A method for authenticating a user performed by an identity server computer is disclosed. The method comprises receiving, by a server, a user device identifier from an access device. The server transmits a challenge to a mobile device operated by a user, and the mobile device signs the challenge. The server receives and verifies the signed challenge and then provides the signed challenge or a portion thereof to an access device, which processes the transaction with the signed challenge.

Systems and methods are provided for extending data files beyond sources of the data files. One example computer-implemented method includes receiving, from a mobile device of a user, selection of an option to extend a data file compiled at a source party, where the option includes a unique identifier for the user and a source identifier, and soliciting, from the mobile device, an image of the user. The method also includes receiving a captured image of the user from the mobile device and retrieving, based on the unique identifier and the source identifier, the data file from the source party. The method then includes, when the captured image matches the data file, storing the data file as a reusable data file, whereby the data file is available to be provided to one or more relying parties, different than the source party, upon consent from the user.

The present disclosure includes an account binding method. In the method, an account addition page is presented in a first application that is currently logged into using an application account of the first application. Information acquisition instruction carrying user identity information in an encrypted form is transmitted to an account provider system, in response to an account addition instruction triggered. A to-be-bound account that is associated with the user identity information and acquired and fed back by the account provider system is received. The received to-be-bound account is displayed on a gateway page of the account provider system. Also, binding between the application account of the first application and the to-be-bound account is performed, when the displayed to-be-bound account is confirmed by a user operation of the gateway page.

Various embodiments for remotely sharing a payment instrument of a first user to a client device of a second user are provided. In some embodiments, a system is configured to receive a first request from a first client device to generate a beneficiary user for a payment instrument account. The system is configured to receive a second request from the first client device in order to generate a virtual payment instrument, and the second request comprises a spending policy. The system is configured to generate the virtual payment instrument for the beneficiary identifier based at least in part on the spending policy and configured to transmit a reference notification for accessing the virtual payment instrument to a second client device. The virtual payment instrument is configured to be restricted for a purchase based at least in part on the spending policy.

A multi-purpose smartcard is disclosed. a computer-implemented method of controlling a smartcard. The smartcard can include a near-field communication (NFC) system. The NFC system can be configured to communicate with remote computing systems. The smartcard can include one or more computing chips embedded in the smartcard. The smartcard receives, from a provisioning computing system accessible to a user, a transaction type indicator and transaction data, the transaction type indicator indicating a particular transaction type from a plurality of potential transaction types. The smartcard stores, in the one or more computer-readable media of the one or more computing chips, the transaction data. The smartcard communicates, using the NFC communication system and in accordance with the transaction type, the transaction data to an authentication computing system.

A system, method, and computer program product are provided for card activation. The method includes registering, during an enrollment process, an account for a user by associating the user with a communication channel outside of an electronic payment processing network; associating the user with an inactivated account identifier; receiving, via the electronic payment processing network, a transaction request message corresponding to a transaction initiated at a merchant system by the user with a payment device issued with the inactivated account identifier; in response to receiving the transaction request message, communicating a credential to the user; receiving the credential; authenticating the user based on comparing the credential received via the electronic payment processing network to the credential communicated to the user via the communication channel; in response to authenticating the user, activating the account identifier; and processing the transaction with the activated account identifier after the account identifier has been activated.

A pervasive advisor for major purchases and other expenditures may detect that a customer is contemplating a major purchase (e.g., through active listening). The advisor may assist the customer with the timing and manner of making the purchase in a way that is financially sensible in view of the customer's financial situation. A customer may be provided with dynamically-updated information in response to recent actions that may affect an approved loan amount and/or interest rate. Underwriting of a loan may be triggered based on the geo-location of the user. Financial advice may be provided to customers to help them meet their goals using information obtained from third party sources, such as purchase options based on particular goals. The pervasive advisor may thus intervene to assist with budgeting, financing, and timing of major expenditures based on the customer's location and on the customer's unique and changing circumstances.

A method for provisioning a payment account to a mobile wallet on a mobile device includes receiving, by a provider computing system, an encrypted network return address of the mobile wallet that uniquely identifies a network address of the mobile wallet when the encrypted network return address is decrypted from an initiating device, receiving, by the provider computing system, an encryption key configured to decrypt the encrypted network return address, wherein the encryption key is not provided to the initiating device, decrypting, by the provider computing system, the encrypted network return address using the encryption key, and provisioning, by the provider computing system, a payment token associated with the payment account to the mobile wallet based on the decrypted network return address received from the initiating device by transmitting the payment token to the mobile device without going through the initiating device.

Described are a system, method, and computer program product for processing a transaction as a push payment transaction. The method may include receiving, with a payment gateway processor, a transaction request from a merchant system. The transaction request may include transaction data associated with a payment device of a user, the payment device being associated with an issuer system. The method may also include generating, with the payment gateway processor, an authentication request based on the transaction data. The method may further include communicating, with the payment gateway processor, the authentication request to the issuer system. The method may further include, in response to the issuer system authenticating the authentication request, generating a push payment request including an account identifier associated with the merchant system, and communicating the push payment request to the issuer system.

A system and a method are disclosed for context-based verification flows for digital identity verification. A context-based verification system provides flexible identification procedures for various enterprises that adapted to the enterprises' services, the enterprises' customers, and these customers' needs. For example, the context-based verification system determines a first and second verification flows associated with a first enterprise and a third verification flow associated with a second enterprise. These verification flows include context parameters and verification parameters. The context-based verification system determines context parameters of a request, or “request context parameters,” when a user requests to interact with the first enterprise and determines a verification flow associated with context parameters that substantially match these request context parameters. The context-based verification system may determine that the first verification flow's context parameters substantially match the request context parameters and use the first verification flow's verification parameters to verify the user's identity.