Abstract: Systems and methods provide for communication of transaction data that is formatted according to a transaction type that is support by an access device. First transaction data may be formatted according to a first type of transaction supported by a first access device and second transaction data may be formatted according to a second type of transaction supported by a second access device. The first transaction data may be transmitted over a first wireless communication link to the first access device and the second transaction data may be transmitted to the second access over a second wireless communication link.

Abstract: An enhanced data interface (EDI) for communications between an application operating on a communication device and an access device can provide enhanced verification between the communication device and access device. The communication process may include the access device sending a request for available applets to a communication device, and receiving a list of available applets from the communication device. The access device may select an untrusted applet identifier, and provide the selected untrusted applet identifier and an entity identifier associated with the access device to the communication device. The communication device can validate the access device as being authorized to access credentials associated with the selected untrusted applet identifier by comparing the entity identifier to a list of trusted entity identifiers, and provide credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Embodiments of the present invention are directed to a centralized trusted service manager system in the form of a trusted service manager interconnectivity service hub, which facilitates and provides communications between entities involved I mobile contactless payment systems. One embodiment is directed to a method for processing a message related to a mobile payment application on a secure element of a mobile communication device through an interconnectivity services hub including receiving the message from a first entity in a first protocol and determining a trusted service manager associated with the secure element from among a plurality of trusted service managers using a routing table comprising routing information.

Abstract: A central platform provides proxy dynamic values for any one of a number of a cardholder's portable payment devices, upon a request for such information made during a transaction. The proxy dynamic value can be provided to the merchant, who then can route it into the acceptance network in order to initiate the authentication process. The central platform provides the actual primary account number associated with the proxy dynamic value during the authentication process.

Abstract: A method and a server computer are provided for authenticating a cardholder account. The server computer implements the method, which includes obtaining a first identifier and a cryptogram from a first entity, identifying an issuer associated with the cardholder account, forwarding the first account identifier and the cryptogram to a second entity for validation, receiving a second identifier from the second entity, and sending the second identifier to the first entity. The first identifier can be associated with the cardholder account. The second identifier can be generated by the second entity and associated with a validated form of the first identifier.

Abstract: Embodiments of the invention relate to systems and methods for efficiently provisioning mobile devices with personalization data. For some embodiments, a method is disclosed comprising receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user, generating a partial personalization script, an activation script, and a deletion script using the device information, sending the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, authenticating the user authentication information, and sending an activation message to the application provider computer, wherein the application provider computer initiates execution of the activation script.

Abstract: Embodiments of the present invention are directed to systems and methods for providing a central entity that can provision mobile payment applications on mobile communication devices and personalize the mobile payment applications with consumer and account information. The personalization of the mobile payment application on the mobile communication device may include provisioning a payment account on the mobile payment application. The central entity may provision the account on the mobile payment application without interacting with the issuer during the provisioning of the account. The central entity may provision the account on the mobile communication device by decrypting, using a secure element key, encrypted payment account information received from the mobile communication device. The payment account information may be encrypted by a secure element of the mobile communication device using the same secure element key.

Abstract: A central platform provides proxy dynamic values for any one of a number of a cardholder's portable payment devices, upon a request for such information made during a transaction. The proxy dynamic value can be provided to the merchant, who then can route it into the acceptance network in order to initiate the authentication process. The central platform provides the actual primary account number associated with the proxy dynamic value during the authentication process.

Abstract: A method and a server computer are provided for authenticating a cardholder account. The server computer implements the method, which includes obtaining a first identifier and a cryptogram from a first entity, identifying an issuer associated with the cardholder account, forwarding the first account identifier and the cryptogram to a second entity for validation, receiving a second identifier from the second entity, and sending the second identifier to the first entity. The first identifier can be associated with the cardholder account. The second identifier can be generated by the second entity and associated with a validated form of the first identifier.

Abstract: Embodiments of the invention relate to systems and methods for efficiently provisioning mobile devices with personalization data. For some embodiments, a method is disclosed comprising receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user, generating a partial personalization script, an activation script, and a deletion script using the device information, sending the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, authenticating the user authentication information, and sending an activation message to the application provider computer, wherein the application provider computer initiates execution of the activation script.

