Abstract: Systems and methods for interoperable network token processing are provided. A network token system provides a platform that can be leveraged by external entities (e.g., third party wallets, e-commerce merchants, payment enablers/payment service providers, etc.) or internal payment processing network systems that have the need to use the tokens to facilitate payment transactions. A token registry vault can provide interfaces for various token requestors (e.g., mobile device, issuers, merchants, mobile wallet providers, etc.), merchants, acquirers, issuers, and payment processing network systems to request generation, use and management of tokens. The network token system further provides services such as card registration, token generation, token issuance, token authentication and activation, token exchange, and token life-cycle management.

Abstract: A method and system for provisioning access data in a second application on a mobile device using a first application on the mobile device. Authentication data may be input into the first application, and an authentication code may be requested from a remote server. After the authentication code is received by the first application in the mobile device, it can pass the authentication code to a second application that initiates an access data provisioning process.

Abstract: Systems and methods are described for provisioning access credentials to a mobile device using device and authorization codes. Once provisioned, a mobile device can be used to conduct a transaction.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device. The method comprises receiving, by a mobile payment application on a secure memory of the mobile device, transaction data from a transaction processor application on the mobile device. The method further comprises validating that the transaction processor application is authentic and in response to validating the transaction processor application, providing encrypted payment credentials to the transaction processor application. The transaction processor application further initiates a payment transaction with a transaction processor server computer using the encrypted payment credentials.

Abstract: A method for maintaining transaction integrity for transactions performed over a public network includes: receiving a transaction message corresponding to an original transaction, the transaction message including a unique, client-assigned, first identifier; in response to receiving the transaction message, assigning a unique, second identifier to the original transaction; generating a request to process the original transaction including at least a portion of the transaction message and the second identifier; transmitting the request to an issuer server to process the original transaction; receiving a first response from the issuer server in connection with the original transaction; in response to the first response, generating a second response corresponding to the original transaction including the first identifier and the second identifier; and transmitting the second response to the client.

Abstract: Described herein is a platform and method for determining a confidence level associated with a transaction that utilizes dynamic data. In some embodiments, the confidence level is determined based on location data received in relation to the transaction. For example, some embodiments are directed to storing first location information collected from a mobile device provided in a request for the dynamic data, receiving second location information related to a transaction conducted using the dynamic data, and comparing the two with respect to the amount of time that has elapsed between collection of each to determine a confidence level associated with a likelihood that the transaction is authentic.

Abstract: A method for maintaining transaction integrity for transactions performed over a public network includes: receiving a transaction message corresponding to an original transaction, the transaction message including a unique, client-assigned, first identifier; in response to receiving the transaction message, assigning a unique, second identifier to the original transaction; generating a request to process the original transaction including at least a portion of the transaction message and the second identifier; transmitting the request to an issuer server to process the original transaction; receiving a first response from the issuer server in connection with the original transaction; in response to the first response, generating a second response corresponding to the original transaction including the first identifier and the second identifier; and transmitting the second response to the client.

Abstract: Systems, apparatuses, and methods are provided for enabling a transaction using a token associated with a first payment network to be conducted using a second payment network. When a transaction using a token is submitted to a payment network, the payment network can determine the payment network associated with the token. If the token is associated with a second payment network, a token verification request including the token can be sent to the second payment network. The second payment network can then return a token verification response including a primary account identifier such as a primary account number (PAN) corresponding to the token and a validation result. The transaction may then be processed using the primary account identifier.

Abstract: Embodiments of the present invention are directed at methods and systems for providing a partial personalization process. For example, personalization profiles associated with multiple versions of the application may be stored at a provisioning system and the provisioning system may determine the appropriate partial provisioning information to update the application for each migration notification. Partial personalization information that is to be updated for the updated version of the application may be generated and installed to enable new functionality and/or update the information contained within an updated application without requiring re-personalization of all personalized information.

Abstract: Embodiments of the present invention relate to systems and methods that allow users to use their communication devices to perform transactions (e.g., payment transactions, access transactions, etc.). To complete a transaction, a resource provider electronically generates a code representing transaction data and displays it on an access device. The user scans the code with his or her communication device using a camera associated with the communication device, for example. The code is interpreted by an application on the communication device. The user may request and receive a token at the communication device corresponding to sensitive information selected to perform the transaction (e.g., a primary account number). The user may then provide the token and the transaction data via the communication device to a server computer, which may facilitate completion of the transaction between the user and the resource provider using the transaction data and the token.

