presses to increase ease-of-use and simplicity for the consumer.
The term "transaction" refers to any activity between the outside world and an account. This may include purchases, payments, request for authorizations, and any other transactions that are sent for processing on a given card. This term may also refer to component parts of a transaction, e.g., a POS (point of sale) purchase that has a request for cash back. The cash back portion of this transaction may be considered as a separate transaction.
Centrality
A component of some embodiments of the present invention is a "switch"—that means of "turning off" (or controlling in a predetermined way) authorization processing of transactions. In preferred implementations, this "switch" may be implemented in one of two places.
In some applications, the `best` instance in terms of utility and effectiveness, is to place the "switch" in the most central place, i.e., within the existing credit/debit/prepaid card infrastructure, such as those operated by, e.g., Visa.TM., Mastercard.TM., American Express.TM., and merchants such as Sears.TM., etc. One advantage of such placement is that there are some functions performed by these regional, national, and global processors that are performed, as contractually defined and under certain circumstances, in proxy for the "issuing financial institution." This proxy activity is often called "stand-in" processing. Thus, centrally placed, the switch can appropriately affect these "stand in" activities which would otherwise never reach the "issuer". In other words, the control over a given account in accordance with the present invention is implemented by stand-in processor.
In alternative embodiments, the switch or controller may be placed at the issuing financial institution. While such an implementation would operate effectively, it would do so only with respect to a given institution's cards.
In exemplary embodiments, the portion of the system of the present invention that interacts with the consumer or account holder to control the card could, likewise, either be located centrally, or located at the issuer. In the latter case, the issuer might then have to transmit a message to the network. Such a message could easily be incorporated into the existing and the well-known ISO 8583 message set. For example, a message type "302" could be used to communicate to a central processing facility the account number and `new` state of that account.
These embodiments may provide solutions that are global in effect. In other alternative embodiments, the `switch` may be placed in a merchant processing network, thereby extending coverage to those card transactions handled by that particular merchant processing network.
At a high level the present invention provides methods and systems for remotely causing a request for authorization to charge a card, that is otherwise active, to be matched up against one or more rules that may cause the transaction to be denied.
In a preferred telephony embodiment, this is accomplished by providing an access controller at which is received a telephone call from an account holder. ANI and DNIS data is received during a call setup period for the call and is analyzed to select a card account based on the ANI, and decide how to control the account (e.g., enable/disable) based on DNIS. In the case where the action is to turn OFF the card, the access controller formulates and sends a message to an account authorization processing system to deny subsequent requests for authorization to charge the card account. In a preferred implementation, some form of feedback is provided to the card holder that the account was successfully turned OFF (or turned back ON, as the case may be).
Notwithstanding the foregoing, embodiments of the present invention can be implemented in ways other than through the PSTN. For example, an account holder, in accordance with the present invention, is also preferably able to control a card by toggling ON or OFF one or more rules through the use of a web page or a PDA, using the Internet. Of course, the rules may also be toggled by leveraging the infrastructure of the PSTN mentioned above.
Rules that can be toggled in accordance with the present invention include, singularly, or in various combinations, one or more of the following: Turn account on/off completely. Temporal Rules; e.g., based on times in any time zone, or on times dictated by other factors such as sunrise, sunset, holidays, work hours, work week, etc. Control may be imposed by, e.g., enabling/disabling for a predetermined time span, or upon reaching a predetermined time. Merchant Code Rules Currency Amount Velocity Rules; e.g., the number of transactions over time, a total amount over time. Such a rule is readily combinable with other rules such as total amount for a merchant code over time, or total amount for a given transaction type over time. Transaction Type; e.g., International, POS (Point Of Sale), Card Not Present, ATM, Cash Back Level III Data Location Rules Proximity Rules; i.e., the distance between account activity and the account holder at that time. Such a distance may be determined using cell phone based geographical location, GPS, or other location gathering means. Biometric Info Rules; rules based on biometric data gathered at the time of activity or gathered at a previous time.
The foregoing and other features of the present invention will be more fully appreciated upon a reading of the following detailed description along with the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 depicts exemplary components within and over which an embodiment of the present invention operates.
FIG. 2 illustrates a unified modeling language (UML) sequence diagram showing the flow and sequence of messages in a typical use scenario in accordance with the present invention.
