A method for conveying auditable information regarding provenance of a product that is cryptographically accurate while retaining complete anonymity of product and participant on a blockchain includes: receiving a product identifier; generating a digital token by applying a hashing algorithm to the product identifier; generating an entry value by applying the hashing algorithm to a combination of an event identifier and the digital token; generating a digital signature by digitally signing a data package using a private key of a cryptographic key pair, where the data package includes at least a blockchain address, the event identifier, and the digital token; and transmitting the blockchain address, the digital signature, and the entry value to a node in a blockchain network.
A method for real-time invoice updating and account-to-account payment includes: receiving invoice data based on presentation of an invoice by a distributor to a recipient at a delivery location, modification of the invoice by the recipient, and acceptance of the invoice by the recipient; generating a request for payment (REP) message based on the invoice data; transmitting the REP message to a financial institution associated with the recipient via a financial institution of the distributor; receiving, from the financial institution associated with the distributor, a payment confirmation for the invoice based on a real-time payment from the financial institution associated with the recipient; generating reconciliation data based on the payment confirmation and the invoice data; and transmitting the reconciliation data to a computing device of the distributor and a computing device of the recipient.
A system and method for secure and intuitive payment transactions at an ecommerce merchant website with a client device. The system has a trusted platform that hosts a Mediator site and Manifest database that includes a plurality of Manifest files. Each Manifest file includes a unique identifier and mapped payor information for a payment entity. The platform uses the Manifest to validate trusted payment entities and provide the Mediator site. The Mediator site generates cookies with payor information from the Manifest files, which are transmitted stored on user devices. These cookies are employed to facilitate trusted and intuitive transactions at merchant websites using dynamic interface objects presented on the user's client device interface.
Provided herein is a method for monitoring message content processed over a payment processor for a cardholder using a rules engine computing device. The rules engine computing device is associated with the payment processor that maintains a transaction history database that includes records for a plurality of payment transactions, and each of the records including a payment account number (PAN), a merchant identifier, and a transaction amount. The method includes (i) receiving a message from a registration computing device indicating that the cardholder is enrolled in a transaction monitoring service; (ii) associating the at least one PAN with the transaction monitoring service; (iii) querying the transaction history database to retrieve records including the at least one PAN; (iv) identifying a subset of transactions from the retrieved records; and (v) transmitting a list of the identified subset of transactions to at least one of the cardholder and the registration computing device.
Embodiments provide methods, and systems for facilitating message format discovery in online transaction processing. A method includes receiving, by a server system associated with a payment network, a message comprising a payment service request via a communication channel from an application in a message format of a plurality of message formats. The server system includes a rule engine and a rule data dictionary. The method includes applying, by the server system, one or more rules fetched by the rule engine from the rule data dictionary until the message format is identified. At least one rule of the one or more rules is applied based on matching one or more characters of the message with a pattern corresponding to the at least one rule. Upon successful identification of the message format, the method includes facilitating, by the server system, processing of the payment service request.
The disclosure herein describes handling tokenization requests associated with electronic transactions at a payment network at a throttled processing rate. Tokenization requests are received by tokenization stream brokers from request sources. The tokenization requests include primary account numbers (PANs) to be tokenized. The tokenization requests are then consumed from the tokenization stream brokers, at a request storage rate, for storage in a request data store. Tokenization operations are then performed, at a request processing rate, based on the tokenization requests stored in the request data store. The tokenization operations include providing at least the primary account numbers to be tokenized to issuers associated with the tokenization requests at issuer tokenization rates associated with the issuers, whereby the request processing rate is throttled for compatibility with capabilities of the system and the issuers without unnecessary limitations placed on request sources.
There is presented a method, a computing device and a computing system for establishing secure communication between computing devices. A method for a first computing device to establish trusted communication with a second computing device comprises the first computing device sending a request to create a secure channel to the second computing device, the request comprising a first cryptographic element and a device identifier. The first computing device receives a channel identifier from the second computing device in response to the request, and a notification over a secure channel using the device identifier, the notification comprising a channel identifier and a second cryptographic element. The first computing device compares the channel identifier received in the response to the request and the channel identifier received in the notification and, if the first computing device determines that the two channel identifiers match, the first computing device deriving a secret key using the first cryptographic element and the second cryptographic element.
A computer-implemented method for payment network-based cash back processing can include receiving, by processing circuitry, transaction information related to a cardholder transaction with a merchant. The processing circuitry can identify whether the transaction qualifies for a cash back offer selected from a set of one or more cash back offers. The processing circuitry can calculate a cash back amount associated with the merchant based on information contained in the merchant and offers database. The processing circuitry can calculate a cardholder billing amount, an issuer settlement amount, an acquirer settlement amount, a refund amount, and a program fee amount. The processing circuitry can generate a refund message including the refund amount to be processed to the cardholder and a fee message for fee collection. The processing circuitry can receive a program fee, receive an issuer settlement amount from an issuer, send the acquirer settlement amount to a merchant acquirer, and send the program fee amount to a third party.
Systems and methods are provided for establishing fixed currency conversion rates for transactions in connection with authorization and clearing of the transactions. One exemplary method includes receiving a currency conversion request in association with an authorization request for a transaction, identifying a currency conversion rate (CCR) for the transaction based on a rate file stored in a data structure in association with an identifier for the transaction, determining a converted transaction amount based on a transaction amount included in the authorization request and the CCR, and passing the converted transaction amount to an authorization network. The method also includes receiving a conversion request in connection with clearing the transaction, retrieving the CCR from the data structure based on the identifier, and determining a clearing transaction amount based on the transaction amount as included in a clearing record and the CCR received from the data structure.
There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system comprising: an input, configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, the digital identity data comprising at least one image of an identity credential of the user; a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier; and an output configured to transmit, to the remote resource provision system and in response to determining a match between the received cryptographic representation and the pre-stored cryptographic identifier, an authentication confirmation indicating successful validation of the digital identity data.
A request for payment message is received. The message includes transaction data. A transaction identifier is generated. The transaction data is stored in association with the transaction identifier. The transaction identifier is transmitted to an acquirer bank. A request to retrieve data is received from a payer's bank. The request to retrieve data includes the transaction identifier. At least some of the transaction data is transmitted to the payer's bank. A confirmation is received from the payer's bank. The confirmation indicates that a real-time payment has been made in accordance with the request for payment message.
A method of transaction selection is described for a transaction conducted between a user computing device adapted for use as a payment device and a terminal. The user computing device supports a plurality of payment cards. Steps at the user computing device include the following: establishing communication with the terminal; receiving transaction related information from the terminal; performing a card selection operation using the transaction related information to select a preferred payment card for performing the transaction; and identifying to the terminal preferred applications for performing the transaction based on the preferred payment card. An associated method of card selection is described, along with corresponding steps performed at the terminal. User computing devices and terminals adapted to cany out these methods are also described.
A system for maintaining individual immunization records. The system includes a tracking vehicle storing a first instance of a user record a terminal including an electronic processor and a memory. The electronic processor is configured to communicate with, the tracking vehicle, obtain a second instance of the user record stored in the memory of the terminal and determine whether immunization data in the first instance or the second instance is more recent. When the first instance of the user record from the tracking vehicle includes more recent immunization data than the second instance of the user record stored in the memory, the electronic processor is configured to update the user record stored in the memory of the terminal with the more recent immunization data in the first instance of the user record of the tracking vehicle.