Abstract: Systems and methods are described for provisioning access credentials to a mobile device using device and authorization codes. Once provisioned, a mobile device can be used to conduct a transaction.

Abstract: Systems, apparatuses, and methods are provided for enabling a transaction using a token associated with a first payment network to be conducted using a second payment network. When a transaction using a token is submitted to a payment network, the payment network can determine the payment network associated with the token. If the token is associated with a second payment network, a token verification request including the token can be sent to the second payment network. The second payment network can then return a token verification response including a primary account identifier such as a primary account number (PAN) corresponding to the token and a validation result. The transaction may then be processed using the primary account identifier.

Abstract: Systems and methods are described for provisioning access credentials to a mobile device using device and authorization codes. Once provisioned, a mobile device can be used to conduct a transaction.

Abstract: An authentication request message from a user conducting an interaction at a resource provider computer is received. It is determined that data representing an indication that the resource provider is trusted by the user and including a trusted marker is present in a database. Authentication to the user is provided, and information indicating that the user has been authenticated and the trusted marker are sent so that authorization request message for the interaction that includes the trusted marker is generated. The trusted marker is validated, and the authorization request message including information related to the interaction and the validated trusted marker is sent to an authorizing entity computer.

Abstract: A system and method of establishing a resource provider as a trusted listing are disclosed. The method includes receiving, by a directory server computer, an indication from a user that a resource provider is trusted. The directory server computer is programmed to provide a first level of authentication. The method then includes storing, in a database, data representing the indication from the user that the resource provider is trusted. The method then includes receiving an authentication request message from the user conducting an interaction at the resource provider computer and determining that the data representing the indication from the user that the resource provider is trusted is present. In response to determining, the method includes providing a second level of authentication to the user before the user is allowed to complete the interaction. The second level of authentication is lower than the first level.

Abstract: Embodiments are described that are directed to optimizing the provisioning of payment account credentials to mobile devices utilizing mobile wallets. In some embodiments, one of multiple provisioning schemes may be selectively chosen for payment account credential provisioning based upon a determined risk involved with a particular provisioning request. A low risk provisioning request leads to an immediate provisioning of a payment credential, whereas a provisioning request of high risk results in the provisioning request being denied. In some embodiments, medium risk provisioning requests will cause an additional user authentication to be performed before the payment account provisioning is finalized. The additional user authentication may occur using a separate communication channel than the channel in which the provisioning request was received.

Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for obtaining authorization for a plurality of split shipments associated with a single order. In particular, embodiments of the present invention allow a merchant to submit a separate split shipment authorization request for each of the plurality of split shipments. The split shipments authorization requests are linked to the original order using verifiable linking data. The linking data may be extracted from a previous (e.g., initial) split shipment authorization request and/or a previous (e.g., initial) split shipment authorization request. The linking data may be validated by an authorizing entity (e.g., a payment processing network computer or an issuer computer) to ensure validity of a split shipment authorization request. Additionally, the split shipment authorization requests may be validated using one or more predefined split shipment rules.

Abstract: Embodiments are described that are directed to optimizing the provisioning of payment account credentials to mobile devices utilizing mobile wallets. In some embodiments, one of multiple provisioning schemes may be selectively chosen for payment account credential provisioning based upon a determined risk involved with a particular provisioning request. A low risk provisioning request leads to an immediate provisioning of a payment credential, whereas a provisioning request of high risk results in the provisioning request being denied. In some embodiments, medium risk provisioning requests will cause an additional user authentication to be performed before the payment account provisioning is finalized. The additional user authentication may occur using a separate communication channel than the channel in which the provisioning request was received.

Abstract: Systems and methods for interoperable network token processing are provided. A network token system provides a platform that can be leveraged by external entities (e.g., third party wallets, e-commerce merchants, payment enablers/payment service providers, etc.) or internal payment processing network systems that have the need to use the tokens to facilitate payment transactions. A token registry vault can provide interfaces for various token requestors (e.g., mobile device, issuers, merchants, mobile wallet providers, etc.), merchants, acquirers, issuers, and payment processing network systems to request generation, use and management of tokens. The network token system further provides services such as card registration, token generation, token issuance, token authentication and activation, token exchange, and token life-cycle management.

Abstract: Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.