Search

US-12619972-B2 - Token interaction using multivariable regression process

US12619972B2US 12619972 B2US12619972 B2US 12619972B2US-12619972-B2

Abstract

A method is disclosed. The method includes receiving interaction data related to a plurality of interactions in a time period, determining a multiple variable regression formula, and then determining a coefficient of determination associated with the multiple variable regression formula and the interaction data. The method further includes determining if the coefficient of determination satisfies a threshold or is maximized. If the coefficient of determination does not satisfy the threshold or is not maximized, then adjusting the slope coefficients. If the coefficient of determination does satisfy the threshold or is maximized, then using the multiple variable regression formula to determine risk associated with future interactions.

Inventors

  • Yuexi CHEN
  • Ratna Deepthi Jarugu
  • Esha Dutta
  • Jennifer Kim Astrein
  • Sonia Gupta
  • Geraldine Mitchley

Assignees

  • VISA INTERNATIONAL SERVICE ASSOCIATION

Dates

Publication Date
20260505
Application Date
20240228

Claims (19)

  1. 1 . A method comprising: receiving, by a computer from a resource provider computer, an authorization request message comprising an amount, a token, a token cryptogram, and a plurality of values related to a plurality of authentication outcomes in a transaction between a user and a resource provider after the user provides the token to the resource provider computer via a mobile device or a portable device; cryptographically validating the token cryptogram and determining that an interaction channel indicator in the token cryptogram is consistent with a current interaction channel for the transaction; after the token cryptogram is cryptographically validated and determining that the interaction channel indicator in the token cryptogram is consistent with the current interaction channel for the transaction, then detokenizing the token, by the computer using a token service computer, to obtain a real credential associated with the token; determining, by the computer, a risk value associated with the transaction using a modified multiple variable regression formula based on the plurality of values related to the plurality of authentication outcomes, wherein the modified multiple variable regression formula is formed by a process including: a) receiving, by the computer, interaction data related to a plurality of interactions in a time period, the interaction data comprising a plurality of values associated with a plurality of interaction features, b) determining, by the computer, a multiple variable regression formula comprising explanatory variables associated with the plurality of interaction features and slope coefficients associated with the explanatory variables, c) determining, a coefficient of determination associated with the multiple variable regression formula and the interaction data, d) determining, if the coefficient of determination satisfies a threshold and/or is maximized, and e) if the coefficient of determination does not satisfy the threshold or is not maximized, then adjusting the slope coefficients and repeating steps b)-d) until the coefficient of determination satisfies the threshold and/or is maximized to form the modified multiple variable regression formula; modifying, by the computer, the authorization request message to include the amount, the real credential, and the risk value; transmitting, to an authorizing computer, the authorization request message comprising the amount, the real credential, and the risk value, wherein the authorizing computer authorizes the transaction based on the amount, the real credential, and the risk value; receiving, by the computer from the authorizing computer, an authorization response message comprising the real credential and an authorization indicator; modifying, by the computer, the authorization response message to include the token; and transmitting, by the computer, the authorization response message comprising the token and the authorization indicator to the resource provider computer, wherein the resource provider stores the token instead of the real credential, thereby protecting the real credential from obtaining the real credential in a data breach of the resource provider computer.
  2. 2 . The method of claim 1 , further comprising: g) receiving, by the computer, additional interaction data related to a plurality of additional interactions in a subsequent time period, the additional interaction data comprising an additional plurality of values associated with the plurality of interaction features; h) determining, by the computer, an updated multiple variable regression formula comprising the explanatory variables associated with the plurality of interaction features and updated slope coefficients associated with the explanatory variables; i) determining, a coefficient of determination associated with the updated multiple variable regression formula and the interaction data; j) determining, if the coefficient of determination satisfies an updated threshold and/or is maximized; k) if the coefficient of determination does not satisfy the updated threshold or is not maximized, then adjusting the updated slope coefficients and repeating steps i) and k); and l) and if the coefficient of determination does satisfy the threshold or is maximized, then using the updated multiple variable regression formula to determine risk associated with additional future interactions.
  3. 3 . The method of claim 1 , wherein the multiple variable regression formula further comprises a residual term and a y-intercept term.
  4. 4 . The method of claim 1 , wherein the multiple variable regression formula has the format y i =β 0 +β 1 x i1 +β 2 x i2 +β 3 x i3 +β 4 x i4 +β 5 x i5 +ε, wherein y i is the predicted risk, β 0 is a y-intercept, ε is a residual term, and β 1 , β 2 , β 3 , β 4 , β 5 are slope coefficients for each explanatory variable x i1 , x i2 , x i3 , x i4 , x i5 .
  5. 5 . The method of claim 1 , wherein the interaction data further comprises historical transaction data.
