AND FRAUD MONITORING

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Patent

Application Nos. 62/350,322 (filed on June 15, 2016); 62/350,335 (filed June 15, 2016); 62/350,407 (filed June 15, 2016); 62/350,416 (filed June 15, 2016);

62/350,821 (filed June 16, 2016); 62/350,831 (filed June 16, 2016); 62/351,016 (filed June 16, 2016); 62/351,155 (filed June 16, 2016); 62/351,164 (filed June 16, 2016); and 62/351 ,227 (filed June 16, 2016) the contents of which provisional applications are hereby incorporated by reference for all purposes.

BACKGROUND

Consumers having bank accounts have access to multiple tools for spending and/or transferring funds such as checks, debit card spending, credit cards, automatic teller machine (ATM) access, and the option to transfer funds electronically from one bank account to another. However, comparable tools and/or systems are not available to consumers for tracking and managing spending behavior from all of their accounts (which can be at multiple financial institutions) and/or capable of triggering timely alerts (i.e., an alert in real time) concerning what appears to be unauthorized use of funds from one or more accounts.

Consumers also lack access to a budget management tool capable of viewing and/or utilizing data associated with spending and/or financial data from multiple accounts regardless of the financial provider. In addition, conventional banking tools operate in an offline environment, and typically require periodic data refreshing operation^) (such as financial data downloads or periodic updates) for each account of the consumer in order to accurately present or display account balance statements and/or line item spending data to consumers. Such banking tools typically have the capability to trigger alerts concerning discovery of unauthorized transactions and/or budget impacting transactions only during the refresh cycle, which in many cases is too late for a consumer to react and/or take effective mitigating action and/or remedial action. Banking tools and/or consumer financial tools available today also lack the capability to automatically take action (without further consumer input) based on specific alerts or budget triggers concerning multiple accounts held at different financial institutions in accordance with consumer preferences. For example, the current environment offers some banking solutions that allow consumers to set up a simple budget with a service provider, like a financial institution or a bank, but do not offer any control functionality for use by the consumer except for a simple alert. Thus, consumers do not have any way, for example, to provide instructions that allow the system or network to automatically block a transaction or transactions based on pre-set consumer thresholds (which may be monetary amounts or time frames, for example) and/or based on their preference(s).

Aspects of this disclosure are also concerned with EFT (electronic funds transfer) systems.

Electronic funds transfer payment networks are configured to primarily transfer money electronically from one bank account to another, either within a single financial institution or across multiple institutions. The EFT network utilizes one or more computer-based systems without the direct intervention of bank staff to transfer the money, and the accounts can either be commercial accounts or consumer accounts.

Payment card networks are configured to process credit card, debit card, and/or pre-paid card account transactions primarily in the retail space, to complete a sale or guarantee payment for services rendered by merchants. Payment card systems and/or payment card networks operate independently and/or mutually exclusively of the EFT payment networks despite some overlaps in in their application. Moreover, the payment card networks use communications protocols that are distinct from those used by the EFT payment networks.

Fraud management has been traditionally been an important component for payment card networks which process millions of payment card transactions, for example, credit card and/or debit card transactions, almost every day. Payment networks have thus employed fraud management tools from a network standpoint. In addition, merchants that accept payment card payments have begun to employ some form of fraud management tool with regard to their own merchant computer systems that is either a self-managed tool or that is provided by the payment network on behalf of the merchants. EFT payment networks which move funds from one bank account to another have not typically employed sophisticated fraud management tools.

Consequently, EFT transactions (or electronic clearing house transactions) have started to see a steady rise in identity theft and/or consumer account takeover situations, wherein consumers stand to lose a significant amount of funds from their bank accounts due to sophisticated fraudsters. For example, bank checks carry information such as bank account numbers and bank routing numbers, and thus unauthorized direct debits and/or stolen internet banking credentials are among the factors that can catch a consumer off guard. BRIEF DESCRIPTION OF THE DRAWINGS

Features and advantages of some embodiments, and the manner in which the same are accomplished, will become more readily apparent with reference to the following detailed description taken in conjunction with the accompanying drawings, which illustrate exemplary embodiments, wherein:

FIG. 1 is a block diagram illustrating a payment card account system in accordance with some embodiments of the disclosure.

FIG. 2 is a block diagram of an embodiment of a payment network system in accordance with some embodiments of the disclosure.

FIG. 3 is a block diagram illustrating a financial system in accordance with some embodiments of the disclosure.

FIG. 4 illustrates an example of a central switch that may perform functions in the system of FIG. 3 in accordance with some embodiments of the disclosure.

FIG. 5 is a flowchart illustrating a process that may be performed in the system of FIG. 3 in accordance with some embodiments of the disclosure.

FIG. 6 is a block diagram illustrating a payment network system in accordance with some embodiments of the disclosure.

FIG. 7 illustrates an example of a fraud platform computer system that may perform functions in the system of FIG. 6 in accordance with some embodiments of the disclosure.

FIGS. 8, 9 and 10 are flowcharts illustrating processes that may be performed in the system of FIG. 6 in accordance with some embodiments of the disclosure. DETAILED DESCRIPTION

In general, and for the purpose of introducing concepts of novel embodiments described herein, provided are systems, apparatus and methods for providing one financial tool that permits a consumer to track and manage spends from all of his or her accounts and/or trigger alerts for unauthorized use of funds regardless of which financial institution holds an account or accounts, and regardless of the type of financial transaction. In some implementations, the financial tool also permits users to set up their own budgets and/or financial controls so that action(s) can be automatically taken when an event occurs based on the users' pre-deiined threshold(s) and/or criteria. For example, in some implementations a user can set up an instruction for Bank A to transfer funds from a savings account to a checking account at Bank B when the checking account at Bank B runs low on funds. In some embodiments, a financial system that operates in the manner described above includes a central switch computer which operates a central financial service configured for providing a user or consumer with a dashboard view of all transactions associated with the consumer's financial accounts across different financial service providers. The central financial service may include management options for mitigating actions for transactions on the fly (i.e., in real time), for permitting the consumer to set up one or more alerts (which may be dependent on one or more conditions occurring and/or other criteria), and for permitting the consumer to set up one or more budgeting operations related to or associated with one or more spending conditions concerning one or more of the consumer's financial accounts.

