A method includes providing an initial communication, by an access device to a user device. The access device can receive the user identifier and the access token and receive a secret associated with the user. The access device can determine, using the user identifier and/or the access token, if the transaction is authorized by an authorizing entity computer associated with the access device or by an authorizing entity not associated with the access device. If the transaction is authorized by the authorizing entity computer associated with the access device, the access device can transmit an authorization request message comprising the user identifier, the secret, and the access token to the authorizing entity computer. The authorizing entity computer validates the secret, retrieves a real credential of the user using the user identifier, and authorizes the transaction.

Various switchable RFID devices are disclosed. These switchable RFID devices may include one or more RFID tags and one or more switches. Some of these one or more switches are optionally wireless. In various embodiments, the switchable RFID devices include cellular phones, security devices, identity devices, financial devices, remote controls, and the like. The switchable RFID devices are optionally disposed in a passport.

Methods and systems enable merchants to accept payments through a service provider from a consumer using an app on a mobile device, for example, without redirecting the consumer to the service provider and without collecting the customer's service provider password (a separate PIN may be used). An example of an app on a mobile device is given, but secure payments are also enabled for purchases and other transactions for a website, a merchant, or a service provider who needs to accept payments from customers. A two-key approach allows a merchant, using the two keys—a collection key for merchant apps and general servers and a private, more secure, charge key for merchant “back-end” systems—to collect a user's username and personal identification number (PIN) for acquiring payments through a service provider without compromising the user's service provider username and password (the PIN is distinct from the password).

In some examples, a method of manufacturing a densified wood transaction instrument includes boiling a sheet of wood in a chemical solution, compressing the boiled sheet of wood using a die in a press to form one or more features in the sheet of wood, during the compressing of the boiled sheet of wood, heating the boiled sheet of wood to create a sheet of densified wood, and attaching one or more payment elements to at least one of the one or more features formed in the sheet of densified wood to form a sheet of one or more densified wood transaction instruments.

A method and system for conducting an online payment transaction through a point of sale device. The method includes receiving input from a user selecting an item for purchase through the point of sale device; calculating a total purchase amount for the item in response to a request from the user to purchase the item; and sending payment authorization for the total purchase amount from the point of sale device to a payment entity, in which the payment authorization is sent to the payment entity via a mobile communication device of the user. The method further includes receiving a result of the payment authorization from the payment entity through the mobile communication device; and completing the payment transaction based on the result of the payment authorization.

A method and system for conducting an online payment transaction through a point of sale device. The method includes receiving input from a user selecting an item for purchase through the point of sale device; calculating a total purchase amount for the item in response to a request from the user to purchase the item; and sending payment authorization for the total purchase amount from the point of sale device to a payment entity, in which the payment authorization is sent to the payment entity via a mobile communication device of the user. The method further includes receiving a result of the payment authorization from the payment entity through the mobile communication device; and completing the payment transaction based on the result of the payment authorization.

A payment terminal includes a card interface and a transaction processor. The terminal receives a preliminary authorization amount, and receives application data from a payment card that is interfaced with the card interface. The application data includes an account number that is uniquely associated with the payment card. The processor generates an adjusted authorization amount from the account number and the preliminary authorization amount, determines whether the adjusted authorization amount can be authorized offline, and transmits a cryptogram request to the payment card. The adjusted authorization amount is different from the preliminary authorization amount. The cryptogram request includes the adjusted authorization amount. The processor receives a cryptogram from the payment card, receives an authorization response message confirming authorization of the adjusted authorization amount, and confirms that the cryptogram was generated from the adjusted authorization amount and from a cryptographic key that is uniquely associated with the payment card.

A method of simulating device state changes in an integrated system includes receiving a transaction request from a client device, storing the transaction request as a first event in an event log, transmitting the transaction request to a terminal device, storing the transmission of the transaction request as a second event in the event log, receiving a device response from the terminal device, storing the device response as a third event in the event log, and when the integrated system is under test, a simulator replays the stored events in the integrated system under test.

Systems, methods, apparatuses, and computer-readable media for secure generation of one-time passcodes using a contactless card. In one example, an operating system (OS) of a device may receive a uniform resource locator (URL) and a cryptogram from a contactless card. The OS may launch an application associated with the URL. The application may transmit the cryptogram to an authentication server. The application may receive a decryption result from the authentication server indicating the authentication server decrypted the cryptogram. Based on the decryption result, the application may request an OTP. The processor may receive an OTP from an OTP generator. The application may receive an input value and compare the input value to a copy of the OTP. The application may determine that the comparison results in a match, and display, based on the determination that the comparison results in the match, one or more attributes of the account.

Systems and methods are disclosed for detecting a suspicious and/or a non-suspicious activity during an electronic transaction performed by a user device. One method comprises identifying, by a monitoring and detection component, a starting check point in the electronic transaction. The monitoring and detection component may then receive contextual data from one or more sensors of the user device. Based on the contextual data and a machine learning model, the monitoring and detection component may determine whether an expected behavior occurred. Entry of user credentials may be enabled in response to determining that the expected behavior occurred, whereas the electronic transaction may be terminated in response to determining that the expected behavior did not occur.