Abstract: Embodiments of the present invention are directed to methods, systems, and apparatuses for providing a secure authentication scheme for authenticating users and accounts on behalf of a service provider server computer offering services to a user. Upon determining, by the secure authentication scheme, that the user and/or account identifier associated with the user is authenticate, the service provider server computer may be provided with assurance that the user is authenticate and thereafter provide a service requested by the user.

Abstract: Embodiments of the present invention are directed to systems, methods, and apparatus for allowing an issuer to initiate account provisioning on a mobile device without interacting with an accountholder. The issuer may initiate the process by sending a provisioning information request message to a mobile device with a secure element. The mobile device may recognize the provisioning request message and gather the requisite provisioning information without requiring user input. The provisioning information may include information associated with the secure element of the mobile device. The mobile device may then send a provisioning request message to a provisioning system. The provisioning request message may include the requisite provisioning information to allow the provisioning system to provision the financial account on the secure element of the mobile device.

Abstract: Embodiments of the present invention are directed to systems, methods, and apparatus for allowing an issuer to initiate account provisioning on a mobile device without interacting with an accountholder. The issuer may initiate the process by sending a provisioning information request message to a mobile device with a secure element. The mobile device may recognize the provisioning request message and gather the requisite provisioning information without requiring user input. The provisioning information may include information associated with the secure element of the mobile device. The mobile device may then send a provisioning request message to a provisioning system. The provisioning request message may include the requisite provisioning information to allow the provisioning system to provision the financial account on the secure element of the mobile device.

Abstract: Systems and methods are described for provisioning access credentials to a mobile device using device and authorization codes. Once provisioned, a mobile device can be used to conduct a transaction.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: A device stores multiple identifiers meant for specific uses. For example, multiple transaction tokens can reside on different parts of a user device. Each transaction token can be compatible for use with a transaction channel (e.g., contact, contactless, and card-not-present, telephone-order, mail-order, in-app, etc.). A transaction can be terminated based on a transaction token being utilized in an inappropriate transaction channel, which limits the chances that a compromised transaction token can be successfully utilized for fraud. In some cases, the user device may be a transaction card or a mobile phone.

Abstract: Embodiments of the invention provide strong user authentication on a consumer device without requiring the user to go through a formal registration process with the issuer or processing network. Certain embodiments allow the use of any biometric technology (e.g., fingerprint scan, iris scan, voice recognition, etc.) supported by their consumer device (e.g., smart phone, tablet computer, personal computer) to authenticate the user. Additionally, the consumer device provides unforgeable evidence of the biometric match in the form of a biometric digital artifact to provide proof to a processing network that the match occurred. The processing network maintains a history of these authenticated transactions and biometric digital artifacts and as more and more non-fraudulent authenticated transactions occur over time, a higher level of trust (i.e., lower risk) is associated with the consumer device, biometric registration process, and the user.

Abstract: A method and system for provisioning access data in a second application on a mobile device using a first application on the mobile device. Authentication data may be input into the first application, and an authentication code may be requested from a remote server. The authentication code may include access data to be provisioned, in encrypted form. After the authentication code is received by the first application in the mobile device, it can pass the authentication code to a second application that initiates an access data provisioning process.

Abstract: A method and system for provisioning access data in a second application on a mobile device using a first application on the mobile device. Authentication data may be input into the first application, and an authentication code may be requested from a remote server. After the authentication code is received by the first application in the mobile device, it can pass the authentication code to a second application that initiates an access data provisioning process.

Abstract: A merchant conducting a transaction on an account forms transaction data with a sensitive data field. To obscure the account prior to transmitting information about the transaction, for each character in the sensitive data field, a combined character is formed with a character of a generated pad. A replacement character is formed by a modulus operation on the combined character and is stored in the corresponding position in the sensitive data field. A transmission containing the sensitive data field with replacement characters is delivered to the merchant's acquirer. Subsequently, a first transmission is received for another transaction from a merchant that contains transaction data upon an account and a sensitive data field. Using the sensitive data field, an attempt is made to retrieve a transaction data record that contains data from a previous transaction that includes the account upon which the previous transaction was conducted.

Abstract: Embodiments of the invention provide for speaker verification on a communication device without requiring a user to go through a formal registration process with the issuer or network. Certain embodiments allow the use of a captured voice sample attempting to reproduce a word string having a random element to authenticate the user. Authentication of the user is based on both a match score indicating how closely the captured voice samples match to previously stored voice samples of the user and a pass or fail response indicating whether the voice sample is an accurate reproduction of the word string. The processing network maintains a history of the authenticated transactions and voice samples.