FIG. 3 shows a consumer access topology in accordance with the present invention in which an authorization request is received.
FIG. 4 depicts a flow chart that illustrates an exemplary series of steps in accordance with the present invention.
FIG. 5 depicts an exemplary non-telephony embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
The present invention enables account holders, such as card holders, to play a larger role in overall account control by giving the owner of the account specific, remote, and at-will control over access to the account associated with the card. The control is implemented, in one embodiment, by using the public switched telephone network (PSTN) to communicate with a central access location, which is configured to communicate with a system that receives and issues card transaction authorization to effectively toggle predetermined rules regarding transaction processing for the card OFF (or back ON).
Reference is first made to FIG. 1, which shows typical components within and over which a telephony embodiment of the present invention operates. The present invention will work equally as well with a conventional land line 10a or cellular connection 10b. A basic concept underlying this embodiment of the present invention is that an account card holder initiates a telephone call to a predetermined telephone number. Dialing of the number can be by regular touch tones, speed dial, or other advanced telephony functionality that may be available. Once the number is dialed (by the desired means) the public switched telephone network (PSTN) 13 will process the call and attempt, in the first instance, to set it up, prior to a connection actually being established (e.g., using well-known SS7 messaging). In the case of landline 10a, PSTN 13 immediately takes over this messaging function, whereas in the case of cellular connection 10b, a wireless telecommunications service provider typically is interposed between the caller 5 and PSTN 13.
During a typical call set up sequence, PSTN 13 passes call set up information via, e.g., ISDN service 14, to ISDN facility 15, which is closely integrated with an access controller 16, which, as will be explained below, is responsible for communicating with an Issuing Financial Institution or other "authorization processing entity" 18 that controls card/account transaction/authorization processing.
Even more specifically, as shown in FIG. 1, and with further reference to FIG. 2 (and in the case of a cell phone 10b), an account holder 5 uses cell phone 10b to send a uniquely-crafted message 3 to the cellular provider/partner 12, which partner 12 initiates a call to access controller 16. At the outset of this call, a setup message 20 is transmitted to ISDN facility 15, which captures the caller's cell phone number using Automatic Number Identification (ANI). This captured ANI is then used by access controller 16 as a "key" to an account number or a means to look up an actual account number in a table previously constructed for that purpose. ISDN facility 15 also captures the caller's dialed number via the Dialed Number Identification Service (DNIS), and access controller 16 interprets the same as an indication that the consumer wishes one or several rules to be one of enabled or disabled (ON or OFF). Access controller 16 then formulates and forwards a message 21, preferably using standard communications methods and protocols (such as HTTPS—secure/encrypted http) and using standard messaging techniques (e.g., XML/SOAP), to authorization processing entity 18. Authorization processing entity 18 could be the card issuing financial institution, a stand-in, global, processor 8 (FIG. 1), or a merchant's own network. Whatever the case, authorization processing system 18 then causes the selected rules identified in message 21 to be disabled (or enabled). Although shown separately, ISDN facility 15 and access controller 16 could be a single integrated device. As shown in FIG. 1, global processor 8 is preferably in communication with access controller 16 via connection 7, a network connection similar to that between access controller 16 and authorization processing entity 18.
In a preferred implementation, authorization processing system 18 (or global processor 8) responds back to access controller 16 with an acknowledge message 22, which indicates the outcome (OK or fail) of the processing of message 21. In turn, access controller 16 then preferably initiates either an `in-channel` response 23a to the caller 5 in the form of, e.g., busy signal 23a, or alternatively, or an out-of-band response 23b using, e.g., an Instant Messaging (or a short message service (SMS) message), which indicates the success (and perhaps resulting state of the account due to) the initial call 3. Response 23a, 23b is ultimately delivered as shown by reference numeral 24 to caller 5/cell phone 10b.