A method for providing analytics for a physical customer based on processed remote transactions includes: storing transaction data entries, each including a time, date, additional value, and data; receiving a notification including a detection time, detection date, and identification value; identifying a first transaction data entry where the date matches the detection date, the additional value matches the identification value, and the time is within a predetermined period of the detection time; identifying a subset of transaction data entries related to the first transaction data entry based on a correspondence in at least one of: the additional value and the transaction data included in the first transaction data entry and each entry in the subset; determining analytics based on the transaction data included in the subset; and transmitting the analytics to a third party device.
The invention provides methods, systems and computer programs for dual layer identity based access control implemented within systems that implement a micro-service architecture. The invention involves (i) receiving at a first resource server (a) a request for a first processor implemented service, (b) a primary access token generated by the primary identity authentication server, and (c) validation information corresponding to the primary access token that is transmitted by the primary identity authentication server, (iv) responsive confirming validity of the primary access token, transmitting to a secondary identity authentication server, a request for generation of a secondary access token, (v) receiving the secondary access token at the first resource server, and (vi) transmitting to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server.
A frictionless shopping platform supports modular systems to outfit any physical store with a secure self-checkout experience. The frictionless shopping platform can communicate with a kiosk or mobile application to obtain customer information including payment information; a shopping sensor platform that tracks a user in the store to obtain anonymous shopper identification and associated shopping cart items; and a financial services provider to affect payment.
A method for providing performance assessment of terminal devices is provided. A user initiates, by way of a service application that runs on a user device of the user, a first request for obtaining risk scores or connectivity scores of the terminal devices. The first request may include terminal identifiers of specific terminal devices or information pertaining to a specific geographical area. The user device communicates the first request to a server. The server determines the risk scores or the connectivity scores based on the first request. The server transmits, to the user device, a first response that includes the risk scores or the connectivity scores. The user device displays the risk scores or the connectivity scores to the user based on the first response, thereby providing the performance assessment of the terminal devices.
A DACD for controlling access to data resources in a high latency network is provided. The DACD includes a high latency network interface for connecting with a remote network, and a local network interface for connecting with a local network. Communications with the local network have a lower latency than communications with the remote network. The DACD is programmed to receive using the local network interface a request including a resource identifier that identifies a data resource which may be safely accessed by at most one server device at a time, query an activation database on the local network with the resource identifier to determine that the resource identifier is in a deactivated status, broadcast using the high latency network interface a broadcast request that includes the resource identifier, and update the activation status for the resource identifier in the database to an activated status for the local network.
Provided are systems and methods enabling enrollment in promotions via a tokenization platform. In one example, the method may include establishing a network communication channel between a tokenization platform and a digital wallet of a user device, transmitting a promotion from the tokenization platform to the digital wallet on the user device via the established network communication channel, receiving authorization to accept the promotion at the tokenization platform from the digital wallet on the user device, and identifying tokenized payment account information of the digital wallet stored at the tokenization platform and automatically transmitting information about the tokenized payment account information of the digital wallet information from the tokenization platform to a promotion enrollment system associated with the promotion. The example embodiments use existing payment network infrastructure to provide seamless promotional enrollment through a tokenization platform instead of a standalone website.
A method of performing a contactless transaction between a payment device and a terminal is described. The method comprises establishing a data connection between the payment device and the terminal and then establishing if the payment device and the terminal both support an enhanced security architecture. If they do not, they will then perform the contactless transaction according to a basic transaction flow using a first cryptographic system, If they do, they will perform the contactless transaction according to an enhanced transaction flow using a second cryptographic system. The first cryptographic system and the second cryptographic system comprise different asymmetric cryptographic systems. Suitable payment devices and terminals, and methods at the payment devices and terminals, are described.
A method for verification of a bearer of a credential device at a device reader is described. The method comprises first establishing a digital communication channel with the credential device, and then determining a set of verification options for the bearer and providing the set of verification options to the credential device over the digital communication channel. The credential device then selects a verification option from the set of verification options and communicates this to the device reader. The device reader can then verify the bearer of the credential device in accordance with the selected verification option. Methods at both the credential device and the device reader are described, as are suitably programmed credential devices and device readers.
Systems and methods are provided for use in facilitating network transactions. In connection therewith, a server receives a request from an application of a requestor mobile device and polls sender mobile devices for location data, where a subset of the sender mobile devices is within a defined distance of the requestor mobile device. The server then receives a response from one of the subset of sender mobile devices and presents the response to the application of the requestor mobile device. Upon acceptance of the response, the server transmits the acceptance to the sender mobile device, thereby enabling delivery of an amount requested to a requestor user associated with the requestor mobile device in exchange for a digital transaction from an account of the requestor user to an account of a sender user associated with the sender mobile device.
A null-amount payment account system transaction is performed in cooperation with a user payment device presented by a user. In response to successful completion of the transaction, a download of data is received regarding the user.
A method for evaluating adherence to funding rules includes: storing transaction data entries, each including a controlled payment number (CPN), a merchant category code, transaction date, and transaction data, where the CPN is subject to a first spend control setting a maximum spend amount during a predetermined time interval; identifying a group of transaction data entries that includes a transaction date within a predetermined period of time; identifying a subset of the group of transaction data entries where the merchant category code is one of a set indicated in a funding adherence rule; determining an adherence score for the CPN based on a ratio of a number of transaction data entries in the subset to a number of transaction data entries in the group; and modifying the first spend control to adjust the maximum spend amount based on the adherence score and funding adherence rule.
A transaction takes place between a first device and a second device. There is an authorisation system associated with the first device and a transaction support system associated with the second device. The transaction support system and the authorisation system are connected by a transaction infrastructure. A communication path is provided between the second device and the transaction support system. The second device is adapted to take the following actions. It performs a transaction with the first device and receives and generates transaction data. It splits the transaction data into basic transaction data and enhanced transaction data. It provides the basic transaction data to the transaction support system over the communication path - this enables the transaction support system to process the basic transaction data and provide a processed transaction to the authorisation system over the transaction infrastructure. It also provides the enhanced transaction data by a separate route to the authorisation system for reconciliation with the processed transaction provided by the transaction support system for use by the authorisation system in authorising the transaction.
A computer-implemented method for removing access to data is provided by the present invention, wherein the method comprises: receiving a request from a user for a first manager to delete a user data; suspending control of the user data; generating a second database comprising the user data under full control of the user; deleting the user data from a first database; and re -integrating the user data into the same database or integrating into a further database. By providing a data under complete control of the user and outside the control of any database manager or service provider, users are given more freedom to decide what to do with their data.
Methods, apparatus and systems for upgrading an untrusted channel to a trusted channel. In an embodiment, a verifier server computer receives a request to verify an untrusted channel address from a first service component that is associated with a Consumer identifier, retrieves a trusted channel address from a verifier database, and then generates a one-time password witness value. The verifier server computer then splits the one-time password witness value into a first portion and a second portion, and transmits the first portion to the first service component and transmits the second portion to the second service component. The process includes receiving a recomposed value from the first service component, splitting the recomposed value into a first recomposed value and a second recomposed value, generating a reverted one-time password value, determining that the reverted one-time password value equals the one-time password witness value, and then transmitting an authentication message to the first service component confirming authentication of the consumer enabling upgrading of the untrusted channel to a trusted channel.
