Abstract: Embodiments of the invention relate to apparatuses and methods for identity verification. For example, in one embodiment, a financial institution has a system to generate authentication questions to be used when authenticating a customer when the customer is trying to access and/or use the customer's account. The authentication system is configured to ask one or more authentication questions each time the customer tries to access or use the account, where the authentication questions are generally out-of-wallet questions that constantly change from one authentication attempt to the next. For example, in one embodiment, the questions include behavioral, historical, and transaction based questions generated from information available about a customer's financial account.

Abstract: A method and system for detecting fraud may redirect a user from a phishing message to an education message. The phishing message may include a phishing website that mimics a target entity. A user may be convinced to disclose sensitive information to a fraudster operating the phishing website. The phishing website may be maintained through a service provider and the target entity may request that the service provider disable the phishing website. During evaluation of the target entity's request by the service provider, a user may be directed to an education website that may be displayed until the phishing website may be permanently disabled. The education website may include information or identify a source of information that may help educate the user on fraud prevention, phishing, the target entity, the targeted industry, future prevention tips and suggestions, and other related information.

Abstract: A system and methods for customer-managed device-based authentication are disclosed. Embodiments of the invention provide a user interface that allows a customer with an on-line account to access and manage device fingerprint information that can be used to control or regulate the customer's access. Such a system can collect user input regarding device preferences related to specified devices to be used to access or to be prohibited or restricted from accessing an account. Information regarding these devices is stored in a database. The system can then assay a device fingerprint for a device to authenticate access by the device to the account based on the device preferences. In some embodiments, input can also be collected regarding alert preferences related to alerts connected with accessing the account from specified devices.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for identifying devices used in connection with email and website spoofing. For example, the invention can be used to identify the device that was used to copy an image from a target website, where, after being copied, the image is used as part of a spoofed email or website. In an embodiment, a timer is embedded in an image residing on a web server that hosts a target website. The embedded timer is configured to record the time at which the image is removed from the web server and store that time in the image for later retrieval. Also, the time at which the image was removed, along with a device forensic of the device used to download the image, is stored in a database. If the image later appears as part of a spoofed email or website, the time at which the image was removed from the web server is obtained from the timer embedded in the image.

Abstract: A method and system for detecting fraud may redirect a user from a phishing message to an education message. The phishing message may include a phishing website that mimics a target entity. A user may be convinced to disclose sensitive information to a fraudster operating the phishing website. The phishing website may be maintained through a service provider and the target entity may request that the service provider disable the phishing website. During evaluation of the target entity's request by the service provider, a user may be directed to an education website that may be displayed until the phishing website may be permanently disabled. The education website may include information or identify a source of information that may help educate the user on fraud prevention, phishing, the target entity, the targeted industry, future prevention tips and suggestions, and other related information.

Abstract: A system and methods for customer-managed device-based authentication are disclosed. Embodiments of the invention provide a user interface that allows a customer with an on-line account to access and manage device fingerprint information that can be used to control or regulate the customer's access. Such a system can collect user input regarding device preferences related to specified devices to be used to access or to be prohibited or restricted from accessing an account. Information regarding these devices is stored in a database. The system can then assay a device fingerprint for a device to authenticate access by the device to the account based on the device preferences. In some embodiments, input can also be collected regarding alert preferences related to alerts connected with accessing the account from specified devices.