In other aspects, systems, apparatus and methods are presented for retrofitting or otherwise providing fraud monitoring tools utilized by the credit card and/or debit card industry into electronic funds transfer (EFT) payment networks to thus provide enhanced fraud management, fraud mitigation, and fraud prevention.

In some embodiments, a financial transaction system includes a fraud platform that is operably connected to both a payment/s witch network (which handles electronic funds transfer transactions) and a payment network (which handles payment card account transactions). In some implementations, the fraud platform includes and utilizes an heuristic fraud engine that includes a plurality of machine learning algorithms configured to assimilate multiple data points in a specific EFT payment debit or credit transaction and, which enables the fraud platform to generate and transmit threat level scores to the EFT payment network. As the heuristic fraud engine continues to obtain and analyze large amounts of transaction data pertaining to both legitimate and fraudulent EFT transactions, overall fraud monitoring and fraud prevention capabilities become more effective because the ability to effectively recognize potential fraud attacks increases. In addition, the capabilities of the fraud platform with regard to EFT transactions is enhanced by the parallel linkage to the payment card network due to the payment card network transaction data which has accumulated over the years.

Throughout this disclosure, examples of financial transactions will be described. However, those skilled in the art will appreciate that embodiments disclosed herein may be used with desirable results for other types of transactions, such as transactions permitting a user to enter a mass transit system (such as entiy to a subway train station and/or to a public bus station) or for paying a toll for roadway access.

A number of terms will be used herein. The use of such terms is not intended to be limiting, but rather the terms are used for convenience and ease of exposition. For example, as used herein, the term "user" may be used interchangeably with the term "consumer" and/or the with the term "cardholder" and/or with the term "account holder" and these terms are used herein to refer to a person, individual, consumer, customer, company, business or other entity that owns (or is authorized to use) a financial account such as a bank account or payment card account (i.e., a credit card account or debit card account) or some other type of financial account (such as a brokerage account, loyalty card account, and/or mass transit access account). In addition, the term "payment card account" may include a credit card account, a debit card account, and/or a deposit account or other type of financial account that an account holder or cardholder may access. The term "payment card account number" includes a number that identifies a payment card system account or a number carried by a payment card, and/or a number that is used to route a transaction in a payment system that handles debit card and/or credit card transactions and the like. Moreover, as used herein the terms "payment card system" or "payment card account system" refer to a system and/or network for processing and/or handling purchase transactions and related transactions, which may be operated by a payment card system operator such as Mastercard International Incorporated, or a similar system. In some embodiments, the term "payment card system" may be limited to systems in which member financial institutions (such as banks) issue payment card accounts to individuals, businesses and/or other entities or organizations (and thus are known as issuer financial institutions or issuer banks). In addition, the terms "payment card system transaction data" and/or "payment card network transaction data" or "payment card transaction data" refer to transaction data associated with payment or purchase transactions that have been or are being processed over and/or by a payment card network or payment card account system. For example, payment card system transaction data may include a number of data records associated with individual payment transactions (or purchase transactions) of cardholders that have been processed over a payment card system or payment card network. In some embodiments, payment card system transaction data may include information such as data that identifies a cardholder, data that identifies a cardholder's payment device and/or payment card account, transaction date and time data, transaction amount data, an indication of the merchandise or services that have been purchased, and information identifying a merchant and/or a merchant category. Additional transaction details and/or transaction data may also be available and/or utilized for various purposes in some embodiments.

FIG. 1 is a block diagram that illustrates a payment card account system 100. The system 100 includes a customer device 102 such as a magnetic stripe card, a payment IC (integrated circuit) card (contactless and/or contact), or a payment-enabled mobile device (such as a Smartphone that includes a payment application), a merchant device 104, an acquirer financial institution (FI) computer 106, a card network 108, and an issuer FI computer 110.

The merchant device 104 may be, for example, a POS (point of sale) terminal/card reader or a merchant mobile device (i.e., a Smartphone), and may also be considered part of the payment card account system 100. The customer device 102 may be presented to the merchant device 104 to consummate a purchase transaction and to permit the merchant device 104 to read payment card account data (including, for example, a payment account number) from the customer device 102. In other situations, the merchant device 104 may be an e-commerce server computer, and the customer device 102 may be a personal computer or a mobile device running mobile browser software or the like. In this case, the customer device 102 may engage in an online shopping session with an e-commerce website hosted by the merchant device 104. During a purchase transaction, the acquirer FI computer 106 may receive a payment account system authorization request message for the transaction from the merchant device 104. The acquirer FI computer 106 may then route the authorization request message via a card network 108 to an issuer FI computer 110, which is operated by the issuer of a payment account that is associated with the account number obtained by the merchant device 104 (e.g., from the customer device 102) and included in the authorization request message. In some implementations, the authorization response message generated by the payment issuer server computer 110 is routed back to the merchant device 104 via the card network 108 and the acquirer FI computer 106.

One well known example of a payment card network is referred to as the "Banknet" system, and is operated by Mastercard International Incorporated, the assignee of the present application.

Referring again to FIG. 1, the payment account issuer FI computer 110 may be operated by or on behalf of a financial institution, such as a bank, that issues payment accounts to individual users (such as the customer or consumer who presented or operated the customer device 102 referred to above). For example, the payment card issuer FI computer 110 may perform such functions as (a) receiving and responding to requests for authorization of payment account transactions to be charged to payment accounts issued by the FI; and (b) tracking and storing transactions and maintaining account records.

The payment card account system communications among the merchants, acquirers, card network and/or issuers may conform to a known standard such as ISO 8583.

It should be understood that the components shown in the system 100 of FIG. 1 are only those that are needed for processing a single transaction. However, a typical or practical payment system may process hundreds, thousands or more purchase transactions per day (including simultaneous transactions), and thus may include a considerable number of payment account issuers and their computers and/or computer networks, a considerable number of acquirers and their computers and/or computer networks, and numerous merchants and their devices, as well as a very large number of customer devices.

FIG. 2 is a block diagram illustrating a payment network system 200, of which one example is the ACH (automated clearing house) system operated in the United States. The system 200 includes an originator device 202, for example, a computer operated by an originator of a transaction. Common kinds of transactions handled by the payment network system 200 include credit transactions and debit transactions, wherein the originator 202 is the party that initiates the transaction. The originator may be, for example, an individual or a corporation or other organization.

