Consumer authentication system and method

What is claimed is: 1 . A method comprising: receiving, by a server computer from a merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device; determining, by the server computer, if a challenge message is needed; sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic and is based on a transaction history of the consumer; receiving, by the server computer, a challenge response message from the consumer, the challenge response message responsive to the challenge message that is dynamic and that is based upon the transaction history of the consumer; and sending, by the server computer, an authorization response message to the access device or to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized, wherein the authorization request message comprises a transaction amount associated with the transaction. 2 . The method of claim 1 wherein the portable consumer device is in the form of a card or a mobile phone. 3 . The method of claim 1 wherein the challenge message includes a question. 4 . The method of claim 1 wherein the server computer is in a payment processing network, and wherein the method further comprises: forwarding the authorization request message to an issuer computer operated by an issuer of the portable consumer device; and receiving the authorization response message from the issuer computer before sending the authorization response message to the consumer. 5 . The method of claim 1 , wherein the authorization request message is received at an issuer computer, and the issuer computer sends the challenge message to the consumer, and receives the challenge response message from the consumer, and wherein the issuer computer further analyzes the challenge response message from the consumer to determine if the consumer provides a correct challenge response message before sending the authorization response message to the consumer. 6 . The method of claim 1 , wherein the challenge message includes a question, and uses a location of the consumer to create the challenge message. 7 . The method of claim 1 , wherein sending, by the server computer, the authorization response message to the consumer comprises sending the authorization response message to the access device being used by the consumer. 8 . The method of claim 7 , wherein the access device is a POS terminal. 9 . The method of claim 1 , wherein sending, by the server computer, the challenge message to the consumer comprises sending the challenge message to a mobile device of the consumer. 10 . The method of claim 1 , wherein the authorization request message comprises a primary account number of an account of the consumer. 11 . A server computer comprising: a processor; and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, to implement a method comprising: receiving, from a merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device; determining if a challenge message is needed; sending the challenge message to the consumer, wherein the challenge message is dynamic and is based on a transaction history of the consumer; receiving a challenge response message from the consumer, the challenge response message responsive to the challenge message that is dynamic and that is based upon the transaction history of the consumer; and sending an authorization response message to the access device or the consumer, wherein the authorization response message indicates whether or not the transaction is authorized, wherein the authorization request message comprises a transaction amount associated with the transaction. 12 . The server computer of claim 11 , wherein the portable consumer device is in the form of a card or a mobile phone. 13 . The server computer of claim 11 , wherein the challenge message includes a question. 14 . The server computer of claim 11 , wherein the server computer is in a payment processing network, and wherein the method further comprises: forwarding the authorization request message to an issuer computer operated by an issuer of the portable consumer device; and receiving the authorization response message from the issuer computer before sending the authorization response message to the consumer. 15 . The server computer of claim 11 , wherein the server computer is an issuer computer. 16 . The server computer of claim 11 , wherein the challenge message includes a question, and uses a location of the consumer to create the challenge message. 17 . The server computer of claim 11 , wherein sending, by the server computer, the authorization response message to the consumer comprises sending the authorization response message to the access device being used by the consumer. 18 . The server computer of claim 11 , wherein the access device is a POS terminal. 19 . The server computer of claim 11 , wherein sending, by the server computer, the challenge message to the consumer comprises sending the challenge message to a mobile device of the consumer. 20 . The server computer of claim 11 , wherein the authorization request message comprises a primary account number of an account of the consumer.