Search

BR-112024012934-B1 - Carnário card identifiers for real-time usage alerts.

BR112024012934B1BR 112024012934 B1BR112024012934 B1BR 112024012934B1BR-112024012934-B1

Abstract

CANARY CARD IDENTIFIERS FOR REAL-TIME USAGE ALERTS. Systems and methods for canary card identifiers for real-time usage alerts are provided. A user associated with an organization, such as a company employee, may use a payment instrument or card affiliated with that company to make one or more purchases. In order to prevent or limit fraud, as well as detect fraudulent actors, the organization may receive several card identifiers and/or payment cards, where a portion of these identifiers is valid and another portion is not valid but marked to generate one or more alerts about the use of that portion of identifiers. A monitoring and alert system may reside on top of an electronic transaction processing network and may detect the use of the marked identifiers. If detected, a real-time alert may be transmitted to the organization, which may receive data associated with the use of the marked identifiers.

Inventors

  • Daniel Gilmartin

Assignees

  • BREX INC

Dates

Publication Date
20260310
Application Date
20221201
Priority Date
20211222

Claims (20)

  1. 1. A system characterized by the fact that it comprises: a non-transient memory that stores instructions; and one or more hardware processors coupled to non-transient memory and configured to read instructions from non-transient memory to cause the system to perform operations comprising: creating, on behalf of an organization, a data structure that includes: (a) an alphanumeric card identifier that is representative of a canary card to be used for generating one or more fraud alerts by using the alphanumeric card identifier in a transaction processing request, and (b) one or more valid card identifiers that represent valid cards that may be used in additional transaction processing requests; exchanging a plurality of application programming interface (API) calls over a network between an external card gateway and the organization, wherein the exchange comprises: issuing, using a first set of the plurality of API calls, the alphanumeric card identifier and one or more valid card identifiers to the organization over the network, such that the alphanumeric card identifier is not distinguishable by the organization from one or more valid card identifiers, and listening, from the gateway Using a second set of multiple API calls exchanged between a network-resident system layer and the external card gateway, the transaction processing request containing the alphanumeric card identifier receives the transaction processing request; receives, through a listening-based card processing device layer, the transaction processing request for electronic transaction processing using an alphanumeric card identifier for the organization using an online transaction processor associated with the system; performs a database query for the alphanumeric card identifier from the data structure stored by a card identifier database for the online transaction processor; determines that the alphanumeric card identifier is marked for the generation of one or more alerts; rejects, through one or more secondary API calls exchanged between the external card gateway and the system, the transaction processing request with the card processing device for electronic transaction processing using the online transaction processor, where the rejection causes a first rejection notification to be populated in the card processing device by the card processing gateway; generates a real-time alert for the Online transaction processor based on the determination that the alphanumeric card identifier is marked for real-time alert generation, where the real-time alert indicates that the alphanumeric card identifier was used in the transaction processing request; and issue, in real time with the transaction processing request, the real-time alert to the organization.
  2. 2. System according to claim 1, characterized in that the issuance comprises: generating the alphanumeric card identifier based on a request for the alphanumeric card identifier by the organization, wherein the request identifies data for one or more alerts and an electronic communication channel; and transmitting the alphanumeric card identifier to the organization with the data structure.
  3. 3. System according to claim 2, characterized in that the alphanumeric card identifier comprises one among a plurality of card identifiers generated for the data structure, wherein the plurality of card identifiers comprises one or more valid card identifiers for electronic transaction processing and one or more counterfeit card identifiers for the generation of one or more alerts that include the alphanumeric card identifier.
  4. 4. System according to claim 3, characterized in that one or more valid card identifiers are designated for use by at least one of different users or different departments of the organization, wherein the one or more valid card identifiers are additionally rotatable with at least one of the different users or different departments, and wherein the one or more counterfeit card identifiers are listed with the one or more valid card identifiers in the data structure corresponding to one or more of a data table, spreadsheet, or card usage document for the organization.
  5. 5. System according to claim 1, characterized in that the operations further comprise: in response to the issuance of the real-time alert, marking the alphanumeric card identifier as a burned card identifier with the online transaction processor and the organization; generating a new alphanumeric card identifier for the generation of one or more alerts; and notifying the organization of the new alphanumeric card identifier.
  6. 6. System according to claim 1, characterized in that the alphanumeric card identifier is not associated with a balance or credit available for electronic transaction processing, and in which the alphanumeric card identifier additionally causes an alert to be populated in the card processing device indicating that the alphanumeric card identifier is marked for the generation of one or more alerts.
  7. 7. System according to claim 1, characterized in that it further comprises: a network computing integration for a card processor corresponding to the external card gateway, wherein the system receives level two and level three card data for electronic transaction processing through computing integration for one or more alerts.
  8. 8. System according to claim 1, characterized in that the real-time alert comprises at least one of an approval process to select another transaction processing source for the transaction processing request or an option to notify a merchant or authority associated with the transaction processing request about a possible fraud from the transaction processing request using the alphanumeric card identifier.
  9. 9. System according to claim 1, characterized in that the operations further comprise: in response to the issuance of the real-time alert, implementing a freeze on an account associated with the alphanumeric card identifier or other card identifier of the organization.