During recent years, chip-based transactions has been changing from mainly physical, like a chipcard, to mainly virtual, such as a software application on a mobile device. Although such mobile devices are very powerful compared to a conventional chip card, the data interactions with POI terminals must still be compliant with relevant specifications and standards such as the EMV standards. A computer implemented transaction method is provided that enables a first application to be switched with a second application whilst the transaction is in progress, and without loss of information relating to the transaction. The switching process can be facilitated by either instructing a user to remove an identification device, such as a mobile phone or a chipcard, out of a field produced by a terminal and subsequently return the identification device to within the field produced by the terminal, or turning an antenna of the identification device off, waiting a predetermined length of time and turning the antenna back on again. This enables the transaction to be completed using an optimal application whilst also providing a positive user experience throughout.
A first data processing apparatus comprising: communication circuitry configured to transmit data to or receive data from a second data processing apparatus using electromagnetic induction when the first data processing apparatus is brought into proximity to the second data processing apparatus; a storage medium; and processing circuitry configured: to control the communication circuitry to transmit first data indicative of a user of the first data processing apparatus to the second data processing apparatus; to control the communication circuitry to transmit second data to or receive second data from the second data processing apparatus, the transmission or reception of the second data occurring in response to the completion of a predetermined data processing event; to control the communication circuitry to receive third data from the second data processing apparatus, the third data being received in response to the completion of the predetermined data processing event and being digitally signed by the second data processing apparatus, wherein the digital signature of the third data is generated using the first data and the third data; and to store the received third data in the storage medium.
There are many instances in which information needs to be passed between a first and second computer system/device. If information is short, it may be remembered and retyped on the second device. If too long or complex, it may require a dedicated transmission channel. Audio communications channels have been used to transfer data, but these often require compatible hardware which may not always be available. A method 100 is provided for communicating a non-speech message 120 as audio from a first device to a second device, the method comprising: encoding the non-speech message as a dissimilar speech message 130 having a plurality of phonemes; transmitting 140 the speech message over one or more audio communications channels 150 from the first device; receiving 160 the speech message 130 at the second device; recognizing 170 the speech message 130; and decoding the dissimilar speech message 130 to the non-speech message 120. By using existing audio functionality, and the increasingly more reliable voice recognition applications, an improved method is provided for sharing complex data messages using commonly available communication channels.
G10L 19/00 - Speech or audio signal analysis-synthesis techniques for redundancy reduction, e.g. in vocoders; Coding or decoding of speech or audio signals, using source filter models or psychoacoustic analysis
A system and method for transmitting real-time messages within a supply chain financing (SCF) network using a using a customized and improved messaging protocol is provided. A computing device receives a SCF request message having an SCF messaging protocol including a plurality of data fields including SCF request data related to a request for supply chain financing including an early payment identifier, parses the SCF request message based upon the SCF messaging protocol, selects a financing entity for receiving the request, stores within the memory device the SCF request data, transmits an early payment message having the same messaging protocol to the selected financing entity, receives a confirmation message having the same SCF messaging protocol from the financing entity including a plurality of data fields including SCF confirmation data, and stores within the memory device the SCF confirmation data with the SCF request data.
A method for automatically provisioning data for an opaque blockchain based on prior consent includes: receiving a consent request including transaction criteria and at least two digital signatures, the first digital signature generated by a regulating entity and the second digital signature generated by a moderating entity in a blockchain network; validating the first and second digital signature; digitally signing the received consent request using a private key of a first cryptographic key pair; transmitting the digitally signed consent request to the regulating entity; receiving a query request from the regulating entity, the query request including an executable query; executing the executable query to identify transaction data for electronic transactions in compliance with the transaction criteria; and transmitting the identified transaction data to the regulating entity.
An adaptive authentication (AA) computer device used for improved payment transaction authentication services is provided. The AA computer device includes at least one processor in communication with at least one memory device and is configured to retrieve historical transaction data and authentication types for each historical transaction. The AA computer device is also configured to generate a model associating each of the authentication types with a corresponding set of values for transaction parameters. The AA computer device is further configured to receive pending transaction data including a cardholder identifier of a first cardholder, a merchant identifier, and a transaction amount. The AA computer device is further configured to determine an authentication type by applying the model to the transaction parameters derived from the pending transaction and transmit to the first cardholder an authentication request of the authentication type.
The invention provides methods, systems and computer program products for dynamic token based payment transactions. The invention comprises (i) responsive to a request for implementing a payment transaction, encoding at a POS terminal, a first electronic token comprising information corresponding to the payment transaction under implementation, and payee information, (ii) receiving from a payor terminal, a second electronic token generated upon extraction of information from the first electronic token at the payor terminal, and comprising payor payment account information, and payor transaction history information, (iii) extracting from the second electronic token, the payor payment account information and payor transaction history information, (iv) comparing information extracted from the second electronic token with information encoded within the first electronic token, and (v) authenticating the payment transaction under implementation based on the comparison.
Systems and methods are provided for use in provisioning accounts to applications included in mobile devices. One exemplary method includes receiving, at a mobile device, a request to provision an account to a mobile device; prompting a user associated with the account for authentication at a wireless device associated with the account; receiving an account credential from the wireless device, via a local wireless communication between the mobile device and the wireless device, when the user is authenticated at the wireless device; transmitting the account credential toward a first party associated with the account, whereby the account credential is indicative of the authentication of the user; and provisioning the account to the mobile device, in response to an approval received from the first party.
A privacy-enhancing system, method, and non-transitory computer-readable medium for securely identifying an individual over time without retaining sensitive biometric data. In one embodiment, the system includes a local identity server including an electronic processor, a communication interface, and a memory. The electronic processor is configured to initiate a personalization of a partner-specific identification vehicle that identifies the individual based at least in part on an individual global unique identifier associated with the individual, receive a request for a service from the individual via the communication interface, receive consent and registration information from the individual via the communication interface, generate an identity confirmation that confirms an identity of the individual, and output the identity confirmation via the communication interface. The individual global unique identifier is generated from information derived from the registration information and the individual global unique identifier is not indicative of personally identifiable information (PII) of the individual.
There is provided a computer-implemented method of authenticating an interaction carried out between a mobile device and a gateway, the method being carried out by an authentication system remote from the mobile device and the gateway. The method comprises the steps of : receiving one or more first data items from the gateway, the one or more first data items including dynamic data corresponding to one or more second data items uniquely identifying the interaction, wherein one of the second data items corresponds to a portion of a counter value associated with the interaction; and extracting the counter value portion from the dynamic data. The method further comprises calculating one or more candidate counter values which could correspond to the counter value associated with the interaction; generating, for each of the one or more candidate counter values, a piece of corresponding candidate dynamic data based on one or more of the other first data items; and comparing each of the candidate dynamic data to the received dynamic data to ascertain whether a match is obtained.
