Abstract: Disclosed are a method and computer system for quantifying identity risk associated with an agent's request for access to online resources using valid credentials of an authorized user. The likelihood that the agent is the authorized user is computed using access request data, historical access data for the authorized user, and identity risk signal data collected from open source intelligence (OSINT) and other external identity risk data sources. The likelihood may be based on the distance between the current digital fingerprint, which in an embodiment is a high-dimensional vector comprising identity risk signal data, and a similar historical digital fingerprint for the authorized user, or, alternatively, the deviation from mean between a current weighted risk score comprising the identity risk signal data and the historical weighted risk scores for the authorized user.

Abstract: Embodiments of the inventive concept provide a method, program, and system for providing a virtual corporate card-based financial transaction that may reduce the issuance of unnecessary physical corporate cards and may conveniently and quickly manage the issuance and management of corporate cards in real time.

Abstract: A system for managing and transferring a virtual shopping cart. The system includes a product identification system that is programmed to identify products from a product identification tag, a cart identification system that is configured to generate a cart identifier that uniquely identifies the virtual shopping cart, and a cart management engine. The cart management engine is configured to receive products to add to the virtual shopping cart from the product identification system, associate the products with the cart identifier, and transfer access to the virtual shopping cart from a first device to a second device.

Abstract: An access control system includes a plurality of physical access control readers that form a reader network which utilizes a first communication protocol. The system includes a plurality of mobile communication devices each having a first communication interface and a second communication interface. The first communication interface enables the mobile communication devices to access a mobile communication network which utilizes a second communication protocol, and the second communication interlace enables the mobile communication devices to communicate with the access control readers. The plurality of physical access control readers exchange status information for the plurality of physical access control readers and for the plurality of mobile communication devices over the reader network.

Abstract: A method for tokenization of information associated with a payment card includes: transmitting a registration request including a primary account number (PAN) of the payment card to a server; sending, by the server, a request for a secure element (SE) package that includes a payment token and a payment-token-key to an issuer server, the payment token being a surrogate value of the PAN; and in response to receipt of the SE package from the issuer server, transmitting the SE package to an electronic card to be stored therein.

Abstract: An authentication apparatus that performs authentication of a client terminal by challenge-response authentication, the authentication apparatus includes one or more computers each including a memory and a processor configured to: receive a challenge request from the client terminal; generate a challenge as to the challenge request; and transmit the challenge to the client terminal. The memory and the processor are configured to generate the challenge by one generating method out of a fixed generating method in which a challenge of a fixed value is generated, and a random generating method in which a challenge of a random value is generated, in accordance with a state of the authentication apparatus.

Abstract: A purchasing system is provided and generally includes a server (e.g., application server), an associate computing device, and a customer computing device. The server can generate an order check-in request associated with a purchase order. The server can add a link to the order check-in request such that activation of the link directly provides an order check-in response to be transmitted to the server indicating that check-in is to be initiated. The server can transmit the check-in request to a remote terminal. The server can receive an order check-in response from the remote terminal in response to transmitting the check-in request, and can initiate check-in for the purchase order in response to receiving the order check-in response.

Abstract: A method for providing a secure user interface on a computing device comprising: receiving, from a user application, a request to utilise a secure user interface on the computing device; obtaining, by a first countermeasure module, first information associated with a security context of the computing device; generating, by the first countermeasure module, a first security assessment based on analysis of the first information; determining, by a security determination module, whether to permit the request to utilise the secure user interface based on the first security assessment; and responsive to a positive determination, enabling access by the user application to the secure user interface.

Abstract: Systems and methods for facilitating identity verification and authentication for users are disclosed. Exemplary implementations may: receive items of personal information pertaining to a particular user, through an online platform associated with a particular organization; perform verification actions based on the received items; create a user data vault to securely store the received items; create a user token and transfer it to the online platform; receive an identity verification request on behalf of the particular user; initiate challenge protocols; responsive to the one or more challenge protocols completing satisfactorily, transfer the user token to the online platform; receive a validation request from a backend server of the particular organization, wherein the validation request includes the user token; access the user data vault based on the validation request; transfer a response to the backend server; and/or other steps.

