Abstract: A method of matching transaction data with a transaction receipt using one of a plurality of transaction-specific elements is described. Transaction-specific elements are determined (210) from a transaction between a payment token of a user and a terminal. Transaction identifiers are then formed (220), each from a separate transaction-specific element. At least one of the transaction identifiers is then received or generated (230) in a transaction processing system. The transaction processing system provides transaction data associated with this transaction identifier. Each of the transaction identifiers used by the transaction processing system is combined (240) to form a composite transaction identifier comprising a plurality of transaction identifier elements. Each transaction identifier is matched (250) against each transaction identifier element to identify the transaction and to associate the transaction data with a transaction receipt.

Abstract: At least a first cryptogram and a second cryptogram are transmitted from a payment device reader component to a terminal component. A message including at least the first cryptogram and the second cryptogram is transmitted from the terminal component to an issuer of a payment device presented to the reader component, through a payment network. A message is obtained from the issuer, corresponding to authentication, by the issuer, of the payment device (and optionally the owner of the payment device) presented to the reader component, based at least on the first cryptogram and the second cryptogram. The payment network is configured in accordance with at least one of (i) a standard, and (ii) a specification, which normally employs only a single cryptogram for the message and the authentication. Apparatuses and computer program products are also disclosed.

Abstract: Disclosed herein is a method for performing an integrated contactless point-of-sale transaction. More particularly, there is disclose a method comprising: receiving, by a mobile device 1, a seed number from a communications network; generating, by the mobile device 1, one or more session keys, in dependence on the received seed number, for use in encrypted communication with the mobile device 1; and/or generating, by the mobile device 1, a pre-image, in dependence on the received seed number, for use in generating an unpredictable number for use in secure communication with the mobile device. Advantageously, the generation of session keys and/or a pre-image in dependence on a seed number provided to the mobile device improves the security of the system since the source of the seed number can detect incorrect session keys and/or unpredictable number derived from an incorrect pre-image.

Abstract: Methods and devices are provided for use in facilitating transactions between transaction devices and points of interactions. In connection therewith, one transaction device generally includes an input and an output for communicating with a point of interaction with regard to a transaction by a consumer at the point of interaction involving the transaction device. The transaction device also includes a processor in communication with the input and the output. The processor is configured to interact with the point of interaction in connection with the transaction, store transaction data relating to the transaction in a data store during the course of the transaction, and, in response to an interruption in the transaction with the point of interaction, retrieve transaction data stored in the data store in order to resume the transaction with the point of interaction when communication with the point of interaction is restored.

Abstract: A method for generating transaction credentials for a user in a transaction, comprising: storing in a mobile device, an encrypted session key, and an encrypted user authentication credential; receiving an authorisation request; initiating a user authorisation process wherein in the event that the user is an authenticated user, the method comprises: decrypting the encrypted session key and encrypted user authentication credential; generating a transaction cryptogram in dependence on the user authentication credential and the session key; transmitting the transaction cryptogram and a user authentication status to a transaction processing entity for use in a transaction

Abstract: A computing device embodies a security architecture for an application (42). The security architecture has non-volatile storage (43) for storing first cryptographic material and volatile storage (51) for storing second cryptographic material. The second cryptographic material is lost on rebooting of the computing device. At least the second cryptographic material may be replenished from a source external to the computing device but accessible by a computing network. Methods of use of this architecture by the application are also described.

Abstract: A method of determining legitimate use of a computing device for an action to be approved by a remote system is described. The following steps are carried out at the computing device. A verification method (44) is established for authenticating a user at the computing device or for verifying the integrity of the computing device in association with carrying out the action on that computing device. Cryptographic material is received from a trusted system for use in performing the action. The action is then performed (42). This may or may not comprise successful performance of the verification step. However, performing the action comprises returning information to the remote system that includes whether there was successful authentication using the verification method and parameters relating to computing device state when the action was performed. Suitable computing apparatus is also described.

Abstract: Disclosed are exemplary embodiments of systems and methods for enabling Internet of Things (IoT) devices to initiate payment transactions. In an exemplary embodiment, a method generally includes receiving, by a computing device, a transaction request associated with a merchant where the transaction request includes a device identifier for an IoT device associated with a consumer and/or a location of the IoT device, and retrieving, by the computing device, a payment credential associated with a payment account when the transaction request is authenticated. The method also includes causing, by the computing device, the payment credential to be sent to the IoT device associated with the device identifier, whereby the IoT device is able to direct the merchant to proceed in the transaction using the payment credential.

Abstract: Performance and processing of a contactless transaction at an electronic payment device with a terminal of a transaction system is described. In the device, an account data set is prepared for use in contactless transactions. This account data set comprises user account details to identify a user account with an issuer for the user account and an indicator indicating that the contactless transaction is a customer not present (CNP) transaction. A contactless transaction is performed with the terminal using the contactless transaction account data set. In processing, transaction details of a contactless transaction are received and reviewed to determine whether the contactless transaction is indicated to be a customer present or a customer not present transaction. If the contactless transaction is indicated to be a customer present transaction, an issuing bank for the electronic payment device is notified.

