Application-based point of sale systems in mobile operating systems. A first application may generate a first URL directed to a second application, a parameter of the first URL comprising an identifier of the first application. A mobile operating system (OS) may access the first URL to open the second application. The second application may receive, from a server, a virtual account number (VAN). The second application may initiate a server on a port and generate a second URL directed to the first application, a parameter of the second URL comprising the port. The OS may access the second URL to open the first application. The first application may establish a connection with the server using the specified port and receive the VAN from the second application via the connection. The first application may autofill the VAN to a form field of a payment form in the first application.

This invention is a comprehensive Dynamic Security Code (DSC) System (DSC System) that can change the security code of a prepaid, debit, or credit card (Payment Card). In an effort to thwart Card-Not-Present (CNP) fraud, the DSC System provides dynamic security code values (DSC Values) that have a limited use. The DSC Values provided by this DSC System can be calculated by various methodologies and can be used within existing standard payment card infrastructures. The DSC System can also be used with other form factors and in other environments not related to payments such as balance inquiries. The DSC Values can be calculated by a DSC Generator Server or on the card itself.

This invention is a comprehensive Dynamic Security Code (DSC) System (DSC System) that can change the security code of a prepaid, debit, or credit card (Payment Card). In an effort to thwart Card-Not-Present (CNP) fraud, the DSC System provides dynamic security code values (DSC Values) that have a limited use. The DSC Values provided by this DSC System can be calculated by various methodologies and can be used within existing standard payment card infrastructures. The DSC System can also be used with other form factors and in other environments not related to payments such as balance inquiries. The DSC Values can be calculated by a DSC Generator Server or on the card itself.

A security code input may be obfuscated from a thermal imaging device by randomly heating a random set of inputs of an input device. The security code is inputted on an input device, which communicates with a security system to grant or deny access to a user based on an entry of the security code. The input device includes a plurality of hearing elements. The input device may receive an input from the user. A random set of heating elements including one or more heating elements, are generated from the plurality of heating elements. A temperature is determined for the one or more heating elements of the random set of heating elements. The temperature is then applied to the one or more heating elements of the random set of heating elements of the input device.

An online payment system and method including a mobile device with an NFC reader capability is disclosed. An online merchant is coupled in communication between a payment network and the mobile device. A contactless EMV IC card containing card information is provided for making a payment. The card information is readable from the contactless EMV IC card by the NFC reader of the mobile device and sent to the payment network.

A system of electronic communication is disclosed. The system may: create a Pre-Authentication Transaction Number (Pre-ATN) by combining a number with a Special Encode Value (SEV), wherein the SEV is a single digit integer value; encrypt the Pre-ATN using a Format Preserving Encryption (FPE) to generate an encrypted Authentication Transaction Number (ATN); and send the encrypted ATN to an access control server (ACS) to use the encrypted ATN to generate a cardholder Authentication Verification Value (CAVV) or an Accountholder Authentication Value (AAV).

Methods for operating a portable electronic device to conduct a mobile payment transaction at a merchant terminal are provided. The electronic device may verify that the current user of the device is indeed the authorized owner by requiring the current user to enter a passcode. If the user is able to provide the correct passcode, the device is only partly ready to conduct a mobile payment. In order for the user to fully activate the payment function, the user may have to supply a predetermined payment activation input such as a double button press that notifies the device that the user intends to perform a financial transaction in the immediate future. The device may subsequently activate a payment applet for a predetermined period of time during which the user may hold the device within a field of the merchant terminal to complete a near field communications based mobile payment transaction.

Devices, systems, and methods for securely converting a user's existing static payment card data into dynamic card data that can be authenticated by card issuers or by a stand-in service provider, such as a payment network or processor without requiring the card issuers to make infrastructure changes. The dynamic data can be provisioned onto a magnetic secure transmission device (MST) either directly from a card issuer or using a swiper type device. Devices, systems, and methods are also disclosed for securely provisioning a dynamic card onto the MST by the card issuer. These dynamic cards may be used to transmit modified one-time-use card track data from the MST to a point of sale using a dynamic-CVV methodology to provide higher levels of security during a transaction.

A processor of a computing device may receive, from a contactless card, a uniform resource locator (URL) and a cryptogram. An operating system (OS) executing on the processor may open an application based on the URL. The application may transmit the cryptogram to an authentication server. The application may receive, based on the server verifying the cryptogram, an account number. The application may store the account number in a memory of the device.

An authentication method includes assigning a risk status to a request received from a remote interaction system, transmitting a notification communication to a device associated with the request, monitoring interaction data from an interaction network, and identifying, from the monitored interaction data, authentication interaction information, the authentication interaction information including a coded sequence and a predetermined authentication identifier. The authentication method also includes comparing the coded sequence in the authentication interaction information to an expected coded sequence and transmitting a verification communication after determining the coded sequence in the authentication interaction information matches the expected coded sequence.