A direct cloud access (DCA) computing system for enabling access by a developer computing device hosted on a development network to a plurality of production networks hosted on a cloud services platform is provided. The DCA system includes a development private network interface to a private network, and a production private network interface to the private network. The DCA system further includes a plurality of DCA computing devices each coupled to a respective one of the plurality of production networks. Each DCA is programmed to establish a first VPN connection with a developer computing device on the development network via the private network, receive a client VPN packet addressed to the first DCA network address, and transmit the packet to the production computing device based on a resource address.
According to some embodiments, systems, methods and computer program code are provided to generate a cipher-based message authentication code ("CMAC") which may be used with cloud hardware security modules ("HSM"). Pursuant to some embodiments, a process for generating a CMAC includes preparing a first input set of data, issuing a first call to the HSM, the call including a key and the first input set of data, receiving an output of the first call, preparing a second input set of data, the second set including data from the output of the first call, issuing a second call to the HSM, the call including the key and the second input set of data, and receiving a cipher-based message authentication code.
Trusted communication between a first computing device and a second computing device in a transaction process is established as follows. A communication channel is established between the first computing device and the second computing device. The first computing device provides a secure communication to the second computing device, this secure communication comprising cryptographic material encrypted by a first cryptographic method. The second computing device decrypts the secure communication using a key already available to it. The first and the second computing device then communicate where trusted communication is required by a second cryptographic method using the cryptographic material. A suitable first computing device and second computing device are also described.
There is provided an intermediary server system for providing data for use in authenticating an interaction between the mobile device and a gateway. This server system comprises: an input configured to receive, from the mobile device, interaction data comprising a plurality of interaction data items associated with the interaction and a security identifier uniquely identifying the interaction. The server system further comprises a processor configured with instructions that when executed cause the processor to: generate a request for reference data to be associated with the security identifier, the request comprising at least one of the plurality of interaction data items and the security identifier; transmit, to a remote authentication server, the generated request; receive, from the remote authentication server, the dynamic reference data; and alter the received interaction data by replacing at least one of the plurality of interaction data items with the dynamic reference data. The server system further comprises an output configured to transmit, to the gateway, the altered interaction data.
The present disclosure relates to secure and verifiable storage and retrieval of data, in particular in the context of product tracking. According to one aspect there is provided a computer-implemented verifiable data storage method comprising: receiving a product serial number; receiving an account identifier; producing a non-invertible hash by operating on the product serial number and the account identifier; and causing the hash to be written to a secure distributed data store. According to another aspect there is provided a computer-implemented verification method comprising: receiving a product serial number; receiving an account identifier; producing a non-invertible hash by operating on the product serial number and the account identifier; searching a secure distributed data store for the hash; and depending on a result of the searching, providing confirmation or denial of the hash's presence in the secure distributed data store.
According to some embodiments, systems, methods and computer program code are provided to generate a retail message authentication code (MAC) which includes loading a first key, loading a second key, issuing a first call to a cloud hardware security module (HSM) to invoke a DESS encryption operation, the call including the first key and a first input set of data, receiving an output of the first call, issuing a second call to a cloud HSM to invoke a DESS encryption operation, the call including the second key and a second input set of data, the second input set of data including data associated with the output of the first call, receiving the generated retail MAC.
A computing node comprises a processor and a transaction cache. The transaction cache comprises transaction data records for a plurality of account numbers. Each transaction data record comprises a plurality of transaction data elements for a transaction including the account number for that transaction. The computing node is adapted to receive an authorisation request for a transaction pending authorisation from a transaction network, use the transaction data records in the transaction cache to calculate function values for one or more predetermined functions for the account number associated with the transaction pending authorisation, wherein the function values are determined from the transaction data elements of the transaction data records for that account number, and provide the calculated function values to the transaction network. If the transaction pending authorisation is authorised, the computing node adds a transaction data record for that transaction to the transaction cache. A transaction system comprising such computing nodes and a method of operating a transaction cache in a transaction system are also described.
Provided are methods and systems for improving data tokenization processes and mobile device data accessibility. A data warehouse may receive first provisioning data for tokenizing a first data set and a device identifier for a mobile device. The tokenized first data set may be stored in a database record associated with the device identifier. The data warehouse may receive second provisioning data for tokenizing a second data set and the device identifier. The data warehouse may then determine that both tokenized data sets are associated with the mobile device based on the device identifier. When the tokenized first data set is used by the mobile device, the data warehouse may notify a network associated with the second data set. The network may update its data processing rules based on the notification.
A computing node comprises a processor and a transaction cache. The transaction cache comprises one or more function records for each of a plurality of account numbers. Each function record comprises an account number, a function identifier, and transaction identifiers for any qualifying transactions. A qualifying transaction is a transaction for that account number to be used in determining a value for a function identified by the function identifier. The computing node can receive notification of an authorisation request for a transaction pending authorisation from a transaction network and provide values for each of the functions associated with an account number from the function record for that function using the transaction identifiers in that function record. If the transaction pending authorisation is authorised, the computing node can then add a transaction identifier for that transaction to each function record for which that transaction is a qualifying transaction. The computing node is also adapted to use transaction identifiers to synchronise the function records of its transaction cache with the function records of transaction caches of computing nodes in other geographic locations. A transaction system comprising such computing nodes and a method of operating a transaction cache in a transaction system are also described.
A method for determining product genuineness includes: storing blockchain data for a blockchain, wherein the blockchain data includes a plurality of blockchain data values, each blockchain data value including at least a unique identifier and a genuineness flag; receiving a genuineness request, wherein the genuineness request includes at least a specific identifier associated with a product available for purchase; identifying a specific blockchain data value of the plurality of blockchain data values where the included unique identifier corresponds to the specific identifier; determining genuineness of the product available for purchase based on at least the genuineness flag included in the specific blockchain data value; and transmitting the determined genuineness of the product.
The present disclosure relates to credential management for mobile devices that can be used for access to secured physical environments. One aspect comprises a computer implemented method comprising a mobile computing device: receiving, from a server system, and storing, on the mobile computing device: one or more application sequence counter values, one or more limited use credentials (LUCs), each LUC being bound to a corresponding one of the application sequence counter values; one or more emergency credentials, and an account token; subsequently receiving an authentication request from a terminal; in response to receiving the authentication request, determining that no LUC is available for fulfilling the request; and in response to determining that no LUC is available for fulfilling the request: transmitting, to the terminal, the account token and an application cryptogram generated from an emergency credential of said one or more emergency credentials; and updating a current application sequence counter.
Systems and methods are provided for facilitating voice authentication of a user in connection with a network transaction. One exemplary method includes receiving an authentication request for a transaction, initiated at a voice interactive device, from a merchant plug-in (MPI) associated with a merchant involved in the transaction, where the authentication request includes a pre-authentication indicator based on voice authentication of a user by the voice interactive device or by a voice authentication service. The method also includes generating a risk score for the transaction based at least in part on the pre-authentication indicator, transmitting the risk score with the authentication request for the transaction to an access controller server (ACS) associated with an issuer of an account to which the transaction is directed, and returning a result response to the MPI where the result response indicates permission to proceed in the transaction based on authentication of the user.
