Abstract: In some examples, a computer system receives, via a network and from a software module executable on a mobile device coupled to a card reader, security information that includes first security information associated with the card reader and second security information that is based on content of the software module and/or a software environment of the software module. The computer system determines validity of the first security information associated with the card reader based at least on information previously stored in the card reader and also accessible to the computer system. The computer system also determines the validity of the second security information. Based on determining the first and second security information are valid, the computer system sends, to the mobile device, an indication that the computer system has validated the security information, prompting the software module and the card reader to establish a secure communication session with each other.

Abstract: In some examples, a mobile card reader includes a card interface to read information from a card, an interface to enable the mobile card reader to communicate with a mobile device, and a processor configured to send security related information of the mobile card reader to an application executing on the mobile device. The security related information may be for transmission by the mobile device to a remote server system. The mobile card reader may receive, from the application, an indication that the application has been validated by the remote server system based on validation of the security related information of the mobile card reader and security related information of the application. In response, the mobile card reader generates a secure session key with which to carry out encrypted communication between the application and the mobile card reader.

Abstract: This disclosure is directed to receiving a request for attesting security of a device, determining to approve the request based on attestation data associated with the device, generating a ticket having validity conditions, and sending the ticket to the device to enable the device to receive payment data from a second device.

Abstract: Techniques described herein are directed to, in part, receiving input data from a computing device that includes a data capturing component; receiving, from the computing device, sensor data representing one or more characteristics associated with an interaction between a user and the data capturing component while the input data is being captured; authenticating an account associated with the user based at least in part on the input data and the one or more characteristics; and sending, to the computing device, an indication that the account of the user has been authenticated.

Abstract: This disclosure is directed to receiving a request for attesting security of a device, determining to approve the request based on attestation data associated with the device, generating a ticket having validity conditions, and sending the ticket to the device to enable the device to receive payment data from a second device.

Abstract: Disclosed is a technique for verifying the validity of security certificates received by a mobile device. The technique can involve diverting a security certificate into a secure environment, such as a payment application, by modifying an import address table (e.g., implementing a “hook”) that is accessed by the security layer of the mobile device. Once diverted, the payment application can create a copy of the security certificate. The copy may be stored in a list of security certificates that is subsequently uploaded to a payment processing system for authentication. In some embodiments, a checksum is generated for the import address table using a cryptographic hash function. The checksum allows the payment application or the payment processing system to determine whether an unauthorized modification of the import address table is present.

Abstract: In some examples, a mobile card reader includes a card interface to read information from a card, an interface to enable the mobile card reader to communicate with a mobile device, and a processor configured to send security related information of the mobile card reader to an application executing on the mobile device. The security related information may be for transmission by the mobile device to a remote server system. The mobile card reader may receive, from the application, an indication that the application has been validated by the remote server system based on validation of the security related information of the mobile card reader and security related information of the application. In response, the mobile card reader generates a secure session key with which to carry out encrypted communication between the application and the mobile card reader.

Abstract: Disclosed herein is a method and system to establish a secure communication channel between a payment object reader and a payment terminal For this, the server determines whether a payment terminal has associated with an attestation ticket. The method further includes determining, whether to approve or deny the request for establishing the secure communication channel between the payment object reader and the payment terminal based on the attestation ticket. If the determination yields that the request has been approved, further generating a session approval interrupt having one or more session approval conditions; and sending the session approval interrupt to the payment terminal, where the session approval interrupt causes a secure communication channel to be established between the payment object reader and the payment terminal.

Abstract: A payment terminal may include payment interfaces to receive payment information from payment devices. The payment interfaces can include an interface configured to receive a payment card. Monitoring components may monitor the payment interfaces. In addition, a detection signal can be provided while a payment card is communicatively coupled to its corresponding payment interface. The monitored information and the detection signal may be used by the payment terminal to determine whether a transaction is fraudulent or if a tamper attempt is ongoing, based on local test criteria. In addition, the monitored information and detection signal may be provided to a server, which may store the monitored information and detection signal, test for fraudulent transactions and tamper attempts based on server test criteria, and determine updates to the local test criteria.

Abstract: A payment terminal may include payment interfaces to receive payment information from payment devices such as chip cards and NFC payment devices. Monitoring components may monitor these payment interfaces. In addition, test requests may be transmitted to a payment device in order to elicit responses. The monitored information and the responses may be used by the payment terminal to determine whether a transaction is fraudulent or if a tamper attempt is ongoing, based on local test criteria. In addition, the monitored information and responses may be provided to a server, which may store the monitored information and responses, test for fraudulent transactions and tamper attempts based on server test criteria, and determine updates to the local test criteria.

Abstract: In one embodiment, a method includes associating, by a payment service and in a datastore maintained by the payment service, interactions with a matrix barcode with an action by the payment service involving a first account associated with a first user of the payment service. The matrix barcode corresponds to a claimable token stored in the datastore. The method includes receiving, by the payment service and from a computing device of a second user of the payment service, an indication that the computing device has interacted with the matrix barcode corresponding to the claimable token. The method includes identifying, by the payment service via the datastore, the claimable token associated with the matrix barcode. The method includes initiating, by the payment service and based on the claimable token, the associated action involving the first account.

