Abstract: Techniques for intelligently deciding the optimal authenticator(s) from amongst those supported by an electronic device are described. The authentication system according to some embodiments may include a dynamic machine learner that incorporates the attributes of: (i) user behavior attributes (e.g., preferred authenticator); (ii) device attributes (e.g., hardware and software specifications, applications, etc.); and (iii) operating environment attributes (e.g., ambient light, noise, etc.), as well as the interplay between the aforementioned attributes over time to make the decision. In some embodiments, the authentication activities and patterns of other users of similar type (e.g., users exhibiting similar behavior across different operating environments) can also be learned and employed to improve the decision making process over time.

Abstract: A method is disclosed. The method includes receiving, by an access device and from a communication device operated by a user, credential data. The method additionally includes simultaneously transmitting, by the access device, the received credential data in an authorization request message to a server computer and initiating, by the access device, an offline data authentication (ODA) process using the received credential data. The method further includes, in response to receiving, by the access device and from the server computer, an authorization response message within a predetermined period of time after transmitting the credential data in the authorization request message to the server computer, determining whether to grant or deny the user access to a resource based on the received authorization response message, otherwise determining whether to grant or deny the user access to the resource based on a result of the ODA process.

Abstract: A method and system for provisioning payment credentials usable by a mobile device in conducting a payment. The method is conducted at a provisioning system and comprises the steps of: receiving payment credentials from a receiving device, the payment credentials having been obtained from a portable payment device presented by a consumer at the receiving device; receiving, from the receiving device, an identifier entered by the consumer; identifying a mobile device or a secure element corresponding to the identifier; and communicating the payment credentials or a derivation of the payment credentials to the identified mobile device or the secure element to be securely stored in association with the mobile device. The method may include: encrypting the received payment credentials, the encrypted payment credentials having a unique decryption key; and wherein communicating a derivation of the payment credentials communicates the unique decryption key.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Embodiments of the present invention are directed to systems, methods, and apparatus for allowing an issuer to initiate account provisioning on a mobile device without interacting with an accountholder. The issuer may initiate the process by sending a provisioning information request message to a mobile device with a secure element. The mobile device may recognize the provisioning request message and gather the requisite provisioning information without requiring user input. The provisioning information may include information associated with the secure element of the mobile device. The mobile device may then send a provisioning request message to a provisioning system. The provisioning request message may include the requisite provisioning information to allow the provisioning system to provision the financial account on the secure element of the mobile device.

Abstract: Embodiments of the invention directed to systems and methods that allow for determining a transaction initiation mode used to conduct a transaction and applying a specific set of rules associated with the transaction initiation mode to the transaction. A transaction authorization request message is received at a server computer. The transaction authorization message is for a transaction between a consumer and a merchant and includes a plurality of data elements. The server computer determines a transaction initiation mode, from among at least three different transaction initiation modes, used to conduct the transaction based at least in part on the data elements. The server computer applies a specific set of rules associated with the transaction initiation mode to the transaction.

Abstract: Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Embodiments of the invention are directed to systems and methods for biometrics transaction processing. A location of a device associated with a user may be determined. A reference to a biometric data model associated with the user stored within a database may be retrieved, based at least in part on the location. Biometric data may be received from the user. Using the reference, the biometric data may be compared to the biometric data model stored within the database. A determination may be made whether the user is authenticated for the transaction based on the comparing step.

Abstract: Embodiments of the invention are directed to systems and methods for biometrics transaction processing. A location of a device associated with a user may be determined. A reference to a biometric data model associated with the user stored within a database may be retrieved, based at least in part on the location. Biometric data may be received from the user. Using the reference, the biometric data may be compared to the biometric data model stored within the database. A determination may be made whether the user is authenticated for the transaction based on the comparing step.

Abstract: Systems and methods are described that allow for determining a transaction initiation mode used to conduct a transaction and applying a specific set of rules associated with the transaction initiation mode to the transaction. A transaction authorization request message is received at a server computer. The transaction authorization message is for a transaction between a consumer and a merchant and includes a plurality of data elements. The server computer determines a transaction initiation mode, from among at least three different transaction initiation modes, used to conduct the transaction based at least in part on the data elements. The server computer applies a specific set of rules associated with the transaction initiation mode to the transaction.

Abstract: A method and system for provisioning access data in a second application on a mobile device using a first application on the mobile device. Authentication data may be input into the first application, and an authentication code may be requested from a remote server. After the authentication code is received by the first application in the mobile device, it can pass the authentication code to a second application that initiates an access data provisioning process.

Abstract: Embodiments of the invention are directed to systems and methods for speech transaction processing. A location of a device associated with a user may be determined. A reference to a voice model associated with the user stored within a database may be retrieved, based at least in part on the location. A voice segment may be received from the user. Using the reference, the voice segment may be compared to the voice model stored within the database. A determination may be made whether the user is authenticated for the transaction based on the comparing step.

Abstract: A method and system for provisioning access data in a second application on a mobile device using a first application on the mobile device. Authentication data may be input into the first application, and an authentication code may be requested from a remote server. After the authentication code is received by the first application in the mobile device, it can pass the authentication code to a second application that initiates an access data provisioning process.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include receiving a cryptogram generation key replenishment request that includes transaction log information derived from transaction data stored in a transaction log on a communication device, verifying that the transaction log information in the replenishment request is consistent with the previously received transaction information, and providing a new cryptogram generation key to the communication device in response to verifying the transaction log information in the replenishment request.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and sending a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: Embodiments of the present invention are directed to methods, systems, and apparatuses for providing a secure authentication scheme for authenticating users and accounts on behalf of a service provider server computer offering services to a user. Upon determining, by the secure authentication scheme, that the user and/or account identifier associated with the user is authenticate, the service provider server computer may be provided with assurance that the user is authenticate and thereafter provide a service requested by the user.

Abstract: Embodiments of the invention are directed to systems and methods for speech transaction processing. A location of a device associated with a user may be determined. A reference to a voice model associated with the user stored within a database may be retrieved, based at least in part on the location. A voice segment may be received from the user. Using the reference, the voice segment may be compared to the voice model stored within the database. A determination may be made whether the user is authenticated for the transaction based on the comparing step.

Abstract: Embodiments of the invention are directed to systems and methods for speech transaction processing. A location of a device associated with a user may be determined. A reference to a voice model associated with the user stored within a database may be retrieved, based at least in part on the location. A voice segment may be received from the user. Using the reference, the voice segment may be compared to the voice model stored within the database. A determination may be made whether the user is authenticated for the transaction based on the comparing step.

Abstract: A merchant computer generates a token including a “pay-me” merchant account identifier and transaction data for a transaction conducted by a consumer. The merchant token can be obtained by a mobile communication device and transmitted to a payment processing network along with a device identifier for the mobile communication device and an authentication token provided by the consumer. The payment processing network can authenticate the device using the authentication token, retrieve a consumer account number based on the device identifier, and complete the transaction by pushing money into the merchant “pay-me” account from the consumer account.