DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-20 are pending and have been examined.
Priority
Applicant's claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged.
Information Disclosure
The information disclosure statement(s) (IDS) submitted 03/27/2025 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) has/have been considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,775,974 (“ ‘974 patent”).
Independent claims 1, 9 and 16 of the present application
Although the conflicting claims are not identical, they are not patentably distinct from each other. Claim 1 of the ‘974 patent recites:
A computing system for detecting compromised merchants in a payment card network, the computing system comprising:
at least one processor in communication with at least one memory; and
the at least one memory storing instructions, that when executed by the at least one processor, cause the at least one processor to perform the steps of:
receiving historical transaction data associated with a plurality of historical transactions carried out at a plurality of merchants;
determining, based upon the historical transaction data, historical values for key merchant variables for each merchant of the plurality of merchants;
storing the historical key merchant variable values in the at least one memory;
receiving current transaction data associated with a plurality of current transactions from a merchant of the plurality of merchants, wherein the plurality of current transactions are processed at the merchant of the plurality of merchants, wherein the plurality of current transactions comprises transactions and test transactions of payment accounts, wherein the test transactions are initiated at the merchant over the payment card network during a testing period;
determining, based upon the current transaction data, current values for the key merchant variables for the merchant;
generating, utilizing at least one of machine learning and artificial intelligence techniques, one or more detection models based upon the historical key merchant variable values to identify abnormalities in the current transaction data;
comparing, in real-time utilizing the one or more detection models, the current key merchant variable values with the historical key merchant variable values for the merchant;
identifying, in real-time utilizing the one or more detection models, abnormalities between the current key merchant variable values and the historical key merchant variable values for the merchant;
determining, based upon the identified abnormalities, that the merchant is a compromised merchant and the test transactions processed at the compromised merchant are fraudulent;
identifying a merchant computing system of the compromised merchant being used to process the test transactions, wherein the merchant computing system is a compromised merchant computing system; based on the identified compromised merchant computing system,
identifying at least one of code fixes and security patches for the compromised merchant computing system of the compromised merchant; and
transmitting a notification to the compromised merchant, wherein the notification comprises an alert of the compromised merchant computing system, and the at least one of code fixes and security patches for the compromised merchant computing system, wherein the transmitting the notification further comprises deploying the at least one of the code fixes and the security patches to the compromised merchant computing system.
Claim 1 of the ‘974 patent differs since claim 1 of the ‘964 patent recites additional claim limitations, “receiving historical transaction data associated with a plurality of historical transactions carried out at a plurality of merchants;” “determining, based upon the historical transaction data, historical values for key merchant variables for each merchant of the plurality of merchants;” “storing the historical key merchant variable values in the at least one memory;” “receiving current transaction data associated with a plurality of current transactions from a merchant of the plurality of merchants, wherein the plurality of current transactions are processed at the merchant of the plurality of merchants, wherein the plurality of current transactions comprises transactions and test transactions of payment accounts, wherein the test transactions are initiated at the merchant over the payment card network during a testing period;” “generating, utilizing at least one of machine learning and artificial intelligence techniques, one or more detection models based upon the historical key merchant variable values to identify abnormalities in the current transaction data;” “comparing, in real-time utilizing the one or more detection models, the current key merchant variable values with the historical key merchant variable values for the merchant;” “…in real-time utilizing the one or more detection models…” “transmitting a notification to the compromised merchant, wherein the notification comprises an alert of the compromised merchant computing system, and the at least one of code fixes and security patches for the compromised merchant computing system…” However, it would have been obvious to a person of ordinary skill in the art to modify claim 1 of the ‘974 patent by removing the limitations directed to the historical transaction data processing and the use of machine learning and artificial intelligence techniques resulting generally in the claims of the present application since the claims of the present application and the claim recited in the ‘974 patent actually perform a similar function. It is well settled that the omission of an element and its function is an obvious expedient if the remaining elements perform the same function as before. In re Karlson, 136 USPQ 184 (CCPA 1963). Also note Ex parte Rainu, 168 USPQ 375 (Bd. App. 1969). Omission of a reference element whose function is not needed would be obvious to one of ordinary skill in the art.
Claims 9 and 16 of the present application are also rejected on the same basis as reciting similar limitations to claim 1 of the present application. Claims 9 and 16 of the present application correspond to claims 1 and 16 of the ‘974 patent.
