Abstract: An on-boarding server is configured to receive a data set and a manufacturer identifier from a communications device, validate an identity of an entity from the data set, and locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database. The on-boarding server is configured to confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key. The located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair. The on-boarding server is configured to determine an acquirer server from the data set, and authorize the entity to effect electronic payments by providing the communications device with a merchant identifier and transmitting the merchant identifier to the acquirer server.

Abstract: An on-boarding server is configured to receive a data set and a manufacturer identifier from a communications device, validate an identity from the data set, and locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database. The on-boarding server is configured to confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key. The located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair. The on-boarding server is configured to determine an acquirer server from the data set, provide the acquirer server with a merchant identifier, and download to the communications device a payload that includes the merchant identifier.

Abstract: A terminal configuration server is configured to associate a terminal identifier with a cryptographic key set, and to provide a communications device with the terminal identifier and the cryptographic key set. The terminal configuration server is configured to receive the terminal identifier from the communications device via a communications network, and establish an encrypted tunnel with a terminal via the communications device and the cryptographic key set. The encrypted tunnel is encrypted end-to-end between the terminal configuration server and the terminal. The terminal configuration server is configured to receive a payload request from the terminal via the encrypted tunnel, locate a payload that is associated with the terminal identifier in the payload database, and download the located payload to the terminal via the encrypted tunnel.

Abstract: A terminal configuration server is configured to save a manufacturer identifier in a terminal database, in association with a merchant identifier. The manufacturer identifier identifies a terminal. The terminal configuration server is configured to transmit the merchant identifier to a communications device via a communications network, and to receive from the communications device via the communications network, a terminal identifier request that includes the manufacturer identifier and the merchant identifier. The terminal configuration server is configured to verify that the manufacturer identifier, included in the terminal identifier request, is associated with the merchant identifier in the terminal database, and to download a payload to the terminal via the communications device after verifying the manufacturer identifier.

Abstract: A terminal configuration apparatus is configured to receive a merchant identifier and a manufacturer identifier from a communications device, and to locate a first terminal cryptographic key that is associated with the manufacturer identifier in a terminal database. The terminal configuration apparatus is configured to confirm, using the located first terminal cryptographic key, that the merchant identifier was signed with a second terminal cryptographic key, and to download a payload to a terminal via the communications device. The located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair.

Abstract: A session data processing network includes a POS terminal and at least one computer server. The POS terminal is configured to establish a secure communications session with a communications appliance, receive session data from the communications appliance via the communications session, extract a ledger identifier and a token from the session data, transmit an authorization request message and a rewards request message to the server. The authorization request message includes the ledger identifier and an authorization value. The rewards request message includes the token and requests a reward of loyalty points to a secondary ledger associated with the token. The server is configured to receive the authorization request message and the loyalty rewards request message, confirm authorization of a transaction in an amount equal to the authorization value from an account associated with the ledger identifier, and transmit to the POS terminal an authorization response message confirming the authorization.

Abstract: An EMV-session data network includes a POS terminal and at least one computer server. The POS terminal is configured to receive ledger data and a cryptogram from a communications appliance, extract an account identifier from the ledger data, and transmit to the server an authorization request message that includes the account identifier, the authorization value and the cryptogram. The server is configured to transmit to the POS terminal an authorization response message that confirms that the cryptogram was generated by the communications appliance from the account identifier and the authorization value. The POS terminal is further configured to extract a token from the ledger data and to transmit to the server a loyalty rewards request message that includes the token. The server is further configured to initiate a points reward to an account that is associated with the token.

Abstract: A payment terminal includes a card interface and a transaction processor. The terminal receives a preliminary authorization amount, and receives application data from a payment card that is interfaced with the card interface. The application data includes an account number that is uniquely associated with the payment card. The processor generates an adjusted authorization amount from the account number and the preliminary authorization amount, determines whether the adjusted authorization amount can be authorized offline, and transmits a cryptogram request to the payment card. The adjusted authorization amount is different from the preliminary authorization amount. The cryptogram request includes the adjusted authorization amount.

Abstract: A clearing network includes a server, a POS terminal, and a computer network interconnecting the server and the POS terminal. The sever is configured to receive account numbers over the computer network, determine that an occurrence of one of the account numbers in the plurality of account numbers exceeds a maximum limit, and via the computer network update the pre-authorization database with the account number. The POS terminal is configured to receive a pre-authorization request that includes an authorization amount and the account number, query the pre-authorization database with the account number, and after locating the account number in the pre-authorization database from the query (a) confirm that the authorization amount is not greater than an authorization threshold, and (b) without generating an online authorization request, save in a clearing database an authorization confirmation message that includes the account number and the authorization amount.

Abstract: A terminal configuration server is configured to associate a terminal identifier with a cryptographic key set, and to provide a communications device with the terminal identifier and the cryptographic key set. The terminal configuration server is configured to receive the terminal identifier from the communications device via a communications network, and establish an encrypted tunnel with a terminal via the communications device and the cryptographic key set. The encrypted tunnel is encrypted end-to-end between the terminal configuration server and the terminal. The terminal configuration server is configured to receive a payload request from the terminal via the encrypted tunnel, locate a payload that is associated with the terminal identifier in the payload database, and download the located payload to the terminal via the encrypted tunnel.

