Abstract: Embodiments of the invention are directed at an enhanced data interface (EDI) for contactless communications between a mobile application operating on a mobile device and an access device (e.g., contactless reader) that allows for enhanced verification between the mobile device and access device. One embodiment of the invention is directed to a method. The method comprises a mobile device receiving a request for available applets from an access device and providing a list of available applets including trusted applet identifiers and untrusted applet identifiers to the access device. The method further comprises receiving a selection of an untrusted applet identifier from the list and an entity identifier associated with the access device, validating that the access device is authorized to access credentials associated with the selected untrusted applet identifier using the entity identifier, and providing the credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Embodiments of the present invention relate to systems and methods for enabling entities, such as issuers, merchants, payment processing networks, and mobile-network operators, to send account-related messages and marketing messages to a user's mobile device in response to a message request sent from the user's mobile device. According to some embodiments, the account-related messages and the marketing messages are sent to the user's mobile device in accordance with message parameters that are defined by the user and that are embedded in the message request.

Abstract: A method is disclosed. The method includes generating an obfuscated portion using a dynamic cryptogram unique to a transaction, where the dynamic cryptogram is determined using a uniquely derived key. The method also includes replacing a middle portion of the account identifier with the obfuscated portion to form an obfuscated account identifier.

Abstract: Embodiments of the present invention relate to systems and methods for enabling entities, such as issuers, merchants, payment processing networks, and mobile-network operators, to send account-related messages and marketing messages to a user's mobile device in response to a message request sent from the user's mobile device. According to some embodiments, the account-related messages and the marketing messages are sent to the user's mobile device in accordance with message parameters that are defined by the user and that are embedded in the message request.

Abstract: Methods, devices, and systems are provided for verifying tokens using limited-use certificates. For example, a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token. The token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity. The user device can provide the token and the token certificate to an access device. The access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. An account holder is enabled to generate transaction related data and append that data to a transaction record or transaction identifier. The appended data and transaction record or identifier may be stored in the mobile payment device and/or provided to an Issuer. If provided to an Issuer, the transaction related data generated by the account holder may be used to supplement an account statement. The additional information generated by the account holder may be used to assist the account holder in determining if a transaction is valid by providing information that helps the account holder to recall the location or other aspect of the transaction.

Abstract: An interface and device architecture for a payment device. An interface between a payment application installed in a payment device and one or more value-add applications (such as loyalty programs, transit applications, etc.) that are also installed in the payment device. The API or interface design permits communications and data transfer between the payment application and one or more value-add applications. This reduces (and in some cases may prevent) the need for back-end server processing of data that may be relevant to both a payment transaction and to a function of the value-add application. Similarly, the same or another API or interface may enable communications and data transfer between a value-add application and the payment application.

Abstract: A system, method, and server computer configured to authenticate a consumer device. The consumer device is authenticated via a mobile gateway using challenge-response authentication. If the consumer device is successfully authenticated, a secure channel is established between the consumer device and a first entity. The secure channel allows for secure communication between the consumer device and the first entity.

Abstract: Embodiments of the present invention are directed to methods, systems, apparatuses, and computer-readable mediums for selecting multiple payment applications and preparing multiple transaction payloads for a transaction during interaction between a mobile device and an access device. Accordingly, by preparing multiple transaction payloads for a single transaction, the merchant may initiate transactions using each of the prepared transaction payloads in order of preference. If a transaction initiated using payment credentials associated with a preferred application is unsuccessful for any reason, a transaction may be initiated using payment credentials associated with an alternate application automatically, and without additional interaction by the mobile device and/or access device.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include encrypting account information with a first encryption key to generate a second encryption key, and encrypting key index information using the second key to generate a limited-use key (LUK). The key index information may include a key index having information pertaining to generation of the LUK. The LUK and the key index can be provided to the communication device to facilitate generation of a transaction cryptogram for a transaction conducted using the communication device, and the transaction can be authorized based on the transaction cryptogram generated from the LUK.

Abstract: A method is disclosed. The method includes generating an obfuscated portion using a dynamic cryptogram unique to a transaction, where the dynamic cryptogram is determined using a uniquely derived key. The method also includes replacing a middle portion of the account identifier with the obfuscated portion to form an obfuscated account identifier.