FIG. 3 illustrates principles of the present invention using a "Consumer Access Topology," or layered structure, that depicts the logical arrangement of the various systems involved in transaction authentication and how they might interact to instantiate account transactions. As shown, a consumer or caller 5 uses a regular landline telephone 10a or cell phone 10b (or generically a "consumer device," which might also include a computer connected to a network by wire or wireless connection, or a PDA with wireless connectivity) to send a succinct message (without, preferably, having to rely on IVR type interactivity) to access controller 16. Keying off of captured ANI and DNIS from the call (or IP address, email address, and/or unique code, in the case of the computer or PDA), access system sends a message in a predetermined format to authorization processing system 18, which then enables or disables an account corresponding to the ANI. When an authorization request 30 is subsequently received by authorization processing system 18, it is determined whether the authorization being sought is permissible in view of the rules then enabled or disabled. If the rules allow, authorization proceeds as is conventional. If a toggled-ON rule(s) causes the authorization to denied, then the request for authorization 30 is denied. Thus, the present invention provides the ability for a card holder to deny transaction authorization to a card, even when the account associated with the card is otherwise active.
As will be appreciated by those skilled in the art, a significant advantage of the present invention is simplicity for the consumer. This is accomplished, in the instant telephony embodiment, by employing tightly coupled integration between telephony (call setup information, dial techniques) and the financial instrument (account number, authentication). In traditional IVR systems, telephones are employed by first calling a number, whereupon a telephony system answers the call. The consumer might then have to listen to voice prompts and respond through the use of the phone's keypad (e.g. "Press 1 for On, Press 2 for Off"). Embodiments of the present invention, however, avoid the complexity and confusion associated with these traditional systems by implementing a system that receives non-verbal commands from the user.
For instance, as mentioned, the call initiated by the card holder may involve the use of `speed dial` or an abbreviated sequence of keystrokes. In the cellular telephone case, `custom` sequences (or so-called short codes) might be used. Examples might include *11 for ON and *22 for OFF, or 111 for ON and 222 for OFF. No further action on the part of the caller/card holder would be necessary to, e.g., enable or disable the account. Other, mnemonic, combinations may, of course, also be implemented. Obviously, use of custom sequences may require cooperation from the cellular system provider. When such cooperation is not forthcoming or unavailable, speed-dial may be used. Generally speaking, custom sequences have the benefit of simplicity for non-sophisticated users, and speed for all users.
In alternative embodiments, a custom sequence, e.g., *11, may be used as a prefix to a longer overall number, which, for instance, could include the last four digits of a card/account number to indicate which rule associated with one of possibly multiple cards associated with the caller's phone number is being turned ON or OFF. For example, *110033 would toggle ON rules associated with the account number ending with the digits 0033 and belonging to the caller (based on the received ANI).
FIG. 4 depicts a flow chart that illustrates an exemplary series of steps 400 for carrying out the telephony implementation of the present invention. At step 401 call setup information is received, in response to a call made by regular landline or via a cellular telephone. The number dialed preferably determines the caller's intent to, e.g., turn the card ON or OFF (assuming that was the only rule available to activate). Of course, a single number may be implemented, which, when called, causes the account simply to be toggled to the other of OFF or ON, depending on its then-current state.
At step 403, both the ANI and DNIS are extracted from the call setup information.
At step 405, the ANI is used to determine, possibly without any further information from the caller, which account(s) is/are being affected. In a preferred implementation, a table is implemented that matches ANIs with respective card accounts. In another possible implementation, a single ANI is used to affect multiple accounts simultaneously. It is noteworthy that ANI is distinct from CALLER-ID, in that it is possible to exploit various means to manipulate or block the Caller ID, whereas ANI is a carrier managed component and, as such, is not easily susceptible to outside manipulation.
At step 407, the DNIS is used to determine a requested state of change in the account. This is especially important in the case where the dialed number impliedly includes specific information (i.e., to turn OFF or to turn ON, or to designate a specific account), rather than being interpreted as a simple toggle request. Both ANI and DNIS are preferably captured using ISDN facilities in coordination with the PSTN. That is, there is relatively tight integration between the PSTN and a terminating end of the caller's call (i.e., ISDN facility 15 and/or access controller 16).
At step 409, based on the ANI and DNIS, as well as any further prearranged direction (e.g., matching multiple cards to a single ANI), a message is sent to an authorization processing system that includes the affected accounts and the states to which they should be set (namely, ON or OFF).
Preferably, at step 411, an acknowledgment message is received confirming the state changes requested and, at step 413, an indication that the account(s) have been so set is preferably returned to the caller from whom the call was received in the first place at step 401.
