Browse Prior Art Database

Secure method and system for identifying, confirming, and/or selecting accounts without exposing sensitive account information

IP.com Disclosure Number: IPCOM000009154D
Publication Date: 2002-Aug-09
Document File: 5 page(s) / 13K

Publishing Venue

The IP.com Prior Art Database

Related People

Ted Conway: INVENTOR [+2]

Related Documents

http://www.experian.com/consumer/help/fraud/experian.html: URL [+3]

Abstract

[ IPCOM000000012S originally published 2001-09-07 08:33 UTC ] A method and system for a first party (e.g., merchant, financial institution) to indicate to a second party (e.g., customer) one or more accounts that the first party has on file for the second party when communicating with the second party in a variety of ways (e.g., secure or non-secure network, phone, fax, mail, cable TV, etc.) without exposing any sensitive information related to the accounts (e.g., account numbers). The first party sends a message to the second party that contains only non-sensitive, unique identifiers that were pre-specified by the second party to meaningfully represent the second party's accounts. The first party retrieves the account identifiers from its records (either manually or using computer technology), constructs a message, and transmits the message to a customer location in a variety of ways (e.g., secure or non-secure network, phone, fax, mail, cable TV, etc.). The second party receives the message, which may simply report the account identifiers (e.g., ATM or gas pump receipt, credit report) or may require the second party to confirm in a return message which specific account(s) on file with the first party should be used in a transaction (e.g., credit card balance transfers, credit/debit card charges). Since no sensitive account information is included in any transmitted message, a third party cannot discover any portion of the second party's confidential account information. __________ FIG. 1 uses a modified example from U.S. Patent Document 5,715,399 (Bezos, Amazon) to show the problems inherent in today's widely adopted techniques that transmit messages from a merchant to a customer that include portions of credit card numbers that indicate the credit card information that the merchant is maintaining for the customer, which includes disclosure of sensitive credit card information, display of information that does not readily identify the underlying card to the customer, and even an ambiguous situation in which the customer has no chance of being able to identify the unique underlying card (B,C); FIG. 1 REF. LETTER TYPE LAST 5 DIGITS EXP. DATE A VISA 86543 10/98 B VISA 21883 04/97 C VISA 21883 04/97 D MC 15609 08/98 FIG. 2 illustrates an exemplary message under the present invention that handles the same situation, but allows the customer to readily identify the underlying cards without ambiguity and - most importantly - without disclosing any portions of the sensitive credit card numbers. FIG. 2 REF. LETTER CUSTOMER-CHOSEN ACCOUNT IDENTIFIER A VISA (PRINCETON ALUM) B VISA (MIT ALUM) C VISA (CITICORP) D MC (FLEET) [ 000000012S 12S ]

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 22% of the total text.

Secure method and system for identifying, confirming, and/or selecting accounts without exposing sensitive account information

--------------------------------------------------------------------------------

Abstract

A method and system for a first party (e.g., merchant, financial institution) to indicate to a second party (e.g., customer) one or more accounts that the first party has on file for the second party when communicating with the second party in a variety of ways (e.g., secure or non-secure network, phone, fax, mail, cable TV, etc.) without exposing any sensitive information related to the accounts (e.g., account numbers). The first party sends a message to the second party that contains only non-sensitive, unique� identifiers that were pre-specified by the second party to meaningfully represent the second party's accounts. The first party retrieves the account� identifiers from its records (either manually or using computer technology),� constructs a message, and transmits the message to a customer location in a variety of ways (e.g., secure or non-secure network, phone, fax, mail, cable TV, etc.). The second party receives the message, which may simply report the account identifiers (e.g., ATM or gas pump receipt, credit report)� or may require the second party to confirm in a return message which specific account(s) on file with the first party should be used in a transaction (e.g., credit card balance transfers, credit/debit card charges). Since no sensitive account information is included in any transmitted message, a third party cannot discover any portion of the second party's confidential account information.

--------------------------------------------------------------------------------

Inventors:� Conway, Ted (Chicago, IL)�

Filed:� September 7, 2001

-------------------------------------------------------------------------------

References Cited

U.S. Patent Documents

5,715,399 February, 1998 Bezos�

Other References

Experian Credit Bureau, "Experian Procedures" <http://www.experian.com/consumer/help/fraud/experian.html>, 2001.

Breitkopf, David, American Banker, "States' Answer to Card Fraud: Clip Digits from Receipts "

� <http://www.mycounsel.com/news/credit_collections/archive/2000/12/27/news/0000-0068-KEYWORD.Missing.html>, 2000.

--------------------------------------------------------------------------------

Claims

The invention in which an exclusive fight is claimed is defined by the following:

1. A method enabling the first party (e.g., merchant, financial institution) to indicate to a second party (e.g., customer) by written or electronic communication, one or more accounts of the second party that are maintained by the first party without compromising ANY sensitive account information (e.g., account numbers) whatsoever, said method comprising the steps of:

(a) retrieving non-sensitive, unique account identifiers that were pre-specified by the second party to meaningfully represent the second party's accounts from th...