U.S. patent application number 17/829115 was filed with the patent office on 2022-09-15 for systems and methods for secure electronic transfers.
This patent application is currently assigned to Early Warning Services, LLC. The applicant listed for this patent is Early Warning Services, LLC. Invention is credited to Rajasekhar Divakaruni, Rajesh Kulkarni, Laura Weinflash.
Application Number | 20220292511 17/829115 |
Document ID | / |
Family ID | 1000006431702 |
Filed Date | 2022-09-15 |
United States Patent
Application |
20220292511 |
Kind Code |
A1 |
Weinflash; Laura ; et
al. |
September 15, 2022 |
SYSTEMS AND METHODS FOR SECURE ELECTRONIC TRANSFERS
Abstract
Systems and methods including one or more processors and one or
more non-transitory storage devices storing computing instructions
configured to run on the one or more processors and perform
receiving a request for a transfer from a selected payor account of
a payor to a payee; determining a fraud risk score for the
transfer; transmitting, to a payee financial institution for the
payee, the fraud risk score, wherein the payee financial
institution is configured to determine a transfer decision for the
transfer based at least in part on the fraud risk score and
information about a payee account for the transfer, wherein the
payee account is owned by the payee and maintained by the payee
financial institution; and when the transfer decision comprises an
approval of the transfer by the payee financial institution,
facilitating the transfer from the selected payor account to the
payee account, wherein facilitating the transfer comprises: sending
transfer information to a payor financial institution to cause the
payor financial institution to send a request for payment through a
real-time settlement network to the payee financial institution to
authorize a real-time credit transfer from the selected payor
account to the payee account, wherein the real-time credit transfer
is settled in real-time through the real-time settlement network.
Other embodiments are disclosed herein.
Inventors: |
Weinflash; Laura;
(Scottsdale, AZ) ; Divakaruni; Rajasekhar;
(Scottsdale, AZ) ; Kulkarni; Rajesh; (Scottsdale,
AZ) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Early Warning Services, LLC |
Scottsdale |
AZ |
US |
|
|
Assignee: |
Early Warning Services, LLC
Scottsdale
AZ
|
Family ID: |
1000006431702 |
Appl. No.: |
17/829115 |
Filed: |
May 31, 2022 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
17824878 |
May 25, 2022 |
|
|
|
17829115 |
|
|
|
|
17191358 |
Mar 3, 2021 |
|
|
|
17824878 |
|
|
|
|
63281855 |
Nov 22, 2021 |
|
|
|
63192182 |
May 24, 2021 |
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
G06Q 20/10 20130101;
G06Q 20/382 20130101; G06Q 20/4016 20130101 |
International
Class: |
G06Q 20/40 20060101
G06Q020/40; G06Q 20/38 20060101 G06Q020/38; G06Q 20/10 20060101
G06Q020/10 |
Claims
1. A system comprising: one or more processors; and one or more
non-transitory computer-readable media storing computing
instructions that, when executed on the one or more processors,
perform: receiving a request for a transfer from a selected payor
account of a payor to a payee; determining a fraud risk score for
the transfer; transmitting, to a payee financial institution for
the payee, the fraud risk score, wherein the payee financial
institution is configured to determine a transfer decision for the
transfer based at least in part on the fraud risk score and
information about a payee account for the transfer, wherein the
payee account is owned by the payee and maintained by the payee
financial institution; and when the transfer decision comprises an
approval of the transfer by the payee financial institution,
facilitating the transfer from the selected payor account to the
payee account, wherein facilitating the transfer comprises: sending
transfer information to a payor financial institution to cause the
payor financial institution to send a request for payment through a
real-time settlement network to the payee financial institution to
authorize a real-time credit transfer from the selected payor
account to the payee account, wherein the real-time credit transfer
is settled in real-time through the real-time settlement
network.
2. The system of claim 1, wherein: the transfer information
comprises information to identify the payee financial institution
and the payee account to the real-time settlement network.
3. The system of claim 2, wherein the transfer information does not
include an account number of the payee account.
4. The system of claim 1, wherein the transfer information
comprises the fraud risk score.
5. The system of claim 1, wherein: determining the fraud risk score
further comprises: determining the fraud risk score by using a
first risk model; and the payee financial institution is further
configured to determine the transfer decision based at least in
part on a second risk model to determine a second fraud risk
score.
6. The system of claim 1, wherein facilitating the transfer from
the selected payor account to the payee account further comprises:
transmitting, to the payor financial institution, the fraud risk
score for the payor financial institution to determine a second
transfer decision based at least in part on the fraud risk
score.
7. The system of claim 6, wherein: determining the fraud risk score
further comprises: determining the fraud risk score by using a
first risk model; and the payor financial institution is further
configured to determine the second transfer decision based at least
in part on a third risk model to determine a third fraud risk
score.
8. The system of claim 6, wherein: the payor financial institution
is further configured to determine the second transfer decision
based at least in part on comparing a balance for the selected
payor account with a transfer amount for the transfer.
9. The system of claim 1, wherein the computing instructions, when
executed on the one or more processors, are further configured to
perform, before determining the fraud risk score for the transfer:
facilitating an authorization for the payor to authorize the payor
financial institution to grant an access code; requesting, from the
payor financial institution, one or more eligible payor accounts
owed by the payor and maintained by the payor financial
institution; and causing a payor device of the payor to display the
one or more eligible payor accounts for the payor to determine the
selected payor account from among the one or more eligible payor
accounts for the transfer.
10. The system of claim 1, wherein determining the fraud risk score
for the transfer comprises: analyzing a transfer history of the
payee.
11. A method implemented via execution of computing instructions
configured to run at one or more processors and configured to be
stored at non-transitory computer-readable media, the method
comprising: receiving a request for a transfer from a selected
payor account of a payor to a payee; determining a fraud risk score
for the transfer; transmitting, to a payee financial institution
for the payee, the fraud risk score, wherein the payee financial
institution is configured to determine a transfer decision for the
transfer based at least in part on the fraud risk score and
information about a payee account for the transfer, wherein the
payee account is owned by the payee and maintained by the payee
financial institution; and when the transfer decision comprises an
approval of the transfer by the payee financial institution,
facilitating the transfer from the selected payor account to the
payee account, wherein facilitating the transfer comprises: sending
transfer information to a payor financial institution to cause the
payor financial institution to send a request for payment through a
real-time settlement network to the payee financial institution to
authorize a real-time credit transfer from the selected payor
account to the payee account, wherein the real-time credit transfer
is settled in real-time through the real-time settlement
network.
12. The method of claim 11, wherein: the transfer information
comprises information to identify the payee financial institution
and the payee account to the real-time settlement network.
13. The method of claim 12, wherein the transfer information does
not include an account number of the payee account.
14. The method of claim 11, wherein the transfer information
comprises the fraud risk score.
15. The method of claim 11, wherein: determining the fraud risk
score further comprises: determining the fraud risk score by using
a first risk model; and the payee financial institution is further
configured to determine the transfer decision based at least in
part on a second risk model to determine a second fraud risk
score.
16. The method of claim 11, wherein facilitating the transfer from
the selected payor account to the payee account further comprises:
transmitting, to the payor financial institution, the fraud risk
score for the payor financial institution to determine a second
transfer decision based at least in part on the fraud risk
score.
17. The method of claim 16, wherein: determining the fraud risk
score further comprises: determining the fraud risk score by using
a first risk model; and the payor financial institution is further
configured to determine the second transfer decision based at least
in part on a third risk model to determine a third fraud risk
score.
18. The method of claim 16, wherein: the payor financial
institution is further configured to determine the second transfer
decision based at least in part on comparing a balance for the
selected payor account with a transfer amount for the transfer.
19. The method of claim 11 further comprising: facilitating an
authorization for the payor to authorize the payor financial
institution to grant an access code; requesting, from the payor
financial institution, one or more eligible payor accounts owed by
the payor and maintained by the payor financial institution; and
causing a payor device of the payor to display the one or more
eligible payor accounts for the payor to determine the selected
payor account from among the one or more eligible payor accounts
for the transfer.
20. The method of claim 11, wherein determining the fraud risk
score for the transfer comprises: analyzing a transfer history of
the payee.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is continuation of Ser. No. 17/824,878,
filed May 25, 2022, and also is a continuation-in-part of, and
claims priority to U.S. patent application Ser. No. 17/191,358,
filed Mar. 3, 2021. This application further claims the benefit of
U.S. Provisional Application Ser. No. 63/281,855, filed Nov. 22,
2021. U.S. patent application Ser. No. 17/824,878 claims the
benefit of U.S. Provisional Application Ser. No. 63/192,182, filed
May 25, 2021. Provisional Application Serial Numbers 63/192,182 and
63/281,855 and patent application Ser. Nos. 17/191,358 and
17/824,878 are herein incorporated by this reference in its
entirety.
TECHNICAL FIELD
[0002] This disclosure relates generally to electronic transfers,
and more particularly relates to systems and methods for secure,
instantaneous transfers.
BACKGROUND
[0003] Digital assets (e.g., cryptocurrencies, non-fungible tokens
(NFTs), electronically held bank accounts, etc.) have become more
prevalent in today's world as a means of exchange. While this
increased prevalence has come with new advantages, it has also lead
to a number of new problems. For example, owners of digital assets
often expect that the transfers of such assets will happen in real
time (e.g., instantaneously or almost instantaneously), but
operators of digital asset sources (e.g., cryptocurrency exchanges,
banks, NFT market operators, etc.) must ensure that these transfers
are secure so that the chances of digital fraud are minimized.
These two goals of real time transfers and secure transfers can be
in competition with each other in prior systems for electronic
transfers of digital assets because a faster transfer gives an
operator less time to perform due diligence on the transfer.
Therefore, there is a need for a system to securely and quickly
transfer digital assets.
BRIEF DESCRIPTION OF THE DRAWINGS
[0004] To facilitate further description of the embodiments, the
following drawings are provided in which:
[0005] FIG. 1 illustrates a front elevational view of a computer
system that is suitable for implementing various embodiments of the
systems disclosed in FIGS. 3 and 5;
[0006] FIG. 2 illustrates a representative block diagram of an
example of the elements included in the circuit boards inside a
chassis of the computer system of FIG. 1;
[0007] FIG. 3 illustrates a representative block diagram of a
system, according to an embodiment;
[0008] FIG. 4 illustrates a flowchart for a method, according to
certain embodiments;
[0009] FIG. 5 illustrates a representative block diagram of a
system, according to an additional embodiment;
[0010] FIG. 6 illustrates a representative block diagram of a
system, according to an embodiment;
[0011] FIG. 7 illustrates a flowchart for a method, according to an
embodiment;
[0012] FIG. 8 illustrates a flowchart for a method, according to an
embodiment;
[0013] FIG. 9 illustrates a flowchart for a method, according to an
embodiment;
[0014] FIG. 10 illustrates a flowchart for a method, according to
an embodiment;
[0015] FIG. 11 illustrates a flowchart for a method, according to
an embodiment; and
[0016] FIG. 12 illustrates a flowchart for a method, according to
an embodiment.
[0017] For simplicity and clarity of illustration, the drawing
figures illustrate the general manner of construction, and
descriptions and details of well-known features and techniques may
be omitted to avoid unnecessarily obscuring the present disclosure.
Additionally, elements in the drawing figures are not necessarily
drawn to scale. For example, the dimensions of some of the elements
in the figures may be exaggerated relative to other elements to
help improve understanding of embodiments of the present
disclosure. The same reference numerals in different figures denote
the same elements.
[0018] The terms "first," "second," "third," "fourth," and the like
in the description and in the claims, if any, are used for
distinguishing between similar elements and not necessarily for
describing a particular sequential or chronological order. It is to
be understood that the terms so used are interchangeable under
appropriate circumstances such that the embodiments described
herein are, for example, capable of operation in sequences other
than those illustrated or otherwise described herein. Furthermore,
the terms "include," and "have," and any variations thereof, are
intended to cover a non-exclusive inclusion, such that a process,
method, system, article, device, or apparatus that comprises a list
of elements is not necessarily limited to those elements, but may
include other elements not expressly listed or inherent to such
process, method, system, article, device, or apparatus.
[0019] The terms "left," "right," "front," "back," "top," "bottom,"
"over," "under," and the like in the description and in the claims,
if any, are used for descriptive purposes and not necessarily for
describing permanent relative positions. It is to be understood
that the terms so used are interchangeable under appropriate
circumstances such that the embodiments of the apparatus, methods,
and/or articles of manufacture described herein are, for example,
capable of operation in other orientations than those illustrated
or otherwise described herein.
[0020] The terms "couple," "coupled," "couples," "coupling," and
the like should be broadly understood and refer to connecting two
or more elements mechanically and/or otherwise. Two or more
electrical elements may be electrically coupled together, but not
be mechanically or otherwise coupled together. Coupling may be for
any length of time, e.g., permanent or semi-permanent or only for
an instant. "Electrical coupling" and the like should be broadly
understood and include electrical coupling of all types. The
absence of the word "removably," "removable," and the like near the
word "coupled," and the like does not mean that the coupling, etc.
in question is or is not removable.
[0021] As defined herein, two or more elements are "integral" if
they are comprised of the same piece of material. As defined
herein, two or more elements are "non-integral" if each is
comprised of a different piece of material.
[0022] As defined herein, "real-time" can, in some embodiments, be
defined with respect to operations carried out as soon as
practically possible upon occurrence of a triggering event. A
triggering event can include receipt of data necessary to execute a
task or to otherwise process information. Because of delays
inherent in transmission and/or in computing speeds, the term "real
time" encompasses operations that occur in "near" real time or
somewhat delayed from a triggering event. In a number of
embodiments, "real time" can mean real time less a time delay for
processing (e.g., determining) and/or transmitting data. The
particular time delay can vary depending on the type and/or amount
of the data, the processing speeds of the hardware, the
transmission capability of the communication hardware, the
transmission distance, etc. However, in many embodiments, the time
delay can be less than approximately one second, two seconds, five
seconds, or ten seconds.
[0023] As defined herein, "approximately" can, in some embodiments,
mean within plus or minus ten percent of the stated value. In other
embodiments, "approximately" can mean within plus or minus five
percent of the stated value. In further embodiments,
"approximately" can mean within plus or minus three percent of the
stated value. In yet other embodiments, "approximately" can mean
within plus or minus one percent of the stated value.
DESCRIPTION OF EXAMPLES OF EMBODIMENTS
[0024] A number of embodiments can include a first system. The
system can include one or more processors and one or more
non-transitory computer-readable storage devices storing computing
instructions. The computing instructions can be configured to run
on the one or more processors and perform: receiving a request for
a transfer from a user device of a user, the transfer being from a
source of funds owned by the user to a destination account owned by
a third-party; coordinating displaying, on the user device of the
user, at least one transfer method of a plurality of transfer
methods for the transfer; receiving, from the user device of the
user, a selection of the at least one transfer method of the
plurality of transfer methods; receiving a token from an operator
of the source of funds owned by the user, the token being unique to
the third-party; transferring the token to the third-party; after
transferring the token to the third-party, receiving the token and
transfer details of the transfer from the third-party; in response
to receiving the token and the transfer details, determining a
fraud risk score for the transfer; and when the fraud risk score
satisfies a predetermined threshold, facilitating the transfer from
the user to the third-party.
[0025] Various embodiments include a first method. The method can
be implemented via execution of computing instructions configured
to run at one or more processors and configured to be stored at
non-transitory computer-readable media. The method can comprise
receiving a request for a transfer from a user device of a user,
the transfer being from a source of funds owned by the user to a
destination account owned by a third-party; coordinating
displaying, on the user device of the user, at least one transfer
method of a plurality of transfer methods for the transfer;
receiving, from the user device of the user, a selection of the at
least one transfer method of the plurality of transfer methods;
receiving a token from an operator of the source of funds owned by
the user, the token being unique to the third-party; transferring
the token to the third-party; after transferring the token to the
third-party, receiving the token and transfer details of the
transfer from the third-party; in response to receiving the token
and the transfer details, determining a fraud risk score for the
transfer; and when the fraud risk score satisfies a predetermined
threshold, facilitating the transfer from the user to the
third-party.
[0026] Various embodiments can include a second system. The system
can include one or more processors and one or more non-transitory
computer-readable media storing computing instructions. When
executed on the one or more processors, the computing instructions
can perform certain acts. In many embodiments, the acts can include
receiving, from a payee system for a payee, a request for a
transfer from a payor to the payee. In some embodiments, the acts
further can include causing a payor device of the payor to display
a plurality of candidate financial institutions for the payor to
determine a payor financial institution of the plurality of
candidate financial institutions for the transfer. The acts also
can include causing the payor device to display an authorization
user interface for the payor to authorize the payor financial
institution to grant an access code to the system. In certain
embodiments, the acts additionally can include validating that the
access code is authentic. The authorization user interface
additionally can be configured to allow the payor to log into a
payor user account at the payor financial institution.