Financial transactions typically use an exchange of messages between parties associated with a payment interchange network. Fraudulent transactions are a major problem with payment interchange networks - in some cases, liability may not be clear-cut, leading to disputes among the parties about who should compensate the others. In addition, some frauds are only detected after approval or authorization, making it more complicated to resolve any dispute. An improved method is provided to detect anomalies in financial transactions which may be used to assess a risk of fraud. The method comprises providing a computer-implemented approval log (300) which stores a primary account number (310) and one or more transaction attributes (320) from a plurality of approved financial transactions associated with the primary account number (310). A computer- implemented approval anomaly detector (400) is also provided to assess the plurality of approval events. These anomalies are then made available to one or more parties associated with the payment interchange network (200). By monitoring and analyzing approved (and/or conditionally approved) financial transactions, more cases of fraud may be detected than with these traditional techniques.
A method for verifying proof of assertion of a value using a hash- oriented transaction scheme includes: receiving a confirmation request; identifying a confirmation message, wherein the confirmation message includes at least one or more chain values and is one of: included in the confirmation request or stored in a block included in a blockchain and identified using a reference identifier included in the confirmation request; identifying a declaration message, wherein the declaration message includes at least an asserted value and an identity hash value; generating a check hash value by hashing at least the asserted value and the one or more chain values; verifying the check hash value using the identity hash value; and transmitting a result of the verification of the check hash value in response to the received confirmation request.
A method of providing access to securely held data is provided. A user interacts with the service provider to obtain access to a service by using a device to provide a digital identifier to the service provider, without the digital identifier being made known to the user. At a later date the user wishes to retrieve securely stored data relating to their use of the service. However, because the user does not know the digital identifier, they are unable to identify themself to the service provider using the digital identifier. The present disclosure provides a secure method for exchanging private identifiers, which allows the user to identify themself to the service provider in order to gain access to securely stored data relating to the user's previous use of the service. The user can do this using the device on which the digital identifier is stored, or another device.
During recent years, chip-based payment has been changing from mainly physical, like a chipcard, to mainly virtual, such as a software application on a mobile device. Although such mobile devices are very powerful compared to a conventional chip card, the data interactions with POI terminals must still be compliant with the EMV specifications and standards. A computer-implemented payment transaction method is provided comprising: providing a standard EMV Contactless payment transaction protocol POI terminal, receiving from the user interface a selection of either the first or second payment application and modifying the PPSE accordingly; continuing, by the POI terminal, said EMV-compliant payment transaction by selecting the modified PPSE of the identification device; and selecting, by the POI terminal, the user-selected payment application to continue the payment transaction. By implementing such a function selection, new non-EMV compliant functionalities may be quickly added to existing payment-system specific kernels. In addition, by restarting the existing payment transaction instead of starting a new one, it may be quickly restarted using the same amount and the same currency without the need of any merchant interaction. By using existing mechanism already present in the EMV specifications and protocols, Users are given a higher degree of control over the payment applications used to complete payment transactions, and unexpected payments and/or unexpected terminations of payments are less likely to occur when a conflict arises between the contents of the PPSE and the POI terminal capabilities.
Some embodiments may provide systems, methods and computer program code to method to facilitate an interaction involving a user which include determining that a user authentication is required to complete the interaction, identifying at least a first verified device associated with the user, and transmitting an authentication message to the at least first verified device.
A data update computing device is provided. The data update computing device receives, from one of a user computing device and a first relying party computing device, a first access authorization message, wherein the first access authorization message identifies (i) a first relying party and (ii) a first user data element of the user to be shared with the first relying party. The data update computing device generates a first globally unique identifier (QUID), wherein the first GUID is uniquely associated in a first record in a QUID database table with the first user data element and the first relying party; receives an updated value of the first user data element of the user; stores the updated value of the first user data element in the first record, and flag the first record as updated in the GUID database table; and transmits the first GUID to the first relying party.
A data access computing device is provided. The data access computing device receives a token request from a user computing device, generates a secret value unique to the token request, encrypts the secret value using a private key associated with the data access computing device, encrypts the secret value using a public key associated with the relying party to generate a sharing token, transmits the sharing token to the user computing device, receives a payload encrypted using a private key associated with the relying party from a relying party computing device, where the payload includes the secret value and a nonce value, decrypts the payload using the to recover the nonce value and the secret value, retrieves the at least one user data element from the database based on the secret value, and transmits the at least one user data element to the relying party computing device.
A method for a first computing device to receive information about an application from a second computing device is provided. The first computing device comprises a processor, a display and an image capture device, and the second computing device comprises a processor and a display. The method comprises the first computing device acquiring an image with the image capture device, the image comprising at least a portion of the display of the second computing device including a launch icon associated with the application. The method further comprises the first computing device processing the image to obtain information about the application, wherein the information about the application comprises a link to a download location for the application. A computing device comprising a display, an image capture device and a processor programmed to perform the method is also provided.
A real-time payment system transaction is initiated to settle a purchase of goods or services. An indication is received that the real-time payment system transaction failed. In response to the indication, the purchase of goods or services is settled via a settlement system associated with a payment card account system.
Systems and methods for determining interchange rate designator (IRD) values are provided. A microservice, provided at acquiring servers to determine the IRD value, receives a transaction clearing service request from acquiring servers. The transaction clearing service request includes details of payment card and details of payment transaction. The microservice validates the details of a payment card and the card payment transaction. Based on the details, the microservice identifies a card program identifier (CPl) and product ID associated with the payment card from a member parameter extract data. The microservice identifies business service arrange- ments (BSAs) applicable on the payment transaction based on the CPI, the details of the payment card and the details of the card payment transaction. The microservice validates each BSA and determines one or more IRD values for each validated BSA, and further validates each IRD value and determines an optimal IRD value from the validated IRD values.
A computer device configured to install computer applications is provided. The computer device includes at least one processor in communication with at least one memory device. The at least one processor is programmed to receive a request to install a first application on a user computer device. The at least one processor is also programmed to scan at least one memory device of the user computer device for a device token associated with a second application. Upon detection of the device token, the at least one processor is programmed to retrieve the device token from the at least one memory device of the user computer device. The at least one processor is further programmed to validate the retrieved device token. Upon validation of the device token, the at least one processor is also programmed to install the first application and associate the device token with the first application.
A payment card processing system and method includes a computing device in communication with a multi-party payment processing system and network for processing payment card transactions. The computing device accepts a foreign currency deposit into a virtual foreign currency account linked to a cardholder account designated for payment in a home currency, receives payment card transaction data, identifies a foreign exchange transaction between the cardholder and a merchant designated for payment in a foreign currency, and applies at least a portion of the foreign currency deposit in the virtual foreign currency account to satisfy the payment for the transaction.
Systems and methods are provided for facilitating network transactions based on user authentication. One exemplary method includes, for a network transaction, receiving, at a card device, an authentication command from an issuer of a payment account associated with the card device. A user of the card device is instructed, at an indicator of the card device, to provide a biometric for use in authenticating the user. Biometric data from the user is captured at biometric sensor of the card device, when the user provides the biometric, and the captured biometric data is compared with reference biometric data stored in a memory of the card device. The card device then returns a command reply to the issuer, where the command reply includes an authentication result based on the comparison, thereby permitting the issuer to employ the authentication result of the user in connection with the network transaction.