Abstract: A login system allows users to access computer systems without using a password. The passwordless system and method can use other information to securely and reliably identify true authorized system users. The identity of a user can be associated with their mobile device. The login can be based upon a minimal amount of information such as a name and a phone number which can be stored as an identification record for each of the users in a database.

Abstract: A system, a medium, and a method are provided to send compensation data to devices at one or more locations where the data is retrievable. For example, a communication interface of a server device accesses request data, where the request data includes an indication of one or more locations where a compensation amount is retrievable. A compensation data component generates compensation data based on the indication of the one or more locations where the compensation amount is retrievable. A location component determines a location of a client device that corresponds to the one or more locations. A transceiver transmits the compensation data to the client device based on the determined location of the client device that corresponds to the one or more locations.

Abstract: In some embodiments, a processor may receive a claim, where the claim relates to an event. The processor may identify characteristics of the claim. The processor may determine, using an AI model, an alert reason based on a similarity of the characteristics of the claim to characteristics of one or more other claims. The processor may generate an alert notification, and the processor may output the alert notification to a user.

Abstract: A method and system for multi-account payment processing are described. An example method includes: receiving, at a computing system and for a payment transaction involving one or more items, information associated with a purchaser, wherein the information is associated with a plurality of accounts, and wherein each of the plurality of accounts is associated with distinct account information; determining, at the computing system and based on one or more account selection criteria, one or more accounts of the plurality of accounts to use for processing the payment transaction, wherein the one or more account selection criteria include at least one of merchant type or available funds in the plurality of accounts; and processing, at the computing system, a respective aspect of the payment transaction corresponding to a respective item of the one or more items using a respective account of the determined one or more accounts.

Abstract: A method includes receiving a request for payment credentials. The request indicates an account from which payment for a transaction is to be made. A payment token is looked-up that corresponds to the indicated account. Dynamic expiry data and a dynamic token verification code are generated. As a response to the request, the looked-up payment token, the generated dynamic expiry data and the generated dynamic token verification code are transmitted.

Abstract: A system, apparatus, and method for electronically transferring value using a portable electronic device. In one embodiment, a method for transferring funds to or from play a portable electronic device to facilitate playing a game of chance on a portable electronic device.

Abstract: Methods and systems for modifying network traffic data. The method of modifying network traffic data may include receiving a network traffic data unit by a switching engine; performing an analysis on the network traffic data unit to obtain network tunnel information; generating encryption information based on the network tunnel information; and securing the network traffic data unit, by an encryption engine, based on the encryption information.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal.

Abstract: First data from a first application logically located in a first security zone may be identified. A processing device may determine a second application is logically located in a second security zone having a higher trust level than the first security zone based on configuration data. The first data may be communicated, via an interoperation bus, to the second application based on the second security zone having the higher trust level.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal.

Abstract: Described herein is a network apparatus with secure element and related systems, methods, and apparatuses. A described method includes receiving a request to perform a transaction. The method also includes obtaining confirmation that a network address associated with the request corresponds to a registered physical address. The method further includes obtaining account data and conducting a transaction using the account data.

Abstract: This disclosure relates to systems and methods for performing single input based multifactor authentication. Multifactor authentication refers to an authentication system with enhanced security which utilizes more than one authentication forms to validate identity of a user. Conventionally, the process of multifactor authentication is a serial process which involves inputting of authentication information multiple times. However, with conventional approaches, delay is introduced in execution of the multifactor authentication process. The method of the present disclosure addresses unresolved problems of multifactor authentication by enabling two or more factors to be assessed simultaneously making the authentication process faster without sacrificing the robustness of authentication process. Embodiments of the present disclosure analyzes spoken response of the user to a dynamically generated question for multifactor authentication.

Abstract: A computer-implemented system for streamlining encryption payload of a card transaction from a transaction code transaction via a merchant inside a restricted computer network firewall. A wallet application stores data of a payment device, and the wallet application retrieves information of a merchant and a transaction via a transaction code. In response to the retrieved information, the wallet application generates an encrypted payload. The wallet application transmits the encrypted payload to a payment facilitator within the restricted computer network firewall. After decryption of the encrypted payload, the payment facilitator transmits a decrypted payload in one payment packet to the payment processing server outside the restricted computer network firewall.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed that determine a dynamic password update notification interval based on a breach risk classification and an automatic password update mechanism of an online service with which a user has an account. The disclosed methods, apparatus, systems, and articles of manufacture generate a password update suggestion and/or an automatic password update for the user at the dynamic password update notification interval determined by the processor circuitry.

