Abstract: A point-of-sale terminal includes a card interface, and is configured to receive a plurality of pre-authorization requests, each comprising an authorization and further comprising an account number received from the card interface. The terminal is further configured, in response to each said pre-authorization request, to locate in a pre-authorization database a database record associated with the respective account number, confirm that the respective authorization amount is not greater than an offline authorization threshold, generate an authorization confirmation message comprising the respective account number and the respective authorization amount, and save the authorization confirmation message in a clearing database. The terminal is further configured to generate a clearing payload comprising the plurality of saved authorization confirmation messages, and transmit the clearing payload over a computer network.

Abstract: The present disclosure involves systems, software, and computer implemented methods for identifying and performing value-added services (VAS) based on detailed transactional information received from a cloud-based payment system. In one example, a set of standard transaction information defining a transaction received via the cloud-based payment services system is received in a first channel, and is associated with a first unique identifier. A set of detailed transaction information associated with the transaction different from the set of transaction information can be received in a second channel. The set of standard transaction information can be associated with the set of detailed transaction information to a particular transaction based on a relationship between a first unique identifier of the standard transaction information and a second unique identifier of the detailed transaction information.

Abstract: The present disclosure involves systems, software, and computer implemented methods for performing loyalty analyses and offers at point-of-sales (POSs). One example POS terminal includes a communications module, an interface, a display, and memory storing instructions and a plurality of preloaded bank identification numbers (BINs). The instructions instruct the terminal to receive credentials associated with a single instrument associated with a particular customer and used in a current data exchange. A BIN associated with the single instrument is identified and a determination is made as to whether it is included in the plurality of BINs. If included, an analysis is initiated comprising transmitting customer identification information and a set of current data exchange information to the institution associated with the particular BIN, the information used to identify an offer associated with the current data exchange. An offer is received from the institution, and can be presented to the display.

Abstract: An EMV-session data network includes a POS terminal and at least one computer server. The POS terminal is configured to receive ledger data and a cryptogram from a communications appliance, extract an account identifier from the ledger data, and transmit to the server an authorization request message that includes the account identifier, the authorization value and the cryptogram. The server is configured to transmit to the POS terminal an authorization response message that confirms that the cryptogram was generated by the communications appliance from the account identifier and the authorization value. The POS terminal is further configured to extract a token from the ledger data and to transmit to the server a loyalty rewards request message that includes the token. The server is further configured to initiate a points reward to an account that is associated with the token.

Abstract: A method for authenticating a wearable device is disclosed. The method includes: receiving, a signal representing an indication that the wearable device is in active use; in response to receiving the signal, updating a device database to associate a first status with the wearable device; receiving, from a tokenization service provider (TSP), a signal representing a first code derived by the TSP from decrypting a security token previously provisioned in the wearable device, wherein the security token was received at a terminal from the wearable device and transmitted to the TSP; obtaining, based on the received first code, a device identifier of the wearable device and an identifier of an account; querying the device database to verify that the wearable device is associated with the first status; verifying that the account is enabled for an operation initiated using the wearable device; and transmitting an authorization message to the terminal, the authorization message authorizing the operation.