Abstract: A payment-enabled mobile device receives, during a first tap of the mobile device on a proximity reader component of a point of sale (POS) terminal, first transaction context data for a current transaction, and receives during a second tap of the mobile device on the proximity reader component, second transaction context data for the current transaction. When the mobile device determines that the second tap is for the same transaction as the first tap, and that one of a customer verification method (CVM) status or a user acknowledgment status flag has been set, then it transmits a payment card account number to the POS terminal to consummate the transaction.

Abstract: A method of enhanced interaction between a first computing device and a second computing device is described. A first channel for connection between the first computing device and the second computing device using a short range communication technology and a second channel for communication between the first computing device and the second computing device using a communication technology are established. A first interaction is performed using the first channel and an additional interaction is performed using the second channel. Suitable first and second computing devices are also described.

Abstract: A method includes completing a payment transaction using a payment-enabled mobile device. The method further includes prompting a user to perform a user authentication process with respect to the payment-enabled mobile device. The prompting occurs after completion of the payment transaction and prior to commencing another payment transaction using the payment-enabled mobile device.

Abstract: A payment transaction is performed at a POS (point of sale) device. The device includes a terminal component and a reader component. The reader component includes a contact interface for establishing a data signal path via conductive contact with an integrated circuit (IC) payment card. A payment transaction is initiated. The data signal path is established between the reader component and the IC payment card. The IC payment card is commanded to generate a cryptogram for verification by an issuer of the card. The cryptogram is received from the card. In response to receiving the cryptogram, a command is issued to disable contact reading operation by the reader component.

Abstract: Methods and devices are provided for use in detecting relay attacks between devices in a communications network. One method includes sending first data by a first device to a second device, and receiving, by the first device, a communication from the second device where the communication comprises second data generated at the second device and a time parameter related to the generation of the second data. The method also includes measuring a total transmission time at the first device between sending the first data and receiving the communication, and determining a further time parameter related to the generation of the second data based at least in part on the measured total transmission time. The method then further includes determining the presence of a relay attack between the first and second devices in dependence on a comparison of the time parameter and the further time parameter.

Abstract: Example embodiments include methods and apparatus for exchanging, using a contactless interface included in a portable device, transaction information associated with an electronic merchant device when the portable device is brought into close proximity to a contactless interface associated with the electronic merchant device, with the information identifying the electronic merchant device and identifying a handover wireless network connected to the electronic merchant device and with information including security credentials required to form a secure connection, establishing a persistent, secure wireless connection with the electronic merchant device, using a wireless network interface in the portable device and the transaction information, over the handover wireless network and exchanging transaction messages between the portable device and the electronic merchant device over the persistent, secure wireless connection during a shopping interval.

Abstract: Systems, methods and apparatus for operating a device to complete a transaction are provided which include receiving a request to initiate a transaction with a merchant, transmitting a payment transaction initiation message to a merchant server associated with the merchant, receiving a request message from the merchant server for remote payment data, the request message including information identifying whether the merchant server supports a selected one of a first data format and an alternative data format, and providing the remote payment data to the merchant server in the selected data format for use by the merchant server to initiate authorization processing of the transaction.

Abstract: A method is described for providing user authentication and user consent for a transaction made with a payment device. A user authentication step is taken to verify that a user is entitled to use the payment device, and a user consent step is taken to verify that the user consents to the transaction. The user authentication step is discrete from the user consent step. A payment device adapted to perform this method is also described.

Abstract: Methods and devices are provided for use in carrying out a transaction between a transaction device and a point of interaction. In connection therewith, a device for interacting with a point of interaction to carry out a transaction by a consumer includes a processor comprising a payment application and a system environment module, where the system environment module is configured to determine whether the payment application is eligible for a transaction. The device also includes an input in communication with the processor and configured to receive transaction data from a point of interaction in connection with the transaction, and an output in communication with the processor and configured to transmit transaction data to the point of interaction in connection with the transaction when the system environment module determines that the payment application is eligible for the transaction.

Abstract: Methods and devices are provided for use in facilitating transactions between transaction devices and points of interactions. In connection therewith, one transaction device generally includes an input and an output for communicating with a point of interaction with regard to a transaction by a consumer at the point of interaction involving the transaction device. The transaction device also includes a processor in communication with the input and the output. The processor is configured to interact with the point of interaction in connection with the transaction, store transaction data relating to the transaction in a data store during the course of the transaction, and, in response to an interruption in the transaction with the point of interaction, retrieve transaction data stored in the data store in order to resume the transaction with the point of interaction when communication with the point of interaction is restored.

Abstract: Methods and devices are provided for use in detecting relay attacks between devices in a communications network. One method includes sending first data by a first device to a second device, and receiving, by the first device, a communication from the second device where the communication comprises second data generated at the second device and a time parameter related to the generation of the second data. The method also includes measuring a total transmission time at the first device between sending the first data and receiving the communication, and determining a further time parameter related to the generation of the second data based at least in part on the measured total transmission time. The method then further includes determining the presence of a relay attack between the first and second devices in dependence on a comparison of the time parameter and the further time parameter.