Abstract: Secure user authentication using a OTP involve pre-storing an application on a first device for generating a valid OTP for the user responsive to receiving entry of a valid PIN, no part of the valid PIN is stored on the first device and pre-storing on a back-end server the valid PIN and a valid shared secret for the user. Upon receiving entry of a purported PIN, a purported shared secret is dynamically synthesized on the first device by the application based on the purported PIN and a purported OTP is generated on the first device. When entry of the purported OTP is received by the server in an attempt to log on the server from a second device, the server cryptographically calculates a window of OTPs, and logs on to the server from the second device is allowed if the calculated window of OTPs corresponds to the received OTP.

Abstract: Multifactor authentication systems and methods employ an online payment server processor that authenticates a user in an online session with a merchant website server processor based on data representing one or more predefined authentication factors received from a user device processor over a communication network and sends data representing a secure user login cookie to the user device processor over the communication network based on the authentication of the user in the online session with the merchant website server processor. Thereafter, the online payment server processor authenticates the user in a subsequent online session with the merchant website server processor based in part on identifying the data representing the secure user login cookie on the user device and in part on data representing a second predefined authentication factor received from the user device processor over the communication network.

Abstract: Presented herein are systems and methods for end-to-end encryption for session-less communications. A first server may receive, from a second server, a request to retrieve keys for a customer device to access a service. The request may include a device identifier and a first token encrypted using a first encryption key. The first server may determine, responsive to validating, that the customer device is to be issued a second token. The first server may identify least a portion of the first token decrypted using the first encryption key. The first server may generate a set of second encryption keys to be used by the customer device. The first server may package the second token to include (i) at least the portion of the first token and (ii) the set of second encryption keys. The first server may transmit, to the second server, a response including the second token.

Abstract: Presented herein are systems and methods for processing tokens in identity assertions for access control to resources. A server may receive, via an interface from a gateway, a request to permit a customer device to access a resource associated with the server. The request may include an identifier for the customer device and a first token used to authenticate the customer device at the gateway. The server may generate, responsive to validating the first token, a second token to be used to authorize the customer device at the server for access to the resource. The server may store, on a database, an association identifying the identifier, the first token, and the second token. The server may perform the server, an action to permit the customer device access to the resource associated with the server based on the association maintained on the database.

Abstract: Presented herein are systems and methods for end-to-end encryption for session-less communications. A first server may receive, from a second server, a request to retrieve keys for a customer device to access a service. The request may include a device identifier and a first token encrypted using a first encryption key. The first server may determine, responsive to validating, that the customer device is to be issued a second token. The first server may identify least a portion of the first token decrypted using the first encryption key. The first server may generate a set of second encryption keys to be used by the customer device. The first server may package the second token to include (i) at least the portion of the first token and (ii) the set of second encryption keys. The first server may transmit, to the second server, a response including the second token.

Abstract: A network system to provide mutable access tokens for access requests that eliminate a need for token replacement. The system allows an access token to be changed to update data in the token. When data stored with the token changes, such as when a user or partner has a change in status, a new token is not required to be requested, generated, dispersed, or stored. Conventional systems refuse the API call request and require the new token be provided. The described system instead completes the request while simultaneously notifying the user to subsequently retrieve an updated access token. Requesting, generating, communicating, and presenting a new token requires additional time, bandwidth, computing capacity, and system interactions. While performing new token acquisition in conventional systems, devices are forced to perform additional interactions, which may result in a time delay or in one or more devices exceeding capacity, becoming overloaded, and seizing.

Abstract: Described herein are methods and systems to identify and redact personally identifiable information (PII). A PII sensitivity detection framework includes multiple layers where each layer corresponds to a computer model. The disclosed framework analyzes data stored within different data tables and predicts whether a data column includes PII. The first layer corresponds to an artificial intelligence model that analyzes each column metadata and predicts a first score indicative of a first likelihood of PII existence. The second layer corresponds to a rule-based computer model that uses various rules to determine a second score indicative of a second likelihood of PII existence for each column. The third layer corresponds to a column content model that analyzes content of each column using various natural language processing techniques to generate a third score indicative of a third likelihood of PII existence.

Abstract: Multifactor authentication systems and methods employ an online payment server processor that authenticates a user in an online session with a merchant website server processor based on data representing one or more predefined authentication factors received from a user device processor over a communication network and sends data representing a secure user login cookie to the user device processor over the communication network based on the authentication of the user in the online session with the merchant website server processor. Thereafter, the online payment server processor authenticates the user in a subsequent online session with the merchant website server processor based in part on identifying the data representing the secure user login cookie on the user device and in part on data representing a second predefined authentication factor received from the user device processor over the communication network.

Abstract: Presented herein are systems and methods for end-to-end encryption for session-less communications. A first server may receive, from a second server, a request to retrieve keys for a customer device to access a service. The request may include a device identifier and a first token encrypted using a first encryption key. The first server may determine, responsive to validating, that the customer device is to be issued a second token. The first server may identify least a portion of the first token decrypted using the first encryption key. The first server may generate a set of second encryption keys to be used by the customer device. The first server may package the second token to include (i) at least the portion of the first token and (ii) the set of second encryption keys. The first server may transmit, to the second server, a response including the second token.

