Techniques described herein are directed to point-of-sale (POS) authorization and access control. A POS application operating in a first state can send a first instruction to a reader device to prepare to read payment data associated with a payment instrument and, responsive to receiving the payment data from the reader device, can process a transaction using the payment data. In a second state, the POS application can send a second instruction to the reader device to prepare to read non-payment data associated with an identification instrument of a user and, responsive to receiving the non-payment data from the reader device, can verify an identity of the user and/or grant the user permission to perform an operation. The POS application can transition between the first state and the second state based at least in part on a type of instrument to be read by the reader device.

A system and method for checking the sanction status of an entity to determine whether the entity is prohibited from engaging in transactions with an organization. The system and method include receiving a request to form an agreement between an organization and an entity and maintaining, in a sanctioned entity blacklist, associations between a plurality of entities and a plurality of identifiers. Each identifier of the plurality of identifiers indicates that a respective entity of the plurality of entities has sanctioned entity status prohibiting the respective entity from engaging in a transaction with one or more organizations. The system and method include determining a sanctioned entity status associated with the entity based on a digital certificate and the sanctioned entity blacklist. The system and method include generating, responsive to determining the sanctioned entity status associated with the entity, an error condition indicating that the digital certificate failed validation.

A computer-implemented method for enabling transaction-risk evaluation by resource-limited devices. The method includes receiving from a financial network transaction data, defining transactions in the network, and generating, based on the transaction data, a transaction graph comprising nodes, representing parties to transactions, interconnected by edges representing transactions between parties represented by the nodes. For each of at least some nodes, at least one risk attribute provided in the transaction graph. The method includes receiving from a resource-limited device a request describing a potential transaction, identifying at least one counterparty node, deriving transaction-risk data, dependent on aggregated risk attributes of the counterparty node and a selected set of nodes reachable from that node via edges, and sending to the device a response comprising the transaction-risk data for evaluation of risk of the potential transaction.

A system for routing an identity validation request comprises at least one processor in communication with computer-readable storage, the computer-readable storage having stored thereon instructions for causing the at least one processor to: receive, from a requesting device, an identity validation request, the identity validation request comprising identity data and a payment credential; determine, from the payment credential, an issuer of the payment credential; transmit, to the issuer, a verification service request message that comprises the identity data and the payment credential; receive, from the issuer, a verification service response indicating whether or not the identity data has previously been associated with the payment credential; and based on the verification service response, transmit, to the requesting device, an indication as to validity of the identity data.

Embodiments include systems and techniques to perform secure transactions including processing registration information for each computing device of a plurality of computing devices having authority over a financial account. In one example, embodiments include receiving a pending transaction against the financial account from a computing device. Embodiments include executing an authentication protocol to determine the computing device is a member of the plurality of computing devices based upon the registration information, and processing data identifying another computing device within a configurable distance from the computing device. Embodiments further include the system to execute the authentication protocol to determine the other computing device is a member of the plurality of computing devices based upon the registration information and bypass a portion of a security procedure for authorizing execution of the pending transaction.

System and methods are provided for dynamic digital identity processing. In some embodiments, a policy request identifying a customer and a policy to be analyzed is received. A policy requirement tree associated with the policy to be analyzed is retrieved, the tree defining a set of requirements to be satisfied. Available evidence associated with the set of requirements is collected from the customer and a determination is made which requirements are satisfied by the available evidence and a subset of requirements remaining to be satisfied is generated.

A method for processing disputes in a multi-tenant architecture system includes receiving, at a first service provider, a dispute request from a second service provider that manages entity identities of a plurality of customers. The dispute request indicates a disputed transaction between a customer of the plurality of customers and another entity. The method includes accessing an identity manager to determine a customer representation, the identity manager previously onboarded the plurality of customers as a plurality of customer representations. The identity manager is hosted by the first service provider that manages customer representations corresponding to entity identities of the customers. The dispute request is propagated with the customer representation to a dispute management engine that determines an outcome for the dispute, the determination based on characteristics of the disputed transaction and on characteristics of the customer. The method also includes propagating the determination to the second service provider.

A device may receive, from a point-of-sale (POS) device, transaction data associated with a transaction between a customer and a merchant associated with the POS device. The device may determine a customer email address and other data associated with the transaction, the customer, or the merchant, based on the transaction data and customer data identifying the customer, and may process the customer email address, the other data, and social media data, with a machine learning model, to identify a social media account of the customer. The social media data may include data identifying multiple social media accounts, and the multiple social media accounts may include the social media account of the customer. The device may determine, based on the social media data, whether the social media account of the customer follows the merchant, and may perform actions based on whether the social media account follows the merchant.

A method begins with a server in a data communication system establishing an initial validity of an exchange item that includes data regarding a quantifiable value, a serial number, and issuance information, where the initial validity authenticates the exchange item and the data. The method continues with the server executing a secure custody protocol to establish that a first computing device has secure custody of the exchange item and to maintain validity of the exchange item. The method continues with the server transferring the secure custody of the exchange item from the first computing device to the server or to a second computing device. When the exchange item is in the secure custody of the server the method continues with the server modifying the data of the exchange item to produce a modified exchange item and transferring secure custody of the modified exchange item to the first computing device.

A system and method for adding a virtual credit account to a mobile device is disclosed. The system receives a contact information for a customer at a store's electronic device, the contact information comprising: at least one of a device identifier (ID) and a user ID, the contact information being part of a request for a pre-existing credit account to be added to the customer's mobile device. An access to an account lookup/verification for the pre-existing credit account is provided to the customer's mobile device, the access generate an out-of-band verification. the request for the pre-existing credit account to be added to the customer's mobile device in conjunction with the out-of-band verification is provided by the customer's mobile device. The pre-existing credit account is then added to the customer's mobile device in a digital format allowing the customer to make a purchase.