Abstract: A method including receiving a request from a mobile wallet operating on a mobile device to perform a provisioning of an account to the mobile wallet. The method also can include generating account information about the account. The method additionally can include generating device information about the mobile device. The method further can include sending an inquiry to a risk determination system to authenticate the provisioning of the account to the mobile wallet. The risk determination system can generate a fraud risk level by applying business rules and one or more statistical modeling techniques. The method additionally can include receiving from the risk determination system a first response based on the fraud risk level. The method further can include determining whether to proceed with the provisioning of the account to the mobile wallet or to perform an additional verification based at least in part on the first response received from the risk determination system.

Abstract: Data from a plurality of data sources is provided to a multi-source data management system, which stores the data and provides it to a data accuracy system for purposes of assessing the accuracy of data records and the individual fields within data records. Data accuracy scores may be stored at the data management system with the data records to which they pertain. Accuracy scores may be periodically recalculated and monitored, and alerts provided if an accuracy score changes a predetermined amount over a given period of time. Also, data records may be provided by a data user for accuracy assessment, using other data records stored at the multi-sourced data management system.

Abstract: A plurality of institutions (such as financial institutions) contribute data to a data analysis and linking system. The system analyzes the data to create data nodes (records) associated with an entity, where the entity may be, for example, a person/individual, business, organization, account, address, telephone number, etc. After data is linked, and in order to retrieve linked data, a requester may provide to the system an identifier associated with an entity. The linked data provided by the system in response to the identifier may be in the form of a network of data nodes associated with the entity and for use in assessing risk, such as risk associated with a transaction being conducted by a person. The linked data may also be analyzed at the system to score risk associated with the entity, and the risk score provided in conjunction with or in lieu of the network of data nodes.

Abstract: Identity data for an applicant opening a bank account is provided to an ID confidence scoring system. The scoring system accesses a multi-source data management system, using queries that include a base component, a link component and a function component. Data records maintained by the multi-source data management system include header data having identity data elements, with the header data analyzed pursuant to the queries. Queries may also be provided to an entity resolution system having data records organized in data networks, each data network corresponding to a single entity. Query results are used to develop an ID confidence score for applicant identity data.

Abstract: A portable apparatus is removably and communicatively connectable to a network device to communicate authentication or authorization credentials of a user in connection with the user logging into or entering into a transaction with a network site. The apparatus includes a communications port to connect and disconnect the apparatus to and from the network device and to establish a communication link with the network device when connected thereto. A processor receives a secure message from the network security server via the port. The message has a PIN for authenticating the user to the network site, and is readable only by the apparatus. The processor either transfers, via the port, the received PIN to an application associated with the network site that is executing on the network device or causes the apparatus to display the received PIN for manual transfer to the application associated with the network site.

Abstract: A method including receiving a request from a second financial institution to determine whether any accounts held by a first entity support real-time payment transactions. The method also can include determining one or more first accounts held by the first entity using the directory. The method additionally can include validating that one or more third accounts held by the first entity support real-time payment transactions. The method further can include, after the first entity has enrolled in real-time invoicing and payments, sending an interactive invoice to the first entity, the interactive invoice comprising an option to pay the financial obligation immediately using at least one of the one or more third accounts. The method additionally can include receiving an authorization from the first entity to pay the invoice immediately using at least one of the one or more third accounts.

Abstract: A user device transmits a login request. A provider server, receives a random number from and transmits other information to an authentication server. The provider server transmits the random number to the device. The random number is transferred to a second user device, which transmits it to the authentication server. The authentication server transmits provider authentication policy requirements and further transmits the other information to the second device. The second device transmits user validation information to the authentication server. The authentication server determines that the transmitted validation information corresponds to the service provider authentication policy requirements, compares the validation information with stored validation information for the user to authenticate the user. The second device transmits a message, including the random number and the other information, signed with a user credential to the authentication server.

Abstract: A system for identifying and expediting the release of held items, such as checks. Paying banks (having accounts against which the checks are drawn) provide paid item files to the system, and depository banks (where checks have been deposited) provide held item files to the system. If there is a match of a paid item file and held item file (indicating that a held check has been paid by the paying bank), the depository bank is notified that the item has been paid and that the hold may be released.

Abstract: A security server receives a request of a user to activate a secure communications channel over the network and, in response, transmits an activation code for delivery to the user via another network. The security server receives an activation code from the user network device via the network, compares the received activation code with the transmitted activation code to validate the received activation code, and activates the secure communications channel based on the validation. The security server next receives a query including a question for the user from an enterprise represented on the network, transmits the received enterprise query to the user network device via the secure communications channel, and receives, from the user network device via the secure communications channel, a user answer to the transmitted enterprise query. The security server then transmits the received user answer to the enterprise to further authenticate the user to the enterprise.