Dependent claims 2-8, 10-15, 17-20 of the present application
Claims 2, 10 and 17 of the present application correspond to claims 2, 10 and 17 of the ‘974 patent.
Claim 3 of the present application corresponds to claim 3 of the ‘974 patent.
Claims 4, 11 and 18 of the present application correspond to claims 4, 11 and 18 of the ‘974 patent.
Claims 5, 12 and 19 of the present application correspond to claims 5, 12 and 19 of the ‘974 patent.
Claims 6, 13 and 20 of the present application correspond to claims 6, 13 and 20 of the ‘974 patent.
Claims 7 and 14 of the present application correspond to claims 7 and 14 of the ‘974 patent.
Claims 8 and 15 of the present application correspond to claims 8 and 15 of the ‘974 patent.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,265,967B2 (“ ‘967 patent”).
Independent claims 1, 9 and 16 of the present application
Although the conflicting claims are not identical, they are not patentably distinct from each other. Claim 1 of the ‘967 patent recites:
A computing system for detecting compromised merchants in a payment card network, the computing system comprising:
at least one processor in communication with at least one memory; and
the at least one memory storing instructions, that when executed by the at least one processor, cause the at least one processor to perform the steps of:
storing historical key merchant variable values for each of a plurality of merchants in the at least one memory;
receiving current transaction data associated with a plurality of current transactions from a merchant of the plurality of merchants, wherein the plurality of current transactions comprises test transactions of payment accounts;
determining, based upon the current transaction data, current key merchant variable values for the merchant;
identifying, in real-time, abnormalities between the current key merchant variable values and the historical key merchant variable values for the merchant;
determining, based upon the identified abnormalities, that the merchant is a compromised merchant and the test transactions processed at the compromised merchant are fraudulent and associated with a security breach;
identifying a compromised merchant computing system associated with the compromised merchant;
identifying, based on the identified compromised merchant computing system, at least one of code fixes and security patches tailored to address the security breach associated with the fraudulent test transactions; and
deploying the at least one of code fixes and security patches to the compromised merchant computing system to address the security breach associated with the fraudulent test transactions.
Claim 1 of the ‘‘967 patent differs since claim 1 of the ‘964 patent recites additional claim limitations, “storing historical key merchant variable values for each of a plurality of merchants in the at least one memory;” “receiving current transaction data associated with a plurality of current transactions from a merchant of the plurality of merchants, wherein the plurality of current transactions comprises test transactions of payment accounts;” “determining…and test transactions processed at the compromised merchant are fraudulent and associated with a security breach;” “…in real-time …;” “…the security breach associated with the fraudulent test transactions…” However, it would have been obvious to a person of ordinary skill in the art to modify claim 1 of the ‘‘967 patent by removing the limitations directed to storage of historical key merchant variable values, receipt of current merchant transaction data comprising test transactions of payment accounts and the security breach associated with the fraudulent test transactions resulting generally in the claims of the present application since the claims of the present application and the claim recited in the ‘967 patent actually perform a similar function. It is well settled that the omission of an element and its function is an obvious expedient if the remaining elements perform the same function as before. In re Karlson, 136 USPQ 184 (CCPA 1963). Also note Ex parte Rainu, 168 USPQ 375 (Bd. App. 1969). Omission of a reference element whose function is not needed would be obvious to one of ordinary skill in the art.
Claims 9 and 16 of the present application are also rejected on the same basis as reciting similar limitations to claim 1 of the present application. Claims 9 and 16 of the present application correspond to claims 1 and 16 of the ‘967 patent.
Dependent claims 2-8, 10-15, 17-20 of the present application
Claims 2, 10 and 17 of the present application correspond to claims 2, 10 and 17 of the ‘‘967 patent.
Claim 3 of the present application corresponds to claim 3 of the ‘‘967 patent.
Claims 4, 11 and 18 of the present application correspond to claims 4, 11 and 18 of the ‘‘967 patent.
Claims 5, 12 and 19 of the present application correspond to claims 5, 12 and 19 of the ‘‘967 patent.
Claims 6, 13 and 20 of the present application correspond to claims 6, 13 and 20 of the ‘‘967 patent.
Claims 7 and 14 of the present application correspond to claims 7 and 14 of the ‘‘967 patent.
Claims 8 and 15 of the present application correspond to claims 8 and 15 of the ‘‘967 patent.
