Search

US-12627982-B2 - Systems and methods of reducing fraud for SMS OTP authentication

US12627982B2US 12627982 B2US12627982 B2US 12627982B2US-12627982-B2

Abstract

A method for reducing fraud for SMS OTP authentication includes receiving, by a server from a plurality of participating entities, a plurality of phone numbers and a plurality of metadata associated with a user, and determining, by the server, a phone number tenure for each of the plurality of phone numbers, based on the plurality of metadata. The method further includes determining, by the server, a phone number consistency for the plurality of phone numbers, based on the plurality of metadata, and determining, by the server, a device binding status for each of the plurality of phone numbers, based on the plurality of metadata. The method further includes determining, by the server, a most reliable phone number associated with the user from the plurality of phone numbers, and transmitting, by the server, to the most reliable phone number a SMS OTP, and authenticating the user based on the SMS OTP.

Inventors

  • Jeffrey Rule
  • Lawrence Douglas
  • Jackson Macomber

Assignees

  • CAPITAL ONE SERVICES, LLC

Dates

Publication Date
20260512
Application Date
20230719

Claims (20)

  1. 1 . A fraud reduction method for short message service (SMS) one-time password (OTP) authentication, comprising: receiving, by a server from a plurality of participating entities, a plurality of phone numbers and a plurality of metadata associated with a user, wherein at least one of the plurality of phone numbers and at least one of the plurality of metadata are received from each of the plurality of participating entities; determining, by the server, a phone number tenure for each of the plurality of phone numbers, based on the plurality of metadata; determining, by the server, a phone number consistency for each of the plurality of phone numbers, based on the plurality of metadata; determining, by the server, a device binding status for each of the plurality of phone numbers, based on the plurality of metadata; determining, by the server, a most reliable phone number associated with the user from the plurality of phone numbers based on the phone number tenure, the phone number consistency, and the device binding status; transmitting, by the server, to the most reliable phone number a SMS OTP; and authenticating, by the server, the user based on the SMS OTP.
  2. 2 . The method of claim 1 , wherein the most reliable phone number is a phone number shared by all of the plurality of participating entities.
  3. 3 . The method of claim 1 , wherein the phone number tenure indicates how long a phone number has been in active use.
  4. 4 . The method of claim 3 , wherein the most reliable phone number is a phone number that has a longest phone number tenure.
  5. 5 . The method of claim 1 , wherein the phone number consistency indicates how many the plurality of participating entities have a same phone number.
  6. 6 . The method of claim 5 , wherein the most reliable phone number is a phone number that has a highest phone number consistency.
  7. 7 . The method of claim 1 , wherein the device binding status indicates when the user last logged in on a device with a known phone number.
  8. 8 . The method of claim 7 , wherein the most reliable phone number is a phone number associated with a device on which the user last logged in most recently.
  9. 9 . A fraud reduction system for short message service (SMS) one-time password (OTP) authentication, comprising: a server comprising a processor and a memory coupled to the processor, wherein the server is configured to: receive, from plurality of participating entities, a plurality of phone numbers and a plurality of metadata associated with a user, wherein at least one of the plurality of phone numbers and at least one of the plurality of metadata are received from each of the plurality of participating entities; determine a phone number tenure for each of the plurality of phone numbers, based on the plurality of metadata; determine a phone number consistency for each of the plurality of phone numbers, based on the plurality of metadata; conduct a real time phone ownership check for one of the plurality of phone numbers; determine a most reliable phone number associated with the user from the plurality of phone numbers based on the phone number tenure, the phone number consistency, and the real time phone ownership check; transmit to the most reliable phone number a SMS OTP; and authenticate the user based on the SMS OTP.
  10. 10 . The system of claim 9 , wherein the server is further configured to determine a device binding status for each of the plurality of phone numbers, based on the plurality of metadata.
  11. 11 . The system of claim 9 , wherein the real time phone ownership check indicates that the server is to check with a phone company or other authorities in real time to determine whether an owner of that phone number matches the owner of the phone number at the plurality of participating entities.
  12. 12 . The system of claim 9 , wherein the server is further configured to determine which one of the plurality of phone numbers is last successfully used by at least one of the plurality of participating entities to contact the user via a SMS contact.
  13. 13 . The system of claim 9 , wherein the server is further configured to determine a last date for an ownership check by a third party for each of the plurality of phone numbers.
  14. 14 . The system of claim 13 , wherein the server is further configured to determine the most reliable phone number based on the last date for the ownership check.
  15. 15 . The system of claim 9 , wherein the most reliable phone number is a phone number that has been used for a most recent SMS OTP by one of the plurality of participating entities.
  16. 16 . The system of claim 9 , wherein the server is further configured to authenticate the user through an email address of the user prior to transmitting the SMS OTP to the most reliable phone number.
  17. 17 . The system of claim 9 , wherein the server is further configured to authenticate the user through a contactless card of the user prior to transmitting the SMS OTP to the most reliable phone number.
  18. 18 . The system of claim 9 , wherein the server is further configured to rank the plurality of phone numbers in an order from a lowest risk score to a highest risk score, wherein the phone number having the lowest risk score is the most reliable phone number.
  19. 19 . A non-transitory, computer-readable medium comprising instructions for reducing fraud for short message service (SMS) one-time password (OTP) authentication that, when executed on a computer arrangement, perform actions comprising: receiving, from a plurality of participating entities, a plurality of phone numbers and a plurality of metadata associated with a user, wherein at least one of the plurality of phone numbers and at least one of the plurality of metadata are received from each of the plurality of participating entities; determining a last date for an ownership check by a third party for each of the plurality of phone numbers; determining a phone number consistency for each of the plurality of phone numbers, based on the plurality of metadata; determining a device binding status for each of the plurality of phone numbers, based on the plurality of metadata; determining a most reliable phone number associated with the user from the plurality of phone numbers based on phone number tenure, phone number consistency, and the last date for an ownership check; transmitting to the most reliable phone number a SMS OTP; and authenticating the user based on the SMS OTP.
  20. 20 . The non-transitory, computer-readable medium of claim 19 , wherein the actions further comprise determining a phone number tenure for each of the plurality of phone numbers, based on the plurality of metadata.