Referring again to FIG. 2, the system 200 also includes an originator PSP (payment services provider) computer 204. The originator PSP computer 204 receives payment instructions from the originator and forwards data entries that reflect the instructions to a payment system switch/network 206, which is also part of the system 200. The originator PSP computer 204 may be operated by an originator PSP (which may be, for example, an originating depository financial institution or "ODFI") of which the originator is a customer. In some embodiments, the switch/network 206 can be operated by a governmental or private entity that serves as a clearing facility for the system 200.

Also included in the system 200 is a beneficiary PSP computer 208

(which may be, for example, a receiving depository financial institution or "RDFI"). The beneficiary PSP computer 208 receives entries from the payment system switch/network 206 and posts entries to accounts of depositors.

Still further, the system 200 includes a beneficiary 210 that is one of the depositors of the beneficiary PSP. In the case of a credit transaction, the account at the beneficiary PSP of the beneficiary may be credited with the amount instructed to be paid by the originator device 202. The beneficiary may be, for example, an individual or a corporation or other organization. Both PSPs may typically be banks or other financial institutions (FIs).

The communications among the parties in the system 200 may typically be conducted using XML (extensible Markup Language) and may comply with a standard according to ISO 20022.

It should be understood that the components of the system 200 as depicted in FIG. 2 are only those that are needed for processing a single transaction. However, a typical payment network system 200 may process many transactions (including simultaneous transactions) and therefore may include a considerable number of PSPs and their computers and/or computer networks, one or more clearing operators, and numerous originators and beneficiaries. FIG. 3 is a block diagram illustrating a financial alerts and

management system 300 in accordance with some embodiments. The central switch(es) computer 302 is shown operably connected between a payment card network 108 and a payment switch/network 206, It should be understood, however, that in some embodiments the central switch(es) computer 302 may be a component or components associated with and/or provided by and/or operated by the operator of the payment card network 108. As explained above, the payment card network 108 processes credit and/or debit card payments between an acquirer financial institution (FI) 106 and an issuer FI 110, whereas the payment switch/network 206 processes, for example, include credit and/or debit transactions between originator PSP 204 and a beneficiary PSP 208, In some embodiments, a payment services provider (PSP) computer 304 is operably connected to the central switch computer 302 and, via the Internet 308, to a consumer device 306 that may be utilized to initiate transactions. The consumer device 306 may be, for example, a payment-enabled mobile device, or a personal computer, or browser-equipped mobile device by which the customer may access the PSP computer 304 via the Internet 308. However, it should be understood that, in some implementations, the central switch computer 302 may be configured to communicate with the consumer device 306 directly or via the Internet 304 in accordance with the processes described herein.

In some embodiments, the central switch(es) computer 302 monitors both credit/debit card transactions and electronic funds transfer (EFT) transactions as such transactions occur in real time. Thus, the central switch(es) computer 302 may be configured to monitor and/or control user or consumer transactions that occur in both the payment card network 108 and in the payment switch/network 206 in accordance with instructions and/or preferences provided by the user, which will be discussed in more detail below. For example, in some embodiments, the central switch(es) computer 302 is provided with the means and/or functionality to block one or more transactions involving one or more user accounts in accordance with the instructions and/or preferences provided by the user.

In some implementations, a user such as a consumer must first register with a trusted third-party payment services provider, such as the PSP computer 304, before using the central financial service provided by the central switch(es) computer 302. For example, the consumer can use his or her consumer device 306 to access a consumer portal via the Internet 308 that is hosted by the PSP computer 304 to register one or more of his or her financial accounts. The PSP computer 304 may prompt the user for user identification data, such as the user's name and residence address and an e-mail address, and for mobile device identification data, such as the mobile device type and/or the name of the model device and/or a serial number. If the mobile device includes one or more biometric sensor(s), the PSP computer 304 may prompt the user to provide biometric data for user authentication purposes. For example, if the user's mobile device includes a camera and/or a fingerprint sensor, then the user may be prompted to take a picture of his or her face (for facial recognition purposes) and/or to provide one or more fingerprints (from one or more fingers). The central switch computer 302 may then store such biometric data, for example, in a user registration database (not shown). The user may then be prompted to provide instructions and/or preferences that permit the central switch computer 302 to monitor the user's financial accounts, and in some implementations to then provide alerts to the consumer device 306 and/or to control transactions (or certain aspects of transactions) involving those user accounts. In some embodiments the user may also be able to periodically access the consumer portal, log in and then manage and/or change parameters and/or preferences associated with his or her accounts. In addition, some implementations permit users to provide account details concerning authorized users (other users) who can also use the program to modify and/or change parameters and/or preferences.

Thus, in some embodiments the user or consumer is securely authenticated to ensure that only an authorized user has access to the spending controls and/or budget management options available through the consumer portal for association with his or her account(s). In addition, users may have access to options for setting up their own budgets and/or control fiinctions so that one or more actions can be taken when a designated event occurs and based on their pre-defined threshold. For example, the user may designate that a funds transfer of $500.00 (five hundred dollars) is automatically triggered from the user's savings account at Bank A to a checking account at Bank B when the checking account at Bank B runs low on funds, which threshold may be set by the user to be $ 1 ,000.00 (One thousand dollars) or less. Thus, when the checking account at Bank B is depleted by an outflow of funds to $925.00 then a funds transfer of $500.00 occurs to bring the total amount in that checking account to $1,425.00. The user can designate several or all of his or her accounts for monitoring and/or automatic central switch control (for example, to take certain actions), and once initialized the central switch triggers a service for the respective accounts to start monitoring and logging transactions.

In some implementations, the central switch(es) computer 302 also triggers financial accounts services (if activated by the consumer) to monitor for changes in spending based on criteria set by the consumer. Such a central switch financial accounts service may also be capable of accumulating spend for a defined period of time over all of the user's accounts, and then be capable of triggering one or more alerts when or if predetermined threshold monetary amounts are met or exceeded. In some implementations, the central switch(es) computer 302 is configured to block or otherwise stop and/or invalidate one or more financial transactions in real time (i.e., on the fly before such transaction(s) are authorized, for example, by an issuer financial institution(s)). Thus, the central switch(es) computer 302 is configured to manage, control and review transactions from all types of user accounts which have been registered with the PSP computer 304, including, but not limited to, credit card accounts, debit card accounts, ATM cards, brokerage accounts, checking accounts and savings accounts.

