Abstract: A system including one or more processors and one or more non-transitory computer-readable media storing computing instructions configured to run on the one or more processors and perform various acts. The acts can include receiving, in real-time and through a computer network, a payment authorization from a first financial institution. The payment authorization can comprise a payment amount, a recipient account indicator, and a fund withholding instruction for the payment amount and associated with a release condition for the payment amount. The acts also can include after receiving the payment authorization, instructing, through the computer network, a fund withholding financial institution to post the payment amount to a fund withholding account maintained by the fund withholding financial institution. The acts further can include receiving, through the computer network and from the fist financial institution, a release decision that is based on the release condition.

Abstract: A compromised data exchange system extracts data from websites using a crawler, detects portions within the extracted data that resemble personally identifying information (PII) data based on PII data patterns using a risk assessment module, and compares a detected portion to data within a database of disassociated compromised PII data to determine a match using the risk assessment module. A risk score may be assigned to a data item within the database in response to determining the match. In some embodiments, URL data may also be detected in the extracted data. The detected URL data represents further web sites that can be automatically crawled by the system to detect further PII data.

Abstract: A system includes a processor and a memory accessible to the processor. The memory may store instructions that, when executed by a processor, cause the processor to receive first data associated with a first owner and second data associated with a second owner from a data warehouse. The memory further includes instructions that, when executed, cause the processor to selectively filter the first data according to first data sharing permissions defined by the first owner to produce first filtered data, selectively filter the second data according to second data sharing permissions defined by the second owner to produce second filtered data, and provide an output including the first filtered data and the second filtered data to a data requester.

Abstract: In response to a request for risk assessment of a person-to-person (P2P) payment transaction, a risk assessment system returns a payer risk score, a payee risk score and a joint/fusion risk score. Risk scores are based on large amounts of data (including transaction data) provided by multiple financial institutions. The data is sorted and linked to individual people (e.g., common account holders), and assembled by a profile system into payee, payer and joint profiles for purposes of risk evaluation. A database associated with a profile system separately stores the profiles (and associated risk scores). Risk scores (payer, payee and joint) are provided for a transaction in response to a payer ID, a payee ID and transaction data.

Abstract: A system includes a processor and a memory accessible to the processor. The memory stores instructions that, when executed by the processor, cause the processor to determine a privacy policy score for one of an application and a website and provide the privacy policy score to a device.

Abstract: Transaction authentication with techniques and geolocation are combined to provide privacy and security enhanced geolocation. In an example implementation, a user initiates a transaction at a web service which in turns triggers a security server. The security server uses its always on connection with the combined client on user security device to perform geolocation, proximity and transaction authentication. These results may be used by the web service to make a decision on whether to proceed with the transaction.

Abstract: A system includes a processor and a memory accessible to the processor. The memory may store instructions that, when executed by a processor, cause the processor to receive first data associated with a first owner and second data associated with a second owner from a data warehouse. The memory further includes instructions that, when executed, cause the processor to selectively filter the first data according to first data sharing permissions defined by the first owner to produce first filtered data, selectively filter the second data according to second data sharing permissions defined by the second owner to produce second filtered data, and provide an output including the first filtered data and the second filtered data to a data requester.

Abstract: A system includes a processor and a memory accessible to the processor. The memory stores instructions that, when executed by the processor, cause the processor to determine a privacy policy score for one of an application and a website and provide the privacy policy score to a device.

Abstract: In response to a request for risk assessment of a person-to-person (P2P) payment transaction, a risk assessment system returns a payer risk score, a payee risk score and a joint/fusion risk score. Risk scores are based on large amounts of data (including transaction data) provided by multiple financial institutions. The data is sorted and linked to individual people (e.g., common account holders), and assembled by a profile system into payee, payer and joint profiles for purposes of risk evaluation. A database associated with a profile system separately stores the profiles (and associated risk scores). Risk scores (payer, payee and joint) are provided for a transaction in response to a payer ID, a payee ID and transaction data.

Abstract: Systems and methods are provided for implementing reciprocal data sharing in a data exchange system. Limitations may be placed on the amount of data an exchange member may access based on the amount of data that exchange member has contributed. The system may include determining a data contribution associated with a first member of the data exchange, determining a data access limit for the first member based on the data contribution, and providing data to the first member when the first member has not exceeded the data access limit. In some embodiments, there may be separate data access limits for each member of the data exchange, so that a first member may have different access limits when accessing data from a second member, data from a third member, and data from a fourth member. Further, the system may limit a requester to a type of data that corresponds to the type of data contributed.

Abstract: A system may include an interface configured to couple to a network, and includes a processor and a memory accessible to the processor. The memory may be configured to store instructions that, when executed, cause the processor to process search results corresponding to multiple data owners to selectively filter personally identifiable information (PII) associated with one or more consumers from the set of search results according to data sharing permissions for each of the data owners to produce filtered results. The instructions may further cause the processor to provide the filtered results to a user device through the network.

