Abstract: A system is configured to determine whether a first exchange rate at the time of authorization is eligible to be used as the exchange rate at the time of clearing. The system evaluates the transaction with a scoring model and stores eligible transactions in a rate matching database. The system further evaluates the transaction with a cross-currency transaction policy, according to the currency exchange rate between a foreign currency and the domestic currency of the cardholder. The system queries the rate matching database to retrieve the first exchange rate stored at the time of authorization.

Abstract: Embodiments of the present disclosure enable users to efficiently verify digital data produced by queried databases, even when that data is differentially-private (e.g., satisfying the conditions of differential privacy in order to protect sensitive or private data). In addition to the query result, a database computer can provide the client with a non-interactive zero-knowledge proof (NIZK), data that the client can use to verify the digital data contained in the query result, without revealing any private data to the client. Various innovations, including vectorized proofs, enable the database computer to generate proofs that require less data (e.g., when measured in bytes) than most NIZK proof systems. Consequently, these proofs can be transmitted and verified more quickly and efficiently. Embodiments of the present disclosure can make use of partially or homomorphic commitments and efficient vector proof techniques to achieve these performance improvements.

Abstract: Unknown devices may be bound to an identity using a four step process that involves trusted relationships only between known partner entities and a known user attribute. The identity may be an account, such as a personal account number (PAN). The PAN may be abstracted using a token for use with the device. The unknown device may first be enrolled at a service to establish a cryptographically verifiable identity. A binding request for the enrolled device may be sent to an issuer of the PAN resulting in the issuer generating a challenge. After a successful authentication of the challenge at the token service provider, the binding of the token to the device is complete.

Abstract: Method and system for initiating a settlement process for a merchant, based on accumulated customer transactions in a transaction period, are provided. The system provides a configurable interface for the merchant that allows for the merchant to manually settle customer debts for accumulated transaction over an agreed period of time or designate an automatic settlement date. A central payment server receives a request to initiate a settlement process between an acquirer system associated with the merchant and an issuer system associated with a customer. The central payment server establishes a payment system that guarantees the settlement of all transactions for the merchant, through an assured agreement between the customers and the issuer systems.

Abstract: The disclosure relates to the multi-party biometric authentication of primary and secondary parties for conducting party relationships.

Abstract: Embodiments detect and predict data disparity issues in data warehouses. Embodiments derive meaningful insights about the events occurred prior to the data disparity and correlate the events to understand the root cause of the data disparity (or the root cause of an alert generated as a result of detecting the data disparity). Embodiments either take or recommend actionable measures to prevent further occurrences of the event identified as the root cause. According to various embodiments, when the monitored data is transaction data (e.g. transaction volume, transaction amount, transaction processing speed, etc.), internal events (e.g. data job failures, job delays, job server maintenances) or external events (e.g. seasonal holiday events, natural calamities) may cause a dip or spike in the transaction data resulting in a data quality anomaly (i.e. a data disparity).

Abstract: A method is disclosed. The method includes receiving a broadcast signal from a beacon device, the broadcast signal encoding a first credential associated with a first entity. In response to receipt of the broadcast signal, the mobile communication device transmits the received first credential to an authentication system. The authentication system determines if the first entity associated with the broadcast signal is authentic and generates a confirmation message confirming the authenticity of the first entity. The mobile communication device then receives the confirmation message indicating that the first entity is authentic. The mobile communication thereafter receives and transmits a second credential for the mobile communication device to the beacon device, which transmits the second credential to the authentication system. The authentication system then confirms the authenticity of the mobile communication device.

Abstract: Disclosed are methods and systems for securely providing identity attributes. A server computer may receive, from a relying entity, a request for identity attributes associated with a target entity, wherein the request for identity attributes includes a session identifier associated with the target entity and an identifier of the relying entity. The server computer may validate the request based on the session identifier. The server computer may identify, based on the identifier of the relying entity, a package defining types of identity attributes for the relying entity and a data access token associated with the package. Based on validating the request, the server computer may transmit, to a digital identity provider, a request for a set of identity attributes corresponding to the package, the request comprising the data access token. The server computer may receive, from the digital identity provider, the set of identity attributes.

Abstract: Embodiments of the disclosure are directed to methods and systems for enabling generation and management of a secondary account. The secondary account may be generated in relation to a primary account, such that at least a portion of a transaction conducted using the secondary account may be charged to the primary account. In some embodiments, the secondary account may be associated with a number of protocols to be applied to a transaction. When a transaction is initiated using the secondary account, a service provider may consult an itinerary to dynamically generate a set of protocols which is relevant to the transaction based on a time period during which the transaction is initiated. In some embodiments, portions of the transaction may be split up and transmitted to different authorization entities for authorization.

Abstract: Embodiments of the invention are directed to access transactions. A gate access device may interact with a payment card such as a credit card. The gate access device may generate and transmit a first authorization request message to a payment processing network computer. The first authorization request message does not include an amount for the transaction, but only contains identification information. A first authorization response message is transmitted back to the gate access device. At a later point in time, a second authorization request message containing the transaction amount is transmitted from the gate access device to the issuer, and a response is received from the issuer.

