Multifactor authentication techniques described herein may allow a user to submit a recent proof of purchase as a part of a multifactor authentication process to access an account associated with a financial institution. As part of the login process, the user may submit a proof of purchase associated with a transaction. The financial institution may determine information associated with the transaction, such as a merchant associated with the proof of purchase, a time of the transaction, the last four numbers of the transaction card used, a dollar amount, or any combination thereof. If the information matches one or more records in the transaction history of the user's account, the financial institution may authenticate the user and provide access to the account. In this way, the financial institution may leverage transaction history known to the financial institution and the user to authenticate the user.

This document describes a computer-implemented method that includes storing information in a standardized format about an organization's susceptibility to social engineering in a plurality of network-based, non-transitory storage devices having a collection of social engineering risk indicators stored thereon; importing, using an integration layer, non-standardized updated information about the organization from one or more data sources; converting, using a first analytics engine, the non-standardized updated information into the standardized format; and transmitting, via the integration layer, the standardized updated information for one or more organizations to a second analytics engine configured to determine a transaction risk indicator for a transaction.

Techniques are disclosed relating to scheduling program tasks in a server computer system. An example server computer system is configured to maintain first and second sets of task queues that have different performance characteristics, and to collect performance metrics relating to processing of program tasks from the first and second sets of task queues. Based on the collected performance metrics, the server computer system is further configured to update a scheduling algorithm for assigning program tasks to queues in the first and second sets of task queues. In response to receiving a particular program task associated with a user transaction, the server computer system is also configured to select the first set of task queues for the particular program task, and to assign the particular program task in a particular task queue in the first set of task queues.

Described herein are card-based bill payment systems and methods enabling bill payment using a transaction card within a consumer financial institution (CFI) payment platform and enabling real-time payment confirmation messaging is provided. The bill payment system includes a bill pay exchange (BPX) computing system that receives a payment initiation message from a CFI, the payment initiation message including tokenized payment credentials associated with a transaction card used to initiate a bill payment transaction with the CFI, a bill payment amount, and a biller identifier. The BPX computing system also identifies a biller service provider (BSP) associated with the biller, and transmit the payment initiation message to the BSP to initiate authorization of the bill payment transaction. The bill payment system further includes a payment processing network associated with the BPX computing system and configured to implement authorization of the bill payment transaction according to a card-based transaction model.

Aspects of the present disclosure involve a system and a method for performing operations comprising: receiving, by a messaging application, a request to access a third-party resource; in response to receiving the request, obtaining a user interface data corresponding to the third-party resource; generating, for display on a client device, a graphical user interface of the third-party resource based on the markup-language document; generating for display a menu with an option to authorize the third-party resource to access user data from the messaging application; and authorizing the third-party resource to access the user data from the messaging application in response to a user interaction with the menu.

Systems and methods disclosed herein securely provide confidential information associated with a user during an active voice call conducted using the user's mobile device. The confidential information may be provided by generating the information in spoken form and inserting the spoken information into an audio stream of the voice call. For example, a customer may be on a phone call with a customer agent. The customer agent may ask the customer for a credit card number in order to process a financial transaction. The customer may select the credit card number via an application executing on the customer's mobile phone. The application may cause the credit card number to be spoken out loud during the voice call. A voice sample of the spoken credit card number in inserted into the audio stream of the voice call and is therefore, audible to the customer and the customer agent without being overheard by a third party.

Systems and methods for authenticating identification information are disclosed. For example, an Automated Teller Machine (ATM) may comprise a user interface. The user interface may comprise a card reader. The card reader may be configured for card rotation about an axis of a bank card. The user interface may be configured to receive card rotation input from a user. The ATM may comprise at least one memory storing instructions. The ATM may comprise at least one processor configured to execute the instructions to perform operations. The operations may comprise receiving identification information from the user. The operations may comprise receiving the card rotation input. The operations may comprise extracting a card rotation sequence from the card rotation input. When the card rotation sequence is within a predetermined threshold from a stored card rotation sequence corresponding to the identification information, the operations may comprise authenticating the user for an ATM operation.

A triaged approach is implemented to detect and prevent electronic attacks against online entities and to reduce latency. Transaction requests are classified into different tiers and are treated differently based on the tier status. For example, transaction requests to conduct transactions with an entity are received from a client system. Characteristics such as rate or amounts of transactions of the transaction requests are analyzed. The characteristics are compared against specified threshold limits to assess whether the specified threshold limits are exceeded. Based on an assessment that at least one of the specified threshold limits is exceeded, a set of computer instructions is selected from different sets of computer instructions for execution on the client system. A result of an execution is received from the client system. Based on the result of the execution, a determination is made whether the transaction requests appear to have originated from a machine-automated submission process.

An apparatus includes at least one processing device configured to obtain event metadata for events published by event sources to an event platform, the event metadata comprising static event tags for respective ones of the events. The at least one processing device is also configured to generate dynamic event tags having an association with event types based at least in part on analysis of real-time event traffic comprising a subset of the events published by the event sources to the event platform over a designated time period. The at least one processing device is further configured to train a machine learning model utilizing the static event tags and the association of the dynamic event tags with the event types, receive a query comprising event parameters, and provide a response to the query by utilizing the trained machine learning model to match events with the event parameters in the query.

System and methods are provided for dynamic digital identity processing. In some embodiments, a policy request identifying a customer and a policy to be analyzed is received. A policy requirement tree associated with the policy to be analyzed is retrieved, the tree defining a set of requirements to be satisfied. Available evidence associated with the set of requirements is collected from the customer and a determination is made which requirements are satisfied by the available evidence and a subset of requirements remaining to be satisfied is generated.