Abstract: The security of a transaction conducted at a mobile device, using a one-time password to authenticate the mobile device user, is enhanced by requiring that the mobile device also be authenticated by providing a valid mobile device ID. A security server that provides the one-time password to the mobile device also provides a hyperlink that, when selected, causes a mobile device ID, such as an IMSI, to be retrieved from a SIM in the mobile device The retrieved mobile device ID is then sent to the security server. A database associated with the security server stores valid mobile device IDs, and compares the retrieved mobile device ID from the mobile device to the valid mobile device ID for that mobile device stored in the database. In alternative embodiments, the mobile device is authenticated without the use of a one-time password.

Abstract: A method being implemented via execution of computing instructions configured to run at one or more processors and stored at one or more non-transitory computer-readable media. The method can include receiving, at a transaction system being situated along a proxy communication channel extending from a point-of-sale terminal of a first entity to a mobile wallet provider, an encrypted transaction code. The encrypted transaction code can be generated and sent to the point-of-sale terminal by a mobile device that runs a mobile application associated with the mobile wallet provider. The mobile device receives from a point-of-sale terminal an identifier of the first entity, a transaction amount of a transaction, and a transaction identifier for the transaction, receives an authorization from a user of the mobile device for the transaction while the user is at the point-of-sale terminal, and determines that the mobile device is unable to communicate with the mobile wallet provider.

Abstract: A method being implemented via execution of computing instructions configured to run at one or more processors and stored at one or more non-transitory computer-readable media. The method can include receiving a transaction amount and a preauthorization code from a first entity. The preauthorization code can include a preauthorization amount, an expiration time, and a digital signature. The transaction amount is for a transaction authorized by a user of a mobile device at a point-of-sale terminal of the first entity. The transaction amount is less than or equal to the preauthorization amount. The mobile device received the preauthorization code and stored the preauthorization code in the mobile device while the mobile device was in data communication with a mobile wallet provider. The mobile device provided a transaction code to the point-of-sale terminal while the mobile device was unable to communicate with the mobile wallet provider.

Abstract: A method being implemented via execution of computing instructions configured to run at one or more processors and stored at one or more non-transitory computer-readable media. The method can include receiving a preauthorization code at a mobile device while the mobile device is in data communication with a mobile wallet provider. The preauthorization code can include a preauthorization amount, an expiration time, and a digital signature. The method also can include storing the preauthorization code in the mobile device. The method additionally can include receiving, at the mobile device, an authorization from a user of the mobile device for a transaction having a transaction amount while the user is at a point-of-sale terminal of a first entity. The method further can include determining that the mobile device is unable to communicate with the mobile wallet provider. The method additionally can include verifying that the transaction amount is less than or equal to the preauthorization amount.

Abstract: A method being implemented via execution of computing instructions configured to run at one or more processors and stored at one or more non-transitory computer-readable media. The method can include receiving, at a mobile device from a point-of-sale terminal of a first entity, an identifier of the first entity, a transaction amount for a transaction, and a transaction identifier for the transaction. The method also can include receiving an authorization from a user of the mobile device for the transaction while the user is at the point-of-sale terminal, the mobile device running a mobile application that is associated with a mobile wallet provider. The method additionally can include determining that the mobile device is unable to communicate with the mobile wallet provider. The method further can include generating an encrypted transaction code.

Abstract: Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication policy received from the enterprise. An authentication request is transmitted to a user device requesting the first authenticator and the user is authentication by comparing the received authenticator with the stored first authenticator.

Abstract: Account data (e.g., balance information) for accounts at a plurality of financial institutions (or government agencies) is stored (and updated) in a central database system and accessed using a personal identifier, such as a social security number. Risk data may be generated for accounts based on the account data. The account data and risk data are accessed in response to either an account search request (e.g., from a government entity and relating to a benefits program or a subpoena) or an account verification request (e.g. from a mortgage company and relating to a mortgage application).

Abstract: In some embodiments, a compromised data exchange system may include an interface configured to couple to a network, a processor, and a memory accessible to the processor. The memory may be configured to store instructions that, when executed, cause the processor to extract data from one or more websites using a crawler, detect portions within the data that resemble personally identifying information (PO) data based on PII data patterns using a risk assessment module, and to compare a detected portion to data within a database of disassociated compromised PII data to determine a match using the risk assessment module. The instructions may further cause the processor to selectively assign a risk score to a data item within the database in response to determining the match using a risk scoring module.

Abstract: Systems and methods are provided for implementing reciprocal data sharing in a data exchange system. Limitations may be placed on the amount of data an exchange member may access based on the amount of data that exchange member has contributed. The system may include determining a data contribution associated with a first member of the data exchange, determining a data access limit for the first member based on the data contribution, and providing data to the first member when the first member has not exceeded the data access limit. In some embodiments, there may be separate data access limits for each member of the data exchange, so that a first member may have different access limits when accessing data from a second member, data from a third member, and data from a fourth member. Further, the system may limit a requester to a type of data that corresponds to the type of data contributed.