In some implementations, the user of the financial alerts and management system 300 (and central switch financial service) must define the actions that will follow when a specific alert is triggered. In some embodiments, payment service providers and/or financial institutions that provide the user interface and integration with the central switch(es) computer 302 may provide additional functions to the consumer. In some implementations, the consumer is provided with operations and/or functions that tie to one or more alerts, and when an alert is triggered the follow up action may be one that has been defined by the user. In particular, the actions defined by the users or consumers can include instructions concerning the flow of funds from one account to another based on the trigger action, or the blocking of completion of a transaction based on, for example, a high transaction amount with regard to a particular type of merchant. In addition, action items can be defined as a combination of rules instead of just one trigger. For example, a user may specify to transfer a certain amount of funds to his or her checking account only when there is $500.00 or less left in the checking account and if there is more than $6,000 in the user's savings account. In some implementations, the central switch(es) computer 302 is configured to record credit push payment actions that are required based on each alert trigger that has an action item tied to it, and the rules for such alert triggers can also be defined based on many other different types of criteria, such as a time limit, budget limit and/or monetary amount limits. Thus, a financial alerts and management system 300 in accordance with this disclosure serves to tie actions to predetermined triggers, automate menial tasks, automate money management flows, and take care of budget items that users can set in advance. Payment schemes and/or payment card schemes and/or central switches can thus be tied together to provide a user with an all pervasive view and money management control to users.

In some embodiments, a financial alerts and management system also permits trusted third party service providers to interface to a central switching service by means of an application programming interface (API) (not shown) providing the end user with a user interaction page (for providing account information and/or account management preferences and the like) along with other services like internet banking portals. Payment service providers may also have the ability to provide transaction information and/or feedback through a high speed channel (not shown) to the central switch(es) computer 302 regarding transactions that the central switch(es) computer 302 may otherwise not be able to receive information about, such as payment transactions from payment schemes that the central switch(es) computer 302 does not manage.

Accordingly, in some embodiments the consumer is provided with a holistic tool that includes a single dashboard (visible on a display screen of the consumer's mobile device, for example) to manage spending, alerts and budgeting of one or more of his or her accounts. Consumers in such a scenario will be able to also control actions to be taken when unauthorized transactions are detected, which in effect can reduce the occurrences of fraud. The interaction portal can take any form depending on the particular service provider and/or the central switch presentation, for example, a Web Portal, a mobile application, or Unstructured Supplementary Service Data (USSD) interface.

The communications among the parties illustrated in the financia! alerts and management system 300 may typically be conducted using XML

(extensible Markup Language) and may comply with a standard according to ISO 20022.

It should be understood that, for ease of understanding, a minimal number of components are shown in the system 300 of FIG. 3. However, a practical embodiment of a financial alerts and management system 300 may monitor, process information, and take actions based on many transactions (including simultaneous transactions) and therefore may include a multiplicity of central switch(es) computers 302 and/or PSP computers 304, which can include two or more computers and/or computer networks, one or more payment card networks 108, numerous acquirer FI computers 106 and numerous issuer FI computers 110, one or more payment switch/network computers 206, and numerous originator PSPs 204 and beneficiary PSPs 208.

FIG. 4 is a block diagram of an example central switch computer system 400 that may perform functions in the system of FIG. 3. Although the central switch computer system 400 is depicted as a stand-alone component, some or all of the functions ascribed to it may be performed by a computer system network and/or other components operated by, or associated with, the payment switch/network 206, the payment card network 108 and/or the PSP computer 304.

Referring again to FIG. 4, the central switch computer system 400 may, in its hardware aspects, resemble a typical server computer and/or mainframe computer, but may be controlled by software to cause it to function as described herein. In addition, the central switch computer system 400 may be designed as a special purpose computer, and thus specially configured to perform the functions described herein.

The central switch computer system 400 may include one or more computer processor(s) 402 operatively coupled to a communication device 401, a storage device 404, an input device 406 and an output device 408. The

communications device 401, the storage device 404, the input device 406 and the output device 408 may all be in communication with and/or operably connected to the central switch processor(s) 402. The computer processor(s) 402 operate to execute processor-executable steps, contained in program instructions described below, so as to control the central switch computer system 400 to provide desired functionality.

Communication device 401 may be used to facilitate communication with, for example, other devices (such as other components of the system 300, as well as user mobile devices and/or other computing devices). Communication device 401 may comprise numerous communication ports (not separately shown), to allow the central switch computer system 400 to communicate simultaneously with a number of other computers and/or other devices, including communications as required to simultaneously handle numerous interactions with other devices which may be associated with numerous transactions, and to simultaneously handle numerous actions (such as transmitting alerts, blocking authorization of certain transactions, managing budgets, and the like).

Input device 406 may comprise one or more of any type of peripheral device typically used to input data into a computer. For example, the input device 406 may include a keyboard and a mouse. Output device 408 may comprise, for example, a display and/or an audio speaker, and/or a printer.

Storage device 404 may comprise any appropriate information storage device, including combinations of magnetic storage devices (e.g., hard disk drives), optical storage devices such as CDs and/or DVDs, and/or semiconductor memory devices such as Random Access Memory (RAM) devices and Read Only Memory (ROM) devices, as well as flash memory and the like. Any one or more of such information storage devices may be considered to be a non-transitory computer- readable storage medium or a computer usable medium or a memory.

Storage device 404 stores one or more programs for controlling the central switch processor(s) 402. The programs comprise program instructions (which may be referred to as computer readable program code means) that contain processor- executable process steps of the central switch computer system 400, executed by the central switch processor(s) 402 to cause the central switch computer system 400 (and/or other computer systems) to function as described herein.

The programs may include one or more conventional operating systems (not shown) that control the central switch processor(s) 402 so as to manage and coordinate activities and sharing of resources in the central switch computer system 400, and to serve as a host for application programs (described below) that run on the central switch computer system 400.

The programs stored in the storage device 404 may include, for example, a user registration module 410 (which may be a user registration application program) which operates to obtain registration information from a user that may include information concerning one or more financial accounts of the user, information regarding one or more user devices, and user authentication data.

Another program that may be stored in the storage device 404 is a user dashboard module 412 for providing a registered user with a central dashboard showing all of the user's financial accounts. The purpose of the user dashboard is to permit the registered user to manage and/or control the user's financial accounts regarding transactions that involve one or more of those financial accounts in accordance with processes and/or criteria described herein.