Abstract: A method is disclosed. The method comprises a receiving a plurality of key-value pairs. The method then generates a random binary matrix of at least weight three. The random binary matrix has a number of non-zero binary values equal to the weight in each row. The method can then assign each key in the plurality of key-value pairs to a row in the random binary matrix. A key matrix can then be generated by appending a dense binary matrix to the random binary matrix. The method can then process the key matrix to output an encoding vector that encodes the values of the plurality of key-value pairs.

Abstract: Provided is a system, method, and computer program product for determining a pseudo-identity score in a virtual environment based on a blockchain network. The system includes at least one processor programmed or configured to identify a pseudo-identity in a virtual environment based on a blockchain address on a blockchain network, the pseudo-identity corresponding to the blockchain address, determine an age of the pseudo-identity, determine a measure of activity of the pseudo-identity based on transactions conducted by the pseudo-identity in the virtual environment, determine a pseudo-identity score based at least partially on the age of the pseudo-identity and the measure of activity of the pseudo-identity, and process a request generated by the pseudo-identity in the virtual environment based on the pseudo-identity score.

Abstract: A method is disclosed. The method includes a user device storing a message data template comprising a plurality of data fields. A multi-record message may be generated using the message data template in response to an interaction between the user device and an access device. To generate the multi-record message, the user device may increment a counter stored on the user device to produce a counter value, and generate a dynamic cryptogram. The user device may additionally retrieve a credential. The counter value, the dynamic cryptogram, and the credential may then be incorporated into the plurality of data fields of the message data template to form the multi-record message. The multi-record message may be transmitted to the access device, where the access device forwards the multi-record message to an authorization computer to authorize or deny the interaction.

Abstract: Embodiments of the invention are directed to systems and methods of securely transmitting account credentials, such as a token. A user device and application can initially select an account, and then obtain a transaction identifier associated with the account. The user device can provide the transaction identifier to a resource provider, which can then directly exchange the transaction identifier for the account credentials.

Abstract: The present disclosure relates to a method and a tokenization server for generating and transmitting tokenized card information to a token requestor. In some non-limiting embodiments or aspects, the method includes receiving, from the token requestor, a request for a token corresponding to a payment card. The token may include a plurality of characters. Further, the method includes generating a token key corresponding to the token based on location information associated with a plurality of files stored in a user device. Subsequently, the method includes transmitting the token key, including location information within the plurality of files in the user device, to the token requestor. Here, the location information may include a location embedded with a character of the plurality of characters of the token. Thus, the present disclosure provides a secure method of generating, storing, and transmitting the tokenized card information.

Abstract: Systems and methods for securing data transmissions using distance measurements are disclosed. A mobile device (such as a smart phone) and a base station can use ultra-wideband technology to determine the distance between the two devices. The distance measurements produced by the mobile device and the base station can be compared, directly or indirectly by the mobile device, the base station, and/or an access device to determine whether the mobile device is present at an access device or if the mobile device is not present at the access device (as expected during a relay attack). If the mobile device is not present at the access device, the access device can prevent or cancel an interaction based on the data transfer (e.g., opening a locked door of a secure building in response to receiving an access credential from the mobile device).

Abstract: A method is disclosed and includes receiving a token request message comprising a real credential or a reference to the real credential, a unique value, and action data from a token requestor, and obtaining a token. The method also includes transmitting the token to the token requestor, and providing the unique value and the action data to a data matching computer. The data matching computer stores the unique value and the action data. The data matching computer subsequently receives a message from a data processing computer comprising the unique value, determines that the received unique value matches the stored unique value, and provides the action data to the data processing computer or performs an action with respect to the action data.

Abstract: Methods and systems for evaluating microservice system level activities including system calls and commands, and generating security policies for microservices are disclosed. A microservice agent, operating on a microservice host, can collect system level activity data corresponding to a plurality of microservices operating on the microservice host. The microservice agent can transmit the system level activity data to a microservice evaluator that can use the system level activity data to train machine learning models to identify normal and abnormal microservice system level activities. The normal and abnormal system level activities can be used to generate security policies that can be applied to the microservices. Microservices that perform abnormal system level activities or system level activities that violate security policies can be paused or terminated.

Abstract: A method includes collecting, by a first AI application of a first AI computer, data to include in a dataset. The first AI application of the first AI computer can include an offer for the dataset into an offering platform. The first AI application of the first AI computer can then receive a response to the offer from a second AI application of a second AI computer. The first AI application of the first AI computer can determine whether or not to provide the dataset to the second AI application of the second AI computer. The first AI application of the first AI computer can, based on the determination, provide the dataset to the second AI application of the second AI computer.

Abstract: Embodiments for training a recommendation system to provide merchant recommendations comprise receiving, by a processor, raw merchant embeddings and raw user embeddings generated from payment transaction records, wherein the raw merchant embeddings include a plurality of embedded features. A generative adversarial network (GAN) is trained to generate modified merchant embeddings from the raw merchant embeddings, where the modified embeddings remove a location feature. Subsequent to training and responsive to receiving a request for merchant recommendations in the target location for the target user, the GAN and a trained preference model are used to generate a list of merchant rankings based on a new set of modified merchant embeddings, past preferences of a target user, and the target location to recommend merchants in the target location.