A reader configured to perform dual-factor authentication is provided. The reader is configured to analyze credential data as well as event-based user inputs. The event-based user inputs are received in response to the reader presenting one or more events to a user and monitoring the user's reaction thereto. Utilization of an event-based user input enables the reader to perform dual-factor authentication without necessarily being provided with a keyboard or other advanced user input device.

Systems, devices, apparatuses, and methods for providing tokenization as a service are provided. Embodiments of the invention involve decoupling “tokenization service” from other services offered by a merchant service provider, and offering the tokenization service as a stand alone service. In accordance with an embodiment, a merchant service provider can receive payment data associated with a transaction between a consumer and a first entity. The merchant service provider can generate a payment token that represents the payment data and transmit a copy of the payment token to the first entity. The first entity can then transmit the payment token and order information to a second entity specified in the transaction. The merchant service provider can subsequently receive a request to complete the transaction from the second entity. The request can include the copy of the payment token from the second entity.

A mobile device includes at least one processor, a memory and computer-executable instructions stored thereon. The mobile device is structured to determine first geolocation information indicative of a location of the mobile device and determine, based on the first geolocation information, that the mobile device is located within a predetermined geographic region from a plurality of merchant locations. The mobile device generates an electronic alert message regarding the plurality of merchant locations and displays the electronic alert message to the user. The mobile device determines a user selection of a payment card via a mobile wallet application running on the mobile device. Second geolocation information regarding a location of the mobile device is determined. A code generate a code for a purchase transaction is generated. The code includes the second geolocation information, tokenized payment card information, and a merchant identifier.

Systems and methods are disclosed for cross-platform token exchange. One method comprises receiving a primary token exchange request from an upstream entity, generating an ancillary detokenization request based on the primary token exchange request, and transmitting the ancillary detokenization request to an input token vault. An ancillary detokenization response comprising sensitive data may then be received from the input token vault, and one or more ancillary tokenization requests may be generated based on the ancillary detokenization response and the primary token exchange request. The one or more ancillary tokenization requests may be transmitted to one or more output token vaults. Subsequently, one or more ancillary tokenization responses may be received from the one or more output token vaults, each ancillary tokenization response comprising an output token. A primary token exchange response may be generated based on the one or more ancillary tokenization responses and transmitted to the upstream entity.

A method for authenticating a consumer. The method includes receiving an authorization request message associated with a consumer conducting a transaction with a portable consumer device. A challenge message is sent to the consumer, where the challenge message is dynamic or semi-dynamic. A challenge response message is received from the consumer, and an authorization response message is sent to the consumer. The authorization response message indicates whether or not the transaction is authorized.

A system includes a secondary computing device not owned by a user, a hardware processor, a memory and instructions that cause the processor to generate a transient wallet identifier (ID) for a transient mobile wallet, the transient mobile wallet being of limited duration, and provide a configuration user interface the user, presenting configuration information for the transient mobile wallet. The processor also identifies a usage specification for the transient mobile wallet defining allowed uses for the transient mobile wallet. The processor also activates the transient mobile wallet on the secondary computing device, receives a payment transaction approval request, compares the payment transaction data to the usage specification, determines that the payment transaction data is non-conforming, and transmits a rejection message for the first payment transaction.

Methods and systems for managing a digital wallet are described, including registration of payment cards and use of such payment cards. The digital wallet may be integrated into a mobile application provided by a card issuer, with the digital wallet providing integration between the mobile application and a payment service provider that provides token-based payment systems for implementing virtual cards.

A method and apparatus with provider information access authorization are provided. The method includes receiving a single sign-on (SSO) token from a provider apparatus for a validated login request by a client device for a user account, wherein the SSO token is indicative of the provider apparatus having authorized secure protocol access with the provider apparatus to access information at the provider apparatus associated with the user account, retrieving customer information from the provider apparatus using the SSO token, receiving information from the client device, confirming whether, based on the information and the customer information that a user of the user account is eligible to complete a data exchange, and in response to a result of the confirming being that the user of the user account is confirmed eligible to compete the data exchange, cause the provider apparatus to process the data exchange corresponding to the information.

A system for determining whether shoppers are eligible for frictionless checkout is disclosed. The system has a processor that obtains image data captured using image sensors positioned in a retail store. The processor analyzes the image data to identify at least one shopper at one or more locations of the retail store. The processor detects, based on the analysis of the image data, at least one product interaction event associated with an action of the at least one shopper at the one or more locations of the retail store. Further, based on the detected at least one product interaction event, the processor determines whether the at least one shopper is eligible for frictionless checkout. In response to a determination that the at least one shopper is ineligible for frictionless checkout, the processor causes delivery of an indicator that the at least one shopper is ineligible for frictionless checkout.

A client device comprises a first secure element and a second secure element. The first secure element comprises a first computer-readable medium having a payment application comprising instructions for causing the client device to initiate a financial transaction. The second secure element comprises a second computer-readable medium having a security key, a payment instrument, stored authentication data and instructions for generating a secure payment information message responsive to the payment application. The secure payment information message comprises the payment instrument and is encrypted in accordance with the security key.