| CPC G06Q 20/4016 (2013.01) [G06Q 20/12 (2013.01); G06Q 20/3226 (2013.01); G06Q 20/405 (2013.01); H04L 63/08 (2013.01); H04L 63/083 (2013.01); H04L 63/101 (2013.01); H04W 12/67 (2021.01)] | 18 Claims |
|
1. An authentication platform for authenticating an online user when an access control server (ACS) is offline or otherwise unavailable, the authentication platform comprising:
a risk based authentication (RBA) enabled directory server communicatively coupled between a merchant computing device and the ACS;
an RBA engine communicatively coupled to the RBA enabled directory server, the RBA enabled directory server and the RBA engine implemented using at least one processor; and
a memory device communicatively coupled to the RBA enabled directory server and the RBA engine, wherein the at least one processor is programmed to:
build an authentication model that enables the authentication platform to stand in for the ACS when the ACS is offline or otherwise unavailable, the authentication model generated by comparing i) transactions previously authenticated by the ACS with ii) historical data processed by a payment processing network, the ACS only having access to transaction data for a smaller number of transactions than the historical data processed by the payment network;
receive, from the merchant computing device, at the RBA enabled directory server, an authentication request message for a current transaction, the authentication request message including authentication data in accordance with 3DS 2 Protocol or subsequent 3DS Protocol versions;
extract, at the RBA enabled directory server, the authentication data from the authentication request message;
transmit the authentication request message over a computer network;
determine, based on a response to the transmitted authentication request message, that the ACS is offline or otherwise unavailable;
in response to determining that the ACS is offline or otherwise unavailable, stand in for the ACS to authenticate the current transaction by:
transmitting the extracted authentication data from the RBA enabled directory server to the RBA engine;
performing, using the RBA engine, based at least in part on the extracted authentication data, an RBA analysis on the transaction to generate RBA result data that includes a risk score and at least one reason code, the RBA result data generated using the authentication model, and the RBA analysis performed using machine learning such that the ability of the authentication platform to determine transaction risk scores improves over time, wherein to generate the at least one reason code, the at least one processor is programmed to:
establish a plurality of reason code categories, each reason code category including a plurality of anchors, wherein the plurality of reason code categories include at least a cardholder category, a merchant category, and an environment category;
activate, based on a comparison of the extracted authentication data to at least one long term variable stored in the memory device, a plurality of activated anchors, wherein at least one of the plurality of activated anchors is in the cardholder category or the merchant category; and
generate the at least one reason code based on connections between the plurality of activated anchors by:
when at least one anchor in the cardholder category is activated, generating a positive reason code indicating a low risk of fraud;
when at least one anchor in the cardholder category is activated and at least one anchor in the merchant category is activated, generating a stronger positive reason code indicating a lower risk of fraud; and
when at least one anchor in the cardholder category is activated, at least one anchor in the merchant category is activated, and at least one anchor in the environment category is activated, generating an even stronger positive reason code indicating an even lower risk of fraud;
transmitting the RBA result data from the RBA engine to the RBA enabled directory server;
generating, at the RBA enabled directory server, an authentication decision based on the RBA result data-using 3DS 2 Protocol or subsequent 3DS Protocol versions, and wherein the 3DS 2 Protocol or subsequent 3DS Protocol versions include a larger number of data elements than 3DS 1.0 Protocol, thereby generating the authentication decision at the authentication platform instead of the ACS when the ACS is offline or otherwise unavailable;
embed the authentication decision generated using 3DS 2 Protocol or subsequent 3DS Protocol versions in an authentication response message as an extensible markup language (XML) extension; and
transmit, from the RBA enabled directory server, the authentication response message with the embedded authentication decision generated using 3DS 2 Protocol or subsequent 3DS Protocol versions from the authentication platform to the merchant computing device, prompting the merchant computing device to determine whether or not to proceed with the current transaction based on the embedded authentication decision that was generated using the authentication model built by the authentication platform.
|