Abstract: In an example embodiment, an issuer system receives payment card information from a payment processing system, wherein the payment card information is received from a payment card via a user computing device using near field communication. The issuer system generates an unpredictable number for the payment card and communicates the unpredictable number to the payment card via the payment processing system and the user computing device. The payment card calculates a cryptographic checksum based on the unpredictable number and a shared secret and communicates the checksum to the issuer system via the user computing device and payment processing system. The issuer system verifies the checksum using the shared secret and the unpredictable number. The issuer system generates a token associated with the payment card and transmits the token to the user computing device via the payment processing system for use in an online transaction.

Abstract: A bundle of public counters and a corresponding bundle of private counters are created and transmitted to a user device. The user device receives a request and processes the request without accessing a secure element processor on the user device. The user device calculates a security code using the private counter and a number. The user device transmits the calculated security code and one of the bundle of public counters in response to the request. A receiver of the response to the request determines the validity of the public counter and looks up the corresponding private counter using the public counter. The receiver determines the validity of the security code by recomputing it using the private counter and the number.

Abstract: A user accesses a merchant system website via a user computing device, selects items for purchase, and selects an option to checkout using a digital wallet account. The user selects payment information associated with a payment card device for use in an online transaction. The merchant system transmits an unpredictable number to the user computing device. The user taps the payment card device to the user computing device to establish a wireless communication channel over which the payment card device receives the unpredictable number. The payment card device transmits payment card information and a check sum calculated from the unpredictable number and by the payment card device to the merchant system via the user computing device. The merchant system transmits the check sum and payment card information in a transaction authorization request to the issuer system, which verifies the check sum using the shared secret and the unpredictable number.

Abstract: A bundle of public counters and a corresponding bundle of private counters are created and transmitted to a user device. The user device receives a request and processes the request without accessing a secure element processor on the user device. The user device calculates a security code using the private counter and a number. The user device transmits the calculated security code and one of the bundle of public counters in response to the request. A receiver of the response to the request determines the validity of the public counter and looks up the corresponding private counter using the public counter. The receiver determines the validity of the security code by recomputing it using the private counter and the number.

Abstract: A bundle of public counters and a corresponding bundle of private counters are created and transmitted to a user device. The user device receives a request and processes the request without accessing a secure element processor on the user device. The user device calculates a security code using the private counter and a number. The user device transmits the calculated security code and one of the bundle of public counters in response to the request. A receiver of the response to the request determines the validity of the public counter and looks up the corresponding private counter using the public counter. The receiver determines the validity of the security code by recomputing it using the private counter and the number.

Abstract: Using discretionary data fields to secure transactions comprises a payment system employing a server configured to associate a payment account of a user with a user computing device, the payment account comprising a payment account identifier that identifies the payment account, and establish a authentication challenge and an corresponding challenge response. The payment system receives a first payment authorization request originating from a merchant computing system comprising the payment account identifier, data associated with the payment account identifier, and a request to fund a transaction using the payment account, wherein the data associated with the payment account identifier comprises a challenge response provided by the user computing device located in a discretionary data field.

Abstract: A bundle of public counters and a corresponding bundle of private counters are created and transmitted to a user device. The user device receives a request and processes the request without accessing a secure element processor on the user device. The user device calculates a security code using the private counter and a number. The user device transmits the calculated security code and one of the bundle of public counters in response to the request. A receiver of the response to the request determines the validity of the public counter and looks up the corresponding private counter using the public counter. The receiver determines the validity of the security code by recomputing it using the private counter and the number.

Abstract: A user accesses a merchant system website via a user computing device, selects items for purchase, and selects an option to checkout using a digital wallet account. The user selects payment information associated with a payment card device for use in an online transaction. The merchant system transmits an unpredictable number to the user computing device. The user taps the payment card device to the user computing device to establish a wireless communication channel over which the payment card device receives the unpredictable number. The payment card device transmits payment card information and a check sum calculated from the unpredictable number and by the payment card device to the merchant system via the user computing device. The merchant system transmits the check sum and payment card information in a transaction authorization request to the issuer system, which verifies the check sum using the shared secret and the unpredictable number.

Abstract: In an example embodiment, an issuer system receives payment card information from a payment processing system, wherein the payment card information is received from a payment card via a user computing device using near field communication. The issuer system generates an unpredictable number for the payment card and communicates the unpredictable number to the payment card via the payment processing system and the user computing device. The payment card calculates a cryptographic checksum based on the unpredictable number and a shared secret and communicates the checksum to the issuer system via the user computing device and payment processing system. The issuer system verifies the checksum using the shared secret and the unpredictable number. The issuer system generates a token associated with the payment card and transmits the token to the user computing device via the payment processing system for use in an online transaction.

Abstract: Using discretionary data fields to secure transactions comprises a payment system employing a server configured to associate a payment account of a user with a user computing device, the payment account comprising a payment account identifier that identifies the payment account, and establish a authentication challenge and an corresponding challenge response. The payment system receives a first payment authorization request originating from a merchant computing system comprising the payment account identifier, data associated with the payment account identifier, and a request to fund a transaction using the payment account, wherein the data associated with the payment account identifier comprises a challenge response provided by the user computing device located in a discretionary data field.

Abstract: An account management system creates a bundle of private application transaction counters (ATCs) and a bundle of corresponding public ATCs, and transmits them to a user device. The device receives a request for payment information from a merchant and processes the request without accessing a secure element processor on the device. The device calculates a security code using one of the bundle of private ATCs and a transaction number received from the merchant. The device transmits proxy account information, the calculated security code, and the corresponding public ATCs to the merchant. The merchant transmits a payment request to the account management system as the issuer of the proxy account information. The account management system retrieves the private ATC using the public ATC, and determines the validity of the security code by recomputing it. The account management system retrieves the financial account information and requests authorization from the issuer.

Abstract: An account management system creates a bundle of private application transaction counters (ATCs) and a bundle of corresponding public ATCs, and transmits them to a user device. The device receives a request for payment information from a merchant and processes the request without accessing a secure element processor on the device. The device calculates a security code using one of the bundle of private ATCs and a transaction number received from the merchant. The device transmits proxy account information, the calculated security code, and the corresponding public ATCs to the merchant. The merchant transmits a payment request to the account management system as the issuer of the proxy account information. The account management system retrieves the private ATC using the public ATC, and determines the validity of the security code by recomputing it. The account management system retrieves the financial account information and requests authorization from the issuer.