Abstract: Methods, devices, and systems are described for sending and receiving messages between a terminal reader and a payment device, such as a credit card. A dynamic signature is calculated on the payment device from an application transaction counter, a terminal unpredictable number, and a transaction amount, and it is sent with an application file locator (AFL) to the reader. The reader then sends a read record command to the payment device to get records associated with the AFL, among other normal processing. While the normal processing is occurring for the transaction, the dynamic signature can be recalculated and compared with that from the payment device in order to assure that nothing has surreptitiously changed the values in the messages.

Abstract: A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.

Abstract: Embodiments of the disclosure are directed to performing a transaction between a mobile device and an access device. Value information is provided to the access device by the mobile device. The value information is not necessary to complete the transaction.

Abstract: A portable consumer device may have money stored therein, which can be calculated using an accumulator record and an exception record. The accumulator record can be incremented by the amount of any initiated transaction using the portable consumer device. The exception record can be incremented by the amount of any completed transaction using the portable consumer device. The portable consumer device may also have a limit amount, to record the amount of money added. The records allow for a later reconstruction of the device history, and can account for any errors or problems during transactions.

Abstract: Systems, apparatus, and methods for managing an application installed on a mobile device, such as a mobile phone are provided, so as to prevent or limit unauthorized use of the application, for example, when the mobile device is lost, stolen, or otherwise subject to unauthorized use. A request to enable or disable user access to a function of the application can be received by a server computer. A command message responsive to the request can be generated by the server computer, the command message comprising control data for enabling or disabling user access to the function of the application. The generated command message can be transmitted to the mobile device over a wireless network.

Abstract: Systems, apparatus, and methods for managing an application installed on a mobile device, such as a mobile phone are provided, so as to prevent or limit unauthorized use of the application, for example, when the mobile device is lost, stolen, or otherwise subject to unauthorized use. An input indicative of a password to access the application can be received. It may be determined that a predetermined number of password entry attempts has been reached based on the input. A request message to disable access to the application can be transmitted from the mobile device to a remote computer. One or more lock instructions for disabling access to the application can be received by the mobile device from the remote computer. The one or more lock instructions can be executed by the mobile device by modifying control data within a secure memory of the mobile device.

Abstract: A portable consumer device may have money stored therein, which can be calculated using an accumulator record and an exception record. The accumulator record can be incremented by the amount of any initiated transaction using the portable consumer device. The exception record can be incremented by the amount of any completed transaction using the portable consumer device. The portable consumer device may also have a limit amount, to record the amount of money added. The records allow for a later reconstruction of the device history, and can account for any errors or problems during transactions.

Abstract: A method is disclosed. The method includes determining, by a security software application on a communication device, that the communication device has been accessed by an unauthorized user. The communication device is configured to communicate with a telecommunications network over the air through a first communication channel. The method also includes generating, by the communication device, security notification data and providing the security notification data or a derivative of the security notification data to a host computer via a second communication channel.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: A method comprising, at a reader, performing at least one transaction-based risk management process prior to energizing a contactless interface, initiating communication with a card utilized for a contactless transaction, receiving information associated with the card, terminating communication with the card, and authorizing the contactless transaction.

Abstract: Embodiments of the present invention are directed at methods and systems for providing a partial personalization process that allows for more efficient and effective personalization of a mobile application on a communication device after updating the mobile application. For example, personalization profiles associated with multiple versions of the mobile application may be stored at an application update provisioning system and the application update provisioning system may determine the appropriate partial provisioning information to update the mobile application for each migration notification. Accordingly, a tailored partial personalization script including only that personalization information that is to be updated for the updated version of the mobile application may be generated and installed to enable new functionality and/or update the information contained within an updated mobile application, without requiring re-personalization of all personalized information into the updated mobile application.

Abstract: Embodiments of the invention provision multiple payment tokens on a communication device. The communication device may be provisioned with multiple limited use keys (LUK), each LUK being associated with a specific type of transaction. When the communication device is used for a transaction, the communication device automatically determines a type of the transaction and selects an appropriate LUK based on the determined transaction type. The selected LUK may be used to create a cryptogram, which can be used to verify the transaction.

Abstract: Systems, apparatus, and methods for managing a payment application installed on a mobile device, such as a mobile phone are provided. An Issuer of a payment device can remotely control the payment application by instructing a wireless network carrier or operator to transmit a message to the mobile phone, where the message contains an instruction to perform an operation related to the payment application. The Issuer can remotely reset a counter or a password associated with the payment application, lock or unlock a payment application, and set the access control data to a predetermined value, to prevent unauthorized use of the payment application in the situation in which the mobile phone is lost or stolen, or the Issuer desires to limit access to the payment application for other reasons, such as limiting its exposure to unauthorized uses of the payment device.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and using a signature key to generate a signature. The transaction can be an offline data authentication transaction, and access can be granted based on authentication of the signature prior to verifying the transaction cryptogram.

Abstract: Embodiments of the invention are directed at an enhanced data interface (EDI) for contactless communications between a mobile application operating on a mobile device and an access device (e.g., contactless reader) that allows for enhanced verification between the mobile device and access device. One embodiment of the invention is directed to a method. The method comprises a mobile device receiving a request for available applets from an access device and providing a list of available applets including trusted applet identifiers and untrusted applet identifiers to the access device. The method further comprises receiving a selection of an untrusted applet identifier from the list and an entity identifier associated with the access device, validating that the access device is authorized to access credentials associated with the selected untrusted applet identifier using the entity identifier, and providing the credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Embodiments of the present invention relate to systems and methods for enabling entities, such as issuers, merchants, payment processing networks, and mobile-network operators, to send account-related messages and marketing messages to a user's mobile device in response to a message request sent from the user's mobile device. According to some embodiments, the account-related messages and the marketing messages are sent to the user's mobile device in accordance with message parameters that are defined by the user and that are embedded in the message request.

Abstract: A method is disclosed. The method includes generating an obfuscated portion using a dynamic cryptogram unique to a transaction, where the dynamic cryptogram is determined using a uniquely derived key. The method also includes replacing a middle portion of the account identifier with the obfuscated portion to form an obfuscated account identifier.

Abstract: Embodiments of the present invention relate to systems and methods for enabling entities, such as issuers, merchants, payment processing networks, and mobile-network operators, to send account-related messages and marketing messages to a user's mobile device in response to a message request sent from the user's mobile device. According to some embodiments, the account-related messages and the marketing messages are sent to the user's mobile device in accordance with message parameters that are defined by the user and that are embedded in the message request.

Abstract: Methods, devices, and systems are provided for verifying tokens using limited-use certificates. For example, a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token. The token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity. The user device can provide the token and the token certificate to an access device. The access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. An account holder is enabled to generate transaction related data and append that data to a transaction record or transaction identifier. The appended data and transaction record or identifier may be stored in the mobile payment device and/or provided to an Issuer. If provided to an Issuer, the transaction related data generated by the account holder may be used to supplement an account statement. The additional information generated by the account holder may be used to assist the account holder in determining if a transaction is valid by providing information that helps the account holder to recall the location or other aspect of the transaction.