A one-time password (OTP) is transmitted to an authorized wireless device for use an authentication factor, even though the OTP may be intercepted or otherwise viewed with an unauthorized device. When a secure request is initiated that requires entry of an OTP as an authentication factor, a hyperlink is transmitted to a wireless device from which the secure request is initiated. When the hyperlink is selected, a connection is established with an entity that determines mobile number information associated with the SSL connection. Comparison of the determined mobile number information and the mobile number of the wireless device to which the hyperlink was intended to be sent indicates whether the wireless device that has established the SSL connection is the authorized wireless device. The OTP is displayed on the wireless device after that device has been verified as the authorized wireless device.

Systems and methods are provided for blocking charges from a merchant to a payment account of a user. An exemplary system may include one or more memory devices storing instructions and one or more processors configured to execute the instructions to perform various operations. The operations may include receiving, from the user, a dispute request to dispute a charge to the payment account applied by the merchant. In response to the dispute request, the operations may include determining whether to block subsequent charges applied by the merchant to the payment account, based on a history of charging activities of the merchant. Responsive to a determination to block subsequent charges, the operations may include adding the merchant to a block-charge list associated with the payment account.

Systems and methods for authentication may include a first device including a memory, a communication interface, and one or more processors. The memory may include a counter value, transmission data, and at least one key. The one or more processors may be in communication with the memory and communication interface. The one or more processors may be configured to create a cryptogram using the at least one key and counter value, wherein the cryptogram includes the counter value and the transmission data; transmit the cryptogram via the communication interface; update the counter value after cryptogram transmission; receive an encrypted access token via the communication interface; decrypt the encrypted access token; store the decrypted access token in the memory; and transmit, after entry of the communication interface into a communication field, the access token via the communication interface for access to one or more resources, wherein the access token is encrypted.

Implementations of the present application provide data interaction methods and devices. In one example implementation, authorization data for a current interaction are received from a remote server, wherein the authorization data comprises signature information, time information of current authorization, a random number of the current authorization, and a threshold. The authorization data are verified by performing at least one of: comparing the time information comprised in the authorization data with a current time; determining whether the random number comprises in the authorization data exists in a previous data interaction; or determining whether the data of the current interaction exceeds the threshold comprised in the authorization data. Whether to cancel the current interaction is determined based on the verification of the authorization data.

Aspects of the invention relate to a smart card that leverages emerging technology hardware to enhance secure release of sensitive data associated with the smart card. The smart card may include an OLED display. The device may include one or more biometric sensors. Embodiments may include pairing a device with a portal used to access sensitive data. When accessing the portal, the user may be required to verify that the device is present before gaining access to the sensitive data.

A server, with access to information about the spending of consumers, is operative to register when any of the consumers develops a new payment channel which is not tracked by a payment network. In respect of such consumers, the server automatically analyses the tracked spending behavior of the consumers before and after the new spending channel is opened, to identify differences between the spending behavior before and afterwards. By aggregating this information among multiple consumers, and multiple merchant classes, the server obtains data characterizing consumer spending using the new payment channel.

A method of verifying a location of an accountholder is provided. The method is implemented using a location verification (LV) computing device. The method includes receiving a first data message including first transaction data associated with a travel-related card-not-present transaction of the accountholder to a target location, analyzing the first transaction data to extract a first location identifier associated with the target location, receiving a second data message including second transaction data for a target location transaction performed by the accountholder at a merchant computing device associated with the target location, analyzing the second transaction data to extract a merchant location identifier corresponding to the merchant computing device for the target location transaction, verifying that the accountholder is performing the target location transaction at the target location by determining that the first location identifier matches the merchant location identifier, and authorizing the target location transaction.

A system, apparatus and method are described embedding an IoT device within a credit card of a user. For example, one embodiment of an Internet of Things (IoT) credit card system comprises: a plurality of IoT hubs located within stores; an IoT device embedded within a credit card, the IoT device comprising a battery and a secure communication module to communicate with the IoT hubs; an IoT service to receive location data related to the IoT hubs to which the IoT device has connected, the location data usable to determine the stores and/or locations within stores visited by the user; and a database within the IoT service to store an indication of the stores visited by the user and/or the locations within stores visited by the user.

A near field communication device included in a secure transaction card provides an addition and/or transitional communication link for communicating secure transaction information. The near field communication device may be selectively engaged or disengaged and, when engaged, either active or passive modes of operation of the near field communication device can be selected. in the active mode, secure transaction information is transmitted upon establishment of a communication link with a complementary near field communication device. In the passive mode, secure transaction information is transmitted upon interrogation from a complementary near field communication device. Secure transaction information is generated and stored for transmission in a memory and at least a portion of the memory is erased or nulled upon transmission or upon expiration of a selected period of time.

A method includes receiving a request for a payment account transaction. The method further includes determining whether the request has originated from a user device located within a transport aircraft at a time while the aircraft is in flight. The method also includes making an authorization decision with respect to the requested payment account transaction based at least in part on a result of the determining step.