Authernative, the developer of innovative user and transaction authentication and identity management technologies, announced today that the United States Patent & Trademark Office has granted the company a patent for a private and secure financial transactions method.
The newly issued U.S. Patent No. 7,379,916, entitled "System and Method for Private and Secure Financial Transactions," adds to similar patent issuances in Canada, Australia, New Zealand, China and Hong Kong. The patent describes an enhanced security and fraud protection system which enables financial account holders to perform highly secure financial transactions with or without disclosing private financial or personal information to merchants or sellers. The method describes a transaction-processing architecture for performing secure in-person, offline, online, or mobile financial transactions with the direct participation of the account holder's financial account provider (i.e. bank account, mobile provider, credit provider, e-wallet provider, etc.). The patent also introduces a random partial PIN/password recognition algorithm to authenticate the account holder.
"The advantage of this embedded privacy and security layer (EPSL(TM)) architecture is that it enables account holders to perform controlled secure transactions without disclosing private, financial, or any other personally identifiable information to the seller or merchant, thus enhancing consumers' privacy and mitigating the potential for fraud and identity theft", says Dr. Len Mizrah, CEO of Authernative. "Another advantage is that it opens an opportunity for any financial account provider to become a counterpart to the payment transaction and share revenue generated from transaction fees."
Key aspects of the patent include the following. Prior or during a transaction, the account holder gets connected to the financial account provider where the account resides. The financial provider securely authenticates the account holder and accepts the transaction parameter controls such as the amount limit, type of transaction, time validity, and the like. Upon the entire transaction authentication, which includes both the account holder and the tranransaction parameters, the financial account provider generates a one-time, transaction-specific alphanumeric signature (i.e. transaction identifier, one-time virtual card number) that is transferred to the account holder from the financial provider back office during the transaction authentication stage. "This one-time transaction-specific signature pre-authenticates the entire financial transaction" says Len Mizrah, "and it is only valid for the initiated transaction, for up to a specified amount limit, and up to an allowable time limit, irrespective of which merchant processes the purchase."
Then, the one-time transaction-specific signature is presented to the merchant along with the EPSL(TM) account number. The merchant transmits them to the financial account provider along with the exact transaction amount and time and business stamps for the transaction authorization. The authorization stage of the financial transaction occurs at the back office when the financial account provider receives the transaction signature and the other parameters from the merchant and positively matches it to the prior authentication record.
Concurrently, the accounting stage is completed in order to reconcile the actual transaction amount against the predicted transaction amount and the funds in the account "This ensures that the authentication, authorization, and accounting stages are coupled together and tied to the legitimate account holder and the specific transaction," says Len Mizrah. Importantly, the entire authentication, authorization, and accounting system is clocked, enabling secure and efficient mass user EPSL implementation at back offices utilizing high frequency synchronized global clocking of EPSL logic blocks.
The security advantages of this system are manifold. This payment solution is merchant-independent - the transaction signature can be submitted to any merchant. The EPSL(TM) account number is useless if intercepted by an intruder unless it is supported by the one-time transaction-specific transaction signature. If the transaction-specific signature is stolen from the merchant's database or a payment gateway, it cannot be reused like the static payment card number. Nor will capturing transaction data in transit yield the ability to perform fraudulent transactions. Moreover, the user controlled transaction parameters limit the fraud potential. In addition, the system utilizes a random partial PIN/Password recognition algorithm to securely authenticate the user and prevent against a credential compromise. Importantly, the use of a one-time transaction signature and a one-time PIN exceeds the Payment Card Industry (PCI) and Payment Application (PA) Data Security Standard (DSS) requirements as neither the static reusable card number nor the static PIN are passed or stored at the merchant, the payment gateway provider, or the POS device.
Electronic payments represent a significant growth opportunity for banks, payment processors, and retailers, as the focus shifts from replacing paper instruments to the next generation of electronic payment solutions. Concurrently, there is significant growth in fraud, undermining consumers' trust in the financial system, and constituting billions of dollars in losses for financial institutions, businesses and consumers. The methods of committing fraud are also growing in sophistication, including card theft, skimming devices, counterfeiting, mail interception, spoof sites, credential theft, mass financial database breaches, transaction data in-transit breaches, and consumer identity theft. In addition, the collection, data mining, and selling for profit, legally or illegally obtained, financial and personal consumer information is also escalating. As a result, there has been an increase in alternative payment methods adoption over the last several years. Consumers now view alternative payment methods as a trusted and viable way to pay for purchases.
Authernative's patented method offers a compressive set of capabilities in the (EPSL(TM)) architecture such as preventing fraud, giving the account holder control over the transaction, securely authenticating an account holder as part of the entire transaction authentication, and protecting the account holder's private personal information from merchants and other transaction counterparts.
The U.S. issued patent solidifies the company's ability to license private and secure financial transactions intellectual property and solutions.