Case Law Review – T 0844/09

Case:

T_0844/09

Claimed Subject Matter:

A computer-implemented method of operating a verification system (100) for verifying details of transactions drawn upon a financial account and a user’s authorization to use the financial account, the method comprising:

    • receiving from a user, at a user interface (102), information identifying (204) a financial account which the user desires to use, before the user may initiate an online transaction using the financial account;
    • generating (208) a series of verifying transactions involving the financial account, with selected details of the transactions not being known to the user;
    • initiating (210) the series of verifying transactions from a transaction processor (106);
    • storing in storage means within the verification system a first set of details of said series of verifying transactions;
    • receiving (216) from the user, at the user interface, a test set of details, to include specified details of evidence of the verifying transactions retrieved by the user from his or her financial account;
    • comparing (218) said test set of details to said first set of details; and
    • if said test set of details matches said first set of details, authorizing (220) the user to conduct online transactions using the financial account.

Comments:

Claim 1 concerns a computer-implemented method of operating a verification system for verifying details of transactions drawn upon a financial account and a user’s authorization to use the financial account. It thus relates to the field of schemes, rules and methods for doing business, which shall not be regarded as inventions pursuant to Article 52(2)(c) EPC. The corresponding features in claim 1 are deemed to be non-technical. The method of claim 1 is, however, defined to be computer-implemented and thus involves a computer as technical means, with a transaction processor, storage means and a user interface. The corresponding features in claim 1 are technical. Claim 1, thus, contains both non-technical and technical features and has technical character as a whole. Accordingly, the subject-matter of claim 1 is not a scheme, rule or method for doing business as such. The patentability of the subject-matter of claim 1 is, therefore, not considered to be excluded under Article 52(2) and (3) EPC (cf T 258/03 (OJ EPO 2004, 575), reasons 3 and 4).

Although verifying a user’s authorization to use a financial account may in certain cases involve an administrative procedure lacking technical character, this is not considered to be the case for the subject-matter of claim 1.

The verification of the user’s authorization to use a financial account in the present case, in particular the recognition that the retrieval by the user of transaction details offers a convenient and secure channel for forwarding transaction authentication information to the user, and the realization that “verifying” transactions can be generated and initiated to contain the transaction authentication information, relies on a technical understanding of the operation of the transaction system and its respective components and, thus, lies within the scope of a technically qualified person working in the field of computer-implemented online financial transaction systems and notably entrusted with the security aspects thereof.

Neither the business professional nor the administrative professional would, in the board’s judgement, be qualified and indeed able to devise any of these ideas as they lie outside their areas of competence.

Accordingly, the above consideration relating to the verification of the user’s authorization to use a financial account cannot be included in the formulation of the technical problem, contrary to what is essentially argued in the decision under appeal applying the principles of decision T 641/00 (cf above).

Still, the remaining features of claim 1 relating to a financial transaction refer to an aim to be achieved in the field of schemes, rules and methods of doing business, deemed to be non-technical, which may legitimately appear in the formulation of the problem (following T 641/00 above).

The appellant argued that since the user had to obtain transaction details online relating to a previous or test transaction, effectively he had to pass two levels of verification in order to use an account.

This argument is, however, not convincing. In conventional online-banking systems, involving the use of lists of Transaction Authentication Numbers (TAN) provided to the user like in D3, the user gains online access to a bank account via an internet site of his bank, typically by entering the bank account number and a password, thereby passing a first level verification. At this point, the user has eg direct access to his financial statements or can initiate a fund transfer for which a TAN will be needed. In the case envisaged in the application and covered by claim 1 where the transaction authenticator in the form of a set of details of evidence of a verifying transaction is available through online access to the financial statement of the bank account, a fraudulent user will, thus, have unrestricted access to the transaction authenticator. Accordingly, no second level verification needs to be passed in this case.

The objective problem to be solved relative to document D3, accordingly, is to provide transaction authenticators to the user in an alternative manner.

The claimed solution consists in:
– generating (208) a series of verifying transactions involving the financial account, with selected details of the transactions not being known to the user;
– initiating (210) the series of verifying transactions from a transaction processor (106);
– storing in storage means within the verification system a first set of details of said series of verifying transactions;
– receiving (216) from the user, at the user interface, a test set of details, to include specified details of evidence of the verifying transactions retrieved by the user from his or her financial account;
– comparing (218) said test set of details to said first set of details; and
– if said test set of details matches said first set of details, authorizing (220) the user to conduct online transactions using the financial account.

This solution is not rendered obvious by document D3.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s