By leveraging existing functionality of the PSTN and being closely integrated therewith, the present invention allows a consumer's orders to be easily and swiftly effected, possibly even before the consumer hears a first ring on his telephone.
Though it would be possible to practice the invention without feedback to the card/account holder, such feedback is preferably provided. For example, using ISDN services a signal, or auditory cue, can be issued to indicate the call has accomplished a state change for the card. A busy signal might be "delivered" when a state change has occurred, while a continued ringing or other (reorder) signal might indicate that the task was not successfully completed. The use of busy or reorder signaling could be chosen to communicate status and reduce the possibility of confusion, as much as possible and allowable.
Alternatively, to even more clearly communicate the results of the `call` to change state, informing the consumer and confirming the card's new state might be accomplished using an "instant message" (IM), which might be sent indicating not only the card's (now) current state, but also possibly the card's balance, or most recent (e.g., 4 5) transactions. This additional information is, of course optional.
In still another alternative, the call could be answered and a short message `played` to indicate the card's new state.
In yet another alternative, feedback to the consumer might be in the form of an e-mail that is sent to a wireless PDA or wired computer indicating the card's (now) current state and, optionally as above, the card's balance, or most recent (e.g., 4 5) transactions.
As mentioned above, the present invention is not limited to implementation using the PSTN infrastructure. Instead, as shown in FIG. 5, a PDA 50 or computer 52, may connected to a network 54, which may include the Internet or a private network (or a combination thereof). Network 54 is, in turn, also connected to access controller 16. In this "non-telephony" embodiment, instead of capturing ANI and DNIS information from the PSTN to determine an account and the account holder's intended order, access controller 16 captures, e.g., an IP address, email address, and/or specific instructions in an email or instant massage (IM) for toggling or controlling one or more of several rules that might be applied in determining whether a request for authorization for the card should be granted. The method employed by the account holder is not limited to the above mentioned technologies, but could include any method available to communicate the intention of the account holder to toggle a given rule. This could include interaction with a human or IVR.
Rules that can be toggled ON or OFF in accordance with the present invention include, singularly, or in various combinations, one or more of the following: Turn account on/off completely. Temporal Rules; e.g., based on times in any time zone, or on times dictated by other factors such as sunrise, sunset, holidays, work hours, work week, etc. Control may be imposed by, e.g., enabling/disabling for a predetermined time span, or upon reaching a predetermined time. Merchant Code Rules; e.g., which merchants are authorized. Currency Amount. Velocity Rules; e.g., the number of transactions over time, or a total amount over time. Such a rule is readily combinable with other rules such as total amount for a merchant code over time, or total amount for a given transaction type over time. Transaction Type; e.g., International, POS (Point Of Sale), Card Not Present, ATM, Cash Back. Level III Data. Location Rules; e.g., only in particular cities/states/countries, or never in particular cities/states/countries. Proximity Rules; i.e., the distance between account activity and the account holder at that time. Such a distance may be determined using cell phone based geographical location, GPS, or other location gathering means. Biometric Info Rules; rules based on biometric data gathered at the time of activity or gathered at a previous time.
These rules may modify each other in ways that are not about the actual authorization of a transaction. A temporal rule may be used to set a time limit or time window on another rule. A rule to disallow all "card not present" transaction may be set to operate during certain hours of the day, or to expire after a given amount of time. These "rules controlling rules" can be combined so that a rule or group of rules controlling authorization processing can be set to a specific time span, to apply to only one transaction type, and for the whole thing to expire at a particular date. This is just one example of the possible combinations that can be constructed. Another type of rule intended to augment others would be a consumer controlled trigger rule. This rule would stipulate some activity that would automatically cause another rule, or group of rules to be enabled. This could include rules that augmented the transaction authorization processing rules as well. An example could include a trigger rule that stipulated that the next time that card was used that the merchant type or specific merchant at which the card was being used would be the only place that the card would be enabled.