The storage device 404 may also store a transaction monitoring module 414, transaction alerts module 416, and a transaction control module 418. These software modules permit the central switch processor(s) 402 to monitor, provide alerts, and/or control transactions involving one or more of a user's financial accounts in accordance with the user's instructions provided when the user sets up his or her central financial services account via the user dashboard as described herein.

The storage device 404 may further store one or more device interface modules 420 that serve as software interfaces between the central switch computer system 400 and one or more other components, for example, as depicted in the system 300 of FIG. 3.

The storage device 404 may also store, and the central switch processor(s) 402 may also execute, other programs, which are not shown. For example, such programs may include communications software and one or more reporting applications. The latter program(s) may respond to requests from system administrators, for example, for reports on the activities performed by the central switch computer system 400. The other programs may also include, for example, device drivers, database management software, and the like.

The storage device 404 may also store one or more databases 422 that may be required for operation of the central switch computer system 400.

It should be understood that other computerized components of the system 300 may be constituted by computer hardware having the same type of components and/or hardware architecture as described herein with reference to FIG. 4.

FIG. 5 is a flow chart 500 that illustrates a process that may be performed in the system of FIG. 3 in accordance with aspects of the present disclosure. In particular, the process of FIG. 5 relates to handling a user request to manage financial accounts services.

Referring to FIG. 5, a central services switch computer receives 502 a central switch financial service request from a user. If the user is not registered for central switch financial services at step 504, then the user is prompted 506 for user registration data. For example, the user may be prompted to provide user

identification data, such as the user's name and residence address and an e-mail address, and for mobile device identification data, such as the mobile device type and/or the name of the model device and/or a serial number. In some embodiments, users may register a number of user devices, such as personal computers, cell phones, tablet computers, and the like. In addition, the user will be prompted to provide user authentication data, such as a password and/or biometric data so that the user can gain future access to the central switch financial service. In step 508, if the registration data is not provided within a timeout period (which may be set to any reasonable period of time to allow a user to provide the required data) then the process ends 510. But if the registration data is timely received in step 508 (or if the user was already registered— see step 504), then the user is prompted 512 for user authentication data. If the user cannot provide at step 514 the proper user authentication data, then in some embodiments the process ends 516. Since entry to the central switch financial service can expose all or a portion of the user's financial accounts to possible fraudulent use, the authentication process may, in some embodiments, include two-factor authentication and/or other heightened security measures to ensure that the user is correctly validated.

Referring again to FIG. 5, if in step 514 the user is authenticated, then the user is provided with access 518 to a user dashboard. The dashboard may include a list of all the financial accounts registered by the user along with various options and/or control functions for selection by the user. The user may then use the dashboard to provide instructions for monitoring and/or controlling one or more accounts, to receive account alerts, to control one or more accounts so as to transfer funds when certain predetermined conditions and/or criteria are met, and/or to budget spending on one or more accounts, as described herein. Thus, when an initiate indication from the user is received 520, then the central switch financial service initiates 522 the transaction controls, alerts, and/or Financial account budgeting actions selected by and/or ordered by the user. The process then ends. If at step 520 no user initiation indication is received, then the process may idle at 520.

FIG. 6 is a block diagram illustrating a payment transaction system 600 in accordance with some embodiments. In some embodiments, the payment transaction 600 may be at least partially incoiporated in and/or at least partially interact with the system 300 shown in FIG. 3.

A fraud platform 602 is shown operably connected between a payment card network 108 and a payment switch/network 206. In some embodiments, the fraud platform 602 and system components associated may be incorporated in and/or partially overlap with the central switch(es) 302 shown in FIG. 3. Alternatively or in other words, functionality ascribed herein to the fraud platform 602 and its associated components may be embodied in the central switch(es) 302. Moreover, in some embodiments the fraud platform 602 may be a component of, and/or provided by, and/or operated by the operator of the payment card network 108. As mentioned above, the payment card network 108 processes credit and/or debit card payments initiated by a cardholder who presents and/or utilizes his or her cardholder device 102 with regard to a merchant device 104 (such as a point of sale (POS) terminal, or a proximity reader associated with a POS terminal, or via a merchant Web page hosted by a merchant server computer). Also, in some use cases and/or transaction flows, a digital wallet provider 608 may be involved in the transaction flow and may be in communication with the merchant system 104, wherein the digital wallet provider, by previous arrangement, has undertaken to store a digital wallet for the customer. The payment card network 108 processes the payment transaction request in association with the issuer financial institution (FI's) 1 10 that issued the cardholders payment card account as explained above. As also mentioned above, the payment switch/network 206 processes credit and/or debit transactions, wherein the originator 202 is the party that initiates the transaction via an originator PSP computer 204, and wherein the beneficiary 210 of the transaction receives payment via the beneficiary PSP computer 208. The originator 202 may be a merchant that serves as an acceptance point for an EFT transaction.

Referring again to FIG. 6, the fraud platform 602 is operably connected to a fraud rules manager 604 and a fraud database 606. In some embodiments, the fraud platform 602 may also be operably connected to one or more issuer FIs 110. In some embodiments, the fraud platform 602 includes components such as a fraud rules manager, a decision intelligence (DI) engine, an authentication intelligence engine, an Account Data Compromise system (ADC) component, and a fraud scoring algorithm (EMS) engine (not shown). Thus, in some implementations the fraud platform 602 evaluates both payment switch/network transactions and payment card network transactions. For example, the fraud platform may utilize fraud rules and/or business rules stored in the fraud rules database, and/or data associated with fraudulent transactions stored in the fraud database 606, to determine whether or not a current payment switch/network transaction and/or a payment card network transaction is fraudulent or potentially fraudulent. For example, established spending pattern data for a particular consumer associated with, for example, one or more of that consumer's primary account numbers (PANs), may be used to help determine whether a particular purchase transaction is likely legitimate or fraudulent.