Abstract: An on-boarding server is configured to receive a data set and a manufacturer identifier from a communications device, validate an identity from the data set, and locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database. The on-boarding server is configured to confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key. The located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair. The on-boarding server is configured to determine an acquirer server from the data set, provide the acquirer server with a merchant identifier, and download to the communications device a payload that includes the merchant identifier.

Abstract: A terminal configuration server is configured to save a manufacturer identifier in a terminal database, in association with a merchant identifier. The manufacturer identifier identifies a terminal. The terminal configuration server is configured to transmit the merchant identifier to a communications device via a communications network, and to receive from the communications device via the communications network, a terminal identifier request that includes the manufacturer identifier and the merchant identifier. The terminal configuration server is configured to verify that the manufacturer identifier, included in the terminal identifier request, is associated with the merchant identifier in the terminal database, and to download a payload to the terminal via the communications device after verifying the manufacturer identifier.

Abstract: A terminal configuration apparatus is configured to receive a merchant identifier and a manufacturer identifier from a communications device, and to locate a first terminal cryptographic key that is associated with the manufacturer identifier in a terminal database. The terminal configuration apparatus is configured to confirm, using the located first terminal cryptographic key, that the merchant identifier was signed with a second terminal cryptographic key, and to download a payload to a terminal via the communications device. The located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair.

Abstract: A clearing network includes a server, a POS terminal, and a computer network interconnecting the server and the POS terminal. The sever is configured to receive account numbers over the computer network, determine that an occurrence of one of the account numbers in the plurality of account numbers exceeds a maximum limit, and via the computer network update the pre-authorization database with the account number. The POS terminal is configured to receive a pre-authorization request that includes an authorization amount and the account number, query the pre-authorization database with the account number, and after locating the account number in the pre-authorization database from the query (a) confirm that the authorization amount is not greater than an authorization threshold, and (b) without generating an online authorization request, save in a clearing database an authorization confirmation message that includes the account number and the authorization amount.

Abstract: A method of remotely configuring a pin-pad terminal involves a computer server receiving a merchant identifier over a network from a communications device associated with the pin-pad terminal. The computer server confirms from the merchant identifier that an entity associated with the communications device is authorized to use the pin-pad terminal, and authenticates the pin-pad terminal from a cryptographically-signed datum received from the communications device. The computer server then transmits to the pin-pad terminal via the communications device a configuration payload for installation in the pin-pad terminal. The configuration payload includes at least a payment symmetric cryptographic key set uniquely associated with the pin-pad terminal. The payment symmetric key set configures the pin-pad terminal to effect secure electronic payment via the communications device.

Abstract: A point-of-sale terminal includes a card interface, and is configured to receive a plurality of pre-authorization requests, each comprising an authorization and further comprising an account number received from the card interface. The terminal is further configured, in response to each said pre-authorization request, to locate in a pre-authorization database a database record associated with the respective account number, confirm that the respective authorization amount is not greater than an offline authorization threshold, generate an authorization confirmation message comprising the respective account number and the respective authorization amount, and save the authorization confirmation message in a clearing database. The terminal is further configured to generate a clearing payload comprising the plurality of saved authorization confirmation messages, and transmit the clearing payload over a computer network.

Abstract: An EMV-session data network includes a POS terminal and at least one computer server. The POS terminal is configured to receive ledger data and a cryptogram from a communications appliance, extract an account identifier from the ledger data, and transmit to the server an authorization request message that includes the account identifier, the authorization value and the cryptogram. The server is configured to transmit to the POS terminal an authorization response message that confirms that the cryptogram was generated by the communications appliance from the account identifier and the authorization value. The POS terminal is further configured to extract a token from the ledger data and to transmit to the server a loyalty rewards request message that includes the token. The server is further configured to initiate a points reward to an account that is associated with the token.

Abstract: A ledger update network includes a terminal and a server. The server includes or in communication with a database of ledgers each uniquely associated with an identifier. The terminal receives a primary value and one of the identifiers; generates a request message that includes the identifier and the primary value; and generates an update command by (i) selecting a rule from a database, and (ii) generating a secondary value from the selected rule. The update command includes the identifier and the secondary value. The terminal transmits the request message and the update command to the server. The server transmits to the terminal an authorization response that confirms authorization of a transaction characterized by the identifier and the primary value. Without referencing the database and without first responding to the update command, the server posts the secondary value to the ledger that is associated with the identifier.

Abstract: A point-of-sale terminal includes a card interface, and is configured to receive a plurality of pre-authorization requests, each comprising an authorization and further comprising an account number received from the card interface. The terminal is further configured, in response to each said pre-authorization request, to locate in a pre-authorization database a database record associated with the respective account number, confirm that the respective authorization amount is not greater than an offline authorization threshold, generate an authorization confirmation message comprising the respective account number and the respective authorization amount, and save the authorization confirmation message in a clearing database. The terminal is further configured to generate a clearing payload comprising the plurality of saved authorization confirmation messages, and transmit the clearing payload over a computer network.

Abstract: A message generating system receives a data set comprising at least one data record. Each data record stores an attribute in association with first and second events. The system identifies the attributes associated with the data set, and generates a data cluster comprising the identified attributes and the associated data set. The system associates with each cluster an assessment rule that defines a relationship between the first and second events and includes a first coefficient and a second coefficient. For each cluster, the system determines for each identified attribute a probability of the relationship, weights the second coefficient with the probability, evaluates the assessment rule using the weighted second coefficient, and generates an evaluation scenario that includes at least one of the identified attributes and the outcome of the evaluation. The generator selects one of the scenarios based on the associated outcome.