Abstract: Methods and apparatuses, including computer program products, are described for secure validation of financial transactions. A server computing device registers a mobile device to receive notification messages from the server computing device. The server computing device transmits a notification message via a first communication channel to a notification agent executing on the registered mobile device, where the message identifies activity associated with a financial account of a user of the registered mobile device. The server computing device receives a response to the notification message via a second communication channel from an application executing on the registered mobile device, if the notification message requires a response. The server computing device stores the response in a database coupled to the server computing device, and determines whether to (i) allow, (ii) deny, or (iii) deny and report as fraud the identified activity based upon the response.

Abstract: Methods and apparatuses, including computer program products, are described for secure validation of financial transactions. A server computing device registers a mobile device to receive notification messages from the server computing device. The server computing device transmits a notification message via a first communication channel to a notification agent executing on the registered mobile device, where the message identifies activity associated with a financial account of a user of the registered mobile device. The server computing device receives a response to the notification message via a second communication channel from an application executing on the registered mobile device, if the notification message requires a response. The server computing device stores the response in a database coupled to the server computing device, and determines whether to (i) allow, (ii) deny, or (iii) deny and report as fraud the identified activity based upon the response.

Abstract: Methods and apparatuses, including computer program products, are described for transaction-based security risk aggregation and analysis. A server computing device receives security risk data elements from a plurality of data sources, the data elements corresponding to a transaction submitted by a remote computing device to the server computing device for execution. The server computing device aggregates the security risk data elements into a weighted risk matrix. The server computing device generates a risk score for the submitted transaction based upon the weighted risk matrix. The server computing device determines an internal environment risk factor and an external environment risk factor based upon environmental risk data received from the plurality of data sources.

Abstract: Methods and apparatuses, including computer program products, are described for secure validation of financial transactions. A server computing device registers a mobile device to receive notification messages from the server computing device. The server computing device transmits a notification message via a first communication channel to a notification agent executing on the registered mobile device, where the message identifies activity associated with a financial account of a user of the registered mobile device. The server computing device receives a response to the notification message via a second communication channel from an application executing on the registered mobile device, if the notification message requires a response. The server computing device stores the response in a database coupled to the server computing device, and determines whether to (i) allow, (ii) deny, or (iii) deny and report as fraud the identified activity based upon the response.

Abstract: Methods and apparatuses, including computer program products, are described for transaction-based security risk aggregation and analysis. A server computing device receives security risk data elements from a plurality of data sources. The security risk data elements correspond to a transaction submitted by a remote computing device to the server computing device for execution. The server computing device aggregates the security risk data elements into a weighted risk matrix and generates a risk score for the submitted transaction based upon the weighted risk matrix. The server computing device determines a business-level context and an execution priority of the submitted transaction, the business-level context and the execution priority based upon the security risk data elements.

Abstract: A method for using multiple channels to access a resource, wherein an authenticated user requests a resource that requires a second authentication parameter over a first channel, a token value is transmitted to the user on the first channel, and the user transmits the token value and a second authentication parameter over a second channel. The token value is used to associate the first authentication parameter to the second authentication parameter, whereby the user is allowed access to the resource on the first or second channel.

Abstract: Described are methods, systems, and apparatus, including computer program products for providing authentication for service provisioning. One or more executable authentication rules are provided for determining access by a user to one or more services. At least a first executable authentication rule is selected from the one or more executable authentication rules. The first executable authentication rule is for determining access by the user to at least a first service from the one or more services, wherein selecting the first executable authentication rule is based on: a characteristic of the user, a characteristic of a request, a characteristic of an acquisition point, or any combination thereof. A rules credential is generated. The rules credential includes the first executable authentication rule.

Abstract: A method for using multiple channels to access a resource, wherein a first user requests a resource that requires an indication of approval from a second user, a token value is transmitted to the first user on the first channel, and the second user transmits the token value and a second authentication parameter over a second channel. The token value is used to associate the first authentication parameter to the second authentication parameter, whereby the first user is allowed access to the resource on the first. The first and second user may be independently authenticated in some implementations and not independently authenticated in other implementations.

Abstract: A method for using multiple channels to authenticate a user, wherein a first authentication parameter from a first device associated with a user is received over a first channel, a token value is transmitted to the user on the first channel, and the user transmits the token value and a second authentication parameter over a second channel. The token value is used to associate the first authentication parameter to the second authentication parameter, whereby the user is authenticated on the first channel.

Abstract: Described are methods, systems, and apparatus, including computer program products for providing authentication for service provisioning. At least a first and a second executable authentication rule are provided. One or both of the first and second executable authentications are for determining access by a user to a service. The first executable authentication rule is selected when a lifecycle state associated with the user is in a first state. The second executable authentication rule is selected when the lifecycle state is in a second state. A rules credential is generated. The rules credential includes the selected executable authentication rule.

Abstract: Dependents of benefit plan participants can be given access to personal information of a plan participant. The dependents, who are not existing users or members of the plan, can be allowed access to some or all of the personal information associated with the plan participant.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for detecting fraudulent activity. A computing device in a second network receives a plurality of interactions between data centers in a first network and one or more devices, remote from the data centers, of a user, the interactions forming an aggregate user session representing the user's activity over a period of time with the data centers via the devices. The computing device monitors data transaction requests of the interactions and is configured to respond to each request with a response that appears as if the request was executed. If the interactions are harmful, the computing device interdicts the interactions from execution by the data centers and allows the devices to submit additional interactions. If unable to determine whether the subsequent interactions are harmful, the computing device transmits the interactions to the data centers for execution and marks the interactions.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for subscribing to data feeds on a network. An user utilizes a transmitting device to transmit data packets that are split between a plurality of data centers for processing. The data packets are captured at the data centers. The data packets are recombined. The recombined data can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for detecting fraudulent activity on a network. A user utilizes a transmitting device to transmit user requests that are split between a plurality of data centers for processing. The user requests are captured at the data centers. The user requests are unified into a user session. The user session can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for detecting and interdicting fraudulent activity on a network. An user utilizes a transmitting device to transmit user requests that are split between a plurality of data centers for processing. The user requests are captured at the data centers. The user requests are unified into an user session. The user session can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Dependents of benefit plan participants can be given access to personal information of a plan participant. The dependents, who are not existing users or members of the plan, can be allowed access to some or all of the personal information associated with the plan participant.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for unifying user sessions on a network. An user utilizes a transmitting device to transmit user requests that are split between a plurality of data centers for processing. The user requests are captured at the data centers. The user requests are unified into an user session. The user session can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for reconstructing data on a network. An user utilizes a transmitting device to transmit data packets that are split between a plurality of data centers for processing. The data packets are captured at the data centers. The data packets are recombined. The recombined data can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are computer-based methods and apparatuses, including computer program products, for detecting fraudulent activity on a network. An user utilizes a transmitting device to transmit user requests that are split between a plurality of data centers for processing. The user requests are captured at the data centers. The user requests are unified into an user session. The user session can be analyzed for fraud detection, marketing analysis, network intrusion detection, customer service analysis, and/or performance analysis. If fraudulent activity is detected, then the user can be interdicted to prevent further fraudulent activity.

Abstract: Described are methods, systems, and apparatus, including computer program products for providing customizable authentication for service provisioning. A first user is enabled to customize an authentication system associated with a service type. Customizing the authentication system includes defining one or more authentication rules for determining access for a second user to a service for the service type.