Claim Rejections – 35 USC §101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
In the instant case, claims 1-8 are directed to a system (i.e. machine), claims 9-15 are directed to a method (i.e. process), and claims 16-20 are directed to a non-transitory computer-readable storage medium (i.e. manufacture). Therefore, these claims fall within the four statutory categories of invention.
Independent claims 1, 9 and 16
Step 2A Prong One
The claims recite (i.e., sets forth or describes) an abstract idea of transaction fraud detection for compromised merchants. Specifically, the following underlined claim elements recite abstract ideas while the nonunderlined claim elements recite additional elements according to MPEP 2106.04(a).
determining, based upon current transaction data, current key merchant variable values for a merchant;
identifying abnormalities between the current key merchant variable values and historical key merchant variable values for the merchant;
determining, based upon the identified abnormalities, that the merchant is a compromised merchant associated with a security breach;
identifying a compromised merchant computing system associated with the compromised merchant;
identifying, based on the identified compromised merchant computing system, at least one of code fixes and security patches tailored to address the security breach; and
deploying the at least one of code fixes and security patches to the compromised merchant computing system to address the security breach.
More specifically, but for the additional elements, the claims recite commercial interactions and therefore under its broadest reasonable interpretation recite limitations grouped within the "certain methods of organizing human activity" grouping of abstract ideas. Additionally, the claims recite “determining, based upon current transaction data, current key merchant variable values for a merchant;” “ identifying abnormalities between the current key merchant variable values and historical key merchant variable values for the merchant;” “determining, based upon the identified abnormalities, that the merchant is a compromised merchant associated with a security breach;” which is mental process that can be performed in the human mind or with pen and paper. The claims are abstract ideas because merely combining several abstract ideas does not render the combination any less abstract.
Step 2A Prong Two
This judicial exception is not integrated into a practical application. The non-underlined additional elements of “a computing system,” “at least one processor in communication with at least one memory,” “merchant computing system,” and “a non-transitory computer-readable storage medium including computer-executable instructions” as recited in claim 16, merely use computers as a tool to perform the abstract idea and it amounts to no more than mere instructions to apply the exception using generic computer components. Accordingly, the additional elements, individually and in combination, do not integrate the judicial exception into a practical application. The claims are directed to an abstract idea.
Step 2B
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed previously with respect to Step 2A, the additional elements merely use computers as a tool to perform the abstract idea and it amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using generic computer components cannot provide an inventive concept. Viewed as a whole, the additional elements, taken individually and in combination, do not result in the claims, amounting to significantly more than the judicial exception. Therefore, the claims do not provide an inventive concept, and thus, is not patent eligible.
Dependent Claims 2-8, 10-15, 17-20
Claims 2, 10 and 17 recite further details of the historical and current key merchant variable values and characteristics of predetermined time periods. Claim 3 recites characteristics of the abnormalities. Therefore, the claims further recite the abstract idea of transaction fraud detection for compromised merchants. The claims do not introduce any new additional element. Therefore, the claims do not integrate the judicial exception into a practical application or amount to significantly more than the judicial exception.
Claims 4, 11 and 18 recite the following underlined claim elements as abstract ideas while the nonunderlined claim elements recite additional elements according to MPEP 2106.04(a).
determining a combination of historical key merchant variable values that are applicable for the current transaction data for the merchant based upon the predetermined time period of the current transaction data; and
determining, based upon the predetermined time period of the current transaction data, that the merchant is a compromised merchant by identifying abnormalities between the comparison of the historical key merchant variable values and the current key merchant variable values.
As above, the claims further recite the abstract idea of transaction fraud detection for compromised merchants. The claims do not introduce any new additional element. Therefore, the claims do not integrate the judicial exception into a practical application or amount to significantly more than the judicial exception.
Claims 5, 12 and 19 recite the following underlined claim elements as abstract ideas while the nonunderlined claim elements recite additional elements according to MPEP 2106.04(a).
identifying compromised merchants of the plurality of merchants;
analyzing data associated with the compromised merchants to identify similarities in the data between the compromised merchants, wherein the data includes data associated with security systems of computing devices associated with the compromised merchants and configurations of the computing devices; and
determining at least one of the code fixes and the security patches for the merchants based upon the identified similarities between the compromised merchants.
As above, the claims further recite the abstract idea of transaction fraud detection for compromised merchants. The non-underlined additional elements of “security systems" and “computing devices,” merely use a computer as a tool to perform the abstract idea and it amounts no more than mere instructions to “apply it”. The non-underlined additional element fails to recite a practical application or significantly more than the abstract idea because it merely uses a computer as a tool to perform the abstract idea.