A method for dispute resolution for a blockchain transaction includes: receiving a dispute request from a first computing device including a blockchain transaction identifier and a reason code; identifying a blockchain data value included in a blockchain that includes the blockchain transaction identifier, a merchant blockchain address, and a currency amount; determining eligibility of the blockchain data value for reversal based on application of one or more reversal rules to at least one of: transaction data included in the blockchain data value or external data identified from the transaction data included in the blockchain data value; performing a dispute resolution process for the blockchain data value that includes receiving a merchant digital signature from a second computing device; and transmitting the merchant digital signature and the currency amount to a node in the blockchain network associated with the blockchain.
Devices, computer-readable media, and systems for augmented reality of available resources. In one embodiment, an electronic device includes a camera, a display screen, a memory including at least one of an available resources repository or an options repository, and an electronic processor. The electronic processor is configured to receive an image including a remuneration vehicle from the camera, recognize the remuneration vehicle that is included in the image, generate a graphical user interface including at least one of available resources or one or more options that are associated with remuneration vehicle based on information stored in the at least one of the available resources repository or the options repository, generate an augmented reality image by overlaying the graphical user interface that is generated onto the image from the camera, and control the display screen to display the augmented reality image.
A method includes receiving an invoice token from a merchant, where the invoice token represents an invoice for an e-commerce transaction. The invoice token is transmitted to a payment services computer to request details of the invoice. The requested invoice details are received from the payment service computer, and an account is selected to support payment for the transaction. A payment transaction is initiated to settle the e-commerce transaction based on the invoice details and the account that was selected to support the payment.
There is presented a smart card adapted for staging a transaction for performance in connection with a terminal of a transaction system. The smart card comprises a processor and a memory. The memory comprises transaction staging code and user payment credentials. The smart card also comprises a biometric input device, a display, and a clock. On successful biometric input through the biometric input device, the processor is adapted to run the transaction staging code to provide transaction staging information comprising the user payment credentials and a freshness factor derived from a time value from the clock. The transaction staging information is displayed on the display as an optical code for reading at the terminal of the transaction system. A method of using such a smart card to stage a transaction is also described.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
G06F 21/77 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
METHODS AND APPARATUS FOR CHARGEBACKS OF PUSH PAYMENT TRANSACTIONS
A method includes associating a virtual card number (VCN) with an account owned by a customer. The VCN is in a format used for account numbers in a payment card system. The account is not a payment card system account. After a P2M (person to merchant) push payment transaction funded by the account, a request is received from the customer to perform a chargeback with respect to the P2M transaction. A message is transmitted to execute the requested chargeback. The message includes the VCN.
A method includes receiving a request for payment credentials. The request indicates an account from which payment for a transaction is to be made. A payment token is looked-up that corresponds to the indicated account. Dynamic expiry data and a dynamic token verification code are generated. As a response to the request, the looked-up payment token, the generated dynamic expiry data and the generated dynamic token verification code are transmitted.
A method for matching supplied organizational data with trade directory information includes: receiving a data file including a plurality of organizational entries, each entry including an entity name and a geographic location; normalizing the entity name in each of the organizational entries; identifying a plurality of matching entries for each organizational entries, each matching entry including a matching name and location, and where each matching entry is identified based on a first correspondence between the matching name and the entity name and a second correspondence between the matching location and the geographic location; determining a confidence level for each of the organizational entries based on the correspondence between the first correspondence and the second correspondence for at least one of the identified matching entries; and transmitting the plurality of matching entries and determined confidence level for each of the plurality of organizational entries.
A secure delivery system for securely delivering an article between a sender and a recipient. The secure delivery system includes a repository comprising a housing presenting an interior space and configured to securely hold articles. The system additionally includes a hatch integrated with the repository and configured to provide selective access to the interior space of the repository. A user interface is associated with the hatch and is configured to receive instructions to permit opening of the hatch to provide access to the interior space of the repository. The system additionally includes a communications element configured to a transmit a delivery notification to the recipient. The system further includes an autonomous courier device configured to transport the articles from a geographic location remote from the repository to a geographic location of the repository.
Disclosed are exemplary embodiments of systems and methods for providing contactless payment at a point-of-sale (POS) terminal associated with a merchant, without local, direct communication of the POS terminal with a payment device. One exemplary method includes receiving a selection of a modified contactless payment option for a transaction at the POS terminal. In response, the POS terminal presents a detail for the transaction and receives a transaction setup message from a payment network. The transaction setup message includes a credential for a payment account associated with the consumer. An authorization request for the transaction is then generated, which includes the payment account credential, a merchant ID of the merchant, and an amount of the transaction. The POS terminal then transmits the authorization request to the payment network, via an acquirer associated with the merchant, thereby initiating the transaction without interacting locally and/or directly with the payment device.
Provided are systems and methods for securely providing an encryption key from a remote resource to a secure element. In one example, the method may include receiving transaction data for settling a payment transaction between a merchant and a cardholder of the computing device, reading a merchant encryption key stored in a secure element of the computing device and received from a remote computing service, dynamically generating, via the secure element, a cryptogram that remotely authenticates the transaction data using the merchant encryption key, and transmitting the dynamically generated cryptogram to a computing system associated with the merchant.
A system for generating queries accesses a query history for a user. The query history includes a plurality of queries having defined query parameters. The query parameters are extracted from the plurality of queries and input into a neural network. The neural network generates an output corresponding to a predicted query the output is used to generate a predicted query and run the predicted query to generate a query result. By running the predicted query prior to a user requesting the query, results are thereby provided without lengthy processing delays when the user requests the predicted query.
A request is received from an account holder to link a payment card to a payment card account owned by an account holder. The request is submitted by the account holder and receipt of the request includes receiving a payment card identification number displayed in association with the payment card. The payment card identification number is used to look up a payment token electronically stored in the payment card. The payment card identification number is different from the payment token. The payment token is mapped to a payment card account number that identifies the payment card account owned by the account holder.
An apparatus and computer-implemented electronic transaction method includes the operation of reading, via a payment-on-delivery device, a machine-readable transaction code in which transaction details of a collect-on- delivery transaction are encoded. A notification is transmitted to a consumer computing device. In addition, the transaction details are transmitted to the consumer computing device. The apparatus transmits payments details for funding the collect- on-delivery transaction to an interchange network for processing the collect-on- delivery transaction. The apparatus receives a payment authorization response message from the interchange network indicating completion of the collect-on- delivery transaction.
G07F 17/12 - Coin-freed apparatus for hiring articles; Coin-freed facilities or services for means for safe-keeping of property, left temporarily, e.g. by fastening the property comprising lockable containers, e.g. for accepting clothes to be cleaned
G07F 17/14 - Coin-freed apparatus for hiring articles; Coin-freed facilities or services for turnstiles
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
A system and computer-implemented method includes the operation of transmitting, via a payment-on-delivery device, a request message to a consumer computing device. The request message includes a request as to whether a consumer wishes to allow a package carrier to actuate an electronic lock. An indication that the package carrier may actuate the electronic lock is received by the payment-on-delivery device, which in response, presents a message to the package carrier asking whether the package carrier wishes to actuate the electronic lock. The package carrier selects to actuate the electronic lock and is presented with an access code for actuating the electronic lock.