  6. 6 . The method of claim 1 , wherein the plurality of interactions are a plurality of token transactions, the interaction data is transaction data, and the plurality of interaction features are related to a plurality of authentication features.
  7. 7 . The method of claim 6 , wherein the plurality of authentication features comprise one of more of token cryptogram validation, device binding verification, CDCVM validation, credential source secure NFC read, and tap to your own device card validation.
  8. 8 . The method of claim 7 , wherein the plurality of values are binary values.
  9. 9 . The method of claim 1 , wherein the computer is a processing computer.
  10. 10 . The method of claim 1 , wherein the real credential is a primary account number.
  11. 11 . The method of claim 6 , wherein the transaction is a payment transaction.
  12. 12 . A processing computer comprising: a processor; and a computer readable medium comprising code executable by the processor, to perform operations comprising: receiving, from a resource provider computer, an authorization request message comprising an amount, a token, a token cryptogram, and a plurality of values related to a plurality of authentication outcomes in a transaction between a user and a resource provider after the user provides the token to the resource provider computer via a mobile device or a portable device; cryptographically validating the token cryptogram and determining that an interaction channel indicator in the token cryptogram is consistent with a current interaction channel for the transaction; after the token cryptogram is cryptographically validated and determining that the interaction channel indicator in the token cryptogram is consistent with the current interaction channel for the transaction, then detokenizing the token, using a token service computer, to obtain a real credential associated with the token; determining a risk value associated with the transaction using a modified multiple variable regression formula based on the plurality of values related to the plurality of authentication outcomes, wherein the modified multiple variable regression formula is formed by a process including: a) receiving interaction data related to a plurality of interactions in a time period, the interaction data comprising a plurality of values associated with a plurality of interaction features, b) determining a multiple variable regression formula comprising explanatory variables associated with the plurality of interaction features and slope coefficients associated with the explanatory variables, c) determining a coefficient of determination associated with the multiple variable regression formula and the interaction data, d) determining, if the coefficient of determination satisfies a threshold and/or is maximized, and e) if the coefficient of determination does not satisfy the threshold or is not maximized, then adjusting the slope coefficients and repeating steps b)-d) until the coefficient of determination satisfies the threshold and/or is maximized to form the modified multiple variable regression formula; modifying the authorization request message to include the amount, the real credential, and the risk value; transmitting, to an authorizing computer, the authorization request message comprising the amount, the real credential, and the risk value, wherein the authorizing computer authorizes the transaction based on the amount, the real credential, and the risk value; receiving, from the authorizing computer, an authorization response message comprising the real credential and an authorization indicator; modifying the authorization response message to include the token; and transmitting the authorization response message comprising the token and the authorization indicator to the resource provider computer, wherein the resource provider stores the token instead of the real credential, thereby protecting the real credential from obtaining the real credential in a data breach of the resource provider computer.
  13. 13 . The processing computer of claim 12 , the operations further comprising: g) receiving additional interaction data related to a plurality of additional interactions in a subsequent time period, the additional interaction data comprising an additional plurality of values associated with the plurality of interaction features; h) determining an updated multiple variable regression formula comprising the explanatory variables associated with the plurality of interaction features and updated slope coefficients associated with the explanatory variables; i) determining a coefficient of determination associated with the updated multiple variable regression formula and the interaction data; j) determining if the coefficient of determination satisfies an updated threshold and/or is maximized; k) if the coefficient of determination does not satisfy the updated threshold or is not maximized, then adjusting the updated slope coefficients and repeating steps i) and k); and l) if the coefficient of determination does satisfy the threshold or is maximized, then using the updated multiple variable regression formula to determine risk associated with additional future interactions.
  14. 14 . The processing computer of claim 12 , wherein the plurality of interactions are a plurality of token transactions, the interaction data is transaction data, and the plurality of interaction features are related to a plurality of authentication features.
  15. 15 . The processing computer of claim 12 , wherein the interaction data further comprises historical risk data.
  16. 16 . The processing computer of claim 12 , wherein the multiple variable regression formula has the format y i =β 0 +β 1 x i1 +β 2 x i2 +β 3 x i3 +β 4 x i4 +β 5 x i5 +ε, wherein y i is the predicted risk, β 0 is a y-intercept, ε is a residual term, and β 1 , β 2 , β 3 , β 4 , β 5 are slope coefficients for each explanatory variable x i1 , x i2 , x i3 , x i4 , x i5 .
  17. 17 . The method of claim 1 , wherein the resource provider computer is a merchant computer.
  18. 18 . The method of claim 1 , wherein the computer is a processing computer is configured to process credit and debit card transactions.
  19. 19 . The method of claim 1 , wherein the real credential is a credit card number or a debit card number.

