Abstract: In some examples, a wireless card reader detects insertion of a chip card at a chip card reader interface that includes electrical contacts positioned in the wireless card reader to contact contacts of the chip card when inserted into the wireless card reader. The wireless card reader may send, to a mobile computing device, a wireless communication request to send a PIN to the card reader. The card reader may receive, from the mobile computing device, a wireless communication including the PIN entered by a user on the mobile computing device. The card reader may send the PIN for authentication of the PIN. The card reader may receive a confirmation that the PIN has been authenticated. The card reader may send, to the mobile computing device, via the communication component, an indication of the confirmation that the PIN has been authenticated.

Abstract: Introduced is a technology for facilitating a referral between a referrer and a referee, including the generation of the referral and the tracking of the referral redemption by the referee. The technology enables a customer to send a referral about a merchant to a friend by simply providing contact information associated with that friend (e.g., email address, telephone number, etc.), and further enables the friend to redeem a promotional offer included in the referral upon a use of the friend's payment card at the merchant's point-of-sale (POS) system, without having to provide any further information. In some instances, a transfer of a referral reward (e.g., points, discount, payment, etc.) is also transferred to the referrer in response to the redemption by the referee.

Abstract: Method, systems, and apparatus for receiving transaction data for the payment transaction, where the transaction data includes at least card track data; encrypting the transaction data at the data processing apparatus using an encryption key of a cryptographic key pair to generate encrypted transaction data, where the cryptographic key pair includes the encryption key and a decryption key; storing a plurality of copies of the encrypted transaction data in a plurality of storage devices; receiving an instruction to submit the transaction data for processing; decrypting the encrypted transaction data using the decryption key; and submitting the transaction data for processing by an issuer.

Abstract: In some examples, a wireless card reader detects insertion of a chip card at a chip card reader interface that includes electrical contacts positioned in the wireless card reader to contact contacts of the chip card when inserted into the wireless card reader. The wireless card reader may send, to a mobile computing device, a wireless communication request to send a PIN to the card reader. The card reader may receive, from the mobile computing device, a wireless communication including the PIN entered by a user on the mobile computing device. The card reader may send the PIN for authentication of the PIN. The card reader may receive a confirmation that the PIN has been authenticated. The card reader may send, to the mobile computing device, via the communication component, an indication of the confirmation that the PIN has been authenticated.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for storing a plurality of stored fingerprints, wherein each of the stored fingerprints is associated with a respective software environment and a respective mobile device; receiving from a first mobile device a first fingerprint of a first software environment in the first mobile device; determining whether the stored fingerprints include less than a threshold amount of fingerprints identical to the first fingerprint; based on a determination that the stored fingerprints include less than the threshold amount of fingerprints identical to the first fingerprint, determining that the first software environment is a compromised software environment; and performing a corrective measure.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: Several embodiments include a mobile device that uses a media file to render a passcode entry interface. The passcode entry interface can have an assigned location of an input element that corresponds to an inputtable value in the passcode entry interface. The media file can include a visual depiction having the input element at the assigned location. In several embodiments, the media file does not store the association between the assigned location and the inputtable value. The assigned location corresponding to the inputtable value can be separately stored. The mobile device can receive a coordinate of a touch event on the passcode entry interface. To determine a passcode entry based on the touch event, the coordinate can be compared against the separately stored assigned location to determine a corresponding input value to the coordinate.

Abstract: Techniques and arrangements for managing risk of fraudulent transactions made by a point-of-sale (POS) device operating in an online and an offline mode. In some instances, a payment service may maintain a merchant profile with a list of merchant specific criteria. The payment service may encrypt and send the merchant specific criteria to the POS device associated with the merchant. The encrypted data may include a list of payment instruments used in previous successful transactions, customer transaction histories, and other customer information. The POS device may determine, upon receiving a payment instrument identifier in a transaction, whether the payment instrument has been used in a previous successful transaction. If the POS device determines the payment instrument has been used, it may process the transaction. If not, the POS device may warn the merchant that the transaction is a high-risk transaction.

Abstract: A method of preventing passcode logging is disclosed. The method may include: presenting a passcode entry interface on an electronic device; receiving a sensor input sequence from a sensor of the electronic device, wherein the sensor input sequence is indicative of a user's interaction with the passcode entry interface; and introducing a fake sensor entry into the sensor input sequence on the electronic device, wherein the fake sensor entry is introduced in accordance to a pattern to later distinguish the fake sensor entry from an actual sensor entry in the sensor input sequence.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for determining, at a remote computing device, whether a first security measure has been compromised, wherein the first security measure is executed on a mobile device; and based on a determination that the first security measure has been compromised, performing a corrective measure, wherein the corrective measure is performed after a delay.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for determining, at a remote computing device, whether a first security measure has been compromised, wherein the first security measure is executed on a mobile device; and based on a determination that the first security measure has been compromised, performing a corrective measure, wherein the corrective measure is performed after a delay.

Abstract: A method of establishing secure communication between a first mobile computing device and a second mobile computing device includes generating a first self-signed key at the first mobile computing device, pairing the first device with a second device, the pairing including receiving user input of a passcode and after receiving the user input sending the first public key to the second mobile computing device and receiving a second public key from the second mobile computing device, storing the second public key in a database of trusted devices, the database of trusted devices being stored in the first mobile computing device, receiving in the first mobile computing device a list of mobile computing devices connected to a mobile network, matching the list of mobile computing device against the database of trusted devices, and establishing secure communication between the first mobile computing device and the second mobile computing device.

Abstract: Method, systems, and apparatus for receiving transaction data for the payment transaction, where the transaction data includes at least card track data; encrypting the transaction data at the data processing apparatus using an encryption key of a cryptographic key pair to generate encrypted transaction data, where the cryptographic key pair includes the encryption key and a decryption key; storing a plurality of copies of the encrypted transaction data in a plurality of storage devices; receiving an instruction to submit the transaction data for processing; decrypting the encrypted transaction data using the decryption key; and submitting the transaction data for processing by an issuer.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.