Abstract: An interface and device architecture for a payment device. An interface between a payment application installed in a payment device and one or more value-add applications (such as loyalty programs, transit applications, etc.) that are also installed in the payment device. The API or interface design permits communications and data transfer between the payment application and one or more value-add applications. This reduces (and in some cases may prevent) the need for back-end server processing of data that may be relevant to both a payment transaction and to a function of the value-add application. Similarly, the same or another API or interface may enable communications and data transfer between a value-add application and the payment application.

Abstract: An application linker system that manages a plurality of application identifiers associated with a plurality of payment applications present on a device is disclosed. The application linker may manage relationships between application identifiers and payment applications that are provisioned for secure storage on a device. For example, a transaction can be conducted between a portable communication device and an access device. The method includes receiving a request for available payment applications located on the portable communication device from the access device, determining application identifiers associated with payment applications on the device, and sending a list of available payment applications including the application identifiers to the access device. The payment applications store payment information associated with one or more consumer accounts. One of the application identifiers is associated with two or more payment applications.

Abstract: Embodiments of the present invention provide methods and systems to enable a digital wallet identifier to be present in communications associated with transaction data for transactions that are facilitated by a digital wallet provider. In one embodiment, a communication device of a user receives a request for payment credentials required to conduct a transaction and obtains the payment credentials. The payment credentials include a digital wallet identifier and at least some of the payment credentials are obtained from a trusted execution environment associated with the communication device. The obtained payment credentials are provided to an access device associated with a merchant. The access device is configured to initiate the transaction by generating an authorization request message including the payment credentials for onward transmission to an issuer computer.

Abstract: A system, method, and server computer configured to authenticate a consumer device. The consumer device is authenticated via a mobile gateway using challenge-response authentication. If the consumer device is successfully authenticated, a secure channel is established between the consumer device and a first entity. The secure channel allows for secure communication between the consumer device and the first entity.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for coordinating account holder verification methods among secure entity applications and wallet applications from different issuers, wallet providers, etc. on mobile devices. A common payment management application may be provided in a trusted execution environment associated with a mobile device to support secure entity applications (e.g., provisioned payment application instances in the trusted execution environment) and mobile wallet applications (e.g., provisioned on a memory of the mobile device) to coordinate account holder verification methods. The common payment management application may be accessible by both mobile applications and the secure entity applications.

Abstract: Embodiments of the present invention are directed to systems and methods for providing a central entity that can provision mobile payment applications on mobile communication devices and personalize the mobile payment applications with consumer and account information. The personalization of the mobile payment application on the mobile communication device may include provisioning a payment account on the mobile payment application. The central entity may provision the account on the mobile payment application without interacting with the issuer during the provisioning of the account. The central entity may provision the account on the mobile communication device by decrypting, using a secure element key, encrypted payment account information received from the mobile communication device. The payment account information may be encrypted by a secure element of the mobile communication device using the same secure element key.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. An account holder is enabled to generate transaction related data and append that data to a transaction record or transaction identifier. The appended data and transaction record or identifier may be stored in the mobile payment device and/or provided to an Issuer. If provided to an Issuer, the transaction related data generated by the account holder may be used to supplement an account statement. The additional information generated by the account holder may be used to assist the account holder in determining if a transaction is valid by providing information that helps the account holder to recall the location or other aspect of the transaction.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information. The encrypted payment information being generated by a mobile payment application of the mobile device and being encrypted using a third party key. The method further comprises decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, and re-encrypting the payment information using the transaction processor public key. The method further comprises sending a payment response including the re-encrypted payment information to a transaction processor.

Abstract: Embodiments of the invention are directed to access transactions. A gate access device may interact with a payment card such as a credit card. The gate access device may generate and transmit a first authorization request message to a payment processing network computer. The first authorization request message does not include an amount for the transaction, but only contains identification information. A first authorization response message is transmitted back to the gate access device. At a later point in time, a second authorization request message containing the transaction amount is transmitted from the gate access device to the issuer, and a response is received from the issuer.