Abstract: Identity verification using payment instrument(s) is described. In an example, an identifier associated with a user can be associated with a secure storage component of a payment instrument associated with the user. A verifying entity—which can be a computing resource and/or a service provider—can receive a request to access a computing resource availed via a computing device operable by the user. The verifying entity can determine whether to grant the user access to the computing resource based at least in part on an interaction between the payment instrument and a reader device associated with the computing device.

Abstract: In some examples, a wireless card reader detects insertion of a chip card at a chip card reader interface that includes electrical contacts positioned in the wireless card reader to contact contacts of the chip card when inserted into the wireless card reader. The wireless card reader may send, to a mobile computing device, a wireless communication request to send a PIN to the card reader. The card reader may receive, from the mobile computing device, a wireless communication including the PIN entered by a user on the mobile computing device. The card reader may send the PIN for authentication of the PIN. The card reader may receive a confirmation that the PIN has been authenticated. The card reader may send, to the mobile computing device, via the communication component, an indication of the confirmation that the PIN has been authenticated.

Abstract: In one aspect, a method includes automating, via an application running on a computing device, consent for cardless payment transactions upon a determination that a received signal strength indication satisfies a threshold; monitoring, while the application is running in a background on the computing device, received signal strength indications of other computing devices that are proximate to the computing device; determining, based on the monitoring and by the application, that a received signal strength indication associated with another computing device satisfies the threshold using an automatically enabled short-range wireless communication protocol; and causing, by the application and based on the received signal strength indication satisfying the threshold, the payment service to process a cardless payment transaction between another user associated with the other computing device and the user, wherein the consent for the cardless payment transaction is automatically provided based on the received signa

Abstract: A method for processing a cardless payment includes receiving, by a first mobile device, a signal from a second mobile device using a short-range wireless transmission protocol. A value for the received signal strength indication of the signal between the first mobile device and the second mobile device can be determined. The process can include determining that the first mobile device and the second mobile device are in proximity based on the received signal strength indication. Consent to enter into a payment transaction can be established upon a determination that the devices are in proximity to one another.

Abstract: Method, systems, and apparatus for receiving transaction data for the payment transaction, where the transaction data includes at least card track data; encrypting the transaction data at the data processing apparatus using an encryption key of a cryptographic key pair to generate encrypted transaction data, where the cryptographic key pair includes the encryption key and a decryption key; storing a plurality of copies of the encrypted transaction data in a plurality of storage devices; receiving an instruction to submit the transaction data for processing; decrypting the encrypted transaction data using the decryption key; and submitting the transaction data for processing by an issuer.

Abstract: A method of encrypting a passcode is disclosed. In one embodiment, the method includes: receiving an indication of a portion of the passcode; calculating a plaintext value based at least in part on the indication, wherein the plaintext value represents an encoded portion of the passcode; encrypting the plaintext value into ciphertext using a homomorphic encryption system; and updating a cumulative encryption string by executing a cumulative operation to aggregate the ciphertext corresponding to the encoded portion into the cumulative encryption string computed for a previous portion of the passcode, wherein the cumulative operation is dictated by a homomorphic property of the homomorphic encryption system.

Abstract: In some examples, a wireless card reader detects insertion of a chip card at a chip card reader interface that includes electrical contacts positioned in the wireless card reader to contact contacts of the chip card when inserted into the wireless card reader. The wireless card reader may send, to a mobile computing device, a wireless communication request to send a PIN to the card reader. The card reader may receive, from the mobile computing device, a wireless communication including the PIN entered by a user on the mobile computing device. The card reader may send the PIN for authentication of the PIN. The card reader may receive a confirmation that the PIN has been authenticated. The card reader may send, to the mobile computing device, via the communication component, an indication of the confirmation that the PIN has been authenticated.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for storing a plurality of stored fingerprints, wherein each of the stored fingerprints is associated with a respective software environment and a respective mobile device; receiving from a first mobile device a first fingerprint of a first software environment in the first mobile device; determining whether the stored fingerprints include less than a threshold amount of fingerprints identical to the first fingerprint; based on a determination that the stored fingerprints include less than the threshold amount of fingerprints identical to the first fingerprint, determining that the first software environment is a compromised software environment; and performing a corrective measure.