Abstract: Embodiments of the present invention are directed to systems, methods, and apparatus for allowing an issuer to initiate account provisioning on a mobile device without interacting with an accountholder. The issuer may initiate the process by sending a provisioning information request message to a mobile device with a secure element. The mobile device may recognize the provisioning request message and gather the requisite provisioning information without requiring user input. The provisioning information may include information associated with the secure element of the mobile device. The mobile device may then send a provisioning request message to a provisioning system. The provisioning request message may include the requisite provisioning information to allow the provisioning system to provision the financial account on the secure element of the mobile device.

Abstract: Embodiments of the invention are directed to methods, apparatuses, computer readable media and systems for providing, along with a token, a token assurance level and data used to generate the token assurance level. At the time a token is issued, one or more Identification and Verification (ID&V) methods may be performed to ensure that the token is replacing a PAN that was legitimately used by a token requestor. A token assurance level may be assigned to a given token in light of the type of ID&V that is performed and the entity performing the ID&V. Different ID&Vs may result in different token assurance levels. An issuer may wish to know the level of assurance and the data used in generating the level of assurance associated with a token prior to authorizing a payment transaction that uses the token.

Abstract: Systems and methods for communicating risk using token assurance data are provided. A network token system provides a platform that can be leveraged by external entities (e.g., third party wallets, e-commerce merchants, payment enablers/payment service providers, etc.) or internal payment processing network systems that have the need to use the tokens to facilitate payment transactions. An authorization request message can include a token assurance level code that is indicative of a token assurance level associated with a generated token. External or internal entities may use the token assurance level to evaluate risk associated with a payment transaction that uses the token.

Abstract: Embodiments of the invention are directed to systems and methods for speech transaction processing. A location of a device associated with a user may be determined. A reference to a voice model associated with the user stored within a database may be retrieved, based at least in part on the location. A voice segment may be received from the user. Using the reference, the voice segment may be compared to the voice model stored within the database. A determination may be made whether the user is authenticated for the transaction based on the comparing step.

Abstract: A method for securely authenticating a user of a consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the consumer device from the access device. Next, the consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device.

Abstract: Embodiments of the invention provide for speaker verification on a communication device without requiring a user to go through a formal registration process with the issuer or network. Certain embodiments allow the use of a captured voice sample attempting to reproduce a word string having a random element to authenticate the user. Authentication of the user is based on both a match score indicating how closely the captured voice samples match to previously stored voice samples of the user and a pass or fail response indicating whether the voice sample is an accurate reproduction of the word string. The processing network maintains a history of the authenticated transactions and voice samples.

Abstract: Embodiments of the invention directed to systems and methods that allow for determining a transaction initiation mode used to conduct a transaction and applying a specific set of rules associated with the transaction initiation mode to the transaction. A transaction authorization request message is received at a server computer. The transaction authorization message is for a transaction between a consumer and a merchant and includes a plurality of data elements. The server computer determines a transaction initiation mode, from among at least three different transaction initiation modes, used to conduct the transaction based at least in part on the data elements. The server computer applies a specific set of rules associated with the transaction initiation mode to the transaction.

Abstract: Embodiments of the invention provide for speaker verification on a communication device without requiring a user to go through a formal registration process with the issuer or network. Certain embodiments allow the use of a captured voice sample attempting to reproduce a word string having a random element to authenticate the user. Authentication of the user is based on both a match score indicating how closely the captured voice samples match to previously stored voice samples of the user and a pass or fail response indicating whether the voice sample is an accurate reproduction of the word string. The processing network maintains a history of the authenticated transactions and voice samples.

Abstract: Embodiments of the invention provide strong user authentication on a consumer device without requiring the user to go through a formal registration process with the issuer or processing network. Certain embodiments allow the use of any biometric technology (e.g., fingerprint scan, iris scan, voice recognition, etc.) supported by their consumer device (e.g., smart phone, tablet computer, personal computer) to authenticate the user. Additionally, the consumer device provides unforgeable evidence of the biometric match in the form of a biometric digital artifact to provide proof to a processing network that the match occurred. The processing network maintains a history of these authenticated transactions and biometric digital artifacts and as more and more non-fraudulent authenticated transactions occur over time, a higher level of trust (i.e., lower risk) is associated with the consumer device, biometric registration process, and the user.