[0027] Meanwhile, the acts further can include, in response to the
payor financial institution granting the access code, requesting,
from the payor financial institution, one or more eligible payor
accounts owned by the payor and maintained by the payor financial
institution. The payor user account at the payor financial
institution can be associated with the one or more eligible payor
accounts. In a number of embodiments, the acts further can include
causing the payor device to display the one or more eligible payor
accounts for the payor to determine a selected payor account of the
one or more eligible payor accounts for the transfer. The acts
additionally can include determining a fraud risk score for the
transfer. In some embodiments, the act of determining the fraud
risk score for the transfer can include analyzing a transfer
history of the payee. Moreover, the acts can include transmitting,
to a payee financial institution for the payee, the fraud risk
score. The payee financial institution can be configured to
determine a transfer decision for the transfer based at least in
part on: (a) the fraud risk score, and (b) information about a
payee account for the transfer. The payee account can be owned by
the payee and maintained by the payee financial institution.
Further, the acts can include: when the transfer decision comprises
an approval of the transfer by the payee financial institution,
facilitating the transfer from the selected payor account to the
payee account.
[0028] In a number of embodiments, the act of determining the fraud
risk score further can include determining the fraud risk score by
using a first risk model. The payee financial institution further
can be configured to determine the transfer decision based at least
in part on a second risk model to determine a second fraud risk
score. In many embodiments, the act of facilitating the transfer
from the selected payor account to the payee account further can
include transmitting, to the payor financial institution, the fraud
risk score for the payor financial institution to determine a
second transfer decision based at least in part on the fraud risk
score. In certain embodiments, the payor financial institution can
be configured to perform certain approval processes before
effectuating the transfer. The payor financial institution can be
configured to determine the second transfer decision based at least
in part on comparing a balance for the selected payor account with
a transfer amount for the transfer. The payor financial institution
further can be configured to determine the second transfer decision
based at least in part on a third risk model to determine a third
fraud risk score.
[0029] In some embodiments, the first risk model, the second risk
model, and/or third risk model each can include any suitable
hardware and/or software configured to implement one or more
suitable fraud risk scoring algorithms based on pertinent
information (e.g., information about the transfer, a transaction
history of the payee and/or the payee account, etc.). Each of the
first risk model, the second risk model, and/or third risk model
can be similar or different from each other in that the hardware,
software, algorithms, and/or information used for determining the
respective fraud risk scores can be similar or different.
[0030] In a number of embodiments, the acts further can include a
token-based authentication process for increased security. For
example, the act of requesting the one or more eligible payor
accounts further can include obtaining, from the payor financial
institution, an access token associated with the payor. In certain
embodiments, the access token can be similar or identical to the
access token described above. The access token can be issued to the
system by the payor financial institution after the system is
granted the access code to communicate with the payor financial
institution. The access token can be uniquely associated with the
payor or the payor user account. The access token further can be
configured to allow the system to perform certain tasks or access
certain resources (e.g., requesting the one or more eligible payor
accounts, or authorizing the transfer of funds, etc.) at the payor
financial institution on behalf of the payor. In some embodiments,
the access token can be used by not only the system but also any
other devices, systems, and/or models that hold the access token.
In similar or different embodiments, the access token further can
include an expiration date and/or time, after which the access
token becomes unusable. For an access token that can be used by any
bearer of the access token, the access token including an
expiration time can lower the risk of unauthorized access or leak
of the payor's confidential information and/or protected
resources.
[0031] In several embodiments, the act of requesting the one or
more eligible payor accounts further can include obtaining, from
the payor financial institution, a refresh token associated with
the access token. The refresh token can be configured to extend the
time for the system to communicate with and/or access protected
resources at the payor financial institution. For example, the act
of requesting the one or more eligible payor accounts further can
include when the refresh token is valid, requesting the payor
financial institution to renew an expired access token associated
with the refresh token without prompting the payor to re-log in
and/or re-authorize access. The act of requesting the one or more
eligible payor accounts also can include, when the refresh token
and the access token are expired, causing the payor device of the
payor to display the authorization user interface for the payor to
authorize the payor financial institution to renew the access token
and the refresh token. In many embodiments, the refresh token can
be obtained from the payor financial institution at the same time
when the system obtains a new access token. The refresh token
further can include an expiration time (e.g., an hour, 24 hours, 3
days, a week, or a month) that is longer than that of the access
token (e.g., 1 minute, 3 minutes, 5 minutes, or 30 minutes). In
many embodiments, the acts performed by the computing instructions
of the second system further can include one or more of the
activities or acts of any of the embodiments described above.
[0032] Various embodiments include a second method. The method can
be implemented via execution of computing instructions configured
to run at one or more processors and configured to be stored at
non-transitory computer-readable media. In many embodiments, the
method can include receiving, from a payee system for a payee, a
request for a transfer from a payor to the payee. The method
further can include causing the payor device to display an
authorization user interface for the payor to authorize a payor
financial institution to grant an access code to the system or the
one or more processors performing the method. The method also can
include, in response to the payor financial institution granting
the access code, requesting, from the payor financial institution,
one or more eligible payor accounts owned by the payor and
maintained by the payor financial institution.
[0033] In a number of embodiments, the method further can include
causing the payor device to display the one or more eligible payor
accounts for the payor to determine a selected payor account of the
one or more eligible payor accounts for the transfer. The method
additionally can include determining a fraud risk score for the
transfer. Moreover, the method can include transmitting, to a payee
financial institution for the payee, the fraud risk score. The
payee financial institution can be configured to determine a
transfer decision for the transfer based at least in part on: (a)
the fraud risk score, and (b) information about a payee account for
the transfer. The payee account can be owned by the payee and
maintained by the payee financial institution. The method further
can include, when the transfer decision comprises an approval of
the transfer by the payee financial institution, facilitating the
transfer from the selected payor account to the payee account. In
many embodiments, the method further can include one or more of the
activities or acts of any of the embodiments described above. In a
number of embodiments, the method can be adopted to allow the payor
who is not registered with the payee system to authorize a one-time
transfer (e.g., a guest checkout) between the payor financial
institution and the payee financial institution.
[0034] Various embodiments can include a third system. The system
can include one or more processors and one or more non-transitory
computer-readable media storing computing instructions. When
executed on the one or more processors, the computing instructions
can perform certain acts. In many embodiments, the acts can include
receiving, from a payee system for a payee, a request for a
transfer from a payor to the payee. The payor can be associated
with a payor user profile of the payee system. The payee system can
be configured to transmit the request pursuant to an instruction by
the payor. For example, the payee system can transmit the request
for a transfer after the payor chooses a transfer method and
authorize the transfer for a purchase at the payee system.
[0035] In a number of embodiments, the acts further can include
causing a payor device for the payor to display an authorization
user interface for the payor to authorize a payor financial
institution to grant an access code to the system. In embodiments
where the transfer method acceptable to the payee system is
associated with a plurality of candidate financial institutions,
the acts further can include causing the payor device to display
the plurality of candidate financial institutions for the payor to
determine the payor financial institution of the plurality of
candidate financial institutions for the transfer. In many
embodiments, the authorization user interface also can be
configured to allow the payor to log into a payor user account at
the payor financial institution before authorizing the payor
financial institution to grant the access code to the system. The
access code can be transmitted to the system directly or
indirectly. In some embodiments, the acts also can include
validating that the access code is authentic to ensure that the
access code is not counterfeited or re-used and that the access to
any protected resources of the payor is authorized.
[0036] In a number of embodiments, the acts additionally can
include requesting, from the payor financial institution, one or
more eligible payor accounts owned by the payor and maintained by
the payor financial institution. The one or more eligible payor
accounts can be associated with the payor user account. The acts
further can include causing the payor device to display the one or
more eligible payor accounts for the payor to determine a selected
payor account of the one or more eligible payor accounts for the
transfer. In some embodiments, the acts further can include
determining a fraud risk score for the transfer. Determining the
fraud risk score can be implemented by any suitable hardware,
software, risk models, and/or risk data associated with the payee.
In certain embodiments, the act of determining the fraud risk score
can include analyzing a transfer history of the payee.
[0037] In a number of embodiments, the acts further can include
transmitting, to a payee financial institution for the payee, the
fraud risk score. The payee financial institution can be configured
to determine a transfer decision for the transfer based at least in
part on the fraud risk score and information about a payee account
for the transfer. The payee account can be owned by the payee and
maintained by the payee financial institution. In certain
embodiments, transmitting the fraud risk score to the payee
financial institution can cause or accompany an instruction to
cause the payee financial institution to determine the transfer
decision. The acts further can include when the transfer decision
comprises an approval of the transfer by the payee financial
institution, facilitating the transfer from the selected payor
account to the payee account.
[0038] The acts further can include after facilitating the
transfer, generating a transfer token associated with the payor and
the payee. The transfer token can be associated with transfer data
for the transfer. The transfer data can include information about
the transfer that has been performed, such as information about the
payor, the payee, the status of the transfer (e.g., "sent",
"failed", "disapproved", etc.), the payor financial institution,
the payee financial institution, the selected payor account, the
payor user profile of the payee system, and/or the payor user
account with the payor financial institution, etc. In a number of
embodiments, the acts also can include storing the transfer data
for the transfer. The acts additionally can include transmitting
the transfer token to the payee system. The payee system can store
the transfer token with or into the payor user profile for future
use.
[0039] In a number of embodiments, determining the fraud risk score
further can include determining the fraud risk score by using a
first risk model. The payee financial institution further can be
configured to determine the transfer decision based at least in
part on a second risk model to determine a second fraud risk score.
The first risk model can be similar or different from the second
risk model. In certain embodiments, the risk data for the first
risk model to determine the fraud risk score also can be similar or
different from the risk data for the second risk model.
[0040] In many embodiments, facilitating the transfer from the
selected payor account to the payee account further can include
transmitting, to the payor financial institution, the fraud risk
score for the payor financial institution to determine a second
transfer decision based at least in part on the fraud risk score.
In some embodiments, the payor financial institution can be
configured to determine the second transfer decision after
receiving the fraud risk score and/or a transfer instruction. In
certain embodiments, the fraud risk score transmitted to the payor
financial institution can be accompanied by a request to cause the
payor financial institution to determine the second transfer
decision.
[0041] In embodiments where the payor financial institution is
configured to determine the second transfer decision, the payor
financial institution can be further configured to determine the
second transfer decision based at least in part on: (a) a third
risk model to determine a third fraud risk score; and/or (b)
comparing a balance for the selected payor account with a transfer
amount for the transfer. The third risk model can be similar or
different from the first risk model and/or second risk model
described above. Further, the risk data for the third risk model to
determine the third fraud risk score also can be similar or
different from the risk data for the first risk model and/or second
risk model. The risk data for the third risk model can include the
fraud risk score. In many embodiments, after comparing, when the
balance for the selected payor account is less than the transfer
amount for the transfer, the second transfer decision can include a
denial for the transfer.
[0042] In many embodiments, the act of requesting the one or more
eligible payor accounts from the payor financial institution can
include: (a) obtaining, from the payor financial institution, an
access token associated with the payor; (b) obtaining, from the
payor financial institution, a refresh token associated with the
access token; (c) when the refresh token is valid, requesting the
payor financial institution to renew the access token; and/or (d)
when the refresh token and the access token are expired, causing
the payor device for the payor to display the authorization user
interface for the payor to authorize the payor financial
institution to renew the access token and the refresh token. In a
number of embodiments, the transfer data for the transfer further
can include the access token and/or the refresh token for the
transfer. In many embodiments, the acts performed by the computing
instructions of the third system further can include one or more of
the activities or acts of any of the embodiments described
above.
[0043] Various embodiments include a third method. The method can
be implemented via execution of computing instructions configured
to run at one or more processors and configured to be stored at
non-transitory computer-readable media. In many embodiments, the
method can include receiving, from a payee system for a payee, a
request for a transfer from a payor to the payee. The payor can be
associated with a payor user profile of the payee system. The
method further can include causing a payor device for the payor to
display an authorization user interface for the payor to authorize
a payor financial institution to grant an access code to the one or
more processors. In addition, the method can include requesting,
from the payor financial institution, one or more eligible payor
accounts owned by the payor and maintained by the payor financial
institution. The method also can include causing the payor device
to display the one or more eligible payor accounts for the payor to
determine a selected payor account of the one or more eligible
payor accounts for the transfer.
[0044] In many embodiments, the method further can include
determining a fraud risk score for the transfer. The method
additionally can include transmitting, to a payee financial
institution for the payee, the fraud risk score. In some
embodiments, the payee financial institution can be configured to
determine a transfer decision for the transfer based at least in
part on the fraud risk score and information about a payee account
for the transfer, and the payee account can be owned by the payee
and maintained by the payee financial institution. The method
further can include, when the transfer decision comprises an
approval of the transfer by the payee financial institution,
facilitating the transfer from the selected payor account to the
payee account.
[0045] Furthermore, the method also can include one or more
post-transfer activities. For example, the method can include: (a)
generating a transfer token associated with the payor and the
payee; (b) storing transfer data for the transfer, the transfer
data being associated with the transfer token; and/or (c)
transmitting the transfer token to the payee system. The payee
system can store the transfer token with or into the payor user
profile. The transfer data can include any information related to
the transfer, such as information about the access token, the
refresh token, the payor, the payee, etc. In some embodiments, one
or more of these post-transfer activities each can be performed
when the transfer decision by the payee financial institution
includes an approval or after the transfer is successful or
completed. In many embodiments, the method further can include one
or more of the activities or acts of any of the embodiments
described above. In a number of embodiments, the method can be
adopted to allow the payor who has a payor user profile of the
payee system but has never used a transfer method between the payor
financial institution and the payee financial institution to
authorize the transfer and have the transfer data saved for future
use, if any.
[0046] Various embodiments can include a fourth system. The system
can include one or more processors and one or more non-transitory
computer-readable media storing computing instructions. When
executed on the one or more processors, the computing instructions
can perform certain acts. In many embodiments, the acts can include
receiving, from a payee system for a payee, a request for a
transfer from a payor to the payee. The request for the transfer
can be generated and/or transmitted in response to a checkout
command from the payor with a selected transfer method (e.g., a
real-time fund transfer between bank accounts, etc.). The payor can
be associated with a payor user profile of the payee system. The
request can include a transfer token associated with the payor and
the payee. The transfer token can be generated or updated after the
previous transfer and stored with or in the payor user profile.
[0047] In some embodiments, the acts further can include retrieving
transfer data based on the transfer token. The transfer data can be
associated with the transfer token, a payor financial institution
for the payor, and/or a selected payor account owned by the payor
and maintained by the payor financial institution. The transfer
data can include an access token for the payor financial
institution and the payor. When the access token is valid (e.g.,
not expired), the access token can be re-used for the system to
re-connect with and to regain access to resources of the payor at
the payor financial institution. In a number of embodiments, the
acts also can include using the access token to access one or more
eligible payor accounts owned by the payor and maintained by the
payor financial institution. The one or more eligible payor
accounts can include the selected payor account.
[0048] In a number of embodiments, the acts further can include
determining a fraud risk score for the transfer. The act of
determining the fraud risk score can be similar or identical to the
act of determining the fraud risk score in any of the embodiments
described above. For example, determining the fraud risk score can
include analyzing a transfer history of the payee. In some
embodiments, the acts also can include transmitting, to a payee
financial institution for the payee, the fraud risk score. The
payee financial institution can be configured to determine a
transfer decision for the transfer based at least in part on the
fraud risk score and information about a payee account for the
transfer. The payee account can be owned by the payee and
maintained by the payee financial institution. The acts further can
include when the transfer decision includes an approval of the
transfer by the payee financial institution, facilitating the
transfer from the selected payor account to the payee account.
[0049] In many embodiments, the acts further can include one or
more of: (a) causing a payor device for the payor to display a
plurality of candidate financial institutions for the transfer, the
plurality of candidate financial institutions comprising the payor
financial institution, and receiving, from the payor device, a
selection of the payor financial institution of the plurality of
candidate financial institutions; (b) causing the payor device to
display the one or more eligible payor accounts for the payor to
determine the selected payor account of the one or more eligible
payor accounts for the transfer; (c) validating that the transfer
token is authentic; and/or (d) determining whether the access token
is expired.
[0050] In a number of embodiments, the acts additionally can
include, in response to determining that the access token is
expired, either (a) causing the payor device to display an
authorization user interface for the payor to authorize the payor
financial institution to renew the access token; or (b) determining
whether a refresh token of the transfer data for the access token
is expired, and when the refresh token is valid, causing the payor
financial institution to renew the access token; and when the
refresh token is expired, causing the payor device to display the
authorization user interface for the payor to authorize the payor
financial institution to renew the access token and the refresh
token. In several embodiments, the authorization user interface for
the payor to authorize the payor financial institution to renew the
access token further can be configured to allow the payor to log
into a payor user account with the payor financial institution. The
payor user account can be associated with the one or more eligible
payor accounts. In some embodiments, the acts further can include,
in response to either (a) receiving the selection of the payor
financial institution, or (b) the payor determining the selected
payor account, updating the transfer data for the transfer.