Abstract: A network server is operated so as to facilitate legal eavesdropping by receiving, from the first user via a network, a session key (SK) encrypted with a second user's public key, kpubU2, and the SK encrypted with an escrow server's (ES) public key, kpubES. The kpubU2 key is the public key of the second user asymmetric private/public key pair kpriU2/kpubU2 The kpubES key is the public key of the ES asymmetric private/public key pair kpriES/kpubES. The received SK encrypted with kpubES is stored. The SK encrypted with kpubU2 is transmitted to the second user via the network. A message encrypted with the SK is received from one of the first and the second users via the network, stored, and transmitted to the other of the first and the second users via the network.

Abstract: The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window.

Abstract: Transaction authentication with techniques and geolocation are combined to provide privacy and security enhanced geolocation. In an example implementation, a user initiates a transaction at a web service which in turns triggers a security server. The security server uses its always on connection with the combined client on user security device to perform geolocation, proximity and transaction authentication. These results may be used by the web service to make a decision on whether to proceed with the transaction.

Abstract: An authentication server transmits a random number to and receives a other information from a service provider. Later, the first random number is received from a requester and a provider identifier, the received other information and provider authentication policy requirements are transmitted to the requester. A user identifier and validation information are received from the requester. The received validation information is determined to correspond to the provider authentication policy requirements, and compared with stored user validation information associated with the received user identifier to authenticate the requester. A message, including both the random number and other information, signed with a credential of the requesting user is received and transmitted to the first provider.

Abstract: Fraud risk is monitored in financial transactions. Biometric information is received over the communications interface configured to exchange data with multiple distinct financial institutions. The received biometric information is compared with a database of biometric information to identify an individual. A fraud-detection analysis is performed on the financial transaction information associated with the individual. The financial transaction information associated with the individual is identified as suspicious in accordance with a result of the fraud-detection analysis. The biometric parameters associated with the individual are designated as associated with suspicious financial activity.

Abstract: A network user is authenticated to another network entity by using a first program to receive user input validation information, and store a user credential. A second program receives information, such as a random number, from the other entity. The first program receives an input transferring the information to it, transmits the information to the authentication server, and receives an identifier of the other entity, other information, and authentication policy requirements from the authentication server. It then transmits the input validation information corresponding to the received authentication policy requirements to the authentication server, and in response receives a request for a user credential. It signs a message, including the transferred information and the received other information, with the stored user credential, and transmits the signed message to the authentication server to authenticate the user.

Abstract: Check transaction data is analyzed to identify checks drawn on U.S. subsidiaries of international financial institutions. The accounts into which the identified checks are determined, and the owners of the accounts identified. The number, amounts, and frequency of such deposits may be indicative of certain types of fraud. Deposits of checks drawn on U.S. subsidiaries of international financial institutions may be detected across a plurality of accounts owned by the same owner at different depository institutions.

Abstract: Transaction data is analyzed according to one or more transaction rules to identify accounts that are suspected of being used for activity such as money laundering. The methods may be performed on an inquiry basis for ad hoc investigation of transaction activity relating to one or more particular account owners or other entities, or may be performed on an ongoing basis for monitoring transaction activity of one or more account owners or other entities for suspicious activity.

Abstract: Account information is analyzed to identify accounts that have received deposits drawn on accounts associated with money service businesses. When such deposits are detected, other transaction data is analyzed to decide whether or not to categorize the account as suspected of being used for an illicit purpose such as money laundering. The analyzed information may include the number or percentage of deposits received drawn on accounts associated with money services businesses, the pattern of deposits and withdrawals into and from the account, and other information.

Abstract: Provided is a method for operating an authentication server for authenticating a user who is communicating with an enterprise via a network. The method include receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator. When the authentication service later receives, from the enterprise, a request to authenticate the user, the authentication server transmits an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device. The information received from the low energy wireless device in response to the authentication request is then used authenticate the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.

Abstract: A method including receiving, at a first system from a first entity, a request comprising a merchant identifier. The method also includes determining, at the first system, using the merchant account database, first information comprising an account identifier of a second account of the merchant maintained by a second financial institution. The method additionally includes sending the first information from the first system to the first financial institution. The method further includes receiving, at the first system from the first financial institution, payment information regarding a deposit to be made in the second account from the first account to pay the merchant for one or more items to be purchased from the merchant by the consumer for the payment amount.