In some embodiments, the fraud platform 602 collects data associated with a particular transaction from as many data points as possible, which can include but is not limited to, location data from a cardholder device 102 and/or from an originator 202 (which may include, for example, the physical address of a bank branch, GPS coordinates, an IP address, a device identifier, a machine identifier, and any other identifiers that uniquely identify the entry point), date and time data, and transaction details data (i.e., transaction amount data, sender data, and/or recipient data). The data feed points may also include, and are not limited to, an EFT payment network/switch where the actual transaction traverses, the data entry point of the sender (which could be, for example, an internet banking application, mobile phone application or cash register), and payment card network exposure to the same bank account. In some embodiments, the data sources are fed to a centra! repository (not shown) for use by a data analysis engine (not shown).

In some embodiments, the data analysis engine (not shown) of the fraud platform 602 includes a heuristic engine which is configured to apply business rules, monitor transaction threats, and predict possible new threats. The data analysis engine may utilize, for example, historical purchasing data of a consumer, data points that it has in place, and may also be configured to recognize and/or apply

geographical regional nuances and models in the fraud analysis. In some implementations, the data analysis engine performs calculations and generates transaction fraud predictions in real-time on the fly, or at near real-time speeds, which helps to prevent time-sensitive fraud attacks.

In some implementations, a fraud scoring module (not shown) of the fraud platform 602 dynamically scores a financial transaction as it traverses either the payment card network 108 or the payment switch/network 206 and provides a recommended decision score (with respect to authorizing the financial transaction), In an implementation, a low recommended decision score indicates a low risk of fraud, whereas a high recommended decision score indicates a high risk of a fraud threat for a given transaction. Thus, a recommended decision score above a predetermined risk threshold value or level can indicate that a particular purchase transaction should be declined, and a recommended decision score below the predetermined risk threshold indicates that a particular purchase transaction should be authorized. In some implementations, an operator of a payment card network ] 08 (such as a payments processor) and/or the issuer FI 110 and/or an operator of the payment switch/network 206 (such as a bank) may set the predetermined risk threshold (for use when considering a fraud score or recommended decision score). Accordingly, the recommended decision score provided to the subscriber of the service includes a threshold value that permits additional business actions to be taken that may depend upon the risk appetite of the subscriber.

For example, a restaurant transaction for five hundred dollars ($500) or more for a consumer using a particular payment card account may cause an increase in a recommended score, which may also include various other and/or additional risk factors that may increase or decrease the score. In one example, a merchant category code ("MCC") or merchant identifier ("MID") may also be utilized and/or taken into account when determining the recommended decision score (i.e., the MCC and/or MID could increase or decrease a recommended decision score depending on context and/or other factors or criteria or business rules). In some implementations, a MCC and/or a MID may encompass a numeric code created by a payments network, such as those operated by Mastercard® or VISA®, and assigned to a business or business group by an acquirer financial institution when the business first starts accepting payment cards as a form of payment. The MCC and/or MID may be used to classify the business by the type of goods or services it provides. For example, MCCs may be used by payment card issuer FIs to categorize, track and/or restrict certain types of purchases for one or more of their cardholders.

Thus, the systems and processes described herein in connection with

FIG. 6 allow for the integration of data points on the fly or in near real time between a payment card network, EFT payment network and cardholder or originator point of entry device to thus allow for a broad view of data analysis for fraud detection. The point entry device may be, for example, a chip card, a personal computer, a bank branch, an automatic teller machine (ATM), and/or other devices.

It should be understood that, for ease of understanding, a minimal number of components are shown in the payment transaction system 600 of FIG. 6. However, a practical embodiment of a financial transaction system 600 may process many transactions (including simultaneous transactions) and therefore may include a multiplicity of fraud platforms 602, which can include two or more computers and/or computer networks, one or more payment card networks 108, numerous acquirer FI computers 106 and numerous issuer FI computers 110, one or more payment switch/network computers 206, and numerous originator PSPs 204 and beneficiary PSPs 208. In addition, numerous customer devices 102 and merchant devices 104 may be involved. The EFT components of the system 600 may, in some

embodiments, be implemented as an ACH (automated clearing house) system.

FIG. 7 is a block diagram of an example fraud platform computer 700 that may perform functions in the system of FIG. 6. Although the fraud platform computer 700 is depicted as a stand-alone component, some or all of the functions ascribed to it may be performed by a computer system network and/or other components operated by, or associated with, the payment switch/network 206 and/or the payment card network 108.

Referring again to FIG. 7, the fraud platform computer 700 may, in its hardware aspects, resemble a typical server computer and/or mainframe computer, but may be controlled by software to cause it to function as described herein. In addition, the fraud platform computer 700 may be designed as a special purpose computer, and thus specially configured to perform the functions described herein.

The fraud platform computer 700 may include one or more fraud platform processor(s) 702 operative ly coupled to a communications device 701, a storage device 704, an input device 706 and an output device 708. The

communications device 701, the storage device 704, the input device 706 and the output device 708 may all be in communication with and/or operably connected to the fraud platform processors) 702. The fraud platform processor(s) 702 operate to execute processor-executable steps, contained in program instructions described below, so as to control the fraud platform computer 700 to provide desired functionality.

Communications device 701 may be used to facilitate communication with, for example, other devices (such as other components of the system 600).

Communications device 701 may comprise numerous communication ports (not separately shown), to allow the fraud platform computer 700 to communicate simultaneously with a number of other computers and/or other devices, including communications as required to simultaneously handle numerous interactions with other devices which may be associated with numerous transactions, and to simultaneously review numerous transactions during processing.

Input device 706 may comprise one or more of any type of peripheral device typically used to input data into a computer. For example, the input device 706 may include a keyboard and a mouse. Output device 708 may comprise, for example, a display and/or an audio speaker, and/or a printer.

Storage device 704 may comprise any appropriate information storage device, including combinations of magnetic storage devices (e.g., hard disk drives), optical storage devices such as CDs and/or DVDs, and/or semiconductor memory devices such as Random Access Memory (RAM) devices and Read Only Memory (ROM) devices, as well as flash memory and the like. Any one or more of such information storage devices may be considered to be a non-transitory computer- readable storage medium or a computer usable medium or a memory.

Storage device 704 stores one or more programs for controlling the fraud platform processor(s) 702. The programs comprise program instructions (which may be referred to as computer readable program code means) that contain processor- executable process steps of the fraud platform computer 700, executed by the fraud platform processor(s) 702 to cause the fraud platform computer 700 (and/or other computer systems) to function as described herein.

