anti-fraud – Techdirt (original) (raw)

Intellectual Ventures' Evil Knows No Bounds: Buys Patent AmEx Donated For Public Good… And Starts Suing

from the despicable dept

Intellectual Ventures may be running out of cash, but that doesn’t mean it’s slowed down the pace of evildoing. If you look over its recent lawsuits, you’ll notice that over the summer, Intellectual Ventures was busy suing a bunch of banks, including Capital One (that lawsuit is embedded below). At least some of those lawsuits involve US patent 6,182,894 entitled: “Systems and methods for authorizing a transaction card.” In short, it basically describes the concept of the CID or CVV number that is found on the back of most credit cards today, which you often have to enter when purchasing stuff online with a credit card. Now, we may question how the hell the idea of adding 3 numbers to the back of a card as a security measure should be patented in the first place, but let’s leave that aside for a moment.

Instead, let’s go back a bit to look at the history of this patent, and a man named Bernard Bilski. As you may recall, Bilski was involved in what appeared to be a key lawsuit concerning the ability to patent software. Eventually, the Supreme Court gave a very narrow ruling on the issue that didn’t provide very much clarity at all on the question of software patents. However, go back a little bit further, to one of the Bilski appeals, heard by CAFC. Lots of different players on all sides of the patent debate lined up to supply amicus (friend of the court) briefs. One of them was American Express, who (somewhat ridiculously) argued in favor of software and business method patents. And, in a bit of news that is rather important here, it happens to use patent 6,182,894 as an example of why these kinds of patents are so important, wherein it gives us a history of that patent up until 2007 or so. It talks about the importance of CID/CVV numbers for credit card security and fraud reduction, and then notes the following:

Recognizing the value of this fraud reduction process to not only the financial services community, but also to the individual consumer, American Express donated the ’894 patent to the not-for-profit corporation Consumer and Merchant Awareness Foundation (“CMAF”). According to the CMAF, “the core objective of CMAF is the cultivation and encouragement of responsible, proven practices that sustain and build consumer and merchant confidence in the financial services marketplace.” The CMAF seeks to achieve this objective by raising awareness of best practices to protect consumers and merchants. The “CMAF views the ’894 Patent as an asset that should be used to help fulfill its mission.” As owner of the ’894 patent, the CMAF can license the process disclosed in the ’894 patent throughout the financial services industry. If patent protection had not been available to drive the initial innovation costs, this method may not have been developed or made available to the CMAF to advance the process industry-wide. CMAF, which is currently developing its licensing policy, states that it is committed to “refrain from actions that will result in enforcement of intellectual property against issuers, acquirers, merchants or consumers related to activity in the retail financial services and payment areas.” As a result of this policy and its licensing efforts, CMAF will make this important fraud-prevention technology available throughout the financial services industry.

Those quotes are from CMAF’s website. As a quick aside, I’ll note that AmEx’s argument here is totally nonsensical. If AmEx was planning to donate the details of this patent to a non-profit and make sure that any card issuer could use it… then what’s the patent for? AmEx could have just as easily publicly released a description of the concept or tried to create a standard or something. There’s absolutely no reason for a patent since the only thing a patent lets you do is exclude others. The idea that you’d need a patent to come up with this… only to then donate it to a non-profit that promises not to enforce the patent against anyone in the space just doesn’t make any sense. You don’t need a patent for that.

And, actually, the end result here shows why patents like this are bad. Because even after AmEx got the patent and donated it, and after CMAF flat out promised not to enforce the patent against banks, that’s exactly what’s happening now — thanks to the pure evil of Intellectual Ventures. The record shows that, in June of 2009, the patent changed hands from CMAF to an organization called Losipial Wireless, who has been identified as an Intellectual Ventures shell company. And then, just this past May, right before IV started suing banks over this patent, Losipial assigned the patent directly to Intellectual Ventures. And then Intellectual Ventures started suing. So you have a situation where even when the original patent holder donated the patent for “the public good,” sooner or later, an obnoxious patent troll like IV comes along and turns it into a weapon.

Again: AmEx patented those little numbers on your credit card, and then for the good of the industry and consumer protection donated the patent to a non-profit, who promised not to enforce the patent against banks… and then proceeded to sell the patent to Intellectual Ventures who is now suing banks over it.

What I haven’t yet been able to figure out is what happened to CMAF itself. The website still exists, though it’s pure brochureware, and there’s little info on the site. If you poke around, the page with the description of the patent still exists (even though AmEx cited the wrong link in its brief). If CMAF sold off the patent in 2009, you’d think somewhere in the intervening 4 years, someone would think to take down the page about that patent — if anyone actually worked at CMAF. I’ve sent them two separate emails, but never heard back. It’s worth noting that American Express has a deal with Intellectual Ventures. I’m sure AmEx also got a nice tax deduction for “donating” the patent to CMAF (CMAF’s website plays up that there are tax benefits to donating patents to it). And then IV gets to still sue a bunch of AmEx competitors over the patent AmEx insisted it was donating for the good of the public… Nice trick.

Filed Under: anti-fraud, cid, credit cards, cvv, fraud, patents, security
Companies: american express, capital one, cmaf, consumer and merchant awareness foundation, intellectual ventures, losipial wireless

Visa Tests New Anti-Fraud Card Device, But What About The Data Leaks?

from the finger-in-the-dike dept

Visa is testing a new type of credit card that’s got additional security measures built in as a means of cutting down on “card not present” (CNP) fraud — the fraudulent sales rung up using stolen credit-card numbers and the security codes that are normally printed on the cards. Visa’s new cards have a small screen on the back that displays a six-digit code when the cardholder enters a PIN on the card’s keypad, making it sound like Visa has basically built in a tiny version of something akin to the SecurID, a popular two-factor authentication device for corporate computer networks. The devices generate an additional one-time password using an algorithm synced with the system on the other end; the user enters this password when they attempt to log on, or in Visa’s case, make a CNP transaction. If the passwords match, the transaction goes ahead. It sounds like a good way to cut down on CNP fraud, but is it just a way to try and gloss over the massive data leaks that see millions of credit-card numbers lost out into the world? It almost seems that if these new anti-fraud cards make it to market, the party line will be “the data leaks don’t matter anymore” — but criminals will still be able to obtain credit-card numbers and make fake cards with the stolen info (for card-present fraud). It might make criminals’ lives a little more difficult, but it won’t make credit-card fraud impossible. Raising the level of security on credit cards is, without question, a good thing. But unless it involves doing more to stop massive data leaks, it’s not enough.

Filed Under: anti-fraud, credit cards, fraud
Companies: visa