Abstract: A method, apparatus, and method for facilitating communications with an underwater platform. A communications system comprises an unmanned aerial vehicle, a radio frequency communications system, a laser communications system, and a controller. The unmanned aerial vehicle comprises a first section and a second section. The first section is moveably connected to the second section. The radio frequency communications system is connected to the first section of the unmanned aerial vehicle. The radio frequency communications system comprises a first parabolic antenna. The laser communications system is connected to the second section of the unmanned aerial vehicle. The laser communications system comprises a second parabolic antenna. The controller is configured to control the laser communications system to transmit incoming information in a transmit laser beam to the underwater platform submerged in a body of water.

Abstract: A ticket exchange server is configured to monitor seat usage in a stadium during an event. The ticket exchange server provides a first ticket for a seat to a first client device in response to a request from a first user of the first client device. The ticket exchange server unlocks the seat in response to detecting a presence of the first user at the seat. The ticket exchange server receives an indication from the first user surrendering the seat prior to completion of the event and locks the seat. The ticket exchange server provides a second ticket for the seat for a remainder of the event to a second client device of a second user in response to a request for the seat from the second client device. The ticket exchange server unlocks the seat in response to detecting a presence of the second user at the seat.

Abstract: A method for issuing a personalized financial transaction card including receiving customer information and card information from a customer at the branch location, the card information including a card PIN, inputting the customer information and at least some the card information into a data processing terminal at the branch, communicating the customer information and the card information across a network to a card services provider, entering the PIN into a PIN database, generating a reference number, storing the reference number and at least some of the customer data and card data in a card file, retrieving the PIN from the PIN database, using the retrieved PIN to apply calculations to the card file, securely sending the card file from the card services provider across the network to the branch location, and using information from the card file, printing the financial transaction card for the customer at the branch location.

Abstract: Disclosed is an RFID antenna including: a central inductive circuit; and at least two lobes extending radially from the central inductive circuit.

Abstract: Systems, computer-implemented methods, apparatus, and/or computer program products that can facilitate electronic generation and/or display of enhanced, transaction-based QR codes are provided. In various embodiments, a system can receive, from an electronic beacon of a point-of-sale device, context data characterizing a transaction facilitated by the point-of-sale device. In various instances, the system can generate a quick response (QR) code based on the context data and based on financial instrument data, such that the context data and the financial instrument data are embedded within or correlated to the QR code. In various aspects, the system can visually render the QR code on an electronic display, such that the QR code is scannable by the point-of-sale device.

Abstract: A system for accepting the input of a PIN comprises a first device receiving a randomized PIN layout derived on a fourth device. The randomized PIN layout is displayed on a display of the first device. A second device comprises an input for accepting a series of key presses to produce a PIN token. The PIN token indicating each of the series of key presses. A third device is in communication with the second device. The third device derives the randomized PIN layout and receives the PIN token from the second device without the PIN token being present on the first device. The third device combines the PIN layout and the PIN token to produce a PIN. The PIN is used to authenticate a transaction. The fourth and third devices each store a shared secret used to independently derive the randomized PIN layout on the fourth and third devices.

Abstract: Systems, methods, articles of manufacture, and computer-readable media for verification of medical status using a contactless card. An application may receive a request specifying a subject and a medical condition. The application may receive a cryptogram from a contactless card. The application may receive a decryption result from a server and determine that the server decrypted the cryptogram. The application may receive, from the contactless card, a medical attestation, a digital signature of the medical attestation, and a public key of the digital signature. The application may decrypt the digital signature based on the public key of the digital signature and verify the medical attestation based on the decrypted digital signature. The application may determine, based on the verification of the medical attestation, that the subject is immune to the medical condition. The application may output a result that the subject is immune to the medical condition.