Abstract: Some examples include determining a plurality of motion pattern readings detected by an electronic device in conjunction with entry of a passcode on the electronic device, such as for authentication of a transaction. The passcode may be entered as a sequence of tactile presses on the electronic device, and the detected motion pattern readings may be indicative of movements of the electronic device when the tactile presses occur. Based at least in part on the motion pattern readings, a plurality of locations corresponding to the tactile presses may be determined. Further, based at least in part on the determined plurality of locations, symbols for the passcode may be determined. In some cases, a process for authenticating the transaction may be initiated using the determined passcode.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: Several embodiments include a mobile device that uses a media file to render a passcode entry interface. The passcode entry interface can have an assigned location of an input element that corresponds to an inputtable value in the passcode entry interface. The media file can include a visual depiction having the input element at the assigned location. In several embodiments, the media file does not store the association between the assigned location and the inputtable value. The assigned location corresponding to the inputtable value can be separately stored. The mobile device can receive a coordinate of a touch event on the passcode entry interface. To determine a passcode entry based on the touch event, the coordinate can be compared against the separately stored assigned location to determine a corresponding input value to the coordinate.

Abstract: In some examples, methods and systems may process one or more payment transactions between a merchant and a buyer by registering a communication device as an authorization instrument to the payment transaction. To this end, the method includes detecting at least one transaction activity associated with a payment system, establishing a communication channel between the POS terminal an RF communication device in proximity to the POS terminal.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for determining, at a remote computing device, whether a first security measure has been compromised, wherein the first security measure is executed on a mobile device; and based on a determination that the first security measure has been compromised, performing a corrective measure, wherein the corrective measure is performed after a delay.

Abstract: A method for encrypting a passcode is disclosed. In one embodiment, the method includes: receiving an indication of a portion of the passcode from a user; encoding the portion of the passcode; encrypting the encoded portion into ciphertext using a homomorphic encryption system; updating a cumulative encryption string by executing a cumulative operation to aggregate the ciphertext corresponding to the encoded portion into the cumulative encryption string computed for a previous portion of the passcode, wherein the cumulative operation is dictated by a homomorphic property of the homomorphic encryption system; and generating a passcode message based at least in part on the cumulative encryption string, wherein the passcode message includes a message authentication code.

Abstract: A method of entering a passcode is disclosed. In one embodiment, the method includes: calculating locations of tactile inputs on the input component to interact with the passcode entry interface based at least partially on the recorded motion readings; and determining the passcode based at least in part on the tactile inputs by mapping the tactile inputs to a geometric layout of interactive elements of the passcode entry interface.

Abstract: A mobile device can send an identification code of a card reader coupled to the mobile device to a server system. In response to sending the identification code, the mobile device can receive a cryptographic key from the server system. The mobile device can receive a passcode via a user interface of the mobile device. The mobile device can then utilize the cryptographic key from the server system to facilitate secure communication between the card reader and the mobile device. Secure communication, for example, includes encrypting the passcode using the cryptographic key before sending the encrypted passcode from the mobile device to the card reader.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: A card reader configured to read a smart card can be detachably connected to a mobile computing device. When the card reader is attached to the mobile device, an application installed on the mobile computing device permits the mobile device to communicate with the card reader in order to process transactions. Security measures can be used on the mobile device to prevent theft of a PIN during software PIN entry of a payment transaction. The mobile device can prevent the keypad or other input interface from displaying feedback. The mobile device can also prevent passcodes from being stolen by displaying media encoded with digital rights management (DRM) and by managing the media and user inputs at a secure server. A mobile device can securely communicate with a card reader for a payment transaction using asymmetric or symmetric encryption.

Abstract: A method and apparatus are disclosed for using temporary data with a magnetic stripe card to reduce incidents of fraudulent card transactions. A first set of temporary data, valid until an occurrence of an event, is generated and applied to a magnetic stripe area of a magnetic stripe card (“the card”). The card can be used for a first transaction, which is authorized based on a verification that the first set of temporary data is valid, or was valid and is not expired. The transaction is processed based on an account associated with the card. The event occurs, rendering the first data item invalid, and a second set of temporary data is generated and applied to the magnetic stripe area.