One way to appreciate the adding, layering, and combining of account transaction authorization rules is to equate them with firewall rules. A firewall is a border device used to route and manage digital network traffic between technology systems. These devices use various languages that help define a set of rules that are applied to individual pieces of network traffic to determine what to do with them, including rejecting them completely. A similar approach can be applied to implement a rules-based transactions processing system in accordance with the present invention. Specifically, a single transaction, or possibly parts of a transaction, are evaluated and rejected based on all rules that are enabled and that are applicable to that transaction. Some examples of firewall-like features that may be used include: so-called "white lists" and "black lists," the ability to combine rules, the ability to set an order of precedence, and the ability to switch a default of an account to deny everything and then provide exceptions.
As noted, in some implementations, the account holder is preferably able to combine rules into groups that act as one rule. These groups then can then be enabled and disabled as if they were an individual rule. Every rule, whether it is a single rule or a group of rules, preferably evaluates down to an action to take for a given transaction.
In view of the foregoing, the present invention provides numerous advantages for consumers. The disclosed techniques to implement remote control to toggle ON or OFF one or several rules for controlling transactions in an account, in accordance with the present invention, is easy to use, relatively simple in concept from a user's perspective, fast when applied, reversible by the consumer with a similar effort, and inexpensive since existing PSTN and other available functionality is used.
The foregoing disclosure of the preferred embodiments of the present invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Many variations and modifications of the embodiments described herein will be apparent to one of ordinary skill in the art in light of the above disclosure. The scope of the invention is to be defined only by the claims appended hereto, and by their equivalents.
Further, in describing representative embodiments of the present invention, the specification may have presented the method and/or process of the present invention as a particular sequence of steps. However, to the extent that the method or process does not rely on the particular order of steps set forth herein, the method or process should not be limited to the particular sequence of steps described. As one of ordinary skill in the art would appreciate, other sequences of steps may be possible. Therefore, the particular order of the steps set forth in the specification should not be construed as limitations on the claims. In addition, the claims directed to the method and/or process of the present invention should not be limited to the performance of their steps in the order written, and one skilled in the art can readily appreciate that the sequences may be varied and still remain within the spirit and scope of the present invention.
|
Text Of On-Off Card Patent
Whether the wing flapping of a bug can eventually cause a tornado is debatable, but Cyber Monday 2008 should serve as a warning to E-tailers to avoid the lesson learned by Staples and Dell on Monday (Dec. 1): Don't ignore the butterfly effect.
At about 6 AM on Black Friday, Wal-Mart's site went down for about an hour and then came up. But this time, it had moved its content pages to an outside service. Wal-Mart said it had been a scheduled change, a concept that Gareth Evans, head of client services at Web tracking firm Sitemorse, finds unlikely.
In a trial of new holographic magnetic stripes for its payment cards, Visa found the cards "emitted an electrostatic discharge that caused POS terminals to shut down," according to a report in The Nilson Report, a respected credit card industry newsletter.
Microsoft's Live Search cashback program—which gives rebates to those who comparison shop online and choose stores that are part of the program—was a bit too popular on Black Friday (Nov. 28) and crashed for several hours, leaving consumers with no cashback and a lot of anger.
Sears.com suffered the worst Web problems on Black Friday (Nov. 28), experiencing a series of complete site crashes for much of the day. Although no other major retailer came close, according to preliminary reports, many of the industry's largest merchants suffered site slowdowns or other Web problems, including Walmart, Kmart, Saks, Overstock, Amazon, Target, Kohl's, Costco and Buy.com.
In a trial initially limited to the United Kingdom, Switzerland, Israel and Italy, Visa Europe is starting a trial this month of a card with an 8-digit alphanumeric display, 12-button keyboard and a long-life battery. The card has the ability to offer reciprocal authentication, which is designed to allow consumers "making transactions via phone or the Web a way to identify the party on the other end before transmitting identifying credentials."
Black Friday (Nov. 28) E-Commerce sales hit $534 million, reflecting a one percent increase from last year's Black Friday, ComScore reported Sunday (Nov. 30).
A Web-generated wakeup phonecall to get customers to in-store early morning sales may not have a material impact on quarterly sales, but it's a creative touch for the E-Commerce site JCPenney relaunched right before Black Friday (Nov. 28). Even if the system's in-store inventory update isn't quite accurate.
A group of credit card thieves in Seattle tried to maximize their profits by using their stolen credit card data to open a loyalty card account with Best Buy, where they could get could extra benefits along with their stolen products, according to a federal indictment filed Nov. 19. One had tried a similar rewards scam with a Home Depot reward card and a Sears gift card.