Abstract: Presented herein are systems and methods for end-to-end encryption for session-less communications. A first server may receive, from a second server, a request to retrieve keys for a customer device to access a service. The request may include a device identifier and a first token encrypted using a first encryption key. The first server may determine, responsive to validating, that the customer device is to be issued a second token. The first server may identify least a portion of the first token decrypted using the first encryption key. The first server may generate a set of second encryption keys to be used by the customer device. The first server may package the second token to include (i) at least the portion of the first token and (ii) the set of second encryption keys. The first server may transmit, to the second server, a response including the second token.

Abstract: Systems and methods involve a database function of an ATM processor on which rules database records for positive transition flows of ATM hardware or software activities are stored, a security agent function of the ATM processor that extracts data points from a transition flow for every succeeding ATM activity, and an algorithm function of the ATM processor that generates a rules database record for the transition flows for succeeding ATM activity based on the extracted data points and discards any generated rules database record that is identical to a rules database record already stored on the rules database function. A discovery phase of the algorithm function stores new rules database records, rules database function, and a protection phase of the algorithm function selects a risk protocol, when a generated record is not identical to a record already stored.

Abstract: A system, method and apparatus for exchanging value using a smart card in a financial transaction is disclosed. The system includes a smart card having a contact interface and a contactless interface interactive with a closed purse application and an open purse application controlled by a microprocessor. The closed purse application contains application-specific value, while the open purse contains general value. The application-specific value and general value are each compatible within the system of the invention to perform and settle the financial transaction. The financial transaction may include the smart card communicating with a load terminal or a transaction terminal to add or change the amount of value on the smart card. Further, the present invention include auto-load functionality for adding an amount of value to the smart card. Finally, applications such as a transportation application and a loyalty application are described.

Abstract: Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device.

Abstract: The methods and systems disclosed herein attempt to overcome the deficiencies of the conventional methods and systems by providing a prepaid card for reimbursing a healthcare service provider for the cost of providing a patient with a specific healthcare service. A prepaid card can identify a specific healthcare service and can be used by a patient at a healthcare service provider to obtain the healthcare service of administering a controlled substance for which the patient does not have a prescription. The prepaid card can be associated with one or more accounts of third parties who may be financially responsible for reimbursing the healthcare service provider for the cost of providing the controlled substance and/or the specific healthcare service to the patient.

Abstract: Methods and systems for performing a pre-staged financial transaction using a computing device involve, for example, receiving, using a self-service transaction terminal processor, pre-staged transaction data in a session at the self-service financial transaction terminal, which pre-staged transaction data was entered on a mobile computing device at a time preceding a time of the session. Thereafter, using the self-service transaction terminal processor, a transaction is executed, based at least in part on the pre-staged transaction data.

Abstract: A computer-implemented method and system for managing financial institution customer transaction accounts involves issuing a relationship presentment card with a relationship identifier unique to the customer that is linked to a plurality of the customer's financial institution transaction accounts via pre-defined parameters for determining to which of the customer's linked accounts to post particular transactions with the relationship presentment card. Thereafter, when data for a transaction with the card is received by a processing platform of the financial institution via a merchant acquirer and a card association processing network, the card processing platform of the financial institution identifies a particular financial institution account of the customer to which the transaction should be posted according to the pre-defined parameters based on the transaction data and posts the transaction to the identified financial institution account of the customer.

Abstract: A financial institution can provide a best price guarantee to debit or credit card account holders. By providing a consolidated system including automatic price monitoring of purchased products and automatic claim form generation upon identifying a lower price, the consumer is relieved of the burden typically associated with conventional price matching.

Abstract: Methods and systems for person-to-person reward currency redemption involve, for example, receiving a request to redeem of reward currency of a reward currency holder as a direct deposit of cash to a deposit account of a recipient using a processor coupled to memory; converting the reward currency to an amount of cash based on a predefined conversion rate likewise using the processor; and also using the processor, transferring the amount of cash to the deposit account of the recipient.

Abstract: Computer computer-implemented methods and systems for creating and managing website content involve, for example, providing a user at a computer terminal a data capture template for a user-selected content type, providing the user at the computer terminal presentation pages using content management tags, allowing the user at the computer terminal to author content using the data capture template, and allowing the user at the computer terminal to deploy the content to a server. Other aspects of the methods and systems for creating and managing website content include, for example, allowing the user to personalize content, allowing the user to embed dynamic content in the middle of static content, allowing the user to refresh the deployed content in real-time without impacting current existing user sessions on the server where content is being deployed.

Abstract: Methods and system for transferring funds supports funds transfers from a source account to a cash access file which can be accessed virtually twenty-four hours a day by both customers and non-customers. Cash may be transferred across international borders and dispensed in a currency different than that of the sender's source account and is made available to a recipient virtually as soon as the requested transfer is approved and confirmed by the sender. A subset of payees that is uniquely associated with the sender and includes a payee and a destination account for the payee is presented in a payee list database. Thereafter, a payee list is displayed for the sender at a terminal in response to entry of a request by the sender for a transfer of funds, and upon selection by the sender of a payee from the payee list and entry of a requested transfer amount, the requested amount is transferred e.g.