Claims 6, 13 and 19 recite the following underlined claim elements as abstract ideas while the nonunderlined claim elements recite additional elements according to MPEP 2106.04(a).
calculating a congruence score between the compromised merchant and a payment account identifier used to initiate each current transaction of the plurality of current transactions at the compromised merchant; and
determining whether each current transaction of the plurality of current transactions initiated at the compromised merchant is a test transaction or a legitimate transaction based upon the congruence score.
As above, the claims further recite the abstract idea of transaction fraud detection for compromised merchants. Additionally, the claims recite score calculation, which also an abstract idea, grouped within the “Mathematic concepts – mathematical relationships, mathematical formula or equations, mathematical calculations.” The claims do not introduce any new additional element. Therefore, the claims do not integrate the judicial exception into a practical application or amount to significantly more than the judicial exception.
Claims 7, 14 and 20 recite the following underlined claim elements as abstract ideas while the nonunderlined claim elements recite additional elements according to MPEP 2106.04(a).
generating a merchant signature for the compromised merchant, wherein the merchant signature indicates locations of other transactions initiated by the payment account identifier associated with each current transaction;
generating a payment account signature for each current transaction carried out at the compromised merchant, wherein the payment account signature indicates locations of other transactions initiated by the payment account identifier associated with each current transactions; and
calculating the congruence score based upon a congruence between the merchant signature and the payment account signature.
As above, the claims further recite the abstract idea of transaction fraud detection for compromised merchants. Additionally, the limitation of generating signature is a mathematical relationships, mathematical formulas or equations, and mathematical calculations grouped within the ”Mathematical Concepts” of abstract ideas. The claims do not introduce any new additional element. The claims do not introduce any new additional element. Therefore, the claims do not integrate the judicial exception into a practical application or amount to significantly more than the judicial exception.
Claims 8 and 15 recite the following underlined claim elements as abstract ideas while the nonunderlined claim elements recite additional elements according to MPEP 2106.04(a).
determining payment account identifiers associated with the test transactions;
generating a list of the payment account identifiers associated with the test transactions; and
transmitting the list to at least one issuer of the payment account identifiers.
As above, the claims further recite the abstract idea of transaction fraud detection for compromised merchants. The claims do not introduce any new additional element. Therefore, the claims do not integrate the judicial exception into a practical application or amount to significantly more than the judicial exception.
Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-4, 9-11, 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Zoldi et al. (US 11,023,963B2 (“Zoldi”)) in view of APPADURAI, E. (US 2015/0033216A1 (“APPADURAI”)).
Per Claims 1, 9 and 16, Ding discloses a computer-implemented method for detecting compromised merchants in a payment card network, the method comprising: (Zoldi: Abstract; 4:5-8, 5:5-35, 6:1-24, 10:61-11:5)
determining, based upon current transaction data, current key merchant variable values for a merchant; (3:11-22, 8:21-42, 9:43-58)
identifying abnormalities between the current key merchant variable values and the historical key merchant variable values for the merchant; and (Abstract; 2:40-52, 3:11-22, 8:21-63, 9:43-58)
determining, based upon the identified abnormalities, that the merchant is a compromised merchant associated with a security breach (6:13-24, 8:10-20)
identifying a compromised merchant computing system associated with the compromised merchant; (6:13-24, 8:8-20, 8:43-67)
identifying, based on the identified compromised merchant computing system, [further processing]; (6:13-24, 8:10-20, 8:43-67)
[notify compromise]…to a compromised merchant computing system associated with the compromised merchant to address the security breach. (Zoldi: 10:33-37)
Additionally, for claim 1, Zoldi discloses a computing system comprising:
at least one processor in communication with at least one memory, and a non-transitory computer-readable storage medium including computer-executable instructions stored thereon, wherein when executed by a computing device including at least one processor in communication with at least one memory, the computer-executable instructions cause the at least one processor to perform the steps of… (Zoldi: Abstract; 5:5-35, 10:61-11:5; claim 9, claim 17)
Additionally, for claim 16, Zoldi discloses a non-transitory computer-readable storage medium including
computer-executable instructions stored thereon, wherein when executed by a computing device including at least one processor in communication with at least one memory, the computer-executable instructions cause the at least one processor to perform the steps of:… (Zoldi: Abstract; 5:5-35, 10:61-11:5; claim 9, claim 17)
Zoldi discloses notifying compromise to a compromised merchant computing system associated with the compromised merchant to address the security breach(10:33-37). However, Zoldi does not explicitly disclose deploying at least one of code fixes and security patches to a merchant computing system.