[0051] In many embodiments, the acts further can include one or
more acts in the embodiments described above. For example, the
respective risk models for the system, the payee financial
institution, and/or the payor financial institution for determining
the respective fraud risk scores can be similar or identical to any
of the one or more risk models for the system, the payee financial
institution, and/or the payor financial institution in the other
embodiments. The payee financial institution, and/or the payor
financial institution each can be configured to determine whether
and how the fraud risk score transmitted from the system can be
used to determine the respective transfer decision for the
transfer. In many embodiments, the acts performed by the computing
instructions of the fourth system further can include one or more
of the activities or acts of any of the embodiments described
above.
[0052] Various embodiments include a fourth method. The method can
be implemented via execution of computing instructions configured
to run at one or more processors and configured to be stored at
non-transitory computer-readable media. In many embodiments, the
method can include receiving, from a payee system for a payee, a
request for a transfer from a payor to the payee. The payor can be
associated with a payor user profile of the payee system. The
request can include a transfer token associated with the payor and
the payee. The method further can include retrieving transfer data
based on the transfer token. The transfer data can be associated
with the transfer token, a payor financial institution for the
payor, and a selected payor account owned by the payor and
maintained by the payor financial institution. The transfer data
can include an access token for the payor financial institution and
the payor. In some embodiments, the acts further can include using
the access token to access one or more eligible payor accounts
owned by the payor and maintained by the payor financial
institution. The one or more eligible payor accounts can include
the selected payor account.
[0053] In a number of embodiments, the method also can include
determining a fraud risk score for the transfer. The method further
can include transmitting, to a payee financial institution for the
payee, the fraud risk score. The payee financial institution can be
configured to determine a transfer decision for the transfer based
at least in part on the fraud risk score and information about a
payee account for the transfer. In addition, the payee account can
be owned by the payee and maintained by the payee financial
institution. Moreover, the method can include when the transfer
decision comprises an approval of the transfer by the payee
financial institution, facilitating the transfer from the selected
payor account to the payee account. In many embodiments, the method
further can include one or more of the activities or acts of any of
the embodiments described above. For example, the method can
include renewing the access token when a refresh token is valid
and/or storing the transfer data after facilitating the transfer.
In a number of embodiments, the method can be used by the payor
(who has used a transfer method in the past) to skip the login
process for a faster and smoother checkout experience.
[0054] Various embodiments can include a fifth system. The system
can include one or more processors and one or more non-transitory
computer-readable media storing computing instructions. When
executed on the one or more processors, the computing instructions
can perform certain acts. In many embodiments, the acts can include
receiving a request for a transfer from a selected payor account of
a payor to a payee. The acts further can include determining a
fraud risk score for the transfer. Determining the fraud risk score
can be implemented in any suitable way, including analyzing a
transfer history of the payee. The acts also can include
transmitting, to a payee financial institution for the payee, the
fraud risk score. In some embodiments, the payee financial
institution can be configured to determine a transfer decision for
the transfer based at least in part on the fraud risk score and
information about a payee account for the transfer. The payee
account can be owned by the payee and maintained by the payee
financial institution.
[0055] In many embodiments, the acts further can include when the
transfer decision comprises an approval of the transfer by the
payee financial institution, facilitating the transfer from the
selected payor account to the payee account. The act of
facilitating the transfer can include sending transfer information
to a payor financial institution to cause the payor financial
institution to send a request for payment through a real-time
settlement network to the payee financial institution to authorize
a real-time credit transfer from the selected payor account to the
payee account. The real-time credit transfer can be settled in
real-time through the real-time settlement network. The transfer
information can include: (a) information to identify the payee
financial institution and the payee account to the real-time
settlement network; and/or (b) the fraud risk score. Further, in
some embodiments, the transfer information does not include an
account number of the payee account.
[0056] In a number of embodiments, the act of determining the fraud
risk score further can include determining the fraud risk score by
using a first risk model. The payee financial institution further
can be configured to determine the transfer decision based at least
in part on a second risk model to determine a second fraud risk
score. The first risk model can be similar to or different than the
second risk model.
[0057] In several embodiments, facilitating the transfer from the
selected payor account to the payee account further can include
transmitting, to the payor financial institution, the fraud risk
score for the payor financial institution to determine a second
transfer decision based at least in part on the fraud risk score.
In similar or different embodiments, determining the fraud risk
score further can include determining the fraud risk score by using
a first risk model. The payor financial institution further can be
configured to determine the second transfer decision based at least
in part on: (a) a third risk model to determine a third fraud risk
score; and/or (b) comparing a balance for the selected payor
account with a transfer amount for the transfer. The third risk
model can be similar to or different than the first risk model
and/or the second risk model.
[0058] In a number of embodiments, the acts further can include
before determining the fraud risk score for the transfer: (a)
facilitating an authorization for the payor to authorize the payor
financial institution to grant an access code; (b) requesting, from
the payor financial institution, one or more eligible payor
accounts owed by the payor and maintained by the payor financial
institution; and (c) causing a payor device of the payor to display
the one or more eligible payor accounts for the payor to determine
the selected payor account from among the one or more eligible
payor accounts for the transfer. In many embodiments, the acts
performed by the computing instructions of the fifth system further
can include one or more of the activities or acts of any of the
embodiments described above.
[0059] Various embodiments include a fifth method. The method can
be implemented via execution of computing instructions configured
to run at one or more processors and configured to be stored at
non-transitory computer-readable media. In many embodiments, the
method can include receiving a request for a transfer from a
selected payor account of a payor to a payee. The method further
can include determining a fraud risk score for the transfer. The
method additionally can include transmitting, to a payee financial
institution for the payee, the fraud risk score, wherein the payee
financial institution is configured to determine a transfer
decision for the transfer based at least in part on the fraud risk
score and information about a payee account for the transfer. The
payee account can be owned by the payee and maintained by the payee
financial institution.
[0060] In a number of embodiments, the method further can include
when the transfer decision comprises an approval of the transfer by
the payee financial institution, facilitating the transfer from the
selected payor account to the payee account. The act of
facilitating the transfer can include: sending transfer information
to a payor financial institution to cause the payor financial
institution to send a request for payment through a real-time
settlement network to the payee financial institution to authorize
a real-time credit transfer from the selected payor account to the
payee account, wherein the real-time credit transfer is settled in
real-time through the real-time settlement network. In many
embodiments, the method further can include one or more of the
activities or acts of any of the embodiments described above.
[0061] Various embodiments can include a sixth system. The system
can include one or more processors and one or more non-transitory
computer-readable media storing computing instructions. When
executed on the one or more processors, the computing instructions
can perform certain acts. In many embodiments, the acts can include
receiving, from a payee system for a payee, a request for a
transfer from a payor to the payee. The request can be sent by the
payee without the payor selecting to use the system for the
transfer. The payor can be associated with a payor user profile of
the payee system. The request can include a transfer token
associated with the payor and the payee.
[0062] In some embodiments, the acts further can include retrieving
transfer data based on the transfer token. The transfer data can be
associated with the transfer token, a payor financial institution
for the payor, and a selected payor account owned by the payor and
maintained by the payor financial institution. The transfer data
can include an access token for the payor financial institution and
the payor. In a number of embodiments, the access token can be used
to prevent unauthorized access of the payor's protected resources
at the payor financial institution. For example, the access token
can include an expiration date and/or time. In some embodiments,
the acts further can include determining whether the access token
is expired. The acts also can include determining whether a refresh
token of the transfer data for the access token is expired.
Further, the acts can include when the refresh token is valid,
causing the payor financial institution to renew the access
token.
[0063] In a number of embodiments, the acts also can include
determining a fraud risk score for the transfer. The act of
determining the fraud risk score can include determining the fraud
risk score by: (a) using a first risk model; and/or (b) analyzing a
transfer history of the payee. In some embodiments, the acts
further can include, before determining the fraud risk score for
the transfer, determining the payor financial institution based on
the transfer token.
[0064] In many embodiments, the acts further can include
transmitting, to a payee financial institution for the payee, the
fraud risk score. The payee financial institution can be configured
to determine a transfer decision for the transfer based at least in
part on the fraud risk score and information about a payee account
for the transfer. The payee account can be owned by the payee and
maintained by the payee financial institution.
[0065] In some embodiments, the acts further can include, when the
transfer decision comprises an approval of the transfer by the
payee financial institution, facilitating the transfer from the
selected payor account to the payee account. The payee financial
institution further can be configured to determine the transfer
decision based at least in part on a second risk model to determine
a second fraud risk score. The second risk model can be similar to
or different than the first risk model for the system.
[0066] In several embodiments, the act of facilitating the transfer
from the selected payor account to the payee account further can
include transmitting, to the payor financial institution, the fraud
risk score for the payor financial institution to determine a
second transfer decision based at least in part on the fraud risk
score. The payor financial institution further can be configured to
determine the second transfer decision based at least in part on a
third risk model to determine a third fraud risk score. The third
risk model can be similar to or different than any of the first
risk model for the system or the second risk model for the payee
financial institution. In certain embodiments, the payor financial
institution further can be configured to determine the second
transfer decision based at least in part on comparing a balance for
the selected payor account with a transfer amount for the transfer.
In many embodiments, the acts performed by the computing
instructions of the sixth system further can include one or more of
the activities or acts of any of the embodiments described
above.
[0067] Various embodiments include a sixth method. The method can
be implemented via execution of computing instructions configured
to run at one or more processors and configured to be stored at
non-transitory computer-readable media. In many embodiments, the
method can include receiving, at a system from a payee system for a
payee, a request for a transfer from a payor to the payee. The
request can be sent by the payee without the payor selecting to use
the system for the transfer. The payor can be associated with a
payor user profile of the payee system. The request can comprise a
transfer token associated with the payor and the payee.
[0068] In a number of embodiments, the method further can include
retrieving transfer data based on the transfer token. The transfer
data can be associated with the transfer token, a payor financial
institution for the payor, and a selected payor account owned by
the payor and maintained by the payor financial institution. The
transfer data can include an access token for the payor financial
institution and the payor.
[0069] The method further can include determining a fraud risk
score for the transfer. The method also can include transmitting,
to a payee financial institution for the payee, the fraud risk
score. The payee financial institution can be configured to
determine a transfer decision for the transfer based at least in
part on the fraud risk score and information about a payee account
for the transfer. The payee account can be owned by the payee and
maintained by the payee financial institution. In many embodiments,
the method further can include when the transfer decision comprises
an approval of the transfer by the payee financial institution,
facilitating the transfer from the selected payor account to the
payee account. In many embodiments, the method further can include
one or more of the activities or acts of any of the embodiments
described above. In a number of embodiments, the method can be used
for automatic transfer from the payor to the payee in various
transactions (e.g., installment payments or subscription
billings).
[0070] Turning to the drawings, FIG. 1 illustrates an exemplary
embodiment of a computer system 100, all of which or a portion of
which can be suitable for (i) implementing part or all of one or
more embodiments of the techniques, methods, and systems and/or
(ii) implementing and/or operating part or all of one or more
embodiments of the memory storage modules described herein. As an
example, a different or separate one of a chassis 102 (and its
internal components) can be suitable for implementing part or all
of one or more embodiments of the techniques, methods, and/or
systems described herein. Furthermore, one or more elements of
computer system 100 (e.g., a monitor 106, a keyboard 104, and/or a
mouse 110, etc.) also can be appropriate for implementing part or
all of one or more embodiments of the techniques, methods, and/or
systems described herein. Computer system 100 can comprise chassis
102 containing one or more circuit boards (not shown), a Universal
Serial Bus (USB) port 112, a Compact Disc Read-Only Memory (CD-ROM)
and/or Digital Video Disc (DVD) drive 116, and a hard drive 114. A
representative block diagram of the elements included on the
circuit boards inside chassis 102 is shown in FIG. 2. A central
processing unit (CPU) 210 in FIG. 2 is coupled to a system bus 214
in FIG. 2. In various embodiments, the architecture of CPU 210 can
be compliant with any of a variety of commercially distributed
architecture families.
[0071] Continuing with FIG. 2, system bus 214 also is coupled to a
memory storage unit 208, where memory storage unit 208 can comprise
(i) non-volatile memory, such as, for example, read only memory
(ROM) and/or (ii) volatile memory, such as, for example, random
access memory (RAM). The non-volatile memory can be removable
and/or non-removable non-volatile memory. Meanwhile, RAM can
include dynamic RAM (DRAM), static RAM (SRAM), etc. Further, ROM
can include mask-programmed ROM, programmable ROM (PROM), one-time
programmable ROM (OTP), erasable programmable read-only memory
(EPROM), electrically erasable programmable ROM (EEPROM) (e.g.,
electrically alterable ROM (EAROM) and/or flash memory), etc. In
these or other embodiments, memory storage unit 208 can comprise
(i) non-transitory memory and/or (ii) transitory memory.
[0072] In many embodiments, all or a portion of memory storage unit
208 can be referred to as memory storage module(s) and/or memory
storage device(s). In various examples, portions of the memory
storage module(s) of the various embodiments disclosed herein
(e.g., portions of the non-volatile memory storage module(s)) can
be encoded with a boot code sequence suitable for restoring
computer system 100 (FIG. 1) to a functional state after a system
reset. In addition, portions of the memory storage module(s) of the
various embodiments disclosed herein (e.g., portions of the
non-volatile memory storage module(s)) can comprise microcode such
as a Basic Input-Output System (BIOS) operable with computer system
100 (FIG. 1). In the same or different examples, portions of the
memory storage module(s) of the various embodiments disclosed
herein (e.g., portions of the non-volatile memory storage
module(s)) can comprise an operating system, which can be a
software program that manages the hardware and software resources
of a computer and/or a computer network. The BIOS can initialize
and test components of computer system 100 (FIG. 1) and load the
operating system. Meanwhile, the operating system can perform basic
tasks such as, for example, controlling and allocating memory,
prioritizing the processing of instructions, controlling input and
output devices, facilitating networking, and managing files.
Exemplary operating systems can comprise one of the following: (i)
Microsoft.RTM. Windows.RTM. operating system (OS) by Microsoft
Corp. of Redmond, Wash., United States of America, (ii) Mac.RTM. OS
X by Apple Inc. of Cupertino, Calif., United States of America,
(iii) UNIX.RTM. OS, and (iv) Linux.RTM. OS. Further exemplary
operating systems can comprise one of the following: (i) the
iOS.RTM. operating system by Apple Inc. of Cupertino, Calif.,
United States of America, (ii) the Blackberry.RTM. operating system
by Research In Motion (RIM) of Waterloo, Ontario, Canada, (iii) the
WebOS operating system by LG Electronics of Seoul, South Korea,
(iv) the Android.TM. operating system developed by Google, of
Mountain View, Calif., United States of America, (v) the Windows
Mobile.TM. operating system by Microsoft Corp. of Redmond, Wash.,
United States of America, or (vi) the Symbian.TM. operating system
by Accenture PLC of Dublin, Ireland.
[0073] As used herein, "processor" and/or "processing module" means
any type of computational circuit, such as but not limited to a
microprocessor, a microcontroller, a controller, a complex
instruction set computing (CISC) microprocessor, a reduced
instruction set computing (RISC) microprocessor, a very long
instruction word (VLIW) microprocessor, a graphics processor, a
digital signal processor, or any other type of processor or
processing circuit capable of performing the desired functions. In
some examples, the one or more processing modules of the various
embodiments disclosed herein can comprise CPU 210.
[0074] Alternatively, or in addition to, the systems and procedures
described herein can be implemented in hardware, or a combination
of hardware, software, and/or firmware. For example, one or more
application specific integrated circuits (ASICs) can be programmed
to carry out one or more of the systems and procedures described
herein. For example, one or more of the programs and/or executable
program components described herein can be implemented in one or
more ASICs. In many embodiments, an application specific integrated
circuit (ASIC) can comprise one or more processors or
microprocessors and/or memory blocks or memory storage.
[0075] In the depicted embodiment of FIG. 2, various I/O devices
such as a disk controller 204, a graphics adapter 224, a video
controller 202, a keyboard adapter 226, a mouse adapter 206, a
network adapter 220, and other I/O devices 222 can be coupled to
system bus 214. Keyboard adapter 226 and mouse adapter 206 are
coupled to keyboard 104 (FIGS. 1-2) and mouse 110 (FIGS. 1-2),
respectively, of computer system 100 (FIG. 1). While graphics
adapter 224 and video controller 202 are indicated as distinct
units in FIG. 2, video controller 202 can be integrated into
graphics adapter 224, or vice versa in other embodiments. Video
controller 202 is suitable for monitor 106 (FIGS. 1-2) to display
images on a screen 108 (FIG. 1) of computer system 100 (FIG. 1).
Disk controller 204 can control hard drive 114 (FIGS. 1-2), USB
port 112 (FIGS. 1-2), and CD-ROM drive 116 (FIGS. 1-2). In other
embodiments, distinct units can be used to control each of these
devices separately.
[0076] Network adapter 220 can be suitable to connect computer
system 100 (FIG. 1) to a computer network by wired communication
(e.g., a wired network adapter) and/or wireless communication
(e.g., a wireless network adapter). In some embodiments, network
adapter 220 can be plugged or coupled to an expansion port (not
shown) in computer system 100 (FIG. 1). In other embodiments,
network adapter 220 can be built into computer system 100 (FIG. 1).