  10. 10. Method, characterized in that it comprises: creating, by means of an online transaction processor on behalf of an organization, a data structure that includes: (a) a card identifier that is representative of a canary card to be used for generating one or more fraud alerts by using the card identifier in a transaction processing request, and (b) one or more valid card identifiers that represent valid cards that are usable in additional transaction processing requests; exchanging, by the online transaction processor using a layer of the online transaction processor residing on a network, a plurality of application programming interface (API) calls on a network between an external card gateway and the organization, wherein the exchange comprises: issuing, over the network and using the layer and a first set of the plurality of API calls, the card identifier and the one or more valid card identifiers to the organization over the network, such that the card identifier is not distinguishable by the organization from the one or more valid card identifiers, and listening, from the external card gateway using a The second set of multiple API calls exchanged between the layer and the online transaction processor is the transaction processing request containing the card identifier; the layer receives, from a listening-based card processing device, a transaction processing request for electronic transaction processing using the card identifier for an organization using an online transaction processor; accesses, from a database accessible by the online transaction processor, the card identifier from the data structure stored by the database; determines if the card identifier is marked for the generation of one or more alerts; determines, through one or more secondary API calls exchanged between the external card gateway and the online transaction processor, based on whether the card identifier is marked for the generation of one or more alerts, whether to reject the transaction processing request with the card processing device for electronic transaction processing using the online transaction processor, where the rejection of the transaction processing request causes a first notification to be displayed on the card processing device by the card processing gateway; generates, when the If the transaction processing request is determined to be declined, a real-time alert is sent to the online transaction processor based on the determination that the card identifier is marked for real-time alert generation, where the real-time alert indicates that the card identifier was used in the transaction processing request; and, during the processing of the transaction processing request and when the transaction processing request is determined to be declined, a real-time alert is issued to the organization.
  11. 11. Method according to claim 10, characterized in that issuing comprises: generating the card identifier based on a request for the organization's alphanumeric card identifier, wherein the request identifies data for one or more alerts and an electronic communication channel; and transmitting the card identifier to the organization with the data structure.
  12. 12. Method according to claim 11, characterized in that the card identifier comprises one among a plurality of card identifiers generated for the data structure, wherein the plurality of card identifiers comprises one or more valid card identifiers for electronic transaction processing and one or more fake card identifiers for generating one or more alerts that include the card identifier.
  13. 13. A method according to claim 12, characterized in that one or more valid card identifiers are designated for use by at least one of different users or different departments of the organization, wherein the one or more valid card identifiers are additionally rotatable with at least one of different users or different departments, and wherein the one or more counterfeit card identifiers are listed with the one or more valid card identifiers in the data structure corresponding to one or more data tables, spreadsheets, or card usage documents for the organization.
  14. 14. Method according to claim 10, characterized in that it further comprises: in response to the issuance of the real-time alert, marking the card identifier as a burned card identifier with the online transaction processor and the organization; generating a new card identifier for the generation of one or more alerts; and notifying the organization of the new card identifier.
  15. 15. Method according to claim 10, characterized in that the card identifier is not associated with a balance or credit available for electronic transaction processing, and wherein the card identifier additionally causes an alert to be populated in the card processing device that the card identifier is marked for the generation of one or more alerts.
  16. 16. Method according to claim 10, characterized in that it further comprises: integrating with the network for a card processor corresponding to the external card gateway using the layer for a transaction application of the service provider's system; and receiving level two and level three card data for electronic transaction processing through the electronic transaction processing network for one or more alerts.
  17. 17. Method according to claim 10, characterized in that the real-time alert comprises at least one of an approval process to select another transaction processing source for the transaction processing request or an option to notify a merchant or authority associated with the transaction processing request about a possible fraud from the transaction processing request using the card identifier.
  18. 18. Method according to claim 10, characterized in that it further comprises: in response to the issuance of the real-time alert, implementing a freeze on an account associated with the card identifier or other card identifier of the organization.
  19. 19. Non-transient machine-readable medium, characterized in that it has stored within it executable machine-readable instructions to cause a machine to perform operations comprising: creating, by means of an online transaction processor on behalf of an organization, a data structure that includes: (a) a card identifier that is representative of a canary card to be used for generating one or more fraud alerts by using the card identifier in a payment request, and (b) one or more valid card identifiers that represent valid cards that are usable in additional payment requests; exchanging, by the online transaction processor using a layer of the online transaction processor residing on a network, a plurality of application programming interface (API) calls on a network between an external card gateway and the organization, wherein the exchange comprises: issuing, over the network using the layer and a first set of the plurality of API calls, the card identifier and the one or more valid card identifiers for the organization over the network, such that the card identifier is not distinguishable by the organization from Starting from one or more valid card identifiers, listen, from the external card gateway using a second set of multiple API calls exchanged between the layer and the online transaction processor, for the transaction processing request having the card identifier; receive, by the layer of a card processing device based on listening, the payment request using an alphanumeric card identifier for the organization using the online transaction processor; perform a database query for the alphanumeric card identifier in the data structure stored from a card identifier database for the online transaction processor; determine that the alphanumeric card identifier is marked for the generation of one or more alerts; decline, through one or more secondary API calls exchanged between the external card gateway and the online transaction processor, the payment request, where the decline causes a first notification of the decline to be displayed on the card processing device by the card processing gateway; generate an alert based on the determination that the alphanumeric card identifier is marked for alert generation, in The alert indicates that the alphanumeric card identifier was used in the payment request; and that the alert is issued to the organization during the processing of the payment request.
  20. 20. Non-transient machine-readable medium according to claim 19, characterized in that the issuance comprises: receiving a request for the organization's alphanumeric card identifier, wherein the request identifies data for one or more alerts and an electronic communication channel; generating the alphanumeric card identifier based on a request for the organization's alphanumeric card identifier, wherein the request identifies data for one or more alerts and an electronic communication channel; and transmitting the alphanumeric card identifier to the organization with the data structure.