APPADURAI discloses deploying at least one of code fixes and security patches to a merchant computing system. (Fig. 1, item 150, Fig. 3B; ¶¶6, 21, 35, 39, 64, 68-70)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Zoldi to incorporate the teachings of deployment of software patches on merchant devices, as disclosed in APPADURAI, to simplify application of hot fixes at POS. (APPADURAI: ¶39)
Per claims 2, 10 and 17, Zoldi in view of APPADURAI discloses all the limitations of claims 1, 9 and 16. Furthermore Zoldi discloses:
wherein the historical and current key merchant variable values are determined for one or more predetermined time periods, wherein the predetermined time periods are at least one of a day, a week, a month, and a season, wherein the key merchant variables are predetermined variables that indicate a compromised merchant when there are abnormalities between the current and historical values, and wherein the key merchant variables include at least one of: (i) an average number of payment account identifiers used to initiate transactions processed by the merchant in a predetermined time period of the one or more predetermined time periods, (ii) an average number of merchant names included in the transaction data of each transaction processed by the merchant in the predetermined time period, (iii) an average number of cross border transactions determined by comparing a location of the merchant and a location associated with an accountholder of the payment account identifiers used to initiate transactions processed by the merchant in the predetermined time period, and (iv) an average number of card-not-present transactions processed by the merchant in the predetermined time period. (3:58-61, 5:54-67, 6:25-38, 8:21-51)
Per claim 3, Zoldi in view of APPADURAI discloses all the limitations of claim 2. Furthermore Zoldi discloses:
wherein the abnormalities include at least one of (i) an increased number of payment account identifiers used to initiate transactions processed by the merchant in the predetermined time period, (ii) an increased number of merchant names included in the transaction data of each transaction processed by the merchant in the predetermined time period, (iii) an increased number of cross border transactions processed by the merchant in the predetermined time period, and (iv) an increased number of card-not-present transactions processed by the merchant in the predetermined time period. (8:21-63)
Per claims 4, 11 and 18, Zoldi in view of APPADURAI discloses all the limitations of claims 2, 10 and 18.
Zoldi discloses:
determining a combination of historical key merchant variable values that are applicable for the current transaction data for the merchant based upon the predetermined time period of the current transaction data; and (8:21-63, 9:43-58)
determining, based upon the predetermined time period of the current transaction data, that the merchant is a compromised merchant by identifying abnormalities between the comparison of the historical key merchant variable values and the current key merchant variable values. (8:21-63, 9:43-58)
Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Zoldi in view of APPADURAI as applied to claims 1, 9 and 16 above, and further in view of Gerald et al. (US 2016/0217470 (“Gerald”)).
Per claims 5, 12 and 19, Zoldi in view of APPADURAI discloses all the limitations of claims 1, 9 and 16.
APPADURAI discloses:
determining at least one of the code fixes and the security patches for the merchants (Fig. 1, item 150; ¶¶39, 42, 45)…
However, Zoldi in view of APPADURAI does not explicitly disclose:
identifying compromised merchants of the plurality of merchants;
analyzing data associated with the compromised merchants to identify similarities in the data between the compromised merchants, wherein the data includes data associated with security systems of computing devices associated with the compromised merchants and configurations of the computing devices; and
determining…the merchants based upon the identified similarities between the compromised merchants.
Gerald discloses:
identifying compromised merchants of the plurality of merchants; (¶¶21-22, 55-58)
analyzing data associated with the compromised merchants to identify similarities in the data between the compromised merchants, wherein the data includes data associated with security systems of computing devices associated with the compromised merchants and configurations of the computing devices; and (¶¶21-22, 55-58, 64)
determining…the merchants based upon the identified similarities between the compromised merchants. (¶¶21, 64)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Zoldi in view of APPADURAI to incorporate the teachings of support of detecting potentially compromised merchant locations of payment cards conducting transactions at those compromised locations, as disclosed in Gerald, for enhancing fraud detection. (Gerald: ¶4)
Claims 6, 8, 13, 15, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zoldi in view of APPADURAI as applied to claims 1, 9 and 15 further in view of MICHEL et al. (US 2017/0024828A1 (“MICHEL”)).
Per claims 6, 13 and 20, Zoldi in view of APPADURAI discloses all the limitations of claims 1, 9 and 16.