Description

FIELD OF THE INVENTION The present disclosure relates generally to data security, and more particularly, to systems and methods for reducing fraud for short message service (SMS) one-time password (OTP) authentication. BACKGROUND Data security and transaction integrity are of critical importance to businesses and consumers. Fraudulent transactions can be very costly and disruptive for businesses and consumers, and attempts by fraudulent actors to perform fraudulent transactions or other fraudulent activities are increasing. To counter fraud, customers are usually authenticated using multiple factors. Authentication via SMS OTP is a frequently used authentication method, however, fraud targeting SMS OTP authentication has been increasing. Examples of such fraud include unauthorized account takeovers, the creation of fraudulent accounts with fake phone numbers, and fraudulently tricking customer service personnel into changing numbers all contribute to fraud via SMS OTP. These and other deficiencies exist. Accordingly, there is a need to provide systems and methods that overcome these deficiencies to reduce fraud for SMS OTP authentication. SUMMARY Aspects of the disclosed technology include systems and methods of reducing fraud. Embodiments of the present disclosure provide a fraud reduction method for short message service (SMS) one-time password (OTP) authentication. The method comprises: receiving, by a server from a plurality of participating entities, a plurality of phone numbers and a plurality of metadata associated with a user, wherein at least one of the plurality of phone numbers and at least one of the plurality of metadata are received from each of the plurality of participating entities; determining, by the server, a phone number tenure for each of the plurality of phone numbers, based on the plurality of metadata; determining, by the server, a phone number consistency for each of the plurality of phone numbers, based on the plurality of metadata; determining, by the server, a device binding status for each of the plurality of phone numbers, based on the plurality of metadata; determining, by the server, a most reliable phone number associated with the user from the plurality of phone numbers based on the phone number tenure, the phone number consistency, and the device binding status; transmitting, by the server, to the most reliable phone number a SMS OTP; and authenticating, by the server, the user based on the SMS OTP. Embodiments of the present disclosure provide a fraud reduction system for SMS OTP authentication. The system comprises a server, wherein the server comprise a processor and a memory coupled to the processor, and the server is configured to: receive, from plurality of participating entities, a plurality of phone numbers and a plurality of metadata associated with a user, wherein at least one of the plurality of phone numbers and at least one of the plurality of metadata are received from each of the plurality of participating entities; determine a phone number tenure for each of the plurality of phone numbers, based on the plurality of metadata; determine a phone number consistency for each of the plurality of phone numbers, based on the plurality of metadata; conduct a real time phone ownership check for one of the plurality of phone numbers; determine a most reliable phone number associated with the user from the plurality of phone numbers based on the phone number tenure, the phone number consistency, and the real time phone ownership check; transmit to the most reliable phone number a SMS OTP; and authenticate the user based on the SMS OTP. Embodiments of the present disclosure provide a non-transitory, computer-readable medium comprising instructions for reducing fraud for SMS OTP authentication that, when executed on a computer arrangement, perform actions comprising: receiving, from a plurality of participating entities, a plurality of phone numbers and a plurality of metadata associated with a user, wherein at least one of the plurality of phone numbers and at least one of the plurality of metadata are received from each of the plurality of participating entities; determining a last date for an ownership check by a third party for each of the plurality of phone numbers; determining a phone number consistency for each of the plurality of phone numbers, based on the plurality of metadata; determining a device binding status for each of the plurality of phone numbers, based on the plurality of metadata; determining a most reliable phone number associated with the user from the plurality of phone numbers based on the phone number tenure, the phone number consistency, and the last date for an ownership check; transmitting to the most reliable phone number a SMS OTP; and authenticating the user based on the SMS OTP. Further features of the disclosed systems and methods, and the advantages offered thereby, are explained in greater detail hereinafter with reference to specific