Description

CROSS-REFERENCE TO RELATED REQUEST [001] This application claims priority to U.S. Patent Application No. 17/560,016, filed December 22, 2021, the contents of which are incorporated herein by reference in their entirety. TECHNICAL FIELD [002] The present application generally refers to marked card identifiers and alert control systems and more specifically to canary card identifiers that cause the real-time generation of one or more alerts in response to the use of canary card identifiers. FUNDAMENTALS [003] Organizations, such as companies and corporations, can use software, hardware, and other electronic transaction processing infrastructures to process transactions using identifiers for financial or payment instruments. This includes processes for establishing and issuing payment instruments, processing transactions, and generating transaction history data. These payment instruments may include payment cards, which can be real and/or virtual. Each payment card can be associated with an available balance or limit and can be identified using a card identifier. However, current networked systems and available infrastructure only provide a few specific administrators who are manually required to review and approve payments, as well as collect information and protect against fraud. Organizations may be increasingly exposed to the risk of cyberattacks that compromise data and expose them to fraud. This can be detrimental to small organizations that may have limited staff and offices, and to large organizations or companies, where expenses may originate from a wide range of employees, making this data difficult to track and adequately protect against fraud. Furthermore, any review for protection against misappropriation and data fraud occurs as a result of a subsequent review. Therefore, these current systems do not adequately provide real-time alerts to limit and/or prevent digital fraud when computer systems are breached. [004] Therefore, there is a need to address the shortcomings of conventional electronic transaction processing systems that use card identifiers that are prone to misuse and fraud. BRIEF DESCRIPTION OF THE DRAWINGS [005] Figure 1 is a block diagram of a networked system suitable for implementing the processes described in this document, according to an embodiment; Figure 2B is an exemplary system environment for matching receipt data with expense data in a transactional database, according to an embodiment; Figure 3A is an exemplary user interface displaying a first alert generated from the use of a canary card identifier during electronic transaction processing, according to an embodiment; Figure 3B is an exemplary user interface displaying a second alert generated from the use of a canary card identifier during electronic transaction processing, according to an embodiment; Figure 4 is an exemplary flowchart for canary card identifiers for real-time usage alerts, according to an embodiment; and Figure 5 is a block diagram of a computer system suitable for implementing one or more components in Figure 1, according to an embodiment. [006] The embodiments of the present description and their advantages are best understood by reference to the detailed description that follows. It should be recognized that similar reference numerals are used to identify similar elements illustrated in one or more of the figures, wherein the presentations therein are for purposes of illustration of embodiments of the present description and not for purposes of limitation. DETAILED DESCRIPTION [007] Methods are provided for providing and using canary card identifiers for real-time usage alerts. Suitable systems for practicing methods of the present description are also provided. [008] An organization may issue one or more payment cards to consumers, clients, and/or employees to process payments through an electronic card and/or transaction network associated with a back-end payment processor on the network. A payment card may be linked to an account with an online transaction service provider, such as a service provider that facilitates payment processing and the enforcement of expense policies for payment instruments. In one example, such a card and payment processing system may be provided by BREX®, Inc. of San Francisco, CA, USA, which may provide electronic transaction processing services to clients and client organizations through credit accounts, debit cards, direct debit/credit services via automated clearinghouse (ACH), wire transfers, gift cards, and other types of funding sources. Funding sources may be issued to organizations by the card and payment processing system, as well as to other financial service providers integrated into the card and payment processing system. Digital accounts and physical payment cards can be used for physical or in-store payment transactions, such as by scanning a payment card or capturing account data via a point-of-sale (POS) device and similar methods. Additionally, accoun