Abstract: Some examples include establishing a secure communication session between a mobile device and a card reader. For instance, a trusted, remote validation server may be used to validate security information of a software module executing on the mobile device prior to the card reader and the software module establishing a secure communication session with each other. In some cases, the software module sends the security information of the software module to the validation server. The secure communication session between the software module and the card reader may be established based on a validation result of a validation process indicating that the security related information of the software module has been determined to be valid by the validation server.

Abstract: Disclosed herein is a method and system to establish a secure communication channel between a payment object reader and a payment terminal For this, the server determines whether a payment terminal has associated with an attestation ticket. The method further includes determining, whether to approve or deny the request for establishing the secure communication channel between the payment object reader and the payment terminal based on the attestation ticket. If the determination yields that the request has been approved, further generating a session approval interrupt having one or more session approval conditions; and sending the session approval interrupt to the payment terminal, where the session approval interrupt causes a secure communication channel to be established between the payment object reader and the payment terminal.

Abstract: Some examples include establishing a secure communication session between a mobile device and a card reader. For instance, a trusted, remote validation server may be used to validate security information of a software module executing on the mobile device prior to the card reader and the software module establishing a secure communication session with each other. In some cases, the software module sends the security information of the software module to the validation server. The secure communication session between the software module and the card reader may be established based on a validation result of a validation process indicating that the security related information of the software module has been determined to be valid by the validation server.

Abstract: In one embodiment, a method includes receiving, from a computing device of a first user, a request to transfer funds from a first account associated with the first user to a second account associated with a second user. The request to transfer funds may be generated by receiving a first token at the computing device of the first user through near-field communication with a first payment card and determining that the first token is associated with the second user. The method includes sending, in response to receiving the request to transfer funds, to the computing device of the first user, a request to authorize the transfer to the second account associated with the second user. The method includes receiving, from the device of the first user, an indication of authorization, wherein the indication of authorization is generated by receiving a second token at the device of the first user.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for storing a plurality of stored fingerprints, wherein each of the stored fingerprints is associated with a respective software environment and a respective mobile device; receiving from a first mobile device a first fingerprint of a first software environment in the first mobile device; determining whether the stored fingerprints include less than a threshold amount of fingerprints identical to the first fingerprint; based on a determination that the stored fingerprints include less than the threshold amount of fingerprints identical to the first fingerprint, determining that the first software environment is a compromised software environment; and performing a corrective measure.

Abstract: A technique is introduced that can securely displaying decrypted images while preventing these decrypted images against an attempt to capture such. Some aspects of the technique include loading a cryptographic shader into a graphics processor unit (GPU) in the recipient's computer device separate from the CPU in the recipient's computer device. In some embodiments, the cryptographic shader that is loaded includes instructions that implement a white-box cryptographic algorithm to decrypt encrypted images. A cryptographic key is integrated within the white-box cryptographic algorithm so that the cryptographic key is protected from extraction. When the GPU receives the encrypted images, the cryptographic shader can perform decryption processes to generate decrypted images. The decrypted images are loaded by the GPU directly from the GPU into a frame buffer such that the decrypted images are to be displayed without any portion of the decrypted images passing through the CPU.

Abstract: Disclosed herein is a method and system to establish a secure communication channel between a payment object reader and a payment terminal For this, the server determines whether a payment terminal has associated with an attestation ticket. The method further includes determining, whether to approve or deny the request for establishing the secure communication channel between the payment object reader and the payment terminal based on the attestation ticket. If the determination yields that the request has been approved, further generating a session approval interrupt having one or more session approval conditions; and sending the session approval interrupt to the payment terminal, where the session approval interrupt causes a secure communication channel to be established between the payment object reader and the payment terminal.

Abstract: A payment terminal may include payment interfaces to receive payment information from payment devices such as chip cards and NFC payment devices. Monitoring components may monitor these payment interfaces. In addition, test requests may be transmitted to a payment device in order to elicit responses. The monitored information and the responses may be used by the payment terminal to determine whether a transaction is fraudulent or if a tamper attempt is ongoing, based on local test criteria. In addition, the monitored information and responses may be provided to a server, which may store the monitored information and responses, test for fraudulent transactions and tamper attempts based on server test criteria, and determine updates to the local test criteria.

Abstract: Disclosed herein is a method and system to establish a secure communication channel between a payment object reader and a payment terminal For this, the server determines whether a payment terminal has associated with an attestation ticket. The method further includes determining, whether to approve or deny the request for establishing the secure communication channel between the payment object reader and the payment terminal based on the attestation ticket. If the determination yields that the request has been approved, further generating a session approval interrupt having one or more session approval conditions; and sending the session approval interrupt to the payment terminal, where the session approval interrupt causes a secure communication channel to be established between the payment object reader and the payment terminal.