Abstract: Methods and systems for disambiguating a user from a plurality of users within a computing infrastructure when the plurality of users utilize a common identifier are described. Disambiguation may occur through the user of subsequent verification of the identity of the user which generates an authentication token to be passed to the computing infrastructure during authentication requests using the common identifier.

Abstract: Disclosed herein are methods and systems for secure, tenant-specific access control within a multi-tenant application infrastructure. A server can process a request from one tenant application and send it through one or more intermediary tenant applications before reaching its final destination. The server can create a data packet that includes information about the original sender, any intermediate applications it passed through, and details about the requested resource. This packet is then sent through a separate channel to the final tenant application so that the final tenant application can evaluate contextual data (in addition to the request itself) before determining whether to allow or block the request. This paradigm may enable tailored security protocols, improving both data protection and regulatory compliance, even when requests involve multiple disparate computing infrastructures.

Abstract: A server computer system includes a decentralized architecture that receives at a central server, parameter values provided by one or more parameter servers. The parameter values are associated with a first parameter. The central server determines a global parameter value based on the parameter values, and persists the global parameter value to a database. The central server transmits the global parameter value to one or more second servers that each determine a local parameter value also corresponding to the first parameter. Each of the one or more second servers transmits the local parameter to a client and insulates the central server from interactions with the client.

Abstract: Disclosed herein are systems and methods for detecting automated account generation requests. An example method includes receiving an application programming interface (API) request to generate a new user account. The method then includes executing a machine learning model to predict a likelihood of the API request having been generated automatically using one or more programming protocols. The machine learning model may be trained using historic requests known to have been generated using a machine or a programming/algorithm. When the machine learning model determines that the API request is likely to have been machine-made, the method includes executing an additional security protocol associated with the new user account.

Abstract: In an example embodiment, a solution is provided wherein a single machine learning model is trained and used to detect fraud across multiple payment types. More particularly, the concept of a payment scoring event (PSE) is introduced. A PSE is a data structure that stores multiple pieces of information about a transaction (or potential transaction). A mapping is then maintained between each payment type to be supported and the PSE structure. Each of these transaction types may have its own mapping indicating which fields in the PSR its own fields map to. The use of these mappings allows for additional payment methods to be introduced and supported at any time, necessitating only the creation of a mapping for an additional payment method.

Abstract: A payment processing method and apparatus for using an intermediary platform are described. In one embodiment, the method comprises electronically receiving approval from an intermediary platform associated with a payment processor user of a first authorization request for a first transaction; electronically receiving for approval, at the payment processing system, a second authorization request for a second transaction from a merchant using a payment instrument used by an agent of the service provider; and settling transactions associated with the service provider, including clearing a batch of records corresponding to the service provider on a predetermined time basis by comparing, with a tracking engine of the payment processing system, transaction tracking information associated with authorization requests to net out individual transactions.

Abstract: A method and apparatus for processing a transaction between a merchant system and a customer system, the customer system associated with a customer of the merchant are described. The method may include receiving, at a commerce platform, a transaction request from the merchant system, wherein the transaction request is generated by the merchant system and comprises a card identifier and encrypted payment card data, wherein the card identifier is determined from card data for a payment card used in the transaction and the encrypted payment card data comprises at least an encryption of a payment account number. The method may also include decrypting, by the commerce platform, the encrypted payment card data using an encryption key selected based on the card identifier, the encryption key associated with the commerce platform. Furthermore, the method may include authorizing, by the commerce platform in communication with one or more authorization systems, the transaction using the decrypted payment card data.

Abstract: Disclosed herein are methods and systems for using machine learning to improve the likelihood of success of recurring transactions. In one example, a suite of different machine learning models can be used together, such that a first machine learning model predicts a likelihood of success for a recurring transaction associated with a user account and the second machine learning model predicts whether a pre-authorization would help with the predicted likelihood of success. As a result, a server may pre-authorize the recurring transactions at a time earlier than the scheduled transaction time and place a hold on the user account using an amount predicted by the second machine learning model where the hold amount can be adjusted in accordance with the user account's activities. Data associated with the recurring transaction itself can be ingested by the second machine learning model for re-calibration purposes.

Abstract: A method and apparatus for a distributed service provider system performing authentication for access to, and deletion of, user data, is described. The method may include monitoring service system responses to requests for user data associated with a user identifier. The method may further include ordering the monitored user data based on one or more of a sensitivity level and a veracity level associated with each of the monitored user data, and filtering out user data from the monitored user data that is not suitable for presenting to the user for identity verification. Furthermore, the method can include selecting a subset of the filtered user data for a series of identity verification questions for generating and transmitting, to the user system, a series of security verification questions, each security verification question based on one of the selected subset of the filtered user data.

Abstract: A method and apparatus for fraud detection during transactions using identity graphs are described. The method may include receiving a document image for detecting whether an identity document depicted within the document image is fraudulent. The method may also include extracting data associated with the document image to generate extracted data comprising image data extracted from the document image, image file data extracted from an image file for the document image, or a combination thereof. The method may also include processing, by a set of machine learning models, corresponding subsets of the decoded image data used as input to each machine learning model of the set of machine learning models, and further by a second machine learning model that generates a final score indicative of whether the document image depicts a fraudulent identity document, at least one or more initial scores.