For example, network adapter 220 can be built into computer system
100 (FIG. 1) by being integrated into the motherboard chipset (not
shown), or implemented via one or more dedicated communication
chips (not shown), connected through a PCI (peripheral component
interconnector) or a PCI express bus of computer system 100 (FIG.
1) or USB port 112 (FIG. 1).
[0077] Returning now to FIG. 1, although many other components of
computer system 100 are not shown, such components and their
interconnection are well known to those of ordinary skill in the
art. Accordingly, further details concerning the construction and
composition of computer system 100 and the circuit boards inside
chassis 102 are not discussed herein.
[0078] Meanwhile, when computer system 100 is running, program
instructions (e.g., computer instructions) stored on one or more of
the memory storage module(s) of the various embodiments disclosed
herein can be executed by CPU 210 (FIG. 2). At least a portion of
the program instructions, stored on these devices, can be suitable
for carrying out at least part of the techniques and methods
described herein.
[0079] Further, although computer system 100 is illustrated as a
desktop computer in FIG. 1, there can be examples where computer
system 100 may take a different form factor while still having
functional elements similar to those described for computer system
100. In some embodiments, computer system 100 may comprise a single
computer, a single server, or a cluster or collection of computers
or servers, or a cloud of computers or servers. Typically, a
cluster or collection of servers can be used when the demand on
computer system 100 exceeds the reasonable capability of a single
server or computer. In certain embodiments, computer system 100 may
comprise a portable computer, such as a laptop computer. In certain
other embodiments, computer system 100 may comprise a mobile
electronic device, such as a smartphone. In certain additional
embodiments, computer system 100 may comprise an embedded
system.
[0080] Turning ahead in the drawings, FIG. 3 illustrates a block
diagram of a system 300 that can be employed for secure electronic
transfers, as described in greater detail below. System 300 is
merely exemplary and embodiments of the system are not limited to
the embodiments presented herein. System 300 can be employed in
many different embodiments or examples not specifically depicted or
described herein. In some embodiments, certain elements or modules
of system 300 can perform various procedures, processes, and/or
activities. In these or other embodiments, the procedures,
processes, and/or activities can be performed by other suitable
elements or modules of system 300.
[0081] Generally, therefore, system 300 can be implemented with
hardware and/or software, as described herein. In some embodiments,
part or all of the hardware and/or software can be conventional,
while in these or other embodiments, part or all of the hardware
and/or software can be customized (e.g., optimized) for
implementing part or all of the functionality of system 300
described herein.
[0082] In some embodiments, system 300 can include one or more of a
system server 310, a first operator server 320, a second operator
server 330, a user device 340, and/or a third party device 350. In
various embodiments, system server 310, first operator server 320,
second operator server 330, user device 340, and/or third party
device 350 can each be a computer system, such as computer system
100 (FIG. 1), as described above, and can each be a single
computer, a single server, or a cluster or collection of computers
or servers, or a cloud of computers or servers. In another
embodiment, a single computer system can host each of two or more
of system server 310, first operator server 320, second operator
server 330, user device 340, and/or third party device 350.
Additional details regarding system server 310, first operator
server 320, second operator server 330, user device 340, and/or
third party device 350 are described herein.
[0083] In many embodiments, third party device 350 can comprise a
register or some other type of transaction processing machine. In
some embodiments, user device 340 and/or third party device 350 can
be mobile devices. A mobile electronic device can refer to a
portable electronic device (e.g., an electronic device easily
conveyable by hand by a person of average size) with the capability
to present audio and/or visual data (e.g., text, images, videos,
music, etc.). For example, a mobile electronic device can comprise
at least one of a digital media player, a cellular telephone (e.g.,
a smartphone), a personal digital assistant, a handheld digital
computer device (e.g., a tablet personal computer device), a laptop
computer device (e.g., a notebook computer device, a netbook
computer device), a wearable user computer device, or another
portable computer device with the capability to present audio
and/or visual data (e.g., images, videos, music, etc.). Thus, in
many examples, a mobile electronic device can comprise a volume
and/or weight sufficiently small as to permit the mobile electronic
device to be easily conveyable by hand. For examples, in some
embodiments, a mobile electronic device can occupy a volume of less
than or equal to approximately 1790 cubic centimeters, 2434 cubic
centimeters, 2876 cubic centimeters, 4056 cubic centimeters, and/or
5752 cubic centimeters. Further, in these embodiments, a mobile
electronic device can weigh less than or equal to 15.6 Newtons,
17.8 Newtons, 22.3 Newtons, 31.2 Newtons, and/or 44.5 Newtons.
[0084] Exemplary mobile electronic devices can comprise (i) an
iPod.RTM., iPhone.RTM., iTouch.RTM., iPad.RTM., MacBook.RTM. or
similar product by Apple Inc. of Cupertino, Calif., United States
of America, (ii) a Blackberry.RTM. or similar product by Research
in Motion (RIM) of Waterloo, Ontario, Canada, (iii) a Lumia.RTM. or
similar product by the Nokia Corporation of Keilaniemi, Espoo,
Finland, and/or (iv) a Galaxy.TM. or similar product by the Samsung
Group of Samsung Town, Seoul, South Korea. Further, in the same or
different embodiments, a mobile electronic device can comprise an
electronic device configured to implement one or more of (i) the
iPhone.RTM. operating system by Apple Inc. of Cupertino, Calif.,
United States of America, (ii) the Blackberry.RTM. operating system
by Research In Motion (RIM) of Waterloo, Ontario, Canada, (iii) the
Palm.RTM. operating system by Palm, Inc. of Sunnyvale, Calif.,
United States, (iv) the Android.TM. operating system developed by
the Open Handset Alliance, (v) the Windows Mobile.TM. operating
system by Microsoft Corp. of Redmond, Wash., United States of
America, or (vi) the Symbian.TM. operating system by Nokia Corp. of
Keilaniemi, Espoo, Finland.
[0085] Further still, the term "wearable user computer device" as
used herein can refer to an electronic device with the capability
to present audio and/or visual data (e.g., text, images, videos,
music, etc.) that is configured to be worn by a user and/or
mountable (e.g., fixed) on the user of the wearable user computer
device (e.g., sometimes under or over clothing; and/or sometimes
integrated with and/or as clothing and/or another accessory, such
as, for example, a hat, eyeglasses, a wrist watch, shoes, etc.). In
many examples, a wearable user computer device can comprise a
mobile electronic device, and vice versa. However, a wearable user
computer device does not necessarily comprise a mobile electronic
device, and vice versa.
[0086] In specific examples, a wearable user computer device can
comprise a head mountable wearable user computer device (e.g., one
or more head mountable displays, one or more eyeglasses, one or
more contact lenses, one or more retinal displays, etc.) or a limb
mountable wearable user computer device (e.g., a smart watch). In
these examples, a head mountable wearable user computer device can
be mountable in close proximity to one or both eyes of a user of
the head mountable wearable user computer device and/or vectored in
alignment with a field of view of the user.
[0087] In more specific examples, a head mountable wearable user
computer device can comprise (i) Google Glass.TM. product or a
similar product by Google Inc. of Menlo Park, Calif., United States
of America; (ii) the Eye Tap.TM. product, the Laser Eye Tap.TM.
product, or a similar product by ePI Lab of Toronto, Ontario,
Canada, and/or (iii) the Raptyr.TM. product, the STAR1200.TM.
product, the Vuzix Smart Glasses M100.TM. product, or a similar
product by Vuzix Corporation of Rochester, N.Y., United States of
America. In other specific examples, a head mountable wearable user
computer device can comprise the Virtual Retinal Display.TM.
product, or similar product by the University of Washington of
Seattle, Wash., United States of America.
[0088] Meanwhile, in further specific examples, a limb mountable
wearable user computer device can comprise the iWatch.TM. product,
or similar product by Apple Inc. of Cupertino, Calif., United
States of America, the Galaxy Gear or similar product of Samsung
Group of Samsung Town, Seoul, South Korea, the Moto 360 product or
similar product of Motorola of Schaumburg, Ill., United States of
America, and/or the Zip.TM. product, One.TM. product, Flex.TM.
product, Charge.TM. product, Surge.TM. product, or similar product
by Fitbit Inc. of San Francisco, Calif., United States of
America.
[0089] In many embodiments, system 300 can comprise graphical user
interfaces ("GUI") 360, 361. In the same or different embodiments,
GUI 360 can be part of and/or displayed by user device 340, while
GUI 361 can be part of and/or displayed by third party device 350.
In these embodiments, GUI 360 can be different than GUI 361. For
example, GUI 360 can comprise a transfer offering GUI while GUI 361
can comprise a transfer accepting GUI. In some embodiments, GUI
360, 361 can comprise text and/or graphics (image) based user
interfaces. In the same or different embodiments, GUI 360, 361 can
comprise a heads up display ("HUD"). When GUI 360, 361 comprises a
HUD, GUI 360, 361 can be projected onto glass or plastic, displayed
in midair as a hologram, or displayed on monitor 106 (FIG. 1). In
various embodiments, GUI 360, 361 can be color or black and white.
In many embodiments, GUI 360, 361 can comprise an application
running on a computer system, such as computer system 100, user
device 340, and/or third party device 350. In the same or different
embodiments, GUI 360, 361 can comprise a website accessed through
internet 370. In some embodiments, GUI 360, 361 can comprise an
eCommerce website. In these or other embodiments, GUI 361 can
comprise an administrative (e.g., back end) GUI allowing an
administrator to modify and/or change one or more settings in
system 300. In the same or different embodiments, GUI 360, 361 can
be displayed as or on a virtual reality (VR) and/or augmented
reality (AR) system or display. In some embodiments, an interaction
with a GUI can comprise a click, a look, a selection, a grab, a
view, a purchase, a bid, a swipe, a pinch, a reverse pinch,
etc.
[0090] In many embodiments, system server 310, first operator
server 320, second operator server 330, user device 340, and/or
third party device 350 can each comprise one or more input devices
(e.g., one or more keyboards, one or more keypads, one or more
pointing devices such as a computer mouse or computer mice, one or
more touchscreen displays, a microphone, etc.), and/or can each
comprise one or more display devices (e.g., one or more monitors,
one or more touch screen displays, projectors, etc.). In these or
other embodiments, one or more of the input device(s) can be
similar or identical to keyboard 104 (FIG. 1) and/or a mouse 110
(FIG. 1). Further, one or more of the display device(s) can be
similar or identical to monitor 106 (FIG. 1) and/or screen 108
(FIG. 1). The input device(s) and the display device(s) can be
coupled to the processing module(s) and/or the memory storage
module(s) of system server 310, first operator server 320, second
operator server 330, user device 340, and/or third party device 350
in a wired manner and/or a wireless manner, and the coupling can be
direct and/or indirect, as well as locally and/or remotely. As an
example of an indirect manner (which may or may not also be a
remote manner), a keyboard-video-mouse (KVM) switch can be used to
couple the input device(s) and the display device(s) to the
processing module(s) and/or the memory storage module(s). In some
embodiments, the KVM switch also can be part of system server 310,
first operator server 320, second operator server 330, user device
340, and/or third party device 350. In a similar manner, the
processing module(s) and the memory storage module(s) can be local
and/or remote to each other.
[0091] In many embodiments, system server 310, first operator
server 320, second operator server 330, user device 340, and/or
third party device 350 can be configured to communicate with one
another. In some embodiments, system server 310, first operator
server 320, second operator server 330, user device 340, and/or
third party device 350 can communicate or interface (e.g.,
interact) with each other through a network or internet 370.
Internet 370 can be an intranet that is not open to the public. In
further embodiments, Internet 370 can be a mesh network of
individual systems. In various embodiments, Internet 370 can
comprise a real time payment (RTP) network. For example, Internet
370 can comprise The Clearing House RTP network and/or the
Zelle.RTM. network. Accordingly, in many embodiments, system server
310, first operator server 320, second operator server 330, and/or
third party device 350 (and/or the software used by such systems)
can refer to a back end of system 300 operated by an operator
and/or administrator of system 300, and user device 340 (and/or the
software used by such systems) can refer to a front end of system
300 used by one or more users 380. In some embodiments, user 380
can also be referred to as a customer, in which case, user device
340 can be referred to as a customer device. In these or other
embodiments, the operator and/or administrator of system 300 can
manage system 300, the processing module(s) of system 300, and/or
the memory storage module(s) of system 300 using the input
device(s) and/or display device(s) of system 300. In various
embodiments, first operator server 320 and second operator server
330 can communicate directly with each other without using internet
370.
[0092] In many embodiments, first operator server 320, second
operator server 330, and/or third party device 350 can host one or
more websites. For example, third party device 350 can host an
eCommerce website that allows users to browse and/or search for
products, to add products to an electronic shopping cart, and/or to
purchase products, in addition to other suitable activities.
[0093] Meanwhile, in many embodiments, system server 310, first
operator server 320, second operator server 330, user device 340,
and/or third party device 350 can also be configured to communicate
with one or more databases. In various embodiments, one or more
databases can comprise a product database that contains information
about products, items, or SKUs (stock keeping units) sold by a
retailer. In various embodiments, one or more databases can be
stored on one or more memory storage modules (e.g., non-transitory
memory storage module(s)), which can be similar or identical to the
one or more memory storage module(s) (e.g., non-transitory memory
storage module(s)) described above with respect to computer system
100 (FIG. 1). Also, in some embodiments, for any particular
database of the one or more databases, that particular database can
be stored on a single memory storage module of the memory storage
module(s), and/or the non-transitory memory storage module(s)
storing the one or more databases or the contents of that
particular database can be spread across multiple ones of the
memory storage module(s) and/or non-transitory memory storage
module(s) storing the one or more databases, depending on the size
of the particular database and/or the storage capacity of the
memory storage module(s) and/or non-transitory memory storage
module(s).
[0094] The one or more databases can each comprise a structured
(e.g., indexed) collection of data and can be managed by any
suitable database management systems configured to define, create,
query, organize, update, and manage database(s). Exemplary database
management systems can include MySQL (Structured Query Language)
Database, PostgreSQL Database, Microsoft SQL Server Database,
Oracle Database, SAP (Systems, Applications, & Products)
Database, IBM DB2 Database, and/or NoSQL Database.
[0095] Meanwhile, communication between system server 310, first
operator server 320, second operator server 330, user device 340,
third party device 350, and/or the one or more databases can be
implemented using any suitable manner of wired and/or wireless
communication. Accordingly, system 300 can comprise any software
and/or hardware components configured to implement the wired and/or
wireless communication. Further, the wired and/or wireless
communication can be implemented using any one or any combination
of wired and/or wireless communication network topologies (e.g.,
ring, line, tree, bus, mesh, star, daisy chain, hybrid, etc.)
and/or protocols (e.g., personal area network (PAN) protocol(s),
local area network (LAN) protocol(s), wide area network (WAN)
protocol(s), cellular network protocol(s), powerline network
protocol(s), etc.). Exemplary PAN protocol(s) can comprise
Bluetooth, Zigbee, Wireless Universal Serial Bus (USB), Z-Wave,
etc.; exemplary LAN and/or WAN protocol(s) can comprise Institute
of Electrical and Electronic Engineers (IEEE) 802.3 (also known as
Ethernet), IEEE 802.11 (also known as WiFi), etc.; and exemplary
wireless cellular network protocol(s) can comprise Global System
for Mobile Communications (GSM), General Packet Radio Service
(GPRS), Code Division Multiple Access (CDMA), Evolution-Data
Optimized (EV-DO), Enhanced Data Rates for GSM Evolution (EDGE),
Universal Mobile Telecommunications System (UMTS), Digital Enhanced
Cordless Telecommunications (DECT), Digital AMPS (IS-136/Time
Division Multiple Access (TDMA)), Integrated Digital Enhanced
Network (iDEN), Evolved High-Speed Packet Access (HSPA+), Long-Term
Evolution (LTE), WiMAX, etc. The specific communication software
and/or hardware implemented can depend on the network topologies
and/or protocols implemented, and vice versa. In many embodiments,
exemplary communication hardware can comprise wired communication
hardware including, for example, one or more data buses, such as,
for example, universal serial bus(es), one or more networking
cables, such as, for example, coaxial cable(s), optical fiber
cable(s), and/or twisted pair cable(s), any other suitable data
cable, etc. Further exemplary communication hardware can comprise
wireless communication hardware including, for example, one or more
radio transceivers, one or more infrared transceivers, etc.
Additional exemplary communication hardware can comprise one or
more networking components (e.g., modulator-demodulator components,
gateway components, etc.).
[0096] In many embodiments, one or more of first operator server
320 and/or second operator server 330 can host one or more of a
source of funds account 321 and/or a destination account 331,
respectively. Source account 321 and destination account 331 can
each comprise one or more of a bank account, a cryptocurrency
wallet, an NFT wallet, or some other electronic mechanism for
storing an item of data to be transferred. While source account 321
and destination account 331 are depicted in FIG. 3 as being stored
on different servers, it will be understood by a person having
ordinary skill in the art that this configuration is not always the
case. For example, when source account 321 and destination account
331 are stored at the same institution (e.g., at the same bank),
source account 321 and destination account 331 can be stored on the
same server.
