A method for tokenization of information associated with a payment card includes: transmitting a registration request including a primary account number (PAN) of the payment card to a server; sending, by the server, a request for a secure element (SE) package that includes a payment token and a payment-token-key to an issuer server, the payment token being a surrogate value of the PAN; and in response to receipt of the SE package from the issuer server, transmitting the SE package to an electronic card to be stored therein.

Disclosed are various embodiments for using aggregated transaction accounts to make purchases. A transaction authorization request for a transaction is received from a merchant device, the transaction authorization request comprising an aggregated transaction account identifier, a transaction amount, and a merchant identifier. Multiple linked transaction accounts associated with an aggregated transaction account identified by the aggregated transaction account identifier are then identified or selected. At least a portion of the transaction amount is debited from each of the multiple linked transaction accounts. Then, an authorization response is sent to the merchant device, the authorization response indicating that the transaction is authorized for the transaction amount.

Systems and methods for authentication may include an authentication system. The authentication system may include a processor and a memory. The memory may contain a unique identifier, a counter, a session key, and a PAN sequence number. The processor may be configured to receive an authentication request. The processor may be configured to generate, in response to the authentication request, a virtual card number and a dynamic security code based on mapping with a plurality of parameters of a cryptogram including at least one selected from the group of the unique identifier, the counter, the session key, and the PAN sequence number. The processor may be configured to transmit the virtual card number and the dynamic security code to complete the authentication request.

A user enables a communication, such as through a tap, between an NFC-enabled payment or funding card and a mobile device. Card information, such as the card number, type, and expiration date, are read by the mobile device. The user is then authenticated through the user device, such as by entering a CVV code, a PIN for the card, a cardholder name, and/or a billing address for the card. If confirmed, the card is added to the user's mobile/cloud wallet.

It is desirable for a merchant to not store customer PCI (Payment Card Industry) data in the merchant's system, because this would reduce cost and risk to the merchant. But the merchant still wants access to the customer primary account number (PAN) and other PCI data elements for customer authentication, customer relationship management, etc. Therefore, this specification discloses systems and methods that allow a pPOS (personal Point of Sale) device to create a mirror of the original transaction and provide that to the merchant. Then the merchant would still have access to the customer PAN and other PCI data elements, but there are no PCI or payment data in the mirror transaction, so cost and risk are reduced for the merchant.

A system and method of identifying a credit card input field on a webpage is described. A processor may determine if a user's input includes a numerical sequence. The processor may determine if the number of digits in the numerical sequence matches a value that is pre-determined by a financial service provider. The processor may determine if one or more opening digits of the numerical sequence match a sequence that is pre-defined as identifying a financial service provider. The processor may validate the numerical sequence using a pre-determined algorithm. The processor may determine if any labeling texts associated with the input field match pre-determined texts. The processor may generate a file labeling the input field as a credit card input field.

A device receives, from a user device, a request to generate a verification code for a transaction associated with a user of the user device, and receives user profile information associated with a transaction card to be used for the transaction. The device generates a random verification code for the transaction based on the request and the user profile information, and authenticates the random verification code, based on the user profile information, to generate an authenticated random verification code. The device provides the authenticated random verification code to the user device, and receives transaction information, including the authenticated random verification code, from a merchant device associated with the transaction. The device validates the transaction based on the transaction information, and provides, to the merchant device associated with the transaction, information indicating that the transaction is validated.

A system, apparatus, and method for expediting the authorization of an electronic payment transaction. Authorization of a transaction at a node of an authorization network is the result of inferring the trustworthiness of a customer to the transaction using data obtained from a different node of the authorization network. The authorization process is expedited by relying on the previous authentication decision of another node, where the previous decision may have been made based on a different payment device or different user inputs. The invention uses a decision made by a first node in the authorization network as a proxy for the authorization decision at a different node, thereby transferring the trustworthiness of a consumer, consumer's device, payment device, or other aspect of the transaction from the first node to the second.

A method is disclosed. The method includes generating, by a communication device during an interaction with an access device, a cryptogram using transaction level data and interoperability level data; transmitting the transaction level data and interoperability level data to the access device; and transmitting the cryptogram the access device, wherein the access device or a remote server computer in communication with the access device validates the received cryptogram before allowing the transaction to proceed.

A method and system for performing a calculation of a privacy preserving scalar product are provided. A first party and a second party (e.g., a first computer and a second computer) possessing a first vector and a second vector respectively, can concurrently determine the scalar product of the two vectors, without revealing either vector to the other party. Each vector can be masked and then encrypted using a public key of an asymmetric key pair. Using homomorphic encryption operations, the scalar product of the vectors can be determined while the vectors are still encrypted. Each party can compare the scalar product, or a value derived from the scalar product against a predetermined threshold. As an example, two parties can perform the scalar product to compare two biometric templates expressed as vectors without revealing the biometric templates to one another, preserving the privacy of persons corresponding to those biometrics.