Abstract: A ledger update network includes a terminal and a server. The server includes or in communication with a database of ledgers each uniquely associated with an identifier. The terminal receives a primary value and one of the identifiers; generates a request message that includes the identifier and the primary value; and generates an update command by (i) selecting a rule from a database, and (ii) generating a secondary value from the selected rule. The update command includes the identifier and the secondary value. The terminal transmits the request message and the update command to the server. The server transmits to the terminal an authorization response that confirms authorization of a transaction characterized by the identifier and the primary value. Without referencing the database and without first responding to the update command, the server posts the secondary value to the ledger that is associated with the identifier.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authorize initiated exchanges of data in real-time based on dynamically generated tokenized data. For example, an apparatus may receive first positional data identifying a first geographic position of a client device and based on the first positional data, the apparatus may determine a value of a parameter characterizing an exchange of data between the client device and a terminal device disposed proximate to the client device during a temporal interval. The apparatus may transmit data requesting a pre-authorization of the data exchange to a computing system, which perform operations that pre-authorize the data exchange in accordance with the parameter value and transmit a digital token representative of the pre-authorized data exchange to the terminal device. The digital token may be valid during the temporal interval and may include a cryptogram associated with the client device.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authorize initiated exchanges of data based on tokenized data characterized by a limited temporal or geographic validity. For example, an apparatus may receive a first signal that includes first information identifying a first geographic position of a client device. The apparatus may also obtain a digital token representative of a pre-authorization of a data exchange between the client device and a terminal device during a corresponding temporal interval. The terminal device may, for example, be disposed within a geographic region that includes the first geographic position of the client device. The apparatus may generate and transmit a second signal that includes the digital token to the client device. In some examples, the apparatus may transmit the second signal being through a programmatic interface associated with an application program executed by the client device.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authenticate device identity and authorize exchanges of data in real-time based on dynamically generated cryptographic data. For example, an apparatus may receive a first signal that includes a first cryptogram associated with a client device, and may perform operations that authenticate an identity of the client device based on a comparison of the received first cryptogram and a second cryptogram generated by a computing system associated with an application program executed by the client device. In response to the authenticated identity, the apparatus may load profile data associated with the client device from a storage unit, and perform operations consistent with the profile data in accordance with the authenticated identity.

Abstract: A point-of-sale terminal includes a card interface, and is configured to receive a plurality of pre-authorization requests, each comprising an authorization and further comprising an account number received from the card interface. The terminal is further configured, in response to each said pre-authorization request, to locate in a pre-authorization database a database record associated with the respective account number, confirm that the respective authorization amount is not greater than an offline authorization threshold, generate an authorization confirmation message comprising the respective account number and the respective authorization amount, and save the authorization confirmation message in a clearing database. The terminal is further configured to generate a clearing payload comprising the plurality of saved authorization confirmation messages, and transmit the clearing payload over a computer network.

Abstract: A data set integration system receives a data set that includes a user identifier and a message type code. The integration system selects a terminal profile from a profile database. The selected terminal profile is associated with the user identifier and includes a tracking identifier. The integration system locates the tracking identifier in the selected terminal profile. The integration system selects an object profile from a data repository. The selected object profile is associated with the located tracking identifier and includes the located tracking identifier and an associated counter. The integration system updates the counter in the selected object profile in accordance with a value of the message type code.

Abstract: A message generating system receives a data set comprising at least one data record. Each data record stores an attribute in association with first and second events. The system identifies the attributes associated with the data set, and generates a data cluster comprising the identified attributes and the associated data set. The system associates with each cluster an assessment rule that defines a relationship between the first and second events and includes a first coefficient and a second coefficient. For each cluster, the system determines for each identified attribute a probability of the relationship, weights the second coefficient with the probability, evaluates the assessment rule using the weighted second coefficient, and generates an evaluation scenario that includes at least one of the identified attributes and the outcome of the evaluation. The generator selects one of the scenarios based on the associated outcome.

Abstract: A method of remotely configuring a pin-pad terminal involves a computer server receiving a merchant identifier over a network from a communications device associated with the pin-pad terminal. The computer server confirms from the merchant identifier that an entity associated with the communications device is authorized to use the pin-pad terminal, and authenticates the pin-pad terminal from a cryptographically-signed datum received from the communications device. The computer server then transmits to the pin-pad terminal via the communications device a configuration payload for installation in the pin-pad terminal. The configuration payload includes at least a payment symmetric cryptographic key set uniquely associated with the pin-pad terminal. The payment symmetric key set configures the pin-pad terminal to effect secure electronic payment via the communications device.

Abstract: A method of authorizing a financial transaction involves a payment terminal receiving, from a payment card interfaced with the payment terminal, application data in response to a predetermined authorization amount provided to the payment card by the payment terminal. The application data comprises an account number uniquely associated with the payment card. The payment terminal generates an adjusted authorization amount based on the account number and from a preliminary authorization amount received at the payment terminal, provides the payment card with the adjusted authorization amount, receives a cryptogram from the payment card in response, and provides notification of authorization of a financial transaction for the adjusted authorization amount in accordance with a confirmation that the cryptogram received at the payment terminal from the payment card was generated by the payment card from the adjusted authorization amount and from a cryptographic key uniquely associated with the payment card.