[0097] In many embodiments, the techniques described herein can
provide a practical application and several technological
improvements. In some embodiments, the techniques described herein
can provide for a more secure and private transfer. These
techniques described herein can provide a significant improvement
over conventional approaches of electronic transfers, such as
credit and/or debit cards.
[0098] In a number of embodiments, the techniques described herein
can solve a technical problem that arises only within the realm of
computer networks, as electronic transfers do not exist outside of
computer networks.
[0099] Turning ahead in the drawings, FIG. 4 illustrates a flow
chart for a method 400, according to an embodiment. Method 400 is
merely exemplary and is not limited to the embodiments presented
herein. Method 400 can be employed in many different embodiments or
examples not specifically depicted or described herein. In some
embodiments, the activities of method 400 can be performed in the
order presented. In other embodiments, the activities of method 400
can be performed in any suitable order. In still other embodiments,
one or more of the activities of method 400 can be combined or
skipped. In many embodiments, system 300 (FIG. 3) can be suitable
to perform method 400 and/or one or more of the activities of
method 400. In these or other embodiments, one or more of the
activities of method 400 can be implemented as one or more computer
instructions configured to run at one or more processing modules
and configured to be stored at one or more non-transitory memory
storage modules. Such non-transitory memory storage modules can be
part of a computer system such as system server 310, first operator
server 320, second operator server 330, user device 340, and/or
third party device 350 (FIG. 3). The processing module(s) can be
similar or identical to the processing module(s) described above
with respect to computer system 100 (FIG. 1).
[0100] In many embodiments, method 400 can comprise an activity 401
of receiving a request for a transfer. In some embodiments, a
request for a transfer can comprise an initiation of a purchase
sequence for one or more goods and/or services. For example, a
request for a transfer can comprise a start of a checkout process
for a purchase of an item on an eCommerce website. In these or
other embodiments, a transfer request can be received from a user
device (e.g., user device 340 (FIG. 3)). For example, a transfer
request can be received from a user device when a user makes a
purchase on an eCommerce website. In further embodiments, a request
for a transfer can be received from a third party device (e.g.,
third party device 350 (FIG. 3)). For example, a request for a
transfer can comprise a start request transmitted by the third
party device. In these embodiments, the start request can be
configured to initiate a transfer application programming interface
(API) hosted on a system server (e.g., system server 310 (FIG. 3)).
In many embodiments, a start request can be triggered by actions
performed by a user on a user device (e.g., user device 340 (FIG.
3)). For example, a start request can be initiated by a user
beginning a check-out process on an application or a website of a
third party displayed on a user device. In many embodiments, a
transfer request can be received from a third party device (e.g.,
third party device 350 (FIG. 3)). For example, a transfer request
can be received from a third party device (e.g., a register) when a
user makes a purchase in-person. In many embodiments, a transfer
can be from a first source to a destination. For example, a
transfer can be between one or more of a bank account, a
cryptocurrency wallet, an NFT wallet, etc. In some embodiments, a
first source can be different from a destination, and/or the first
source can be owned by a different entity than the destination. For
example, a first source can comprise a bank account owned by a user
while a destination can comprise a merchant account owned by a
merchant.
[0101] In many embodiments, method 400 can comprise an activity 402
of coordinating displaying at least one transfer method. In some
embodiments, a plurality of transfer methods can be displayed on a
GUI displayed on an electronic device (e.g., GUI 360 (FIG. 3) or
GUI 361 (FIG. 3). For example, when the transfer comprises a
transaction, the plurality of transfer methods can comprise
different ways of paying for the transaction (e.g., credit card,
debit card, and/or a real time payment (RTP) system). In further
embodiments, a transfer method can be configured to transfer a
digital asset from a source to a destination. For example, a
transfer method can be configured to transfer an NFT from one
wallet to another wallet. In many embodiments, each transfer method
can be associated with one or more sources. For example, when a
transfer method comprises a RTP system, one or more source accounts
(e.g., a deposit account) connected to the RTP system can be
displayed. As another example, when a transfer method comprises a
credit card, one or more credit accounts can be displayed. In
various embodiments, only eligible accounts can be shown. For
example, only accounts registered with an RTP system are shown.
[0102] In many embodiments, method 400 can comprise an activity 403
of receiving a selection of at least one transfer method. In
various embodiments, a selection can be made by a user on a user
device (e.g., user device 340 (FIG. 3)) and/or a third party device
(e.g., third party device 350 (FIG. 3)) via a GUI (e.g., GUI 360
(FIG. 3) or GUI 361 (FIG. 3)). In various embodiments, a selection
can comprise an interaction with a GUI, as described with reference
to FIG. 3. Activity 403 can continue in a number of ways after a
selection is received. In many embodiments, when a user is
interacting with a third party application installed on an
electronic device, a transfer API can search the electronic device
for a selected source account application installed on the
electronic device. If this source account application is found, it
can be run and permissions can be granted for a transfer. For
example, when a user is performing a transfer using a merchant
application, the transfer API can search for financial institution
applications installed on the electronic device and open the
financial institution application to obtain permission for the
transfer. In these or other embodiments, when a user is interacting
with a third party web site, a web browsing program can forward the
user to a web site providing access to a selected source account.
For example, when the transfer comprises a transaction on an
eCommerce website, the web browsing program can forward the user to
a website for the user's bank. In some embodiments, a user is not
initially entitled to access the source account after its
selection. For example, a user may need to log into the source
account before it can be accessed by a transfer API or some other
transfer algorithm. In these embodiments, a user can be prompted
for credentials (e.g., login and password, biometric information,
etc.) before being granted access to the source account. In many
embodiments, access to a source account can be denied (e.g., by a
user and/or in response to incorrect credentials). In these
embodiments, in response to being denied access to a source
account, a transfer can be canceled or alternative transfer methods
can be displayed on an electronic device (e.g., user device 340
(FIG. 3) or third party device 350 (FIG. 3).
[0103] In many embodiments, method 400 can comprise an activity 404
of receiving a token from an operator. In many embodiments, an
operator can comprise an individual and/or an entity that holds
and/or manages a source of a transfer and/or a destination of the
transfer. For example, an operator can be a bank, a cryptocurrency
exchange, or an NFT market. In many environments, a token received
in activity 404 can be saved and/or copied by a system server
(e.g., system server 310 (FIG. 3)). A number of different tokens
can be received in activity 404. Generally speaking, a token can be
a piece of data carrying enough information to facilitate a process
of determining a user's identity and/or authorizing a user to
perform an action. In some embodiments, in response to at least a
portion of activity 403, an access token can be issued by an
operator server (e.g., first operator server 320 (FIG. 3)) and then
sent to a server running a transfer API (e.g., system server 310
(FIG. 3)). Generally speaking, an access token can be configured to
enable a system server to signal to an operator server that it has
received authorization from a user to perform certain tasks or
access certain resources (e.g., a source or destination account).
In many embodiments, a token can be unique to a specific user
and/or a specific account. In many embodiments, an access token can
have an expiration date and/or time after which it is no longer
usable to provide authentication. Therefore, in various
embodiments, a refresh token can be received with an access token.
Generally speaking, a refresh token can allow a system server to
obtain a renewed access token from an operator server. In many
embodiments, a refresh token can enable a server system to
successfully request new access tokens until the refresh token is
expired. In various embodiments, when one or more of an access
token or a refresh token are no longer valid, a user can be
prompted to re-login, which is explained in further detail below.
One downside to using only an access token is that an access token
is a bearer token. In other words, those who hold the access token
can use it. The access token then acts as a credential artifact to
access protected resources rather than an identification artifact.
Malicious users could theoretically compromise a system and steal
access tokens, which they in turn could use to access protected
resources by presenting those tokens directly to the server.
Therefore, a more secure system for transfers can be created by
using other security measures in addition to or in place of an
access token.
[0104] In many embodiments, a payment token can be generated for
the transaction. Generally speaking, a payment token can be used to
prevent a third party device (e.g., third party device 350 (FIG.
3)) and/or a second operator server (e.g., operator server 330
(FIG. 3)) from gaining a globally useable token. In this way,
incidences of fraud, identity theft, and other electronic crimes
can be reduced or eliminated. In various embodiments, a payment
token can be single use. Once it has been used, the single use
token can be discarded (e.g., deleted, caused to be expire,
blacklisted, etc.). In various embodiments, a payment token can
comprise a payment instrument (e.g., an account number, wallet
number, and/or a payment profile ID). For example, an account
number associated with source account 321 (FIG. 3) can be used as a
payment token. In many embodiments, a payment instrument can be
encrypted to create all or a portion of a payment token. In further
embodiments, a payment token can be created by and/or received from
an operator of a source of a transfer (e.g., operator server 320
(FIG. 3)). In various embodiments, a payment token can be used for
transactions with only one third party (e.g., scoped to the third
party). Generally speaking, a payment token can be scoped to a
third party when I can only be used by the third party. For
example, a payment token can be scoped to a third party by
assigning a unique identifier (e.g., a user name, account name,
etc.) to the third party upon registration. This unique identifier
can then be encrypted using a key. In many embodiments, one or more
temporary (e.g., short lived, disposable, etc.) token can be
replaced by and/or changed into a longstanding (e.g., longer
lasting or permanent) token. In various embodiments, this
replacement and/or change can occur after a selection by a user.
For example, if a user wants to continually make transfers to a
third party, then can instruct a system server to generate or
convert a token into a long standing token to effectuate a faster
transfer. In this way, a scoped payment token can prevent other
systems from using the payment token to effectuate transfers from a
source.
[0105] Additional tokens can be used in activity 404 or other
activities of method 400. For example, a token described in U.S.
Provisional Application Ser. No. 63/192,182, which is incorporated
herein by this reference in its entirety, describes a system and
method using a suitable token.
[0106] In many embodiments, method 400 can comprise an activity 405
of transferring a token to a third party. In many embodiments,
activity can be performed by a system server (e.g., system server
310 (FIG. 3)). In these or other embodiments, third party device
350 (FIG. 3) can receive a token. A number of things can occur
after and/or in response to and/or as a part of activity 405. For
example, when a transaction is being performed via a website, a
device displaying the website (e.g., user device 340 (FIG. 3)
and/or third party device 350 (FIG. 3)) can be forwarded to a
transfer details website. As another example, when a transaction is
being performed via an application, a device displaying the
application's GUI (e.g., user device 340 (FIG. 3) and/or third
party device 350 (FIG. 3)) can be forwarded to a transfer details
GUI. Once the transfer details are displayed, a user and/or the
third party can review and confirm these details on a website or
via an application's GUI.
[0107] In many embodiments, method 400 can comprise an activity 406
of receiving a token and transfer details from a third party. In
various embodiments, a third party server (e.g., third party device
350 (FIG. 3)) can transmit a transfer token and/or transfer details
to a system server (e.g., system server 310 (FIG. 3)). In many
embodiments, activity 406 can be performed via a system server API
installed on one or more of a third party device and/or a user
device. In these or other embodiments, security data about a third
party, a user, a user device, and/or a third party device can be
collected and transmitted in activity 406. In various embodiments,
the security data can be captured by a system server API installed
on the respective device. In further embodiments, security data can
comprise a transaction history, a fraudulent activity history, and
many other data points. In many embodiments, the received token can
be compared to a previously saved token. If these tokens match, a
transfer can proceed, but if they are different, the transfer can
be cancelled.
[0108] In many embodiments, method 400 can comprise an activity 407
of determining a fraud risk score. In various embodiments, a fraud
risk score can be determined using security data collected as a
part of activity 406. A number of risk score algorithms and systems
can be used in activity 407. For example, a risk score system and
method described in U.S. Provisional Application Ser. No.
63/192,979, which is incorporated herein by this reference in its
entirety, describes a system and method using a suitable fraud risk
scoring algorithm.
[0109] In many embodiments, method 400 can comprise an activity 408
of facilitating a transfer. In various embodiments, a transfer can
be facilitated in response to a fraud risk score being above,
below, or equal to a predetermined value. In some embodiments, a
transfer can be completed in real-time after a fraud risk score is
determined to be above, below, or equal to a predetermined value.
In further embodiments, a transfer can be made from a source (e.g.,
source of funds 321 (FIG. 3)) to a destination account (e.g.,
destination account 331 (FIG. 3)). Facilitating a transfer can
incorporate all or a portion of one or more optional activities, as
described in further detail below.
[0110] In some embodiments, method 400 can optionally comprise
activity 409 of transmitting transaction details and a fraud risk
score. In various embodiments, activity 409 can be performed as a
part of or entirely separate from activity 408. In further
embodiments, previously collected security data can also be
transmitted in place of or in addition to a fraud risk score. In
some embodiments, transaction details and/or a fraud risk score can
be transmitted to one or more operator servers (e.g., operator
servers 320, 330 (FIG. 3)). In this way, one or more operator
servers can perform their own due diligence and/or security checks
on a transfer. For example, operator server 320 (FIG. 3) can ingest
the transferred data and perform its own risk analysis, validate
that a source account is capable of completing the transfer (e.g.,
is the source account open, does it have sufficient funds, etc.),
and/or apply any exceptions that allow the transfer to be completed
(e.g., applying overdraft protection to facilitate the transfer,
applying a credit to the source account to facilitate the transfer,
etc.).
[0111] In some embodiments, method 400 can optionally comprise
activity 410 of receiving a request for a re-login. In many
embodiments, a request for a re-login can be received when a source
account fails one or more due diligence and/or security checks
performed by an operator server (e.g., operator servers 320, 330
(FIG. 3)). Generally speaking, a request for a re-login can
function much like or comprise an out of bound authentication for a
user device. For example, a one-time password can be created for a
user account hosted by one or more of a system server (e.g., system
server 310 (FIG. 3)) and/or an operator server (e.g., operator
servers 320, 330 (FIG. 3)). As another example, a user can be
forced to reset a password created for a user account hosted by one
or more of a system server (e.g., system server 310 (FIG. 3))
and/or an operator server (e.g., operator servers 320, 330 (FIG.
3)).
[0112] In some embodiments, method 400 can optionally comprise
activity 411 of receiving a re-login. In many embodiments, a
re-login can be received from a user device (e.g., user device 340
(FIG. 3)). For example, a re-login can be received from a user
device when a transfer is being completed via an application
installed on the user device and/or a website of a third party
displayed on the user device. In these or other embodiments, a
re-login can be received from a third party device (e.g., third
party device 350 (FIG. 3)). For example, when a user is performing
a transfer in person, they can re-login via a third party
device.
[0113] In some embodiments, method 400 can optionally comprise
activity 412 of invoking a transfer API. In many embodiments,
activity 412 can be performed as a part of one or more of
activities 401 and/or 408. A number of different transfer APIs can
be invoked in method 400. For example, a transfer API of a system
server can be invoked. Generally speaking, a system server transfer
API can be configured to initiate aspects of a transfer performed
by a system server (e.g., system server 310 (FIG. 3)). This system
server transfer API can be stored in a number of different systems.
For example, a system server transfer API can be stored as a part
of a software application and/or stored on a system server (e.g.,
system server 310 (FIG. 3)). When a system server transfer API is
stored on a system server, it can be invoked via transmissions over
a network (e.g., internet 370 (FIG. 3)) from one or more other
devices (e.g., user device 340 (FIG. 3) and/or third party device
350 (FIG. 3)). In many embodiments, a transfer API can comprise an
operator transfer API. In various embodiments, an operator transfer
API can be configured to initiate aspects of a transfer performed
by an operator server (e.g., operator server 320, 330 (FIG. 3)). In
many embodiments, a transfer can be facilitated using electronic
transmission over an RTP network (e.g., the Zelle.RTM. RTP network,
Zelle.RTM. cleared through FedNow). In these embodiments, a
transfer API can access a directory shared between a system server
(e.g., system server 310 (FIG. 3)) and an operator server (e.g.,
operator servers 320, 330 (FIG. 3)).
[0114] Generally speaking, a server hosing a shared directory
(e.g., system server 310) can be configured to act as an
intermediary between one or more operator servers (e.g., operator
server 320, 330 (FIG. 3)). In various embodiments, a shared
directory can be used to act as an intermediary without its host
accessing or hosting a source and/or a destination. In many
embodiments, a shared directory can comprise one or more databases
containing one or more elements of one or more tokens described
herein. In various embodiments, the shared directory can associate
the one or tokens with one or more unique identifiers. For example,
one or more elements of a payment token can be stored in a shared
directory. In various embodiments, an operator server hosting a
source (e.g., operator server 320 (FIG. 3)) can initiate a transfer
by transmitting one or more transaction details and/or one or more
portions of a token to a server hosting the shared directory (e.g.,
system server 310 (FIG. 3)). The host of the shared directory can
then verify that the one or more portions of the token are
authentic. In further embodiments, after a token has been
authenticated, transaction details committed to a shared directory
can be pushed by a system server (e.g., system server 310 (FIG. 3))
to an operator server hosting a destination account (e.g., operator
server 330 (FIG. 3)). In further embodiments, an operator server
hosting a destination account can confirm with a system server that
a transfer has been completed or not completed. This completion
status can then be shared by the system server with one or more of
a user device (e.g., user device 340 (FIG. 3)) and/or an operator
server hosting a source (e.g., operator server 320 (FIG. 3)).