Abstract: A method and apparatus for processing a transaction between a merchant and a customer of the merchant are described. The method may include generating, at an ingress server, an initial transaction message by generating a deterministic identifier for a card used in the transaction from card data received for the transaction and encrypting the received card data. The method may also include providing the initial transaction message from the ingress server to a payment server. Furthermore, the method may include updating, by the payment server in response to an authorization of the transaction determined based at least in part on the deterministic identifier for the card, the initial transaction message with authorization data, and providing the updated initial transaction message from the payment server to an egress server. The method may also include communicating a final transaction message to an authorization system for processing the transaction between the merchant and the customer based on the card data.

Abstract: A contactless card reader comprises a contactless card reader front-end coupled to a processor. A communications module is coupled to the processor and a set of sensors is coupled to the processor. The set of sensors determines parameters related to the location, orientation and motion of the card reader. The processor receives the parameters from the set of sensors and utilizes the parameters and scenario configuration data to evaluate a rule. The result of the evaluation of the rule results in a limitation on the operation of the card reader. The communications module is configured to intermittently receive the scenario configuration data from external sources.

Abstract: A server computer system is configured to forward secure data. The system stores secure data in a database. Each unit of secure data for which the system supports forwarding is associated with a respective token. The system receives from a first server, a request comprising at least: an indicator associated with a secure data, a destination indicator, a first API key, a second API key, and a body having a predefined data format. The system validates the request based on the first API key, references the database to obtain the secure data based on the indicator and the respective token, and populates the body with the secure data. Once populated, the system transmits a second request comprising the second API key and the populated body to a second server, based on the destination indicator.

Abstract: Disclosed herein are methods and systems for a simplified process for managing the exchange of different types of assets on a digital platform for disparate users. The processes discussed with respect to the digital platform streamline the exchange of assets based on various conditions in an efficient manner. In one example, the platform initially receives an event message (via an endpoint API) that specifies the amounts and types of two different assets. The platform then aggregates the received data within the event message. Next, the platform's exchange manager continually monitors the data indicated within the event message. When the totals reach a predefined threshold or condition, such as reaching a certain amount, the platform triggers a process where a remote system automatically converts a specified amount of one asset type into another asset type.

Abstract: A method and apparatus for managing and using permissions in a distributed services system is described. The method may include receiving, by a service system of the distributed services system, a definition of a permissions data structure and a mapping of permission positions from a permissions bitmap log to permissions in the permissions data structure. The method may also include receiving, by the service system, a service-to-service message that comprises a request of the service system and an access token having one or more permissions bitmap logs associated with the message. Furthermore, the method may include determining, by the service system, a set of permissions that are within an intersection of permissions between the one or more permissions bitmap logs associated with the message and the definition of the permissions data structure, and then processing the request based on the determined set of permissions.

Abstract: Examples of the present disclosure describe improved systems and methods for selection of candidate content items. In one example implementation a system includes a processor and a memory coupled to the processor. The memory includes a plurality of sets of requirements. Each set of requirements may be associated with a corresponding available content item of a plurality of available content items. A comparison module may be configured to compare a set of user parameters to each set of requirements and select two or more candidate content items from the plurality of available content items based on the set of user parameters satisfying the set of requirements. A bandit module may be configured to select one elected content item from the two or more candidate content items using a multi-armed bandit model. A user interface module may be configured to transmit the elected content item.

Abstract: Disclosed herein are systems and methods for detecting automated account generation requests. An example method includes receiving an application programming interface (API) request to generate a new user account. The method then includes executing a machine learning model to predict a likelihood of the API request having been generated automatically using one or more programming protocols. The machine learning model may be trained using historic requests known to have been generated using a machine or a programming/algorithm. When the machine learning model determines that the API request is likely to have been machine-made, the method includes executing an additional security protocol associated with the new user account.

Abstract: A computer using the systems and methods described herein can use a task agent to automatically select and manage different applications and agents to use to generate results in response to requests for information. The computer can iteratively execute the task agent to generate the results. For instance, the task agent can identify a set of applications to use to generate a result in response to an information request. The task agent can identify the set of applications based on an intent of the information request. The task agent can iteratively execute different sequences of applications from the set of applications to query and retrieve data from different data sources until determining the data that is necessary to generate a response to the request has been retrieved. The computer can generate the response from the retrieved data and present the response on a user interface.

Abstract: A method and apparatus for authenticating a user commerce account associated with a merchant of a commerce platform are described. The method may include initiating authentication of the user commerce account associated with the merchant of the commerce platform from a commerce platform user interface of a user device, the user commerce account established for a user of the merchant. The method may also include sending an electronic message to a mobile device associated with the user account at the commerce platform, wherein the electronic message comprises an authentication code, and receiving the authentication code from the commerce platform user interface. Furthermore, the method may include generating an authentication key for the mobile device in response to matching the received authentication code with the sent authentication code and receiving a cookie provided from the commerce platform to the mobile device.