Following a site meltdown by a major U.K. retailer this month, Internet traffic tracking firm Hitwise was able to document and make concrete what has always been assumed: Consumers abandon a retail site when it melts down faster than politicians vote for a tax cut.
Recently released numbers raise questions as to whether online will be much of a savior at all. New figures from eMarketer project that E-Commerce sales will top last year's numbers by some $5.6 billion, a 4.1 percent increase from $136.8 billion to $142.4 billion.
Eduardo Perez of Visa has called its fines for non-compliance "nuisance" fines. In other words, the fines are not large enough to be a big financial burden to retailers but are large enough to get the CFO pissed off about having to pay them and maybe large enough to get a CEO to at least show up for a meeting to discuss PCI.
The IT struggle with knowing where all payment data is—let alone trying to enforce rules that pretty much try and keep it there—was the topic of a StorefrontBacktalk a podcast this week with our own PCI columnist, David Taylor, and security specialist J.D. Oder, the chief technology officer at Shift4.
A Supreme Court decision from back in June 2007—intended to give consumer goods manufacturers greater control over their products' pricing—is fueling confusion, mistrust and runarounds among E-tailers trying to compete on price.
Wal-Mart has agreed to pay $1.4 million to settle complaints that it overcharged customers in California. The Nov. 24 deal involved the mispricing of some 1,043 items over four years. Some of the problems happened because associates would make pricing changes to items in the store's register database but not in the aisle.
PayPal has come up with yet another payment-related use of a cellphone: to authenticate a non-mobile E-Commerce transaction. Customers of the payment giant "can now choose to receive a unique six-digit security code via text message to their mobile phones prior to logging in to their accounts," PayPal said.
There's an E-mail campaign that says consumers can identify American products by the first three digits of the barcode. In theory, this would allow people who only want to buy American products an easy way to do that. The only problem is that the trick doesn't always work, which means it could have the opposite effect.
When are related product lists helpful and when are they distracting? Is it an obviously useful upsell or is it doomed to the fate of the salesperson who shows a customer one too many choices? HP thinks it's often the latter and has sharply trimmed the number of related items it shows. And the company is claiming a 30 percent sales increase as a result.
Amazon.com, which arguably has one of the most extensive retail CRM databases and purchase recommendation engines, envisions a Catch-22 future for gift cards. The key is making them more personalized, more customized. And yet, anything that hints of privacy violations is off-limits. It's like a starving man being given the keys to a well-stocked food locker as long as he agrees not to eat anything.
As more retailers try to go where the customers are rather than getting them to come to the retailer, TiVo and Domino's are taking the next logical step with a TV-as-E-Commerce-Device approach.
We make calls on PCs and surf the Web on our phones. The lines of separation are blurring fast. But in the world of retail technology, the difference between a kiosk and digital signage is one of the more difficult distinctions to make. How to describe that difference? To one CFO, the answer was obvious: A poem. In rhyming verse. Rhyming verse that is so bad it's almost good.
The further employees get from corporate, and from corporate networks, the more likely they are to do things with their computer that security managers would rather they didn't. GuestView Columnist David Taylor asks if these people might be doing things (e.g., downloading malware) that could bring down your company?
When file transfer site YouSendIt—with more than 100,000 paid users bringing in some $10 million this year—crashed on Monday (Nov. 17), it illustrated the kind of crash that should make retailers very concerned.
Podcast panelists debate card replacement problems, including inadvertently printing encryption keys on customer receipts and the refusal of the card brands to shorten how long expiration dates are valid. "We now have to worry about data that's been there as many as 12 years."
A loyalty card that consumers can turn on and off could potentially usher in a consumer revolution of sorts, allowing the majority to punish merchants they see as misusing CRM data that has been entrusted to them. At least that's one scenario painted by the president of the company that is pushing the card.
Amidst an avalanche of hype about the desirability of gift cards this holiday season, the National Retail Federation on Tuesday (Nov. 18) predicted a six perfect drop in gift card sales this season, from $26.3 billion spent during last year's holiday season to a projected $24.9 billion for this season.
Some 30 meters below solid bedrock underneath Stockholm, an abandoned nuclear bunker has been transformed into what could only be described as the world's coolest datacenter.