[0115] In some embodiments, method 400 can optionally comprise
activity 413 of coordinating displaying a transfer completion
message. In various embodiments, activity 413 can be performed as a
part of or after activity 408. A number of different entities
and/or devices can display a transfer completion message. For
example, a transaction completion message can be displayed on one
or more of a user device (e.g., user device 340 (FIG. 3)) and/or a
third party device (e.g., third party device 350 (FIG. 3)). In
various embodiments, a system server (e.g., system server 310 (FIG.
3)) can forward a transaction completion message to an intermediary
server for display on a different device. For example, a system
server can forward a transfer completion message to an operator
server ((e.g., operator servers 320, 330 (FIG. 3)), which can then
forward the transfer completion message to a display device (e.g.,
user device 340 (FIG. 3) or (e.g., third party device 350 (FIG.
3)). In many embodiments, a transfer completion message can be
displayed on a display device via a website and/or a software
application installed on a display device.
[0116] Turning ahead in the drawings, FIG. 5 illustrates a block
diagram of a system 500 that can be employed for behavior based
messaging. System 500 is merely exemplary and embodiments of the
system are not limited to the embodiments presented herein. System
500 can be employed in many different embodiments or examples not
specifically depicted or described herein. In some embodiments,
certain elements or modules of system 500 can perform various
procedures, processes, and/or activities. In these or other
embodiments, the procedures, processes, and/or activities can be
performed by other suitable elements or modules of system 500.
[0117] Generally, therefore, system 500 can be implemented with
hardware and/or software, as described herein. In some embodiments,
part or all of the hardware and/or software can be conventional,
while in these or other embodiments, part or all of the hardware
and/or software can be customized (e.g., optimized) for
implementing part or all of the functionality of system 500
described herein.
[0118] In many embodiments, system 500 can comprise non-transitory
memory storage module 501. Memory storage module 501 can be
referred to as request receiving module 501. In many embodiments,
request receiving module 501 can store computing instructions
configured to run on one or more processing modules and perform one
or more acts of method 400 (FIG. 4) (e.g., activity 401 (FIG.
4)).
[0119] In many embodiments, system 500 can comprise non-transitory
memory storage module 502. Memory storage module 502 can be
referred to as transfer method displaying module 502. In many
embodiments, transfer method displaying module 502 can store
computing instructions configured to run on one or more processing
modules and perform one or more acts of method 400 (FIG. 4) (e.g.,
activity 402 (FIG. 4)).
[0120] In many embodiments, system 500 can comprise non-transitory
memory storage module 503. Memory storage module 503 can be
referred to as selection receiving module 503. In many embodiments,
selection receiving module 503 can store computing instructions
configured to run on one or more processing modules and perform one
or more acts of method 400 (FIG. 4) (e.g., activity 403 (FIG.
4)).
[0121] In many embodiments, system 500 can comprise non-transitory
memory storage module 504. Memory storage module 504 can be
referred to as operator token receiving module 504. In many
embodiments, operator token receiving module 504 can store
computing instructions configured to run on one or more processing
modules and perform one or more acts of method 400 (FIG. 4) (e.g.,
activity 404 (FIG. 4)).
[0122] In many embodiments, system 500 can comprise non-transitory
memory storage module 505. Memory storage module 505 can be
referred to as third party transferring module 505. In many
embodiments, third party transferring module 505 can store
computing instructions configured to run on one or more processing
modules and perform one or more acts of method 400 (FIG. 4) (e.g.,
activity 405 (FIG. 4)).
[0123] In many embodiments, system 500 can comprise non-transitory
memory storage module 506. Memory storage module 506 can be
referred to as third party receiving module 506. In many
embodiments, third party receiving module 506 can store computing
instructions configured to run on one or more processing modules
and perform one or more acts of method 400 (FIG. 4) (e.g., activity
406 (FIG. 4)).
[0124] In many embodiments, system 500 can comprise non-transitory
memory storage module 507. Memory storage module 507 can be
referred to as fraud risk score determining module 507. In many
embodiments, fraud risk score determining module 507 can store
computing instructions configured to run on one or more processing
modules and perform one or more acts of method 400 (FIG. 4) (e.g.,
activity 405 (FIG. 4)).
[0125] In many embodiments, system 500 can comprise non-transitory
memory storage module 508. Memory storage module 508 can be
referred to as transfer facilitating module 508. In many
embodiments, transfer facilitating module 508 can store computing
instructions configured to run on one or more processing modules
and perform one or more acts of method 400 (FIG. 4) (e.g., activity
408 (FIG. 4)).
[0126] In many embodiments, system 500 can comprise non-transitory
memory storage module 509. Memory storage module 509 can be
referred to as transfer details transmitting module 509. In many
embodiments, transfer details transmitting module 509 can store
computing instructions configured to run on one or more processing
modules and perform one or more acts of method 400 (FIG. 4) (e.g.,
activity 409 (FIG. 4)).
[0127] In many embodiments, system 500 can comprise non-transitory
memory storage module 510. Memory storage module 510 can be
referred to as re-login request receiving module 510. In many
embodiments, re-login request receiving module 510 can store
computing instructions configured to run on one or more processing
modules and perform one or more acts of method 400 (FIG. 4) (e.g.,
activity 410 (FIG. 4)).
[0128] In many embodiments, system 500 can comprise non-transitory
memory storage module 511. Memory storage module 511 can be
referred to as re-login receiving module 511. In many embodiments,
re-login receiving module 511 can store computing instructions
configured to run on one or more processing modules and perform one
or more acts of method 400 (FIG. 4) (e.g., activity 411 (FIG.
4)).
[0129] In many embodiments, system 500 can comprise non-transitory
memory storage module 512. Memory storage module 512 can be
referred to as transfer API invoking module 512. In many
embodiments, transfer API invoking module 512 can store computing
instructions configured to run on one or more processing modules
and perform one or more acts of method 400 (FIG. 4) (e.g., activity
412 (FIG. 4)).
[0130] In many embodiments, system 500 can comprise non-transitory
memory storage module 513. Memory storage module 513 can be
referred to as transfer completion message displaying module 513.
In many embodiments, transfer completion message displaying module
513 can store computing instructions configured to run on one or
more processing modules and perform one or more acts of method 400
(FIG. 4) (e.g., activity 413 (FIG. 4)).
[0131] Turning ahead in the drawings, FIG. 6 illustrates a block
diagram of a system 600 that can be employed for secure electronic
transfers, as described in greater detail below. System 600 is
merely exemplary and embodiments of the system are not limited to
the embodiments presented herein. System 600 can be employed in
many different embodiments or examples not specifically depicted or
described herein. In some embodiments, certain elements or modules
of system 600 can perform various procedures, processes, and/or
activities. In these or other embodiments, the procedures,
processes, and/or activities can be performed by other suitable
elements or modules of system 600.
[0132] Generally, therefore, system 600 can be implemented with
hardware and/or software, as described herein. In some embodiments,
part or all of the hardware and/or software can be conventional,
while in these or other embodiments, part or all of the hardware
and/or software can be customized (e.g., optimized) for
implementing part or all of the functionality of system 600
described herein. In many embodiments, system 600 can be similar,
or identical, to system 300 (FIG. 3), and part or all of the
hardware and/or software of system 600 can be similar, or
identical, to the hardware and/or software of system 300 (FIG.
3).
[0133] In a number of embodiments, system 600 can include one or
more of a system 610, a payor financial institution system 620, a
payee financial institution system 630, a payor device 640, and/or
a payee system 660. System 610 can be similar, or identical, to
third system server 310 (FIG. 3). Payor financial institution
system 620 can be similar, or identical, to first operator server
320 (FIG. 3). Payee financial institution system 630 can be
similar, or identical, to second operator server 330 (FIG. 3).
Payor device 640 can be similar, or identical, to user device 340
(FIG. 3). Payee system 660 can be similar, or identical, to third
party device 350 (FIG. 3).
[0134] In various embodiments, system 610, payor financial
institution system 620, payee financial institution system 630,
payor device 640, and/or payee system 660 can each be a computer
system, such as computer system 100 (FIG. 1), as described above,
and can each be a single computer, a single server, or a cluster or
collection of computers or servers, or a cloud of computers or
servers. For example, payee system 660 can comprise a register or
some other type of transaction processing machine, such as an
eCommerce website or an online retailer server. Payor device 640
can include a mobile device or a personal computer. In some
embodiments, a single computer system can host each of two or more
of system 610, payor financial institution system 620, payee
financial institution system 630, payor device 640, and/or payee
system 660. Additional details regarding system 610, payor
financial institution system 620, payee financial institution
system 630, payor device 640, and/or payee system 660 are described
herein.
[0135] In many embodiments, system 600 can comprise one or more
user interfaces. In some embodiments, payor device 640 can include
and/or be configured to display a user interface 641 that can be
similar, or identical to GUI 360 (FIG. 3). A user interface (e.g.,
user interface 641) can be displayed on a user device (e.g., payor
device 640) and be configured to allow a user (e.g., payor 650 or a
customer) to perform various activities, such as to log into a
server (e.g., payor financial institution system 620, payee system
660, etc.), to manage, to transfer funds in or out of, and/or to
pay bills from one or more of the user's accounts maintained at the
server (e.g., payor account(s) 621 of payor 650 at payor financial
institution system 620, payee account 631 at payee system 660),
and/or to browse and/or search for products, to add products to an
electronic shopping cart, and/or to purchase products, in addition
to other suitable activities at the server (e.g., payee system
660).
[0136] In many embodiments, system 610, payor financial institution
system 620, payee financial institution system 630, payor device
640, and/or payee system 660 can each comprise one or more input
devices and/or one or more display devices. The one or more input
devices and/or one or more display devices can each be similar or
identical to any one of the input devices and/or display devices
described herein.
[0137] In many embodiments, system 610, payor financial institution
system 620, payee financial institution system 630, payor device
640, and/or payee system 660 can be configured to communicate with
one another. In some embodiments, system 610, payor financial
institution system 620, payee financial institution system 630,
payor device 640, and/or payee system 660 can communicate or
interface (e.g., interact) with each other through a network or
internet 680. Internet 680 can be similar, or identical to,
internet 370 (FIG. 3). Internet 680 can be an intranet that is not
open to the public. Internet 680 also can be a mesh network of
individual systems. Internet 680 further can comprise a real time
payment (RTP) network, such as The Clearing House RTP network
and/or the Zelle.RTM. network.
[0138] In a number of embodiments, system 610, payor financial
institution system 620, payee financial institution system 630,
payor device 640, and/or payee system 660 can each communicate with
one or more databases. The one or more databases can include a
product database that contains information about products, items,
or SKUs sold by a retailer (e.g., payee system 660), or a user
database that contains information about customers, including
identity, transfer or payment methods, and/or transaction or order
history, etc.
[0139] In many embodiments, payor financial institution system 620
and/or payee financial institution system 630 can each host one or
more accounts (e.g., payor account(s) 621, or payee account 631).
Payor account(s) 621 can be similar or identical to source account
321 (FIG. 3). Payee account 631 can be similar or identical to
destination account 331 (FIG. 3). For example, payor account(s) 621
and/or can include one or more check accounts, saving accounts,
brokerage accounts, cryptocurrency accounts, etc.
[0140] Turning ahead in the drawings, FIG. 7 illustrates a flow
chart for a method 700, according to an embodiment. Method 700 is
merely exemplary and is not limited to the embodiments presented
herein. Method 700 can be employed in many different embodiments or
examples not specifically depicted or described herein. In some
embodiments, the activities of method 700 can be performed in the
order presented. In other embodiments, the activities of method 700
can be performed in any suitable order. In still other embodiments,
one or more of the activities of method 700 can be combined or
skipped. In many embodiments, system 300 (FIG. 3), system 500 (FIG.
5), and/or system 600 (FIG. 6) can be suitable to perform method
700 and/or one or more of the activities of method 700. In a number
of embodiments, some or all of the activities of method 700 can be
similar or identical to one or more activities of method 400 (FIG.
4).
[0141] In many embodiments, method 700 can comprise an activity 710
of receiving, from a payee system (e.g., payee system 600 (FIG. 6))
for a payee (e.g., payee 670 (FIG. 6)), a request for a transfer
from a payor (e.g., payor 650 (FIG. 6)) to the payee. In some
embodiments, the request for the transfer can be part of a purchase
sequence for one or more goods and/or services. For example, a
request for a transfer can initiate an electronic fund transfer in
a checkout process for a purchase of an item on an eCommerce
website (e.g., payee system 600 (FIG. 6)). The request can be
generated or forwarded by the payee system (e.g., payee system 600
(FIG. 6)). The request can be generated after a consumer chooses a
payment method (e.g., a real-time electronic fund transfer, or a
Zelle.RTM. payment) and authorizes the transfer via a consumer
device of the consumer (e.g., payor device 640 (FIG. 6) of payor
650 (FIG. 6)). In some embodiments, activity 710 can include one or
more activities similar or identical to any of activities 401, 402,
and/or 403 (FIG. 4) for the consumer to choose the payment method
before receiving the request for the transfer from the payee
system. The consumer can choose this checkout process with or
without registering with, and/or logging into any user account of,
the payee system or the system performing method 700. For example,
the checkout process can include the payor checking out as a guest
for the payee system.
[0142] In some embodiments, method 700 further can include an
activity 720 of causing the payor device (e.g., payor device 640
(FIG. 6)) of the payor (e.g., payor 650 (FIG. 6)) to display a
plurality of candidate financial institutions (e.g., system payor
financial institution system 620 (FIG. 6)) for the payor to
determine a payor financial institution of the plurality of
candidate financial institutions for the transfer. The payor device
can display the plurality of candidate financial institution on a
user interface (e.g., user interface 641 (FIG. 6)) executed on the
payor device. For example, the plurality of candidate financial
institutions can be the banks that support the payment method
chosen at activity 710. In certain embodiments, activity 720
further can include determining where there is no more than one
candidate financial institution for the payment method for the
payee, and then selecting the payor financial institution for the
transfer without causing the payor device to display the candidate
financial institution.
[0143] In a number of embodiments, method 700 further can include
an activity 730 of causing a payor device (e.g., payor device 640
(FIG. 6)) to display an authorization user interface (e.g., user
interface 621 (FIG. 6)) for the payor (e.g., payor 650 (FIG. 6)) to
authorize the payor financial institution (e.g., system payor
financial institution system 620 (FIG. 6)) to grant an access code
to the system performing method 700 (e.g., system 600 (FIG. 6)). In
many embodiments, activity 720 further can include, before
authorizing the granting of the access code, causing the payor
device to display the authorization user interface or another user
interface to prompt the payor to log into a payor user account of
the payor financial institution. In some embodiments, the access
code can be issued by the payor financial institution and
transmitted directly or indirectly to the system for method 700.
For example, the access code can be transmitted to the system for
method 700 directly from the payor financial institution. The
access code also can be transmitted to the payor device for the
payor device to forward the access code to the system. The access
code further can be stored, by the payor financial institution or
the payor device, in a shared directory for the system for method
700 to access. The shared directory can be similar or identical to
the shared directory described above. Furthermore, the access code
can have an expiration date and/or time and/or be uniquely
associated with the system for method 700 in order to ensure
security of the checkout or transfer process. In some embodiments,
activity 730 further can include an activity 731 (as a subpart of
activity 730 or as a subsequent activity to activity 730) of
validating that the access code is authentic.
[0144] In some embodiments, method 700 further can include an
activity 740 of requesting, from the payor financial institution
(e.g., payor financial institution system 620 (FIG. 6)), one or
more eligible payor accounts (e.g., payor account(s) 621 (FIG. 6))
owned by the payor (e.g., payor 650 (FIG. 6)) and maintained by the
payor financial institution. The one or more eligible payor
accounts can be pre-authorized by the payor for the transfer. For
example, a payor can register one or more accounts at the payor
financial institution (e.g., one or more checking accounts) with
the Zelle.RTM. payment network, via the payor financial institution
or directly with a Zelle.RTM. server, before the payor can check
out at a payee system (e.g., an eCommerce website, or payee
financial institution system 630 (FIG. 6)) using the Zelle.RTM.
payment as a payment method. Activity 740 further can include
obtaining information (e.g., an account type, an account nickname,
an account number or a part thereof, and/or a balance, etc.) of
each of the one or more eligible payor accounts.
[0145] In some embodiments, method 700 further can include an
activity 750 of causing the payor device (e.g., payor device 640
(FIG. 6)) to display the one or more eligible payor accounts (e.g.,
payor account(s) 621 (FIG. 6)) for the payor (e.g. 650 (FIG. 6)) to
determine a selected payor account of the one or more eligible
payor accounts for the transfer. The payor device can include a
user interface (e.g., user interface 641 (FIG. 6)) that is similar
or identical to the authorization user interface for displaying the
one or more eligible payor accounts. In certain embodiments, the
payor device further can display information (e.g., an account
type, an account number or a part thereof, and/or a balance, etc.)
of each of the one or more eligible payor accounts. In certain
embodiments, activity 750 further can include determining where
there is only one eligible payor account at the payor financial
institution for the payor, and then selecting the payor account at
the payor financial institution for the transfer without displaying
the one or more eligible payor accounts and also without receiving
a selected payor account.
