	US 12,223,506 B2
	Methods and systems for multi-factor authentication based payment
Sachin Kumar Singh, Pune (IN); Sandeep Parvathareddy, Krishna Nagar Guntur (IN); and Hemant Arora, Pune (IN)
Assigned to Mastercard International Incorporated, Purchase, NY (US)
Filed by MASTERCARD INTERNATIONAL INCORPORATED, Purchase, NY (US)
Filed on Dec. 7, 2022, as Appl. No. 18/062,702.
Claims priority of application No. 202141059715 (IN), filed on Dec. 21, 2021.
Prior Publication US 2023/0196374 A1, Jun. 22, 2023
Int. Cl. G06Q 20/40 (2012.01); G06Q 20/38 (2012.01); G06Q 20/42 (2012.01)

CPC G06Q 20/4016 (2013.01) [G06Q 20/3821 (2013.01); G06Q 20/42 (2013.01)]

20 Claims

1. A computer-implemented method, comprising:

receiving, by a server system, a request in association with a payment transaction between a cardholder and a merchant, the request comprising a cardholder identifier associated with the cardholder, and information of a successful verification of a user input entered by the cardholder for performing multi-factor authentication (MFA) of the payment transaction;

identifying, by the server system, user profile data stored in a database based, at least in part, on the cardholder identifier, the user profile data comprising information of a plurality of registered user devices associated with the cardholder for the MFA;

performing, by the server system, device behavioral analysis of one or more user devices from the plurality of registered user devices associated with the cardholder including calculating a device behavioral score by:

(a) obtaining device identifiers from the one or more user devices and comparing the obtained device identifiers with authenticated identifiers already stored in the user profile data associated with the cardholder,

(b) determining that the cardholder is logged into email accounts of the cardholder running on the one or more user devices,

(c) determining a time of receipt of a one time password (OTP) associated with performing multi-factor authentication (MFA) of the payment transaction and calculating a time differences between a received time of the OTP and a time of entering the OTP,

(d) determining a period of the one or more user devices spent in a dark mode,

(e) calculating a device behavioral score for the user device based, at least in part, on results of steps (a), (b), (c), and (d), and

generating, by the server system, an MFA token associated with the payment transaction based, at least in part, on the device behavioral analysis;

transmitting, by the server system, the MFA token to a payment server associated with a payment network, wherein the MFA token is utilized for authorizing the payment transaction; and

authorizing the payment transaction.