Zoldi in view of APPADURAI does not explicitly disclose:
calculating a congruence score between the compromised merchant and a payment account identifier used to initiate each current transaction at the compromised merchant in the current transaction data; and
determining whether each current transaction 1s a test transaction or a legitimate transaction based upon the congruence score.
MICHEL discloses:
calculating a congruence score between the compromised merchant and a payment account identifier used to initiate each current transaction at the compromised merchant in the current transaction data; and (Fig. 8, step 840; ¶¶49, 69)
determining whether each current transaction 1s a test transaction or a legitimate transaction based upon the congruence score. (Fig. 8, step 870, Fig. 9; ¶¶22-23, 70, 72, 74, 77)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Zoldi in view of APPADURAI to incorporate the teachings of support of identifying information related to payment card testing, as disclosed in MICHEL, to recognize a breach prior to any consumer calling to report fraudulent activity. (MICHEL: ¶21)
Per claims 8 and 15, Zoldi in view of APPADURAI discloses all the limitations of claims 1 and 9.
Zoldi in view of APPADURAI does not explicitly disclose:
determining payment account identifiers associated with test transactions;
generating a list of the payment account identifiers associated with the test transactions; and
transmitting the list to at least one issuer of the payment account identifiers.
MICHEL discloses:
determining payment account identifiers associated with test transactions; (Fig. 9; ¶¶72-73, 80-81)
generating a list of the payment account identifiers associated with the test transactions; and (Fig. 9; ¶¶72-73, 80-81)
transmitting the list to at least one issuer of the payment account identifiers. (Fig. 9; ¶¶72-73, 80-81)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Zoldi in view of APPADURAI to incorporate the teachings of support of identifying information related to payment card testing, as disclosed in MICHEL, to recognize a breach prior to any consumer calling to report fraudulent activity. (MICHEL: ¶21)
Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Zoldi in view of APPADURAI and MICHEL as applied to claims 6 and 13 above, and further in view of Chasko S. (US 6,738,749B1 (“Chasko”)).
Per claims 7 and 14, Zoldi in view of APPADURAI and MICHEL discloses all the limitations of claims 6 and 13.
MICHEL discloses:
calculating the congruence score based upon a congruence between the [compromised merchant] and the [payment account identifier] (Fig. 8, step 840; ¶¶49, 69)
Zoldi in view of APPADURAI and MICHEL does not explicitly disclose:
generating a merchant signature for the compromised merchant…
generating a payment account signature for each current transaction carried out at the compromised merchant…
Chasko discloses:
generating a merchant signature for the compromised merchant (Fig. 6 'merchant signature 650' 'customer signature 660'; 6:40-7:18)…
generating a payment account signature for each current transaction carried out at the compromised merchant (Fig. 6 'merchant signature 650' 'customer signature 660'; 6:40-7:18)…
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method of Zoldi in view of APPADURAI and MICHEL to incorporate the teachings of support of generating a merchant signature and a payment account signature, as disclosed in Chasko, providing a secure means of storing and accessing the transaction data. (Chasko: 1:62-64)
Zoldi in view of APPADURAI, MICHEL and Chasko does not teach “wherein the merchant signature indicates locations of other transactions initiated by the payment account identifiers associated with each current transaction;” and “wherein the payment account signature indicates locations of other transactions initiated by the payment account identifiers associated with each current transactions.” However, the language, “wherein the merchant signature indicates locations of other transactions initiated by the payment account identifiers associated with each current transaction;” and “wherein the payment account signature indicates locations of other transactions initiated by the payment account identifiers associated with each current transactions,” recites intended use language. Therefore, this intended use language will not differentiate the claimed invention from the prior art in terms of patentability. (MPEP §2103 I C, 2114)
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclose.
Hayhow (US 2011/0078034A1) teaches point of same terminal fraud detection.
Ding et al. (US 2014/0324699A1) teaches a method of determining a testing model and providing a testing transaction score for transactions.
LEE (WO 2022/005469A1) teaches updates for point of sale devices.
Griegel et al. (US 8,567,669B2) teaches merchant profile builder.
Das (US 2021/0192641A1) teaches processing of clearing records associated with payment transactions.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENYUH KUO whose telephone number is (571)272-5616. The examiner can normally be reached on Monday-Friday 8-4 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W. Hayes can be reached on (571)272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHENYUH KUO/Primary Examiner, Art Unit 3697