Abstract: Method and apparatus for transmitting credentials to a transaction processing system, the credentials arranged in sets and a set including a unique identifier and verification data elements. Credentials are activated and are then available for use in at least one subsequent transaction. In the transaction, in response to receiving authorization from a user, the unique identifier and verification data elements from a set are transmitted to the transaction processing system for the user. The credentials are activated using an activation mode selected from at least a first activation mode and a second activation mode. In the first activation mode, additional user input for the verification data elements associated with the unique identifier is received from the user. In the second activation mode, the user is authenticated, and verification data elements are received via a data communications network are received from a trusted data processing system remote from the user.

Abstract: Embodiments of the present disclosure comprise methods, apparatus and computer readable instructions for establishing a relationship between user accounts. A first account association request message in relation to a first user account in an account based system is received. A first source account identifier which corresponds to the first user account and a first target account identifier which corresponds to the second user account are identified. A second account association request message in relation to the second user account is received. Based on the second account association request message, a second source account identifier which corresponds to the second user account and a second target account identifier which corresponds to the first user account are identified. Responsive to a determination of whether the source account identifiers and target account identifiers relate to the same user account, a relationship is established between the first user account and the second user account.

Abstract: Systems, methods and computer programs for transferring data in a communication system are described. The communication system has a first node arranged to send data to a plurality of second nodes using a first protocol. The first protocol allows the transfer of data of a first type. At least one of the second nodes additionally requires data of a second type, which is not included in the data sent according to the first protocol. First data, of the first type, is transferred to a plurality of the second nodes using the first protocol. Second data, of the second type, is stored in a memory. Subsequently, in response to a request, access to the second data is provided to the second node.

Abstract: Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.

Abstract: There is disclosed a method of authorising an electronic transaction, the method involving a server receiving transaction details for the electronic transaction and an identifier for a participant in the electronic transaction. The server sends the transaction details to the participant in the electronic transaction, and in return receives authorisation data from the participant, the authorisation data including authentication data authenticating the identity of the participant. The server then determines an account code identifying an account associated with the participant based on the identifier, and proceeds with the electronic payment transaction using the account code.

Abstract: A program for running on a processor of a portable payment device is adapted for carrying out a payment interaction and permitting ticket storage in a memory of the portable payment device. The program is configured to interact with an access point and includes a set of instructions, a first code portion and a second code portion. The set of instructions, when executed by the processor, causes the portable payment device to perform the steps of: responsive to a first message from said access point, executing the first code portion; and responsive to a second message from the access point, executing the second code portion. The first code portion includes first instructions corresponding to the payment interaction. The second code portion includes instructions corresponding to the payment interaction and second instructions corresponding to the ticket interaction.

Abstract: Methods, apparatus and computer programs for authorizing transactions are described. A server system receives, from a first computing device, verification information relating to a verification process for verifying a user associated with the first computing device. A verification status associated with the user is set in a memory of the server system, based on the verification information. The server system receives an authorization request for a payment transaction from a payment terminal, the request including an identifier associated with the user, and having been provided to the payment terminal by a payment device different from the first computing device. Responsive to receipt of the authorization request, the verification status associated with the user is identified, and a determination as to whether to authorize the payment transaction is made at least partly on the basis of the identified verification status.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

Abstract: Embodiments of the invention provide a method of processing payment authorization requests for payment transactions to be conducted via a data communications network; the payment authorization requests are conducted as a result of orders by financial account holders via a plurality of different online merchant systems, and the financial account holders hold accounts with a plurality of different issuing banks. These embodiments of the invention provide a means of identifying an issuing bank from a plurality of issuing banks as one which is to be utilized in a given transaction and facilitate a user specifying, in real time in relation to the given transaction, a particular bank account that is to be used to deduct funds for that transaction.

Abstract: There is disclosed a method of authorising an electronic transaction, the method involving a server receiving transaction details for the electronic transaction and an identifier for a participant in the electronic transaction. The server sends the transaction details to the participant in the electronic transaction, and in return receives authorisation data from the participant, the authorisation data including authentication data authenticating the identity of the participant. The server then determines an account code identifying an account associated with the participant based on the identifier, and proceeds with the electronic payment transaction using the account code.

Abstract: Measures, including methods, apparatus and computer software are provided for processing electronic tokens. An authorization request is received in relation to processing of an electronic token. An identifier for a user terminal associated with the electronic token, and an account, are determined on the basis of the authorization request. In some arrangements, a location query for the user terminal is performed on the basis of the determined identifier, whereby to determine a location of the user terminal on the basis of a proximity of the user terminal to one or more base stations in a cellular telecommunications network. In some arrangements, a challenge message is sent to the user terminal, to establish a confidence that the transacting user terminal is the designated user terminal. Processing of the electronic token in relation to the account is selectively authorized on the basis of the result of the location query or challenge response.

Abstract: There is disclosed a system for performing a validity check of a user device having an application stored thereon. The apparatus comprises a coupling device operable to communicate with the user device via near field communication, a processor, and memory storing program code for execution by the processor and validity check data. The program code comprises executable instructions to receive a determinate user device identifier from the user device via the coupling device and to receive application data from the user device via the coupling device, the application data being characteristic of the application stored on the user device. The program code processes the user device identifier and the application data to generate a test token, and determines whether the test token is a valid token using the validity check data.

Abstract: There is discussed a method of authorising an electronic transaction in which a user device receives a shared secret and a shared secret identifier. Subsequently, on receipt of transaction data from a transaction terminal, the user device calculates a one-way hash of data comprising the shared secret to generate a hash value, generates authentication data comprising the hash value and the shared secret identifier, and transmits the authentication data to the transaction terminal.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

Abstract: Embodiments of the invention provide a method of processing payment authorization requests for payment transactions to be conducted via a data communications network; the payment authorization requests are conducted as a result of orders by financial account holders via a plurality of different online merchant systems, and the financial account holders hold accounts with a plurality of different issuing banks. These embodiments of the invention provide a means of identifying an issuing bank from a plurality of issuing banks as one which is to be utilized in a given transaction and facilitate a user specifying, in real time in relation to the given transaction, a particular bank account that is to be used to deduct funds for that transaction.

Abstract: There is discussed a method of authorising an electronic transaction in which a user device receives a shared secret and a shared secret identifier. Subsequently, on receipt of transaction data from a transaction terminal, the user device calculates a one-way hash of data comprising the shared secret to generate a hash value, generates authentication data comprising the hash value and the shared secret identifier, and transmits the authentication data to the transaction terminal.

Abstract: Disclosed herein is a computer-implemented method for calculating an affinity score for an entity in one or more transactions of a plurality of transactions, each transaction involving the transfer of an asset from an associated sending entity to an associated receiving entity. The method comprises receiving data identifying a seed receiving entity, querying transaction data for the plurality of transactions to identify a set of sending entities based on each sending entity in the set of sending entities having been the sending entity in at least one transaction with the seed receiving entity, querying the transaction data to identify transactions having a ending entity in the set of sending entities, and determining a set of receiving entities based on the transactions having the sending entity in the set of sending entities. In this way, a set of sending entities and a set of receiving entities and associated transactions are identified.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.