Several factors are lining up—including rushed technology upgrades, more site handoffs for everything from mobile to social networking widgets and a surge in traffic from bargain hunters—that could easily make this holiday shopping season one of the crashiest in years, if not the crashiest. (Note to copydesk: I don't care if crashiest is not a word. It should be.)
When Sears rolled out its mobile effort (Sears2go) this month, it illustrated the challenges for a retailer trying to craft a clean and stable mobile strategy at a time of extreme flux for the mobile space.
When E-Commerce execs try and understand abandoned shopping carts, they often overlook concrete clues. One of the best is whether shoppers clicked on the store locator link right before leaving. But deciding what to do about abandoned carts, that gets complicated. The innocuous-looking store locator is akin to waving a red cape in front of the face of an E-Commerce manager bull.
The Web is overflowing with analysis of the TJX data breach disaster, but what's intriguing is the possibility that some of the indicted suspects may have worked as code writers in the light of day for some major companies, including Morgan Stanley.
Equifax on Thursday (Nov. 13) announced an E-Commerce CRM and payment card that consumers can activate and deactivate based on how they feel about the site they are visiting. The only way such a card—dubbed the Equifax online identity card—will be successful is if it's adopted by a large number of retailers. And each of those retailers would have to be willing to surrender one of their most precious pieces of data: customer history.
We see tons of variations on the meta-search concept for E-Commerce, but this site seems to have hit on a truly practical combo: An engine that finds the lowest prices and simultaneously finds relevant coupons and then integrates the two.
Visa, long the key driver of compliance with the PCI security standards, is helping to clear up merchant and service provider confusion regarding the global deadlines for PCI DSS compliance. But GuestView Columnist David Taylor notes some unusual phrasing and concludes that Visa wants to ease the compliance process to get more service providers outside the United States on board.
Instead of making gift cards worthless once they're emptied, Target and Best Buy have opted for the other extreme: With enough micro electronics, the gift cards themselves might be worth more than the merchandise they can buy.
Wal-Mart will insist that its Chinese suppliers comply with RFID tagging by January 2009. And given various recent safety problems reported from China, Wal-Mart is also requiring sub-contractor information be included with every tagged product.
Forced to try and boost revenue in a tight economy, Best Buy is pushing an aggressive plan—based partly on open APIs—to sell to customers wherever on the Web they're hanging out, rather than trying to get them to virtually travel to the retailer's online storefront.
While the headlines in the United States tell of store closings and expansions being back-burnered, it's a very different story in at least one part of the Middle East. In Dubai in the United Arab Emirates, Tuesday (Nov. 4) saw the world's largest mall opening ever.
RFID sales globally will be more than $5.3 billion this year, with supply chain management, ID documents, ticketing and contactless payment drive shipments leading the way, according to a report released Monday (Nov. 3) by ABI Research.
MasterCard's PayPass is ramping up its mobile program with an over-the-air provisioning service to supposedly make it easier for consumers to personalize their payment data on their mobile devices.
Without a doubt, the most popular strategy for dealing with PCI compliance and data security is avoidance, writes GuestView Columnist David Taylor. Not unlike the game of "hot potato," which dates back to the pilgrims, the goal is to find someone who is willing to put up with the hassle of PCI compliance and then give that person all the credit card data.
When Costco on Monday (Oct. 27) announced that it would support—for the first time—customer comments on its products, the move was less noteworthy for the $71 billion chain's late-to-the-party embrace than for what it says about the industry's acceptance of a once much-feared feature.
Although there is a little doubt that the United States is in for a very rough economic period over the next half-year or more, there is ample reason to believe that retail IT may escape mostly unharmed. Let's not get too optimistic here. "Mostly unharmed" doesn't mean escaping untouched. But it does mean that when large companies—especially retailers—have to suddenly make do with a lot fewer people, they need that good ole IT magic more than ever.
The battle for booksales should be an online natural. But as Barnes & Noble discovered this week, the compelling, intimate experience of a physical bookstore is still proving elusive.
A Hong Kong RFID vendor is boasting about a new $1,950-$2,500 handheld UHF reader "with a read range exceeding 25 feet with standard dipole passive tags and a throughput reaching 400 tags per second." That claim is usually reserved for fixed readers, a very sharp claimed performance boost.