Abstract: A computer implemented method for masking a primary account number between a party and a service provider. A plurality of transaction records from a database is retrieved. A masking value is generated in response to having a first hash function executed on a primary account number. The receiving, at the service provider, the masking value from the client execution environment without the primary account number; wherein the server execution environment lacks identification of the affiliation between the primary account number and the party. Upon confirming that the first hash function is identical to the second hash function, matching the masking value to the second masking value. In response to a match, querying the database for transaction history associated with the masking value. An analysis report is generated.

Abstract: A method for providing identification using an endpoint device is disclosed. The endpoint device may include an electronic identity that is unique and can be securely stored. The electronic identity may be passed to an access device along with signed interaction data and a cryptogram. The access device may generate an authorization request with the cryptogram and may send it to a remote server computer for further processing.

Abstract: There are provided systems and methods for monitoring device application usage for completion of checkout data processing. A computing device may be utilized to perform one or more actions while utilizing an application executable by the device, including a browser application or merchant application that allows a user to view an online marketplace and purchase items in a transaction. Prior to checkout and transaction processing, the device may be used to browse items, and items may be added to a shopping cart. However, the device may not finish electronic transaction processing for the items, for example, where the device does not enter transaction processing details and/or navigates away from the items or cart. A service provider may utilize past actions to determine whether the action indicates that the device is abandoning use of the application, including electronic transaction processing. If so, an incentive may be provided to continue use.

Abstract: Disclosed implementations may include receiving a first communication comprising first content generated by a first user; identifying authentication metadata embedded within the first communication; receiving a second communication generated by a second user, wherein the second communication comprises second content and the authentication metadata; decoding the authentication metadata from the second communication; parsing the first content of the first communication and the second content of the second communication; determining that the first content is different than the second content based at least in part on the parsing; and generating an alteration notification based at least in part on the determining.

Abstract: Systems and methods for facilitating identity verification and authentication for users are disclosed. Exemplary implementations may: receive items of personal information pertaining to a particular user, through an online platform associated with a particular organization; perform verification actions based on the received items; create a user data vault to securely store the received items; create a user token and transfer it to the online platform; receive an identity verification request on behalf of the particular user; initiate challenge protocols; responsive to the one or more challenge protocols completing satisfactorily, transfer the user token to the online platform; receive a validation request from a backend server of the particular organization, wherein the validation request includes the user token; access the user data vault based on the validation request; transfer a response to the backend server; and/or other steps.

Abstract: Methods and systems are disclosed for providing Near Field Communications. In certain embodiments, an Android mobile operating system based mobile device is configured with software that, when executed by one or more processors, determines whether the mobile device is to perform an NFC communication with a contactless payment terminal (CPT) using a secure element associated with an NFC controller included in the mobile device. Based on the determination, the mobile device is configured to execute software that performs communications with the CPT using the NEC controller.

Abstract: Systems and methods of anti-vishing OTP protection via machine learning techniques are disclosed. In one embodiment, an exemplary computer-implemented method may comprise: receiving a permission indicator identifying a permission by the user to detect OTPs and calls being received by a computing device; receiving an indication of an OTP data item being received; processing the OTP data item to determine a time duration during which a particular OTP included therein is valid; utilizing a trained OTP protection machine learning model to determine phone number(s) as presenting a security risk with respect to the OTP data item; and instructing the computing device to commence at least one security measure based at least in part on a contact list updated with an indication that the phone number(s) present a security risk with regard to the particular OTP during the time duration of the particular OTP.

Abstract: A system for digitally verifying credential sets and its method of use are provided. A credentials set is made up of a number of credentials, each linked to a particular Entity. If all of the credentials are validated and verified, then the credentials' status identifier will be set to a value. If the various status identifiers meet a predetermined value, the set will be verified and digitally signed.

Abstract: A point-of-sale system is a dual-screen stand assembly that includes a merchant terminal and a consumer terminal. The merchant terminal and the consumer terminal can be mated together in a fixed position to form a single unitary stand, or can be separated from each other in a separated position with each terminal serving as its own separate stand. The merchant terminal supports a merchant computing device and is oriented in a merchant-facing direction. The consumer terminal is detachably mated to the merchant terminal and supports a consumer computing device that is oriented in a consumer-facing direction. The point-of-sale system also includes a card reader as part of the customer terminal to perform a payment. The card reader is configured to accepting swipe cards, chip cards or contactless (EMV or NFC) payments.

