US 11,868,920 B2
Authentication platform for pin debit issuers
Paul Turgeon, Fort Collins, CO (US)
Assigned to CardinalCommerce Corporation, Mentor, OH (US)
Filed by CardinalCommerce Corporation, Mentor, OH (US)
Filed on Sep. 28, 2020, as Appl. No. 17/034,033.
Application 17/034,033 is a continuation of application No. 13/765,003, filed on Feb. 12, 2013, granted, now 10,810,584.
Claims priority of provisional application 61/599,114, filed on Feb. 15, 2012.
Prior Publication US 2021/0019743 A1, Jan. 21, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. G06Q 20/38 (2012.01); G06Q 20/40 (2012.01); G06Q 20/32 (2012.01)
CPC G06Q 20/3821 (2013.01) [G06Q 20/3223 (2013.01); G06Q 20/385 (2013.01); G06Q 20/407 (2013.01); G06Q 20/409 (2013.01); G06Q 20/4015 (2020.05); G06Q 20/4016 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
at least one processor of a third party associated with a universal merchant platform (UMP) that is programmed or configured to:
receive merchant data associated with registration for the UMP, from a merchant, wherein the merchant data comprises a specification of a plurality of rules to apply to a personal identification number (PIN) debit transaction between the merchant and a consumer to determine security of a digital processing device and a weighting associated with the plurality of rules;
store the specification of the plurality of rules in a rules database; and
during processing of a transaction between the merchant and the consumer that is conducted via an e-commerce channel or an m-commerce channel by a consumer via a digital processing device:
determine how to process the transaction between the merchant and the consumer, wherein, when determining how to process the transaction, the at least one processor is programmed or configured to:
determine that a payment type to be used by the consumer for the transaction is a PIN debit card;
determine whether the digital processing device associated with the consumer that is being used by the consumer to carry out the transaction is secure in response to determining that the payment type to be used by the consumer for the transaction is a PIN debit card, wherein, when determining whether the digital processing device associated with the consumer is secure, the at least one processor is programmed or configured to:
receive, from the digital processing device and via a communications network, data regarding the digital processing device associated with the consumer, wherein the data regarding the digital processing device is obtained by the digital processing device;
apply, via a rules engine, the plurality of rules to the data regarding the digital processing device associated with the consumer to generate a score indicative of the security of the digital processing device; and
apply, via the rules engine, a threshold to the score to determine whether the digital processing device is secure;
complete processing of the transaction in response to determining the digital processing device is secure;
wherein the plurality of rules comprises:
a rule decreasing the score if malware is detected on the digital processing device being used by the consumer to carry out the transaction between the merchant and the consumer;
a rule decreasing the score if a screen scrapping attack is detected on the digital processing device being used by the consumer to carry out the transaction between the merchant and the consumer; or
a rule decreasing the score if a man in the middle attack is detected on the digital processing device being used by the consumer to carry out the transaction between the merchant and the consumer.