G07F 17/12 - Coin-freed apparatus for hiring articles; Coin-freed facilities or services for means for safe-keeping of property, left temporarily, e.g. by fastening the property comprising lockable containers, e.g. for accepting clothes to be cleaned
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
Some embodiments may provide systems, methods and computer program code to facilitate a secure remote transaction and may include detecting an event identifying initiation of a checkout process involving a transaction between a consumer and a merchant, identifying a secure remote commerce system to use in facilitating the transaction, the secure remote commerce system storing a consumer profile including information identifying at least a first payment card of the consumer. In some embodiments, a checkout user interface displayed to the consumer is modified based on information from the consumer profile to display information associated with the at least one payment card. A checkout request from the consumer and a payload is obtained from the secure remote commerce system including information identifying the at least first payment card, the merchant and transaction details. The payload is used to complete a transaction authorization request with a payment network.
A virtual wallet application and a split services server can support multi-card payment processing using a virtual card. The virtual wallet application can receive a selection of at least two payment cards of two or more payment cards in the virtual wallet application, a corresponding amount for each of the at least two payment cards, and an indication to perform the split payment. In response to receiving the indication to perform the split payment, the virtual wallet application can validate the user and create a transaction request. The transaction request can include the virtual card, tokens of the at least two payment cards and their corresponding portions of the split payment amount, and a split payment flag indicator. The transaction request can be routed by an acquirer to the split services server, which extracts the information of the multiple cards and manages pre-authorization requests to the corresponding issuers.
In an embodiment, a method includes accessing, one or more digital applications by a server system. Each of the one or more digital applications is configured to be accessed by a plurality of users. The method also includes determining, by the server system, compliance content in each of the one or more digital applications. The method further includes removing the compliance content determined from each of the one or more digital applications. The method further includes storing the compliance content in a central repository. Thereafter, the method includes facilitating integration of one or more widgets into each of the one or more digital applications to access the compliance content stored in the central repository. The one or more widgets integrated into a digital application of the one or more digital applications enable a user of the digital application to access the compliance content from the central repository.
Embodiments provide a computer-implemented method including receiving, by a server system associated with a payment network, a request for an installment payment for a purchase amount. The installment payment is to be paid at least partially from reward points available with a payment card of a cardholder. The method includes determining, by the server system, a required number of reward points for a payment of the purchase amount in response to the request for the installment payment. The method further includes, accessing, by the server system, one or more payment term plans for the installment payment, wherein each of the one or more payment term plans is determined based at least on the required number of reward points. Each payment term plan includes a set of reward points needed to be used for payment corresponding to each installment of the installment payment.
Embodiments provides a method for facilitating a client-server communication using cyclic tokens. The method includes receiving a request for token generation from a client device, generating a token in response to the request for token generation, and sending the token and a number of sub-tokens to be formed from the token to client device. The method includes establishing a cyclic token by token server for client device, where establishing includes generating a plurality of sub-tokens from the token based on the number of sub-tokens. Method further includes sending the plurality of sub-tokens of token to client device in an order defined by a sequence, and recording the plurality of sub-tokens in an order defined by the sequence as cyclic token. The method further includes facilitating validation of cyclic token upon receipt of sub-tokens in order of sequence as part of token validation request from an application server for client device.
Embodiments provide a method of using access tokens for identification of breach attempts in a client-server communication. The method includes receiving, by a server system, a token validation request for validation of a token from an Application Programming Interface (API) server sent from a client device to the API server. The method includes accessing one or more token configuration parameters associated with a valid token. The token configuration parameters include one or more of a number of allowable access attempts using the valid token in the API session and a range of frequency of allowable access attempts using the valid token in the API session. The method includes verifying whether the token conforms to the token configuration parameters associated with the valid token. The method further includes determining a breach attempt associated with the token if the token does not conform to the token configuration parameters.
A method for hybrid payment authorization includes: storing a merchant profile including a merchant identifier and a merchant public key; receiving an authorization request for a payment transaction including an account number from an external entity, the merchant identifier, and a transaction amount; generating a recipient blockchain address using the merchant public key; transmitting the recipient blockchain address, a blockchain amount based on the transaction amount, and a sender digital signature to a node in a blockchain network; generating an authorization response for the payment transaction including a response code indicating approval or denial of the payment transaction; and transmitting the generated authorization response to the external entity.
A method of processing transaction data, comprising: receive a first transaction indication indicating a first transaction on a payment card account; compare the transaction amount of the first transaction with an installment threshold indicating a minimum amount for a transaction to qualify for payment by installments; receive a second transaction indication indicating a second transaction on the payment card account; compare the transaction amount of the second transaction with an installment threshold indicating a minimum amount for a transaction to qualify for payment by installments; perform a grouping operation, the grouping operation comprising, for all transaction indications, grouping transactions for the payment card account which meet a grouping rule to form a transaction group; determine a group transaction amount as the total of the transaction amounts of the transactions of the transaction group; compare the group transaction amount with the installment threshold; and generate an installment qualification indication comprising an indication of the group of transactions.
Methods, apparatus and systems for allowing users to easily and securely enroll directly into a newly issued biometric payment card. In an embodiment, a user is provided with a biometric payment card enrollment package that includes a biometric payment card, an energy sleeve having a power source and at least a front wall and a rear wall defining an opening for accepting the biometric payment card therein, and at least one light-emitting diode (LED). The power source is centrally positioned within the energy sleeve and includes circuitry to provide power to an EMV chip of the biometric payment card when the biometric payment card is seated therein, and to provide power to the LED during a biometric enrollment process. In some embodiments, a software development kit (SDK) provided by the issuer of the biometric payment card provides support and guidance which enables the user to enroll directly into the biometric payment card.
Embodiments provide methods, and systems for encrypting data for web application. A method includes receiving, by a server system, a cryptographic certificate including asymmetric key pair. The method includes generating a random value key that forms at least a part of a Content Encryption Key (CEK) to be generated by a web application. The method includes sending the random value key to a client device running the web application over a secure network communication channel for generating the CEK. The CEK is to be utilized for encrypting a content entered by a user of the web application on the client device and the CEK is encrypted using a public key of the asymmetric key pair for transmission over the secure network communication channel. Furthermore, the method includes translating, the CEK encrypted under public key to CEK encrypted under LMK using a private key being part of the asymmetric key pair.
Systems and methods are provided for use in permitting restricted network transactions. One exemplary method includes receiving a product identifier associated with a product, from a user at a communication device, where the product is offered for sale by a merchant associated with a restricted merchant category for a payment account associated with the user. The method also includes identifying the product based on the identifier, from a listing of products included in a data structure, and determining whether the product is permitted based on one or more permission rules associated with an account host for the payment account. The method then includes transmitting an approve notification to the user, at the communication device, when the product is permitted by the one or more permission rules.
A computer system is configured to provide a payment card security application programming interface (API) for providing a payment card security score to a partner entity computer system. Responsive to receipt of user identification data for a card holder from the partner entity computer system via the API, the computer system retrieves payment card electronic funds transfer (EFT) transaction data records corresponding to the card holder, and determines a transaction type and security level associated for the user's transactions. The computer system generates, based on the determined security level for each of the transactions, a security score for the card holder. The partner entity computer system provides the user identification data for the card holder to the payment card security API responsive to receipt of an authorization request for a new transaction. The partner entity computer system may determine whether to approve or deny the new payment card EFT transaction based upon the security score.