The programs may include one or more conventional operating systems (not shown) that control the fraud platform processor(s) 702 so as to manage and coordinate activities and sharing of resources in the fraud platform computer 700, and to serve as a host for application programs (described below) that run on the fraud platform computer 700.

The programs stored in the storage device 704 may include, for example, a fraud scoring module 710, which operates to dynamically score a financial transaction as it traverses either the payment card network or the payment switch/network. In some embodiments, the fraud platform processor(s) thus provides a recommended decision score to a subscriber which may indicate whether the transaction is likely legitimate or fraudulent.

The storage device 704 may also store a fraud rules manager module 712 which may include fraud rules that are defined by the subscriber to the fraud prevention service, for example, by the issuer FI and/or by the payment card network operator, and/or by the payment switch/network operator. The storage device 704 may also store a heuristic data processing module 714, that is configured to utilize one or more machine learning algorithms that are configured to assimilate multiple data points in a specific EFT payment debit or credit transaction, and then generate a threat level score for transmission by the fraud platform processer(s) 702 to the EFT payment network. In some embodiments, the heuristic data processing module obtains and analyzes large amounts of transaction data obtained from both the payment card network and payment switch/network, which data pertains to both legitimate and fraudulent EFT transactions. Such processing increases the overall fraud monitoring and fraud prevention capabilities of the fraud platform computer 700 because it serves to improve the recognition of potential and/or probable fraud attacks.

In some embodiments, at least some of the heuristic data processing module 714 includes or consists of a number of neural networks that are trained on the (presumably entirely or almost entirely) legitimate transactions of individual account holders to recognize and assimilate patterns of the account holders transaction activities. The resulting trained states of the neural networks (or alternatively other types of trainable/machine learning virtual entities) may be deemed to represent "profiles" of the account holders in regard to the account holders' transaction activities.

In other embodiments, account holder profiles may be formed of stored data that reflects the account holder's spend habits and/or fraud detection rules derived from such stored data.

The storage device 704 may further store one or more device interface modules 716 that serve as software interfaces between the fraud platform computer 700 and one or more other components, for example, as depicted in the system 600 of

FIG. 6.

The storage device 704 may also store, and the fraud platform processor(s) 702 may also execute, other programs, which are not shown. For example, such programs may include communications software and one or more reporting applications. The latter program(s) may respond to requests from system administrators, for example, for reports on the activities performed by the fraud platform computer 700. The other programs may also include, for example, device drivers, database management software, and the like. The storage device 704 may also store one or more databases 718 that may be required for operation of the fraud platform computer 400.

It should be understood that other computerized components of the system 600 may be constituted by computer hardware having the same type of components and/or hardware architecture as described herein with reference to FIG. 7.

FIG. 8 is a flow chart 800 that illustrates an overview of various transaction processes that may be performed in the system of FIG. 6 in accordance with aspects of the present disclosure. In particular, the process of FIG. 8 relates to various types of payment transactions and fraud monitoring/prevention processes for financial transactions between customers and merchants and/or between originators and recipients.

At 802 in FIG. 8 an interaction occurs between the customer device 102 and the merchant device 104 (See FIG, 6) to launch a transaction in which, for example, the customer may purchase an item from a merchant, and/or an interaction occurs between an originator and a recipient in the payment switch/network (the EFT system; See FIG. 6) to launch a credit and/or debit transaction. In at least some situations, the customer/merchant interaction may involve the customer presenting a payment card or a payment-enabled mobile device to a POS terminal/reader or the like operated by the merchant. The merchant device 104 may read a token or account number from the card/payment device. The token or account number may point to or identify a bank deposit account owned by the customer.

Block 804 in FIG. 8 represents processing that may occur in or by the merchant device 104, and/or the originator PSP 204 in connection with a transaction flow. For example, the processing at block 804 may include generation of a message by the merchant device 104 and transmission of the message from the merchant device to the originator PSP 204. The message may include a transaction amount, a token or other bank account identifier to designate the customer's deposit bank account, and an alias or other manner of designating the merchant's deposit bank account. The processing at 804 may also include the originator PSP 204 receiving and handling the message, including suitable messaging from the originator PSP 204 to the payment switch/network 206.

Block 806 in FIG. 8 represents processing that may occur by the digital wallet provider 608, in a use case in which the digital wallet provider is involved in the transaction flow. In such a use case, the digital wallet provider 708 may provide customer account information to the merchant device 104.

Block 808 in FIG. 8 represents processing that may occur by the fraud platform 602 in connection with a transaction flow. The processing at the fraud platform 602 may include analysis of the data for the transaction and/or application of one or more fraud monitoring rules and/or application of results of machine learning/training to the transaction data.

Described below are several transaction flow examples that may be use cases of the process generally illustrated in FIG. 8 with respect to payment from a customer to a merchant and or funds transfer from an originator via an EFT network to a recipient. Such examples are not intended to be limiting in any way.

According to one payment network flow, a virtual or physical merchant card acceptance terminal initiates a transaction that is transmitted via a merchant device 104. Prior to transmitting the request, the merchant device may evaluate the payment credentials, and if the same are tokenized, may call a detokenization service provided by a Token Service Provider (not shown). The merchant device 104 may transmit the request to payment card network 108 which evaluates the transaction request message and authenticates the consumer credentials. The payment card network 108 also transmits the payment transaction data and/or details to the fraud platform for analysis, and receives a recommended decision score. In some embodiments, the payment card network may evaluate the recommended decision score and determine whether or not the transaction is likely legitimate or fraudulent. If fraudulent, the payment network 108 may then transmit a decline message to the merchant device 104. However, if likely legitimate, the payment network 108 then transmits the transaction data and an authorization request to the issuer FI 108 for further processing.

In accordance with another payment transaction, an originator may transmit instructions to an Originator PSP (O-PSP) computer to transfer funds from a savings account in a first bank to a recipient's checking account in a second bank. The O-PSP computer may generate and transmit a funds transfer request to the payment switch/network computer, which forwards it along with any additional transaction information to the fraud platform 602 for analysis, and next receives a recommended decision score. In some embodiments, the payment switch/network may evaluate the recommended decision score and determine whether or not the transaction is likely legitimate or fraudulent. If fraudulent, the payment

switch/network may then transmit a decline message to the O-PSP computer.

However, if likely legitimate, the payment switch/network then transmits the transaction data and an authorization request to the beneficiary PSP computer for further processing.

