Abstract: It is desirable for a merchant to not store customer PCI (Payment Card Industry) data in the merchant’s system, because this would reduce cost and risk to the merchant. But the merchant still wants access to the customer primary account number (PAN) and other PCI data elements for customer authentication, customer relationship management, etc. Therefore, this specification discloses systems and methods that allow a pPOS (personal Point of Sale) device to create a mirror of the original transaction and provide that to the merchant. Then the merchant would still have access to the customer PAN and other PCI data elements, but there are no PCI or payment data in the mirror transaction, so cost and risk are reduced for the merchant.

Abstract: It is desirable for a merchant to not store customer PCI (Payment Card Industry) data in the merchant's system, because this would reduce cost and risk to the merchant. But the merchant still wants access to the customer primary account number (PAN) and other PCI data elements for customer authentication, customer relationship management, etc. Therefore, this specification discloses systems and methods that allow a pPOS (personal Point of Sale) device to create a mirror of the original transaction and provide that to the merchant. Then the merchant would still have access to the customer PAN and other PCI data elements, but there are no PCI or payment data in the mirror transaction, so cost and risk are reduced for the merchant.

Abstract: Within EMV payment specification, use of an unattended terminal to accept a payment is allowed. Creating a device that has both EMV level 1 (L1) and level 2 (L2) payment components combined with a virtual merchant creates a “card present” transaction for an on-line or e-commerce merchant. This device can be called a personal Point of Sale (pPOS). This specification discloses pPOS devices and methods that can provide for card present e-commerce transactions with a payment kernel that is local and/or remote to a pPOS device. In some embodiments, a pPOS device can include only a secure microcontroller function (MCF) and a secure element, wherein a payment kernel configured to process payment is local, remote, or split between local and remote to the device. In some embodiments, a pPOS device can further include a reader, a sensor switch, and/or a user interface function.

Abstract: Within the EMV payment specification, the use of an unattended terminal to accept a payment is allowed. Creating a device that has both the EMV level 1 (L1) and level 2 (L2) payment components combined with a virtual merchant creates a “card present” transaction for an on-line or e-commerce merchant. This device can be called a personal Point of Sale (pPOS). This specification discloses personal Point of Sale (pPOS) devices and methods that can provide for card present e-commerce transactions. In some embodiments, a pPOS device can include only a secure microcontroller function (MCF), a payment kernel, a secure element, and an interface to an external system with an EMV level 3 (L3) payment application. In some embodiments, a pPOS device can further include a reader. In some embodiments, a pPOS device can still further include a sensor switch and/or a user interface function.

Abstract: It is desirable for a merchant to not store customer PCI (Payment Card Industry) data in the merchant's system, because this would reduce cost and risk to the merchant. But the merchant still wants access to the customer primary account number (PAN) and other PCI data elements for customer authentication, customer relationship management, etc. Therefore, this specification discloses systems and methods that allow a pPOS (personal Point of Sale) device to create a mirror of the original transaction and provide that to the merchant. Then the merchant would still have access to the customer PAN and other PCI data elements, but there are no PCI or payment data in the mirror transaction, so cost and risk are reduced for the merchant.

Abstract: Today, merchant Point of Sale (POS) systems can be certified by the merchant acquirers for Level 3 with a certified EMV Level 1 contact and contactless reader. The EMV Level 2 payment kernel is configured to meet the merchant's requirements based on the rules the merchant sets in the payment kernel. These rules and parameters are static. The present specification discloses a personal POS (pPOS) device and method, where different merchants can use the same customer pPOS hardware by changing the configuration of the payment kernel to their rules prior to processing the payment. Therefore, the present specification discloses devices and methods that can process payment transactions using a payment kernel that is dynamically configurable.

Abstract: Within EMV payment specification, use of an unattended terminal to accept a payment is allowed. Creating a device that has both EMV level 1 (L1) and level 2 (L2) payment components combined with a virtual merchant creates a “card present” transaction for an on-line or e-commerce merchant. This device can be called a personal Point of Sale (pPOS). This specification discloses “card present” payments from a customer's vehicle with a pPOS device in or on the vehicle. This allows for “card present” payments from a customer's vehicle for drive by or drive through payments. The specification further discloses systems and methods to authenticate the merchant or an unattended terminal of a merchant to pPOS in the customer's vehicle.