Machine learning vision systems rely on very large numbers of training images to learn to recognize particular shapes and configurations of shapes. Traditionally, such datasets of training images needed to be selected and tagged (or labelled) manually. To recognize a particular object, such as a dog or vehicle, under realistic settings with an acceptable degree of reliability, may require data sets of thousands of images per object class. To improve this, a method is provided to generate datasets with a multiplicity of corresponding images are generated using a 3D rendering engine using a plurality of lighting arrangements and a plurality of views. Artefacts may also be introduced. In this way, very large data sets become feasible, with a variable degree of correspondence in each data set.
An authentication correlation (AC) computing device is provided. The AC computing device includes a processor and a memory. The AC computing device receives a first authentication request from a requesting computer device including an account identifier, a first timestamp, and at least one authentication factor, and determines a first security level of the first authentication request. The AC computing device stores the first security level and the first timestamp. The AC computing device is also configured to receive a second authentication request including the account identifier and a second timestamp, determine that the second authentication satisfies an authentication rule based on the account identifier, the second timestamp, and the stored authentication data wherein the rule defines a timeframe and an authentication threshold, and generate an authentication response based on the determination and the authentication rule wherein the authentication response includes an approval indicator.
A method for processing a controlled payment number transaction with multiple funding sources includes: receiving an authorization request for a payment transaction including at least a transaction amount and a controlled payment number; identifying a mapping profile including at least the controlled payment number, an overflow transaction account number, and at least one spend profile, the at least one spend profile including at least a mapped transaction account number and one or more spend controls including at least a maximum payment amount; processing a first payment transaction for payment from the mapped transaction account number for the maximum payment amount; processing a second payment transaction for payment from the overflow transaction account number for an amount based on a difference between the transaction amount and the maximum payment amount; and transmitting an authorization response for the payment transaction including at least the controlled payment number.
Systems and methods provide multi-function authentication. One exemplary method includes receiving a request to opt into multi-function authentication. A primary operation-based key is generated by the communication device, the operation-based key accessible based on authentication of the user and available for use after the authentication. The primary key is imported, by an application, into a secure key data structure, such that it is only accessible by the application. When the biometric authentication of the user is successful, the communication device transmits to an account server an indication that the user is eligible for multi-function authentication. The communication device receives a time- based secondary key from the account server, wherein the time-based key is useable only during a defined interval. The application links the secondary key to the primary key and imports the secondary key into the data structure such that it is only accessible via the primary key.
One of the barriers to increased use of shared mobility services (103) is the complex and lengthy processes which must be followed before the services (103) may be utilized. These problems are greatly magnified when travelling. These problems are reduced by providing an improved method (200) for authorizing utilization of a mobility service (103) by a user (110), the method comprising: A computer-implemented method (200) for authorizing utilization of a mobility service (103) by a user (110), the method comprising: - establishing a mobility database (120) with an arbiter (160), the database (120) being associated with the user (110) and comprising biographic data (130), payment data (140) and identification data (150), wherein the identification data (150) represents a legal form of identification (155) issued to the user (110), and the payment data (140) represents a form of payment (145); - the arbiter (160) validating the form of payment (145) and the legal form of identification (155); - the user (110) requesting utilization of the mobility service (103) from a mobility operator (105); - the user (110) authenticating themselves to the mobility operator (105); - the mobility operator (105) requesting to the arbiter (160) to authorize utilization of the mobility service (103) by the user (110); - the arbiter (160) providing an authorization if: - the payment data (140) represents sufficient funds to pay for the mobility service (103), and - the identification data (150) represents a legal form of identification required for the mobility service (103). In many cases, it is the authorization of the user before the utilization that is a major cause of the delay and failure. Each mobility service may have widely differing requirements. By using pre-authentication of the legal form of the identification and the form of payment, both the users and mobility operators benefit from a much simplified and much quicker authorization.
A digital advertisement platform with redemption feedback. In one embodiment, a server including a communication interface, a memory, and an electronic processor. The electronic processor is configured to receive transaction information from the data storage server, generate operation recommendations based on the transaction information that is received from the data storage server, generate operation creation and workflow with an enterprise platform and based on the operation recommendations, and generate a graphical user interface for displaying on the supplier interface device, the graphical user interface based on the operation creation and workflow.
Methods, apparatus and systems for permitting a cardholder to select a cardholder verification method (CVM) during a secure transaction. In an embodiment, a consumer mobile device running a mobile payment application receives, from a cardholder, selection of a payment account and an instruction to pay via one of contactless, barcode, SRC or digital secure remote payment (DSRP). The consumer mobile device then transmits a request for a secure transaction to a merchant device, receives a request for payment account data, displays a plurality of cardholder verification methods (CVMs), receives selection of a CVM, and prompts the cardholder to provide cardholder identification data in accordance with the selected CVM. The process also includes receiving and authenticating, by the consumer mobile device, the cardholder identification data from the cardholder, generating a cryptogram in accordance with the selected CVM, and transmitting transaction data including payment account data and the cryptogram to the merchant device.
Systems and methods are provided for verifying a user, through an account associated with the user, in connection with a subscription of the user to a service from a service provider. One exemplary system includes a memory having an account for the user, and a platform computing device coupled to and/or including the memory. The computing device is configured to receive a request from the service provider, in connection with the user subscribing to the service, and authenticate the user. When the user is authenticated, the computing device is configured to generate a subscription message for the user comprising assurance data based on the user's account, a timestamp, and an identifier associated with the user, and transmit the subscription message to the service provider, to thereby permit the service provider to rely on the assurance data to verify the user.
A transaction device is described. The device comprises storage configured to store a first data record comprising first value data and a unique identifier associated with one other device; communications circuitry configured to receive an identifier and second value data from a device; and control circuitry configured to compare the received identifier with the unique identifier and in the event of a positive comparison, the control circuitry is further configured to update the stored first value data in accordance with the exchanged second value data.
A computer-implemented method includes registering at least a first merchant and a second merchant, the registering including a consent process for payment card network access. The registering enables a registered merchant to post equity financing auctions and to bid on posted equity financing auctions. When a posting for an equity finance request is received from a registered first merchant, a validated aggregate historical data for the registered first merchant can be obtained from the payment card network. When a bid, which includes an amount of finance offered and requested equity, is received on the equity finance request from a registered second merchant, a set of transaction data for the registered second merchant is obtained from the payment card network and a score is generated for the registered second merchant based on conditions in the equity finance request using the set of transaction data and the bid.
A method for a tokenisation service provider (TSP) to generate tokenised card numbers tPANs associated with real card numbers PANs for digital payment transactions, and a processor configured to perform the method are provided. The method comprises a TSP processor: receiving from a card issuer processor a request to generate one or more tokenised card numbers tPAN1... m; generating and recording one or more tokenised card numbers tPAN1...m, wherein the one or more tPAN1...mis/are not associated with a real card number PAN; receiving a real card number PANifrom the card issuer processor; and recording the mapping of the real card number PANito a tokenised card number tPANxE1...m in a tokenisation service provider database. A method for a card issuer to provide tokenised card numbers tPANs associated with real card numbers PANs for digital payment transactions, and a processor configured to perform the method are also provided.