Description

CROSS-REFERENCES TO RELATED APPLICATIONS None. BACKGROUND A token is a substitute for a credential, and can be used in place of the credential to conduct an interaction such as a transaction. Currently, the evaluation of risk associated with a token interaction is based upon binary decisions (e.g., the transaction is authorized or declined based on whether the token cryptogram is validated or not). However, in reality, risk in token transactions is not truly binary because there are often multiple authentication features available, not just token cryptogram validation. It would be desirable provide a more accurate way to assess a risk (e.g., of fraud or other malicious behavior) associated with a token transaction. Embodiments of the invention address these and other problems, individually and collectively. SUMMARY One embodiment of the invention includes a method comprising: a) receiving, by a computer, interaction data related to a plurality of interactions in a time period, the interaction data comprising a plurality of values associated with a plurality of interaction features; b) determining, by a computer, a multiple variable regression formula comprising explanatory variables associated with the plurality of interaction features and slope coefficients associated with the explanatory variables; c) determining, a coefficient of determination associated with the multiple variable regression formula and the interaction data; d) determining, if the coefficient of determination satisfies a threshold and/or is maximized; e) if the coefficient of determination does not satisfy the threshold or is not maximized, then adjusting the slope coefficients and repeating steps b)-d) until the coefficient of determination satisfies the threshold and/or is maximized; and f) if the coefficient of determination does satisfy the threshold or is maximized, then using the multiple variable regression formula to determine risk associated with future interactions. Another embodiment includes a processing computer comprising: a processor; and a computer readable medium comprising code executable by the processor, to perform operations comprising: a) receiving interaction data related to a plurality of interactions in a time period, the interaction data comprising a plurality of values associated with a plurality of interaction features; b) determining a multiple variable regression formula comprising explanatory variables associated with the plurality of interaction features and slope coefficients associated with the explanatory variables; c) determining, a coefficient of determination associated with the multiple variable regression formula and the interaction data; d) determining, if the coefficient of determination satisfies a threshold and/or is maximized; e) if the coefficient of determination does not satisfy the threshold or is not maximized, then adjusting the slope coefficients and repeating steps b)-d) until the coefficient of determination satisfies the threshold and/or is maximized; and f) if the coefficient of determination does satisfy the threshold or is maximized, then using the multiple variable regression formula to determine risk associated with future interactions. These and other embodiments are described in further detail below. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 shows a block diagram of a transaction processing system. FIG. 2A shows a block diagram of a processing computer according to some embodiments. FIG. 2B shows a block diagram of a token service computer according to embodiments. FIG. 2C shows a block diagram of a mobile communication device according to embodiments. FIG. 3 shows a table of variable assignments for multiple authentication features of a token transaction. FIG. 4 shows a flow diagram of a process according to embodiments. FIG. 5 shows a table of exemplary data comprising predicted risks and interaction data according to the multiple authentication outcome. DETAILED DESCRIPTION Prior to discussing embodiments of the disclosure, some terms can be described in further detail. A “user” may include an individual. In some embodiments, a user may be associated with one or more personal accounts and/or mobile devices. The user may also be referred to as a cardholder, account holder, or consumer in some embodiments. A “user device” may include a device that is used by a user. In some cases, a user device can be a payment device. The payment device may be a physical object. A payment device may comprise a substrate such as a paper or plastic card, and information that is printed, embossed, encoded, or otherwise included at or near a surface of an object. A payment device may be associated with a value such as a monetary value, a discount, or store credit, and a payment device may be associated with an entity such as a bank, a merchant, a payment processing network, or a person. Suitable payment devices can be hand-held and compact so that they can fit into a user's wallet and/or pocket (