Secure financial payment

摘要

To improve security for processing of financial transactions on a customer's account, particularly for users of mobile devices, the examples authenticate the customer or user in an effective manner and/or transfer funds upon successful authentication, using intelligence of the customers' mobile devices. The present approach uses an identifier of the mobile device or user at the mobile device. The user is authenticated for a particular desired transaction based on some number of authentication factors, one or more of which is a biometric input. The user authentication technique, e.g. factors used and/or precision of matching of received user authentication factors to reference factors, can be varied based on a variety of parameters, such as transaction amount, time, device location, history of prior transactions or history of other aspects of device usage. The processing avoids storage of sensitive customer data, e.g. account number at a merchant and/or at the customer's mobile device.

主权项

1. A computer, comprising:
a network communication interface; a processor; a memory accessible to the processor; and programming in the memory, wherein execution of the programming by the processor configures the computer to perform functions, including functions to:
receive a parameter of a first financial transaction via a network and the communication interface;receive a user or device identification, other than a financial account identifier, from a mobile device via the network and the communication interface;receive, from the mobile device via the network and the communication interface, at least two user authentication factors obtained by the mobile device from a current user of the mobile device for authentication relative to the first financial transaction, at least one of the received factors being a biometric factor;based at least in part on the parameter of the first financial transaction, identify a first rule set, from among a plurality of rule sets of a financial transaction entity defining requirements for user authentications;identify an authentication file based on the received identification, the authentication file corresponding to but not including an identification of any financial account maintained by the financial transaction entity corresponding to the received identification;based on the first rule set, obtain one or more reference factors from the identified authentication file for authentication relative to the first financial transaction, at least one obtained reference factor corresponding to a valid user of the corresponding financial account;authenticate the current user of the mobile device as the valid user based on a successful comparison of the one or more obtained reference factors to a corresponding one or more of the user authentication factors received for authentication relative to the first financial transaction; andin response to the authentication of the current user as the valid user, transmit data via the communication interface and the network to enable completion of the first financial transaction with respect to the corresponding financial account by the financial entity.