Abstract: Embodiments of the disclosure are directed to performing a transaction between a mobile device and an access device. Value information is provided to the access device by the mobile device. The value information is not necessary to complete the transaction.

Abstract: Embodiments of the present invention are directed to systems and methods for providing a central entity that can provision mobile payment applications on mobile communication devices and personalize the mobile payment applications with consumer and account information. The personalization of the mobile payment application on the mobile communication device may include provisioning a payment account on the mobile payment application. The central entity may provision the account on the mobile payment application without interacting with the issuer during the provisioning of the account. The central entity may provision the account on the mobile communication device by decrypting, using a secure element key, encrypted payment account information received from the mobile communication device. The payment account information may be encrypted by a secure element of the mobile communication device using the same secure element key.

Abstract: An enhanced data interface (EDI) for communications between an application operating on a communication device and an access device can provide enhanced verification between the communication device and access device. The communication process may include the access device sending a request for available applets to a communication device, and receiving a list of available applets from the communication device. The access device may select an untrusted applet identifier, and provide the selected untrusted applet identifier and an entity identifier associated with the access device to the communication device. The communication device can validate the access device as being authorized to access credentials associated with the selected untrusted applet identifier by comparing the entity identifier to a list of trusted entity identifiers, and provide credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Embodiments of the invention are directed at an enhanced data interface (EDI) for contactless communications between a mobile application operating on a mobile device and an access device (e.g., contactless reader) that allows for enhanced verification between the mobile device and access device. One embodiment of the invention is directed to a method. The method comprises a mobile device receiving a request for available applets from an access device and providing a list of available applets including trusted applet identifiers and untrusted applet identifiers to the access device. The method further comprises receiving a selection of an untrusted applet identifier from the list and an entity identifier associated with the access device, validating that the access device is authorized to access credentials associated with the selected untrusted applet identifier using the entity identifier, and providing the credentials associated with the selected untrusted applet identifier to the access device.

Abstract: Embodiments of the disclosure are directed to performing a transaction between a mobile device and an access device. Value information is provided to the access device by the mobile device. The value information is not necessary to complete the transaction.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include receiving a cryptogram generation key replenishment request that includes transaction log information derived from transaction data stored in a transaction log on a communication device, verifying that the transaction log information in the replenishment request is consistent with the previously received transaction information, and providing a new cryptogram generation key to the communication device in response to verifying the transaction log information in the replenishment request.

Abstract: Systems and methods for facilitating payment transactions using quick-response (QR) codes are provided. A first machine readable code encoding first data generated by an access device is scanned by a communication device. The communication device generates a cryptogram based on the first data encoded within the first machine readable code. The communication device then obtains financial credentials data from a payment application being executed on the communication device. A second machine readable code encoding second data comprising the financial credentials data and the cryptogram is then generated. The second machine readable code is displayed on a display of the communication device, wherein the second machine readable code is scanned by the access device.

Abstract: Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and sending a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Abstract: Systems and methods for facilitating payment transactions using quick-response (QR) codes are provided. A first machine readable code encoding first data generated by an access device is scanned by a communication device. The communication device generates a cryptogram based on the first data encoded within the first machine readable code. The communication device then obtains financial credentials data from a payment application being executed on the communication device. A second machine readable code encoding second data comprising the financial credentials data and the cryptogram is then generated. The second machine readable code is displayed on a display of the communication device, wherein the second machine readable code is scanned by the access device.

Abstract: An interface and device architecture for a payment device. An interface between a payment application installed in a payment device and one or more value-add applications (such as loyalty programs, transit applications, etc.) that are also installed in the payment device. The API or interface design permits communications and data transfer between the payment application and one or more value-add applications. This reduces (and in some cases may prevent) the need for back-end server processing of data that may be relevant to both a payment transaction and to a function of the value-add application. Similarly, the same or another API or interface may enable communications and data transfer between a value-add application and the payment application.