[0146] In some embodiments, method 700 further can include an
activity 760 of determining a fraud risk score for the transfer.
Activity 760 can include any suitable algorithms or techniques
and/or use any suitable hardware or software for determining the
fraud risk score. For example, activity 760 further can include an
activity 761 of analyzing a transfer history of the payee (e.g.,
payee 670 (FIG. 6)). Activity 761 can be a subpart of activity 730
or a subsequent activity to activity 730. The transfer history of
the payee can include one or more prior transfers to or from the
payee, the Internet Protocol ("IP") address or any identifier of
the device(s) (e.g., payee system 660 (FIG. 6)) used by the payee
for each prior transfer, the amount of each prior transfer, any
claims against the payee for the prior transfers, etc. (e.g., payee
670 (FIG. 6)). In several embodiments, activity 760 further can
include determining the fraud risk score for the transfer based at
least in part on risk data and/or risk scores obtained from one or
more external sources (e.g., credit bureaus, fraud bureaus, public
or private databases for criminal records, etc.).
[0147] In some embodiments, method 700 further can include an
activity 770 of transmitting to a payee financial institution
(e.g., payee financial institution system 630 (FIG. 6)) for the
payee (e.g., payee 670 (FIG. 6)), the fraud risk score. In a number
of embodiments, the payee financial institution can be configured
to determine a transfer decision for the transfer based at least in
part on the fraud risk score and information about a payee account
(e.g., 631 (FIG. 6)) for the transfer. The payee account can be
owned by the payee and maintained by the payee financial
institution. The transfer decision can include an approval and/or
denial of the transfer. Activity 770 further can include
transmitting additional information to the payee financial
institution. For example, the additional information can include
the risk data (e.g., abnormalities in the transaction history of
the payee and/or complaints against the payee) and/or the
algorithm(s) or risk model(s) used at activity 760 to determine the
fraud risk score. In several embodiments, the payee financial
institution can adopt any suitable rules to determine whether and
how to use the fraud risk score to make the transfer decision. For
example, the payee financial institution can be configured to
determine that the transfer decision includes an approval for the
transfer when the fraud risk score determined at activity 760 is
above a threshold and thus acceptable. The fraud risk score can be
a factor or not be part of any factor(s) for determining the
transfer decision. In certain embodiments, the payee financial
institution can either rely solely on the fraud risk score received
from activity 770 or ignore the fraud risk score entirely for
determining the transfer decision.
[0148] In many embodiments, the payee financial institution further
can use any suitable algorithms, techniques, risk models, and/or
risk data to determine a second risk score for the transfer. The
algorithm(s), technique(s), risk model(s), and/or risk data used by
the payee financial institution can be similar to or different than
the algorithm(s), technique(s), risk model(s), and/or risk data
used at activity 760.
[0149] In some embodiments, method 700 further can include an
activity 780 of when the transfer decision, as determined at
activity 770, comprises an approval of the transfer by the payee
financial institution (e.g., payee financial institution system 630
(FIG. 6)), facilitating the transfer from the selected payor
account (e.g., payor account(s) 621 (FIG. 6)) to the payee account
(e.g., payee account 631 (FIG. 6)). Activity 780 can be configured
to facilitate the transfer only when the transfer decision by the
payee financial institution (e.g., payee financial institution
system 630 (FIG. 6)) at activity 770 includes an approval of the
transfer. In a number of embodiments, activity 780 further can
include an activity 781 of transmitting, to the payor financial
institution (e.g., payor financial institution system 620 (FIG.
6)), the fraud risk score for the payor financial institution to
determine a second transfer decision before the payor financial
institution debits the fund for the transfer from the selected
payor account. Activity 781 can be a subpart of activity 780 or a
subsequent activity to activity 780. The payor financial
institution can determine the second transfer decision in any
suitable ways, including using or not using any suitable hardware,
software, algorithms, and/or techniques, and/or based or not based
on any suitable fraud risk score(s) and/or risk data, including the
fraud risk data transmitted at activity 781.
[0150] Turning ahead in the drawings, FIG. 8 illustrates a flow
chart for a method 800, according to an embodiment. Method 800 is
merely exemplary and is not limited to the embodiments presented
herein. Method 800 can be employed in many different embodiments or
examples not specifically depicted or described herein. In some
embodiments, the activities of method 800 can be performed in the
order presented. In other embodiments, the activities of method 800
can be performed in any suitable order. In still other embodiments,
one or more of the activities of method 800 can be combined or
skipped. In many embodiments, system 300 (FIG. 3), system 500 (FIG.
5), and/or system 600 (FIG. 6) can be suitable to perform method
800 and/or one or more of the activities of method 800. In a number
of embodiments, some or all of the activities of method 800 can be
similar or identical to one or more activities of method 700 (FIG.
7).
[0151] In many embodiments, method 800 can comprise an activity 810
of obtaining, from the payor financial institution (e.g., payor
financial institution system 620 (FIG. 6)), an access token
associated with the payor (e.g., payor 650 (FIG. 6)) and a refresh
token associated with the access token. Activity 810 further can
include before obtaining the access token and refresh token,
causing a payor device (e.g., payor device 640 (FIG. 6)) to display
an authorization user interface (e.g., user interface 641 (FIG. 6))
for the payor to log into a payor user account at the payor
financial institution and/or to authorize the payor financial
institution to grant an access code. In some embodiments, activity
810 additionally can include at least one of: (a) verifying, by the
payor financial institution, the access code before issuing, by the
payor financial institution, the access token and/or the refresh
token; or (b) issuing, by the payor financial institution, the
access token and/or the refresh token based on the access code.
[0152] In many embodiments, the access token and/or the refresh
token here can be similar or identical to the access token and/or
the refresh token described above. The access token and/or the
refresh token each can include a respective expiration date and/or
time. The access token and the refresh token can be valid when they
are first issued by the payor financial institution. When the
respective expiration date and/or time is up, the access token
and/or the refresh token can become invalid. The access token, if
valid, can be configured to enable the access of protected
resources of the payor at the payor financial institution. The
refresh token can enable the renewal of the access token, until the
expiration date and/or time of the refresh token occurs.
[0153] In a number of embodiments, method 800 further can include
an activity 820 of determining whether the access token is expired.
Activity 820 can be implemented by the payor financial institution
(e.g., payor financial institution system 620 (FIG. 6)) and/or the
system performing method 800 (e.g., system 610 (FIG. 6)). In many
embodiments, when activity 820 determines that the access token is
not expired, method 800 can include performing one or more other
activities that are related or unrelated to the access of the
payor's protected resources at the payor financial institution
(e.g., activities 740, 750, 760, 761, 770, 780, and/or 781 (FIG.
7)). When activity 820 determines that the access token is already
expired, any activities of method 800 that are related to the
access of the payor's protected resources at the payor financial
institution cannot continue until the access token is renewed or
reissued.
[0154] In a number of embodiments, method 800 further can include
an activity 830 of determining whether the refresh token is
expired. Activity 830 be implemented by the payor financial
institution (e.g., payor financial institution system 620 (FIG. 6))
and/or the system performing method 800 (e.g., system 610 (FIG.
6)). In some embodiments, when the access token, as determined at
activity 820, is expired and when activity 830 determines that the
refresh token is not expired, method 800 can determine that the
access token is still renewable. When activity 830 determines that
the refresh token is expired, method 800 can determine that the
access token is no longer renewable. In several embodiments,
activity 830 further can include before determining whether the
refresh token is expired, validating that the refresh token is
authentic. Validating the refresh token can be implemented by the
system performing method 800 or a host of a shared directory for
storing the refresh token as described above, whenever the refresh
token is accessed.
[0155] In a number of embodiments, method 800 further can include
an activity 840 of requesting the payor financial institution
(e.g., payor financial institution system 620 (FIG. 6)) to renew
the access token. Activity 840 can be performed when the access
token, as determined at activity 820, is expired and when the
refresh token, as determined at activity 830, is not expired and
thus still valid. Activity 840 can be performed without requiring
the payor to authorize the payor financial institution to renew the
access token.
[0156] In a number of embodiments, method 800 further can include
an activity 850 of causing the payor device (e.g. payor device 640
(FIG. 6)) of the payor (e.g., payor 650 (FIG. 6)) to display the
authorization user interface (e.g., user interface 641 (FIG. 6))
for the payor to authorize the payor financial institution (e.g.,
payor financial institution system 620 (FIG. 6)) to renew the
access token and (optionally) the refresh token. Activity 850 can
be performed when both the access token, as determined at activity
820, and the refresh token, as determined at activity 830, are
expired. In several embodiments, activity 850 further can include,
before the payor authorizes the payor financial institution to
renew the access token and the refresh token, causing the payor
device to display the authorization user interface or any other
user interface to prompt the payor to re-log into the payor user
account of the payor financial institution.
[0157] Turning ahead in the drawings, FIG. 9 illustrates a flow
chart for a method 900, according to an embodiment. Method 900 is
merely exemplary and is not limited to the embodiments presented
herein. Method 900 can be employed in many different embodiments or
examples not specifically depicted or described herein. In some
embodiments, the activities of method 900 can be performed in the
order presented. In other embodiments, the activities of method 900
can be performed in any suitable order. In still other embodiments,
one or more of the activities of method 900 can be combined or
skipped. In many embodiments, system 300 (FIG. 3), system 500 (FIG.
5), and/or system 600 (FIG. 6) can be suitable to perform method
900 and/or one or more of the activities of method 900. In a number
of embodiments, some or all of the activities of method 900 can be
similar or identical to one or more activities of method 700 (FIG.
7) and/or method 800 (FIG. 8).
[0158] In many embodiments, method 900 can comprise an activity 910
of receiving, from a payee system (e.g., payee system 660 (FIG. 6))
for a payee (e.g., payee 670 (FIG. 6)), a request for a transfer
from a payor (e.g., payor 650 (FIG. 6)) to the payee. Activity 910
can be similar or identical to, or include similar or identical
sub-activities of, activity 710 (FIG. 7). The payor can be
associated with a payor user profile of the payee system. In some
embodiments, the request for the transfer can be transmitted from
the payee system after the payor chooses a transfer method and
authorizes a checkout at the payee system (e.g., an eCommerce
website). The payor can log into the payee system before
authorizing the checkout so that the payor's information, settings,
and/or preferences (e.g., the shipping or billing address, the
transfer or payment method, the user name, etc.) can be
pre-populated in the transfer.
[0159] In a number of embodiment, method 900 further can include an
activity 920 of causing the payor device (e.g., payor device 640
(FIG. 6)) to display a plurality of candidate financial
institutions for the payor (e.g., payor 650 (FIG. 6)) to determine
a payor financial institution (e.g., payor financial institution
system 620 (FIG. 6)) of the plurality of candidate financial
institutions for the transfer. Activity 920 can be similar or
identical to 720 (FIG. 7). The plurality of candidate financial
institutions can be determined by the payee. In certain
embodiments, the payee can be associated with a single candidate
financial institution, and activity 920 can be skipped.
[0160] In a number of embodiment, method 900 further can include an
activity 930 of causing a payor device (e.g., payor device 640
(FIG. 6)) of the payor (e.g., payor 650 (FIG. 6)) to display an
authorization user interface (e.g., user interface 641 (FIG. 6))
for the payor to authorize the payor financial institution (e.g.,
payor financial institution system 620 (FIG. 6)) to grant an access
code to the system or one or more processors performing method 900
and/or activity 930 (e.g., system 610 (FIG. 6)). Activity 930 can
be similar or identical to 730 (FIG. 7). Activity 930 further can
include one or more of: (a) causing the payer device to display the
authorization user interface to allow the payor to log into a payor
user account at the payor financial institution before authorizing
the payor financial institution to grant the access code; and/or
(b) validating that the access code is authentic (see, e.g., an
activity 731 (FIG. 7)).
[0161] In a number of embodiment, method 900 further can include an
activity 940 of requesting, from the payor financial institution
(e.g., payor financial institution system 620 (FIG. 6)), one or
more eligible payor accounts (e.g., payor account(s) 621 (FIG. 6)).
Activity 940 can be similar or identical to, or include similar or
identical sub-activities of, activity 740 (FIG. 7). The one or more
eligible payor accounts can be associated with the payor user
account at the payor financial institution. In some embodiments,
the payor user account further can be associated with ineligible
payor accounts (e.g., brokerage accounts, employer-sponsored
pension accounts, etc.).
[0162] In a number of embodiment, method 900 further can include an
activity 950 of causing the payor device (e.g., payor device 640
(FIG. 6)) to display the one or more eligible payor accounts, and
their respective information, for the payor (e.g., payor 650 (FIG.
6)) to determine a selected payor account of the one or more
eligible payor accounts (e.g., payor account(s) 621 (FIG. 6)).
Activity 950 can be similar or identical to, or include similar or
identical sub-activities of, activity 750 (FIG. 7). In certain
embodiments, the payor can be associated with a single candidate
account at the selected payor financial institution, and activity
950 can be skipped.
[0163] In a number of embodiment, method 900 further can include an
activity 960 of determining a fraud risk score for the transfer.
Activity 960 can be similar or identical to, or include similar or
identical sub-activities of, activity 760 (FIG. 7). Activity 960
further can include determining the fraud risk score based at least
in part on any suitable risk model(s), including the associated
hardware and/or software, and/or by analyzing a transfer history of
the payee (e.g., payee 670 (FIG. 6)). For example, activity 960
further can include determining the fraud risk score by using a
first risk model.
[0164] In a number of embodiment, method 900 further can include an
activity 970 of transmitting, to a payee financial institution
(e.g., payee financial institution system 630 (FIG. 6)) for the
payee (e.g., payee 670 (FIG. 6)), the fraud risk score. The payee
financial institution can be configured to determine a transfer
decision for the transfer based at least in part on the fraud risk
score and information about a payee account (e.g., payee account
631 (FIG. 6)) for the transfer. The payee account can owned by the
payee and maintained by the payee financial institution. Activity
970 can be similar or identical to, or include similar or identical
sub-activities of, activity 770 (FIG. 7). In some embodiments,
activity 970 further can include determining, by the payee
financial institution, the transfer decision based at least in part
on a second risk model to determine a second fraud risk score. The
second risk model can be similar to or different than the first
risk model used in activity 960.
[0165] In a number of embodiment, method 900 further can include an
activity 980 of, when the transfer decision comprises an approval
of the transfer by the payee financial institution, facilitating
the transfer from the selected payor account to the payee account.
Activity 980 can be similar or identical to, or include similar or
identical sub-activities of, activity 780 (FIG. 7). In several
embodiments, activity 980 further can include transmitting, to the
payor financial institution (e.g., payor financial institution
system 620 (FIG. 6)), the fraud risk score for the payor financial
institution to determine a second transfer decision based at least
in part on the fraud risk score. The payor financial institution
further can be configured to determine the second transfer decision
based at least in part on: (a) a third risk model to determine a
third fraud risk score; and/or (b) comparing a balance for the
selected payor account with a transfer amount for the transfer. The
third risk model can be similar to or different than the first risk
model used in activity 960 and/or the second risk model used in
activity 970.
[0166] In a number of embodiment, method 900 further can include an
activity 990 of performing one or more post-transfer activities.
For example, in some embodiment, activity 990 further can include
an activity 991 of generating a transfer token associated with the
payor and the payee. Activity 990 also can include an activity 992
of storing transfer data for the transfer at any suitable
databases, non-transitory memory storage modules, and/or servers.
In many embodiment, activity 990 further can include an activity
993 of transmitting the transfer token to the payee system (e.g.,
payee system 660 (FIG. 6)). In certain embodiments, one or more of
activity 991, activity 992, and/or activity 993 can be performed
when a status of the transfer is among a group of various statuses
(e.g., "approved", "sent", or "successful").
[0167] In many embodiments, method 900 further can include one or
more token-based authentication activities each similar or
identical to one or more activities of method 800 (FIG. 8). The one
or more token-based authentication activities can be performed when
method 900 interacts with the payor financial institution (e.g.,
the payor financial institution system 620 (FIG. 6)) and/or the
payee financial institution (e.g., the payor financial institution
system 630 (FIG. 6)). For example, activity 940 can include one or
more of: (a) obtaining, from the payor financial institution, an
access token associated with the payor (e.g., activity 810 (FIG.
8)); (b) obtaining, from the payor financial institution, a refresh
token associated with the access token (e.g., activity 810 (FIG.
8)); (c) when the refresh token is valid, requesting the payor
financial institution to renew the access token (e.g., activity 840
(FIG. 8)); and/or (d) when the refresh token and the access token
are expired, causing the payor device for the payor to display the
authorization user interface for the payor to authorize the payor
financial institution to renew the access token and the refresh
token (e.g., activity 850 (FIG. 8)).
