Integrating buyer and/or merchant functionality with discoverable applications is described. In an example, applications associated with a service provider can be stored in a repository associated with the service provider. At least a part of an application of the applications is associated with a particular, discrete functionality. The service provider can determine context data associated with a user computing device and can select, based at least in part on the context data, the application from the applications, wherein at least the part of the application is to be surfaced on the user computing device. The service provider can cause a user interface associated with at least the part of the application to be presented via the user computing device, wherein the user interface enables a user of the user computing device to input data for enabling the particular, discrete functionality, and wherein a portion of the context data is used to customize the user interface for the user.

This disclosure relates to facilitating payment by a payer using a payee application installed on a mobile communication device. The device detects an interaction by the payer with respect to the payee application to initiate a payment. In response to detecting the interaction, the device selects one of multiple payment applications installed on the mobile communication device and activates the one of the multiple payment applications to allow the payer to interact with the one of the multiple payment applications using a graphical user interface provided by the one of the multiple payment applications. Finally, the device sends payment data associated with the payment from the payee application to the one of the multiple payment applications to facilitate the payment. The payer can interact with the trusted payment application, which is an advantage over other payment methods where the payer provides credit card numbers directly to the payee.

Technologies related to mobile credit payment are disclosed. In an implementation, a credit payment request is generated and sent to a user account of a credit payment application (APP) installed on a mobile computing device. A payment response message is then received from the mobile computing device. The payment response message is parsed to identify an APP public key license. A pre-stored credit authorization public key is used to verify the APP public key license and an APP public key is received from the APP public key license if the verification is successful. A payment deduction request is generated and sent to the user account of the credit payment APP. A payment authorization encrypted using asymmetric key encryption is received from the mobile computing device. The APP public key is used to decrypt the payment authorization, and a transaction log is recorded if the second response message is successfully decrypted.

A method for capturing and aggregating transactional receipts conducted at a point of sale terminal connected to a network includes (a) using a transaction device, submitting digital payment account data to the POS terminal, (b) reading the submitted data at the

POS terminal and authorizing the payment data for the transaction,(c) upon approval notification, generating at the POS terminal a QR code that includes the itemized receipt data, (d) publishing the QR code generated in (c) to a digital screen on the POS terminal or to a printed paper medium, (e) capturing the QR code in POS display or printed in (d) with a mobile device equipped to scan QR codes, and (f) storing for transfer over the network, the QR code or a human-readable version thereof for archival and access.

Techniques for enhancing the security of a communication device may include providing an application agent that executes in a trusted execution environment of the communication device, and a transaction application that executes in a normal application execution environment of the communication device. The application agent may receive, from the application, a limited-use key (LUK) generated by a remote computer, and store the LUK in a secure storage of the trusted execution environment. When the application agent receives a request to conduct a transaction from the application executing in the normal execution environment, the application agent may generate a transaction cryptogram using the LUK, and provides the transaction cryptogram to an access device.

The present application provides techniques for offline payments. The method includes: receiving an offline payment request for an offline payment through a target payment application, the offline payment being made by a user registered with the target payment application; receiving an identity authentication identifier (ID) of the user; determining that the identity authentication ID of the user matches a stored identity authentication ID previously stored for the user on the computing device; in response to determining that the identity authentication ID matches the stored identity authentication ID, receiving an offline payment certificate issued by the target payment application to the user and stored on the computing device; and providing the offline payment certificate to an offline payment service party of the target payment application, the offline payment service party configured to authorize the offline payment based on the offline payment certificate.

Technologies related to mobile credit payment are disclosed. In an implementation, a first SNEP Get Request Message is generated and sent to a mobile computing device, in response to a NFC signal received from the mobile computing device. A first SNEP Response Message is received from the mobile computing device and parsed to identify an APP public key license. A pre-stored credit authorization public key is used to verify the APP public key license and an APP public key is retrieved from the APP public key license if the verification is successful. A second SNEP Get Request Message is sent to the mobile computing device and a second SNEP Response Message is received from the mobile computing device. The APP public key is then used to decrypt the second SNEP Response Message, and a transaction log is recorded if the second SNEP Response Message is successfully decrypted.

A system for providing continuous automated verification of user identity and intent includes a processor within at least one server that implements a first processing node and a second processing node for monitoring a mirrored live-data flow of a live-data flow passing through the first processing node in a non-intrusive manner that does not affect the live-data flow passing through the first processing node to detect relevant network access and activity in the mirrored live data flow. At the second processing node, a first set of verification criteria, comprising a first set of dynamically generated dialogue of questions with associated answers to be provided by the at least one user, are dynamically generated based on live data inputs from the mirrored live-data flow and external data sources to verify an identify and an activity of the at least one user attempting to access the network prior to access and performing an activity on the network. A second set of verification criteria, comprising a second set of dynamically generated dialogue of questions with associated answers to be provided by the at least one user, are dynamically generated at the second processing node based on the responses provided by the at least one user to the first set of dynamically generated dialogue of questions to verify the identity and the activity of the at least one user attempting to access the network. A required threshold level is adjusted at which the first and second verification criteria must be met by the at least one user attempting the network access in order to allow or deny the network access and activity by the at least one user. The relevant network access and activity are denied if the verification criteria are not met at the required threshold level, to preempt unverified and unwanted access to and activity on the network by the at least one user. The relevant network access and activity are allowed if the verification criteria are met at the required threshold level. The system continues to monitor and verify the user identity and the user activity for a dynamic time period after access and activity on the network is granted to ensure continued user identity and activity fidelity.

Embodiments of the invention relate to systems and methods for efficiently provisioning mobile devices with personalization data. For some embodiments, a method is disclosed comprising receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user, generating a partial personalization script, an activation script, and a deletion script using the device information, sending the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, authenticating the user authentication information, and sending an activation message to the application provider computer, wherein the application provider computer initiates execution of the activation script.

A financial institution computing system includes a network circuit exchanging information over a network, a customer database storing financial information for a plurality of users, and a privacy shield circuit. The privacy shield circuit receives, over the network via the network circuit, a privacy shield request from an authorized user of a financial account via a user computing device. The privacy shield circuit generates a user alias for the authorized user of the financial account. The privacy shield circuit associates the user alias with the financial account in the customer database for use in conjunction with a subsequent transaction. Use of the user alias in conjunction with the subsequent transaction includes using the user alias for at least one of an authentication procedure and providing requested information to a merchant. The privacy shield circuit transmits the user alias to the user computing device over the network via the network circuit.