Abstract: A computer-implemented platform (1000) for conducting an electronic payment transaction between a user (104) and a merchant (102, 103) is provided. The platform (104) includes a computer system (100) configured for the generation of a data structure containing payment data; a mobile device (106, 800) associated with a user (104) configured to use the data structure generated by the computer system (100) to communicate an electronic message reflecting payment instructions; and a merchant or processing terminal (102, 103, 108) configured for communication with the mobile device (106) to receive the electronic message, and formulate a request to process the electronic payment transaction. Corresponding methods and computer-readable media are also provided.

Abstract: Methods, systems, and apparatuses are described herein for improving the security of personal information by preventing attempts at gleaning personal information from authentication questions. A computing device may receive a request for access to an account associated with a user. The request may comprise candidate authentication information. Based on comparing the candidate authentication information with the account data, the computing device may generate a synthetic authentication question. The synthetic authentication question may be generated as if the candidate authentication information is valid. A response to the synthetic authentication question may be received, and the request for access to the account may be denied.

Abstract: A electronic device including an integrated circuit, the integrated circuit comprising a secure element electronic circuit and an electronic radio communication circuit, the secure element having stored therein firmware program code configured to implement operating system functions, the operating system functions including a data receiving function and a data transmitting function, wherein the firmware program code is further configured to control the secure element to determine in the received data custom program code for a custom application, and to store the custom program code in the memory of the secure element, and to implement an application programming interface configured to receive from the custom application requests for called operating system functions, and to execute the called operating system functions for the custom application.

Abstract: Methods and systems for secure communication over an unsecure communication channel, including a server, to send at least one access token to a computerized device over a secured communication channel, and a terminal, to receive from the computerized device, over an unsecure communication channel, at least a second token, where said second token is based on the access token received from the server.

Abstract: Methods and systems for virtual checking are described. In some embodiments, information for a virtual check created in a mobile device associated with a payor can be received from the mobile device. The information may include an amount of the virtual check. A computer system may determine whether there are sufficient funds to cover the amount of the virtual check and may place the funds in the amount of the virtual check in reserve when the funds are sufficient to cover the amount of the virtual check.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal.

Abstract: A system for associating a device to a user of a service hosted at a remote location may include a device, a WAN, and equipment. The user may identify a wireless network of the device and connect to the device using equipment. An application on the equipment may generate a key and send the key to the device. The device may then connect with the service and transmit the key to the service. The application may disconnect from the device and connect with the service. The application may send a request to the service to associate with the device, sending the key with the request. The service compares the keys received from the device and the application. If the respective keys match, then the service may associate the device to the user of the service. Otherwise, the association is denied.

Abstract: To provision a client application on a client device, a user may be provided with a QR code, a one-time password, or a manual entry page for starting a credential provisioning process via a credential provisioning service provided by a credential provisioning server in a secure network. The client application may include information on trusted servers operating in the secure network. The credential provisioning server may operate to perform a sequence of actions to verify user credentials and determine, based on rules applicable to the user, the client device, or a combination thereof, whether the client application is to be provisioned on a client device. If so, the credential provisioning server may operate to generate a key pair, obtain a signed certificate, encrypt them, and send them to the client device such that the client application can use them to establish a mutual secure connection with a trusted server.

Abstract: Systems and methods for enabling exchange of tradeable items are disclosed. Exemplary implementations may: receive the first tradeable item from a user; determine whether the received first tradeable item is a valid tradeable item within the online gaming platform by identifying the first tradeable item based on the first item-identifying information and by verifying the first tradeable item is a valid tradeable item within the online gaming platform; responsive to determining the received first tradeable item is valid within the online gaming platform, select a second tradeable item from a repository of tradeable items; and dispense, from the repository, the second tradeable item to the user.

Abstract: A login system allows users to access computer systems without using a password. The passwordless system and method can use other information to securely and reliably identify true authorized system users. The identity of a user can be associated with their mobile device. The login can be based upon a minimal amount of information such as a name and a phone number which can be stored as an identification record for each of the users in a database.