Genesco, which owns more than 2,000 stores operating as nine different chains including Johnston & Murphy, Dockers and Journeys, learned this week how POS receipt customization can be remarkably dangerous.
As the U.S. economy collapses (temporarily mind you, but a collapse nonetheless) and holiday sales contract, the one segment rumored to likely fare best is merchants selling to the highly affluent. But in what could be bad news for E-Commerce, those rich niche retailers tend to resist online sales more fervently than other E-tail segments.
Technology that has been deployed to digitally watch—and analyze—how consumers interact with digital signage could also be used to interpret what they are doing while looking at a cereal shelf. Are they ignoring the product or are they picking it up, reading the label and then quickly putting it back?
The group originally called the PCI Alliance, which changed its name to the PCI Security Vendor Alliance on Tuesday (Oct. 21), has changed its name again—this time to the Payment Card Industry Security Alliance (PCI SA). Mercifully, it never bothered to change its URL, so it's still pcialliance.org.
A major Japanese mobile phone loyalty card trial slated to run from February through June of next year might prove to be a powerful prototype of how other countries might deploy mobile payment networks.
Companies are beginning to extend the protection of PCI-driven security controls to other confidential data, which is great, argues GuestView Columnist David Taylor. What is even better, he says, is that some service providers are finding they can leverage their PCI compliance to gain a competitive advantage.
Australia's Woolworths, which runs the country's largest supermarket chain, has given thumbs up to one RFID trial and thumbs down to another. "The overall cost for a company the size of Woolworths is still too high, and the return on investment for track and trace is just not enough for us to race ahead."
The very premise of E-Commerce is for E-tailers to create a beautiful site, where your customers come to shop. The latest trend, though, is to cut deals with your customers to buy from you anywhere but your site, whether it's on MySpace or Facebook social networking sites, from a cell phone, in the middle of a Google search or while watching a YouTube video.
E-Commerce customers who speak English are "the most frequent victims of identity theft, twice the rate of France, Germany and Spain," according to a study released Tuesday (Oct. 21) by PayPal. The E-mail survey of 1,000 consumers was conducted this summer and examined six countries: the United States, Canada, France, Germany, Spain and the United Kingdom.
As retailers across the globe modernize, the installed base of payment authorization terminals has soared almost 22 percent from 2006 to 2007. As happens typically in a growth segment such as authorization terminals, vendor consolidation has concentrated control—and, therefore, retail purchase options—into far fewer hands.
In their September stats, U.K. sites that sold eyeglasses and related vision aids fared among the very worst in one criteria: sites that are designed to be easily used by those with vision difficulties.
The Circuit City "one price promise" move could ultimately prove to be quite a clever piece of marketing. First, it will be trumpeted as a consumer advantage, even if it means that the price equality will be achieved by sometimes (all the time?) online pricing being raised to match the in-store price.
Home Depot and McDonald's are both in the middle of non-traditional kiosk trials. McDonald's is on its fourth such trial, after having concluded that the first three simply didn't work well. Not too many retailers would opt for a fourth trial after three unsuccessful attempts. The non-traditional Home Depot kiosk trial is based more on the units themselves—small mobile units, some as tiny as 5-inches tall—and the size of the chain's planned kiosk commitment: Well north of $100 million for full deployment
Consider this: Is there a connection between a growing support for various cloud computing approaches and the increasingly active IT role that franchisees are taking? Yes, it's a wacky juxtaposition, but stay with me for a moment. There has been a steady noise coming from retail franchisees who are trying to drive more of their stores' IT strategy.
When GuestView Columnist David Taylor wrote last week about PCI 1.2 changes, he received quite an earful from readers that some changes are having an even more strict impact.
When supermarket chain Wegmans confirmed this month its first-ever self-checkout trial, it was billed as a customer service feature. That's technically true, but only in a very roundabout way.
This is the latest volley in a federal court—and soon federal legislative—game of Internet taxation and control. Can states force E-Commerce sites to tax for them? Can municipalities police what gets sold in their communities, even via laptop or PDA?
"The systems were very poorly adjusted to reflect differences in locales," said CEO Frank Blake. "We are the single-largest less-than-truckload shipper in the United States. A lot of trucks are going to stores that aren't full. It's not efficient."