The card acceptance interface for a remote transaction (such as an in- app transaction or an online transaction) may be a browser or mobile application utilizing manual entry of the token or other transaction information or the token may be supplied via a digital wallet. In such remote transactions, the user may provide payment credentials and other transaction-related information (name, billing address, shipping address, etc.) to complete the transaction either during the checkout process or with the information having been stored during enrollment (e.g., via a digital wallet). Thus, via the merchant device a digital wallet acceptance interface may be invoked, with user/customer authentication or with the customer pre-authenticated. The digital wallet provider may evaluate the payment credentials, and if the same are tokenized, may call a detokenization service provided by a Token Service Provider. The digital wallet provider may then determine the originator PSP (O-PSP) computer 204 and builds and submits a transaction request message to the O-PSP computer. The O-PSP computer evaluates the message and authenticates the consumer credentials and then forwards the message and transaction details to the payment switch/network for processing. The payment switch/network then submits the transaction data and any other data associated with the transaction to the fraud platform 602 for analysis, and receives a recommended decision score. In some embodiments, the payment switch/network may evaluate the recommended decision score and determine whether or not the transaction is likely legitimate or fraudulent. If fraudulent, the payment switch/network may then transmit a decline message to the O-PSP computer. However, if the transaction is likely legitimate, then the payment switch/network transmits the transaction data and a transaction request message to the beneficiary PSP (B-PSP) computer. The B-PSP computer evaluates the message, checks the validity of the beneficiary account, authorizes the transaction request message and posts the transaction (immediately or at a later point in time) against the beneficiary account. The B-PSP computer returns a response message to the O-PSP computer via the payment/switch network (EFT network). In some embodiments, the O-PSP computer may return the response message to the merchant via the payment card network and/or via the digital wallet provider. In such a case, the merchant may also receive other information such as billing address, shipping address, and loyalty account information in addition to a payment confirmation message.

There may be intermediate steps in the above described fiow(s), where the digital wallet provider may act as B-PSP computer for the funding leg of the transaction, with the consumer originator account being debited and a B-PSP account (which can be a pooled account) of the digital wallet provider posted and credited. In the payment leg of the transaction, the digital wallet provider may act as O-PSP computer of the transaction where the digital wallet provider account is debited and the B-PSP account of the beneficiary will be posted and credited.

In some embodiments, the payment credentials may be a bank account number and bank routing information (IBAN, IFSC code, SWIFT code, etc.) and/or card number (credit, debit, prepaid, commercial, or a push card instrument tied to a deposit account). Mapping of tokens and payment credentials may allow for the merchant only to see the token and not the real payment credentials.

FIG. 9 is a flow chart that illustrates another process that may be performed in the system 600 according to aspects of the present disclosure. The process of FIG. 9 may be applied in a use case wherein the customer initially performs payment card network transactions over a period of time, and thereafter becomes enrolled to perform EFT transactions via merchant acceptance points (not shown apart from block 202) in the system 600.

At 902 in FIG. 9, the customer engages in payment card network transactions in the system 600, say over a period of months or years. Concurrently with the processing at 902, processing at 904 may also occur. At 904, the fraud platform 602 may apply one or more machine learning algorithms to the customer's payment card transactions, either as the same occur or in batches or both. In any of those cases, the machine learning algorithm(s) may be deemed to have been applied to a "corpus" consisting of the customer's payment card account transactions. As a consequence of the resulting machine learning/training, the algorithm(s) may generate data and/or rules or may acquire or develop attributes so as to define/build a fraud management profile for the customer/account holder.

At 906, and subsequent to 902 and 904, the customer may be enrolled so as to be enabled to engage in EFT transactions in the system 600. For example, the customer may be issued a suitable payment card and/or suitable credentials may be provisioned to the customer's payment-enabled mobile device to permit the customer to initiate a transaction at a merchant acceptance point to be charged via EFT to the customer's deposit bank account. It is next assumed that the customer engages in such transactions. While this occurs, the fraud platform 602 may (as indicated at 908) apply the fraud profile for the customer, as built on the customer payment card account transactions, to the customer's EFT transactions to provide fraud

management with respect to the latter transactions. In this way the fraud platform 602 may be "jump-started" with a suitable fraud profile to apply to the customer's new enrollment as a user of the EFT system.

FIG. 10 is a flow chart that illustrates another process that may be performed in the system 600 according to aspects of the present disclosure.

At 1002, the fraud platform 602 may receive transaction data relating to a transaction originating in the payment card account portion or the EFT portion of the system 600. It is assumed that the transaction is designated to be completed by an EFT transaction that accesses a customer's/originator's deposit bank account. At 1004, the fraud platform 602 may collect additional data related to the transaction, including, for example, data that represents a fraud profile for the customer/originator and/or data regarding the customer/originator's current location, mobile device identifier or location, etc.

At 1006, the fraud platform 602 may generate a recommended decision score based on the transaction data, the data collected at 1004, one or more business rules and one or more fraud rules. The business rule(s), for example, may shift the score significantly toward recommending that the transaction be declined when the transaction amount is above a high monetary value threshold. The fraud rule(s), for example, may shift the score significantly toward recommending approval of the transaction when the merchant category is one for which fraudulent transactions are relatively rare.

At 1008, the fraud platform 602 may transmit the recommended decision score generated at 1006 to the payment card network 108 or the payment switch/network 206, as the case may be. It may be assumed that the network in question may decline the transaction or allow the transaction to proceed, based at least in part on the recommended decision score provided by the fraud platform 602.

Alternatively, the recommended decision score may be passed to another system component, such as the originator PSP 204, to make an approve/decline decision based at least in part on the recommended decision score.

The above descriptions and illustrations of processes herein should not be considered to imply a fixed order for performing the process steps. Rather, the process steps may be performed in any order that is practicable, including the omission of one or more steps and/or the simultaneous performance of at least some steps.

As used herein and in the appended claims, the term "computer" should be understood to encompass a single computer or two or more computers in communication with each other.

As used herein and in the appended claims, the term "processor" should be understood to encompass a single processor or two or more processors in communication with each other.

Although the present disclosure has been described in connection with specific exemplary embodiments, it should be understood that various changes, substitutions, and alterations would be apparent to those skilled in the art and can be made to the disclosed embodiments without departing from the spirit and scope of the disclosure as set forth in the appended claims.