[0168] Turning ahead in the drawings, FIG. 10 illustrates a flow
chart for a method 1000, according to an embodiment. Method 1000 is
merely exemplary and is not limited to the embodiments presented
herein. Method 1000 can be employed in many different embodiments
or examples not specifically depicted or described herein. In some
embodiments, the activities of method 1000 can be performed in the
order presented. In other embodiments, the activities of method
1000 can be performed in any suitable order. In still other
embodiments, one or more of the activities of method 1000 can be
combined or skipped. In many embodiments, system 300 (FIG. 3),
system 500 (FIG. 5), and/or system 600 (FIG. 6) can be suitable to
perform method 1000 and/or one or more of the activities of method
1000. In a number of embodiments, some or all of the activities of
method 1000 can be similar or identical to one or more activities
of methods 700 (FIG. 7), 800 (FIG. 8), and/or 900 (FIG. 9).
[0169] In many embodiments, method 1000 can comprise an activity
1010 of receiving, from a payee system (e.g., payee system 660
(FIG. 6)) for a payee (e.g., payee 670 (FIG. 6)), a request for a
transfer from a payor (e.g., payor 650 (FIG. 6)) to the payee. The
payor can be associated with a payor user profile of the payee
system. The request can include a transfer token associated with
the payor and the payee.
[0170] In a number of embodiments, method 1000 further can include
an activity 1020 of retrieving transfer data based on the transfer
token. The transfer data can be associated with the transfer token,
a payor financial institution (e.g., payor financial institution
system 620 (FIG. 6)) for the payor (e.g., payor 650 (FIG. 6)), and
a selected payor account (e.g., payor account(s) 621 (FIG. 6))
owned by the payor and maintained by the payor financial
institution. The transfer data further can include data about one
or more prior transfers from the payor to the payee, such as
information about the payor financial institution and/or the
selected payor account for a prior transfer, an access token for
the payor financial institution and the payor, and/or a refresh
token for the access token, etc.
[0171] In a number of embodiments, method 1000 further can include
an activity 1030 of using the access token of the transfer data to
access one or more eligible payor accounts (e.g., payor account(s)
621 (FIG. 6)) owned by the payor (e.g., payor 650 (FIG. 6)) and
maintained by the payor financial institution (e.g., payor
financial institution system 620 (FIG. 6)). Activity 1040 can be
similar or identical to, or include similar or identical
sub-activities of, activity 740 (FIG. 7) and/or activity 940 (FIG.
9). In several embodiments, activity 1030 further can include one
or more additional activities for the payor to re-select the payor
financial institution and/or the selected payor account for the
transfer. For example, activity 1030 further can include: (a)
causing a payor device for the payor to display a plurality of
candidate financial institutions for the transfer, and receiving,
from the payor device, a selection of the payor financial
institution of the plurality of candidate financial institutions;
and/or (b) causing the payor device to display the one or more
eligible payor accounts for the payor to determine the selected
payor account of the one or more eligible payor accounts for the
transfer. Activity 1030 can include automatically prompting or
causing the payor to re-select the payor financial institution
and/or the selected payor account when encountering certain
anomalies. For example, when the payor financial institution is not
responding, and/or when the transfer of funds fails because of
insufficient funds in the selected payor account.
[0172] In many embodiments, method 1000 and/or activity 1030
further can include one or more additional activities for
token-based authorization (see, e.g., activity 810, 820, 830, 840,
and/or 850 (FIG. 8)). For example, activity 1030 further can
include an activity 1031 of determining whether the access token is
expired. In some embodiments, activity 1030 also can include
obtaining, validating, and/or renewing the access token, etc.
[0173] In a number of embodiments, method 1000 further can include
an activity 1040 of determining a fraud risk score for the
transfer. Activity 1040 can be similar or identical to, or include
similar or identical sub-activities of, activity 760 (FIG. 7)
and/or activity 960 (FIG. 9). For example, activity 1040 can
including activity 1041 of analyzing a transfer history of the
payee.
[0174] In a number of embodiments, method 1000 further can include
an activity 1050 of transmitting, to the payee financial
institution (e.g., for the payee), the fraud risk score. The payee
financial institution (e.g., payee financial institution system 630
(FIG. 6)) can be configured to determine a transfer decision for
the transfer based at least in part on the fraud risk score and
information about the selected payee account for the transfer. The
payee account can be owned by the payee and maintained by the payee
financial institution. Activity 1050 can be similar or identical
to, or include similar or identical sub-activities of, activity 770
(FIG. 7) and/or activity 970 (FIG. 9).
[0175] In a number of embodiments, method 1000 further can include
an activity 1060 of, when a transfer decision determined by the
payee financial institution (e.g., payee financial institution
system 630 (FIG. 6)) to comprises an approval of the transfer,
facilitating the transfer from the selected payor account (e.g.,
payor account(s) 621 (FIG. 6)) to the payee account (e.g., payee
account 631 (FIG. 6)). Activity 1060 can be similar or identical
to, or include similar or identical sub-activities of, activity 780
(FIG. 7) and/or activity 980 (FIG. 9). For example, activity 1060
further can include an activity 1061 of transmitting, to the payor
financial institution (e.g., payor financial institution system 620
(FIG. 6)), the fraud risk score for the payor financial institution
to determine a second transfer decision before the payor financial
institution debits the fund for the transfer from the selected
payor account.
[0176] In some embodiments, method 1000 further can include
performing post-transfer activities (e.g., activity 990,
sub-activity 991, sub-activity 992, and/or sub-activity 993 (FIG.
9)), such as updating the transfer data (e.g., the selected payor
account and/or the access token) after facilitating the
transfer.
[0177] Turning ahead in the drawings, FIG. 11 illustrates a flow
chart for a method 1100, according to an embodiment. Method 1100 is
merely exemplary and is not limited to the embodiments presented
herein. Method 1100 can be employed in many different embodiments
or examples not specifically depicted or described herein. In some
embodiments, the activities of method 1100 can be performed in the
order presented. In other embodiments, the activities of method
1100 can be performed in any suitable order. In still other
embodiments, one or more of the activities of method 1100 can be
combined or skipped. In many embodiments, system 300 (FIG. 3),
system 500 (FIG. 5), and/or system 600 (FIG. 6) can be suitable to
perform method 1100 and/or one or more of the activities of method
1100. In a number of embodiments, some or all of the activities of
method 1100 can be similar or identical to one or more activities
of method 700 (FIG. 7), 800 (FIG. 8), 900 (FIG. 9), and/or 1000
(FIG. 10).
[0178] In many embodiments, method 1100 can comprise an activity
1110 of receiving a request for a transfer from a selected payor
account (e.g., payor account(s) 621 (FIG. 6)) of a payor (e.g.,
payor 650 (FIG. 6)) to a payee (e.g., payee 670 (FIG. 6)). Activity
1110 can be similar or identical to, or include similar or
identical sub-activities of, activity 710 (FIG. 7), activity 910
(FIG. 9), and/or activity 1010 (FIG. 10). In some embodiments, the
payor can log into the payee system (e.g., payee system 660 (FIG.
6)) before authorizing the transfer and causing the payee system to
transmit the request. In similar or different embodiments, the
payor can have no payor user account at the payee system or choose
not to log in before checking out. The request can include or not
include a transfer token that is associated with the payor and the
payee.
[0179] In a number of embodiments, method 1100 further can include
an activity 1120 of determining a fraud risk score for the
transfer. The payee financial institution can be configured to
determine a transfer decision for the transfer based at least in
part on the fraud risk score and information about a payee account
for the transfer. The payee account can be owned by the payee and
maintained by the payee financial institution. Determining the
fraud risk score can include: (a) analyzing a transfer history of
the payee; and/or (b) determining the fraud risk score by using a
first risk model. Activity 1120 can be similar or identical to, or
include similar or identical sub-activities of, activity 760 (FIG.
7), activity 960 (FIG. 9), and/or activity 1040 (FIG. 10).
[0180] In a number of embodiments, method 1100 further can include
an activity 1130 of transmitting, to a payee financial institution
(e.g., payee financial institution system 630 (FIG. 6)) for the
payee (e.g., payee 670 (FIG. 6)), the fraud risk score. Activity
1130 can be similar or identical to, or include similar or
identical sub-activities of, activity 770 (FIG. 7), activity 970
(FIG. 9), and/or activity 1050 (FIG. 10). The payee financial
institution further can be configured to determine the transfer
decision based at least in part on a second risk model to determine
a second fraud risk score, and the second risk model can be similar
to or different than the first risk model.
[0181] In a number of embodiments, method 1100 further can include
an activity 1140 of, when a transfer decision by the payee
financial institution (e.g., payee financial institution system 630
(FIG. 6)) comprises an approval of the transfer, facilitating the
transfer from the selected payor account (e.g., payor account(s)
621 (FIG. 6)) to the payee account (e.g., payee account 631 (FIG.
6)). Activity 1140 can be similar or identical to, or include
similar or identical sub-activities of, activity 780 (FIG. 7),
activity 980 (FIG. 9), and/or activity 1060 (FIG. 10).
[0182] In a number of embodiments, method 1100 and/or activity 1140
further can include an activity 1141 of transmitting, to the payor
financial institution, the fraud risk score for the payor financial
institution to determine a second transfer decision. The payor
financial institution can be further configured to determine the
second transfer decision based at least in part on (a) a third risk
model to determine a third fraud risk score; and/or (b) comparing a
balance for the selected payor account with a transfer amount for
the transfer.
[0183] In a number of embodiments, method 1100 and/or activity 1140
further can include an activity 1142 of sending transfer
information to a payor financial institution (e.g., payor financial
institution system 620 (FIG. 6)) to cause the payor financial
institution to send a request for payment through a real-time
settlement network to the payee financial institution (e.g., payee
financial institution system 630 (FIG. 6)) to authorize a real-time
credit transfer from the selected payor account (e.g., payor
account(s) 621 (FIG. 6)) to the payee account (e.g., payee account
631 (FIG. 6)). The real-time credit transfer can be settled in
real-time through the real-time settlement network. The transfer
information can include information to identify the payee financial
institution and the payee account to the real-time settlement
network. The transfer information further can include the fraud
risk score. In some embodiments, the transfer information does not
include any account number of the payee account.
[0184] In many embodiments, method 1100 further can include one or
more additional activities. For example, method 1100 can include
facilitating an authorization for the payor to authorize the payor
financial institution to grant an access code. Method 1100 further
can include requesting, from the payor financial institution, one
or more eligible payor accounts owed by the payor and maintained by
the payor financial institution. Method 1100 also can include
causing a payor device of the payor to display the one or more
eligible payor accounts for the payor to determine the selected
payor account from among the one or more eligible payor accounts
for the transfer.
[0185] In some embodiments, the one or more additional activities
can include token-based authorization (see, e.g., activity 810,
820, 830, 840, and/or 850 (FIG. 8)). For example, method 1100
further can include obtaining, validating, and/or renewing an
access token and/or a refresh token, and/or determining whether the
access token and/or the refresh token are expired.
[0186] Turning ahead in the drawings, FIG. 12 illustrates a flow
chart for a method 1200, according to an embodiment. Method 1200 is
merely exemplary and is not limited to the embodiments presented
herein. Method 1200 can be employed in many different embodiments
or examples not specifically depicted or described herein. In some
embodiments, the activities of method 1200 can be performed in the
order presented. In other embodiments, the activities of method
1200 can be performed in any suitable order. In still other
embodiments, one or more of the activities of method 1200 can be
combined or skipped. In many embodiments, system 300 (FIG. 3),
system 500 (FIG. 5), and/or system 600 (FIG. 6) can be suitable to
perform method 1200 and/or one or more of the activities of method
1200. In a number of embodiments, some or all of the activities of
method 1200 can be similar or identical to one or more activities
of method 700 (FIG. 7), 800 (FIG. 8), 900 (FIG. 9), 1000 (FIG. 10),
and/or 1100 (FIG. 11).
[0187] In many embodiments, method 1200 can comprise an activity
1210 of receiving, from a payee system (e.g., payee system 660
(FIG. 6)) for a payee (e.g., payee 670 (FIG. 6)), a request for a
transfer from a payor (e.g., payor 650 (FIG. 6)) to the payee. The
request can be sent by the payee without the payor selecting to use
the system for the transfer. The payor can be associated with a
payor user profile of the payee system. The request can include a
transfer token associated with the payor and the payee.
[0188] In a number of embodiments, method 1200 further can include
an activity 1220 of retrieving transfer data based on the transfer
token. The transfer data can be associated with the transfer token,
a payor financial institution for the payor, and a selected payor
account owned by the payor and maintained by the payor financial
institution. The transfer data can include an access token for the
payor financial institution and the payor. In some embodiments,
method 1200 also can include determining the payor financial
institution based on the transfer token.
[0189] In a number of embodiments, method 1200 further can include
an activity 1230 of determining a fraud risk score for the
transfer. Activity 1230 further can include an activity 1231 of
analyzing a transfer history of the payee. Activity 1230 can be
similar or identical to, or include similar or identical
sub-activities of, activity 760 (FIG. 7), activity 960 (FIG. 9),
activity 1040 (FIG. 10), and/or activity 1120 (FIG. 11).
[0190] In a number of embodiments, method 1200 further can include
an activity 1240 of transmitting, to a payee financial institution
(e.g., payee financial institution system 630 (FIG. 6)) for the
payee (e.g., payee 670 (FIG. 6)), the fraud risk score. The payee
financial institution can be configured to determine a transfer
decision for the transfer based at least in part on the fraud risk
score and information about a payee account for the transfer. The
payee account can be owned by the payee and maintained by the payee
financial institution. Activity 1240 can be similar or identical
to, or include similar or identical sub-activities of, activity 770
(FIG. 7), activity 970 (FIG. 9), activity 1050 (FIG. 10), and/or
activity 1130 (FIG. 11).
[0191] In a number of embodiments, method 1200 further can include
an activity 1250 of, when the transfer decision comprises an
approval of the transfer by the payee financial institution,
facilitating the transfer from the selected payor account to the
payee account. Activity 1250 can be similar or identical to, or
include similar or identical sub-activities of, activity 780 (FIG.
7), activity 980 (FIG. 9), activity 1060 (FIG. 10), and/or 1140
(FIG. 11).
[0192] In many of embodiments, method 1200 further can include one
or more additional activities. In some embodiments, the one or more
additional activities can include token-based authorization (see,
e.g., activity 810, 820, 830, 840, and/or 850 (FIG. 8)). For
example, method 1100 further can include obtaining, validating,
and/or renewing an access token and/or a refresh token, and/or
determining whether the access token and/or the refresh token are
expired.
[0193] In many embodiments, the techniques described herein can
provide a practical application and several technological
improvements. In some embodiments, the techniques described herein
can provide for secure real-time electronic transfer. In several
embodiments, the techniques described herein can provide for
electronic billing with real-time payment settlement. In a number
of embodiments, the techniques described herein can provide for
electronic billing with one or more fraud detection processes.
These techniques described herein can provide a significant
improvement over conventional approaches of electronic transfers,
such as credit and/or debit card payments.
[0194] In a number of embodiments, the techniques described herein
can solve a technical problem that arises only within the realm of
computer networks, as electronic transfers do not exist outside of
computer networks.
[0195] In many embodiments, the techniques described herein can be
used continuously at a scale that cannot be handled using manual
techniques. For example, the techniques can be applied to millions
of transactions daily.
[0196] In a number of embodiments, the techniques described herein
can solve a technical problem that arises only within the realm of
computer networks, as online payment does not exist outside the
realm of computer networks. Moreover, the techniques described
herein can solve a technical problem that cannot be solved outside
the context of computer networks. Specifically, the techniques
described herein cannot be used outside the context of computer
networks, in view of a lack of ability to settle funds in
real-time.
[0197] Although systems and methods for secure electronic transfers
have been described with reference to specific embodiments, it will
be understood by those skilled in the art that various changes may
be made without departing from the spirit or scope of the
disclosure. Accordingly, the disclosure of embodiments is intended
to be illustrative of the scope of the disclosure and is not
intended to be limiting. It is intended that the scope of the
disclosure shall be limited only to the extent required by the
appended claims. For example, to one of ordinary skill in the art,
it will be readily apparent that any element of FIGS. 1-12 may be
modified, and that the foregoing discussion of certain of these
embodiments does not necessarily represent a complete description
of all possible embodiments. For example, one or more of the
procedures, processes, or activities of FIGS. 4 and 7-12 may
include different procedures, processes, and/or activities and be
performed by many different modules, in many different orders.
[0198] All elements claimed in any particular claim are essential
to the embodiment claimed in that particular claim. Consequently,
replacement of one or more claimed elements constitutes
reconstruction and not repair. Additionally, benefits, other
advantages, and solutions to problems have been described with
regard to specific embodiments. The benefits, advantages, solutions
to problems, and any element or elements that may cause any
benefit, advantage, or solution to occur or become more pronounced,
however, are not to be construed as critical, required, or
essential features or elements of any or all of the claims, unless
such benefits, advantages, solutions, or elements are stated in
such claim.
[0199] Moreover, embodiments and limitations disclosed herein are
not dedicated to the public under the doctrine of dedication if the
embodiments and/or limitations: (1) are not expressly claimed in
the claims; and (2) are or are potentially equivalents of express
elements and/or limitations in the claims under the doctrine of
equivalents.
* * * * *