Abstract: Within EMV payment specification, use of an unattended terminal to accept a payment is allowed. Creating a device that has both EMV level 1 (L1) and level 2 (L2) payment components combined with a virtual merchant creates a “card present” transaction for an on-line or e-commerce merchant. This device can be called a personal Point of Sale (pPOS). This specification discloses pPOS devices and methods that can provide for card present e-commerce transactions with a payment kernel that is local and/or remote to a pPOS device. In some embodiments, a pPOS device can include only a secure microcontroller function (MCF) and a secure element, wherein a payment kernel configured to process payment is local, remote, or split between local and remote to the device. In some embodiments, a pPOS device can further include a reader, a sensor switch, and/or a user interface function.

Abstract: Within the EMV payment specification, the use of an unattended terminal to accept a payment is allowed. Creating a device that has both the EMV level 1 (L1) and level 2 (L2) payment components combined with a virtual merchant creates a “card present” transaction for an on-line or e-commerce merchant. This device can be called a personal Point of Sale (pPOS). This specification discloses personal Point of Sale (pPOS) devices and methods that can provide for card present e-commerce transactions. In some embodiments, a pPOS device can include only a secure microcontroller function (MCF), a payment kernel, a secure element, and an interface to an external system with an EMV level 3 (L3) payment application. In some embodiments, a pPOS device can further include a reader. In some embodiments, a pPOS device can still further include a sensor switch and/or a user interface function.

Abstract: A multifactor authentication (MFA) enforcement server provides multifactor authentication services to users and existing services. During registration, the MFA enforcement server changes a user's password on an existing service to a password unknown to the user. During normal usage when the user accesses the existing service through the MFA enforcement server, the MFA enforcement server enforces a multifactor authentication enforcement policy.

Abstract: A multifactor authentication (MFA) enforcement server provides multifactor authentication services to users and existing services. During registration, the MFA enforcement server changes a user's password on an existing service to a password unknown to the user. During normal usage when the user accesses the existing service through the MFA enforcement server, the MFA enforcement server enforces a multifactor authentication enforcement policy.

Abstract: A multifactor authentication (MFA) enforcement server provides multifactor authentication services to users and existing services. During registration, the MFA enforcement server changes a user's password on an existing service to a password unknown to the user. During normal usage when the user accesses the existing service through the MFA enforcement server, the MFA enforcement server enforces a multifactor authentication enforcement policy.

Abstract: A multifactor authentication (MFA) enforcement server provides multifactor authentication services to users and existing services. During registration, the MFA enforcement server changes a user's password on an existing service to a password unknown to the user. During normal usage when the user accesses the existing service through the MFA enforcement server, the MFA enforcement server enforces a multifactor authentication enforcement policy.

Abstract: A multifactor authentication (MFA) enforcement server provides multifactor authentication services to users and existing services. During registration, the MFA enforcement server changes a user's password on an existing service to a password unknown to the user. During normal usage when the user accesses the existing service through the MFA enforcement server, the MFA enforcement server enforces a multifactor authentication enforcement policy.

Abstract: Cloud services are provided to mobile devices. Applications access cloud services through a consolidator that consolidates the services. The mobile device may include a secure element and secure memory to which the consolidator may authenticate. Authenticated consolidators can control the lifecycle of applications and data in secure memory. Secure elements and secure memory may be embedded or integrated in the mobile device in non-removable add-on slots, or may be in a removable or remote add-on device.

Abstract: A multifactor authentication (MFA) enforcement server provides multifactor authentication services to users and existing services. During registration, the MFA enforcement server changes a user's password on an existing service to a password unknown to the user. During normal usage when the user accesses the existing service through the MFA enforcement server, the MFA enforcement server enforces a multifactor authentication enforcement policy.

Abstract: Users perform in-application purchases when logged in to an electronic financial application. User funds are transferred into an intermediate account at the user's financial institution, and merchants are paid from a guaranteed account at a separate financial institution. Non-real-time settlement is performed between the intermediate account and the guaranteed account.

Abstract: Cloud services are provided to mobile devices. Applications access cloud services through a consolidator that consolidates the services. The mobile device may include a secure element and secure memory to which the consolidator may authenticate. Authenticated consolidators can control the lifecycle of applications and data in secure memory. Secure elements and secure memory may be embedded or integrated in the mobile device in non-removable add-on slots, or may be in a removable or remote add-on device.

Abstract: A user's mobile device is associated with multiple merchant accounts. The merchant accounts may be gift cards, prepaid cards, stored value cards, or the like. Merchant cards may be topped up automatically at the point of sale so that a large number of closed loop merchant cards operate as a virtual open loop network.

Abstract: Users perform in-application purchases when logged in to an electronic financial application. User funds are transferred into an intermediate account at the user's financial institution, and merchants are paid from a guaranteed account at a separate financial institution. Non-real-time settlement is performed between the intermediate account and the guaranteed account.