Abstract: A restriction request message, including a restriction parameter for a secondary account, is received from a device that is associated with a primary account, via a network node that is outside of a secure authorization network. A replenishment request message, including a password and an account replenishment parameter for the secondary account, is also received via a network node that is outside of the authorization network. Authentication is performed based on the password, and the restriction parameter for the secondary account is identified responsive to receiving the replenishment request message. Responsive to determining that the account replenishment parameter satisfies the restriction parameter, a replacement key is generated and associated with the account replenishment parameter for the secondary account.

Abstract: A method for preventing mobile payment is described. The method comprises generating an authorization request, via a payment module, based on sensitive data on a mobile device. The authorization request is transmitted from the payment module to an issuer system. The issuer system sends a neutralization trigger. In response to receiving the neutralization trigger, the payment module is disabled.

Abstract: Provided are systems and methods for operating a mobile device of a first user that may include accessing a data repository to retrieve a first location of a future event scheduled at an event time to be attended by the first user and a second user, obtaining, from a position determination circuit of the mobile device, a second location of the mobile device, initiating transmission of a query to a route server to responsively obtain a time of arrival message including an arrival time for the first user to arrive at the first location from the second location, and, responsive to a difference in the arrival time and the event time exceeding a threshold duration, initiating transmission of a notification message that triggers a change in attendees that are physically present at the first location of the event without altering the event time of the event.

Abstract: A method for preventing mobile payment is described. The method comprises receiving an authorization request at an issuer system from a payment module on a mobile device. The authorization request may be based on sensitive data on the mobile device. The issuer system determines whether the mobile device is missing. The issuer system sends a neutralization trigger to the mobile device, and in response to receiving the neutralization trigger, the payment module is disabled.

Abstract: Provided are systems and methods for operating a mobile device of a first user that may include accessing a data repository to retrieve a first location of a future event scheduled at an event time to be attended by the first user and a second user, obtaining, from a position determination circuit of the mobile device, a second location of the mobile device, initiating transmission of a query to a route server to responsively obtain a time of arrival message including an arrival time for the first user to arrive at the first location from the second location, and, responsive to a difference in the arrival time and the event time exceeding a threshold duration, initiating transmission of a notification message that triggers a change in attendees that are physically present at the first location of the event without altering the event time of the event.

Abstract: Methods of de-tokenizing secure payment tokens are disclosed. A method according to some embodiments includes receiving a request from an issuer to de-tokenize a secure payment token associated with a transaction conducted using a mobile terminal, generating a metric indicative of a risk of de-tokenizing the secure payment token, comparing the metric indicative of the risk of de-tokenizing the secure payment token to a predetermined threshold, and transmitting a response to the request to de-tokenize the secure payment token, wherein the response is based on the comparison of the metric indicative of the risk of de-tokenizing the secure payment token with the predetermined threshold.

Abstract: A restriction request message, including a restriction parameter for a secondary account, is received from a device that is associated with a primary account, via a network node that is outside of a secure authorization network. A replenishment request message, including a password and an account replenishment parameter for the secondary account, is also received via a network node that is outside of the authorization network. Authentication is performed based on the password, and the restriction parameter for the secondary account is identified responsive to receiving the replenishment request message. Responsive to determining that the account replenishment parameter satisfies the restriction parameter, a replacement key is generated and associated with the account replenishment parameter for the secondary account.

Abstract: A restriction request message, including a restriction for a secondary account, is received by a computer server from a user device via a network node that is outside of a secure authorization network. An authorization request message, including an identifier of the secondary account and a secondary password provided by a terminal that is communicatively coupled to a node of the authorization network, is received by the computer server via the authorization network. The secondary account is identified as being associated with a primary account based on the identifier included in the authorization request message. Authentication for a transaction between the terminal and the primary account is performed by the computer server based on the secondary password. An authorization response message for the transaction between the terminal and the primary account, based on the restriction for the secondary account, is transmitted from the computer server via the authorization network.

Abstract: A message, which includes a user-defined transaction parameter for a transaction with a terminal that is communicatively coupled to a node of a secure authorization network, is received by a computer server via a network node that is outside of the secure authorization network. An authorization request message for the transaction with the terminal is received by the computer server via the secure authorization network. The authorization request message includes a one-time password that is provided by the terminal. Authentication is performed by the computer server based on the one-time password, and the user-defined transaction parameter for the transaction with the terminal is identified by the computer server based on the one-time password included in the authorization request message. An authorization response message for the transaction with the terminal based on the user-defined transaction parameter is transmitted from the computer server via the secure authorization network.

Abstract: A method includes communicating with a token server to identify a key, generating an initialization vector, performing a logical operation on the key using the initialization vector to generate a modified key, encrypting a financial account number using a format preserving encryption technique to generate a payment token where the format preserving encryption technique uses the modified key, establishing a communication connection with a point-of-sale terminal, and transmitting the payment token to the point-of-sale terminal.

Abstract: Methods of de-tokenizing secure payment tokens are disclosed. A method according to some embodiments includes receiving a request from an issuer to de-tokenize a secure payment token associated with a transaction conducted using a mobile terminal, generating a metric indicative of a risk of de-tokenizing the secure payment token, comparing the metric indicative of the risk of de-tokenizing the secure payment token to a predetermined threshold, and transmitting a response to the request to de-tokenize the secure payment token, wherein the response is based on the comparison of the metric indicative of the risk of de-tokenizing the secure payment token with the predetermined threshold.

Abstract: A method for communicating payment status is described. The method comprises receiving an authorization request, via a local merchant terminal, at an issuer system. The authorization request may be generated during a contactless transaction. The authorization request is verified at the issuer system. The issuer system generates a first verification response and a second verification response. The issuer system transmits the first verification response directly to a payment module on a mobile device. The issuer also transmits the second verification response to the local merchant terminal.

Abstract: A method for preventing mobile payment is described. The method comprises receiving an authorization request at an issuer system from a payment module on a mobile device. The authorization request may be based on sensitive data on the mobile device. The issuer system determines whether the mobile device is missing. The issuer system sends a neutralization trigger to the mobile device, and in response to receiving the neutralization trigger, the payment module is disabled.

Abstract: A method for preventing mobile payment is described. The method comprises generating an authorization request, via a payment module, based on sensitive data on a mobile device. The authorization request is transmitted from the payment module to an issuer system. The issuer system sends a neutralization trigger. In response to receiving the neutralization trigger, the payment module is disabled.

Abstract: A method for communicating payment status is described. The method comprises generating an authorization request, via a payment module, on a mobile device. The authorization request may be generated during a contactless transaction. The authorization request is transmitted to an issuer system for verification via a local merchant terminal. The payment module receives a first verification response directly from the issuer system, and determines a transaction status from the first verification response.