A communications device for implementing an electronic payment process, the communications device including a receiver unit operable to receive a secure limited use key (SLUK) from a financial institution that is generated by the financial institution using a first limited use key (LUK) generated using a first key associated with the financial institution, an identifier which identifies a user of the communications device, and a variable code, and a subset of the characters of a passcode associated with the user of the communications device, each character in the subset being identified by its character position in the passcode, and the character position in the passcode of each of the characters in the subset being determined by a predetermined algorithm on the basis of a second key associated with the user of the communications device, the identifier which identifies the user of the communications device and the variable code.

Strategies, tools and techniques for establishing purchase cards for customers of a financial institution are provided. A primary purchase card can be established for a customer in association with at least one account of the financial institution. Also, at least one secondary purchase card can be established for the customer in addition to the primary purchase card. The secondary purchase card can be linked to the primary purchase card and to at least one of the same accounts associated with the primary purchase card. Customer configuration of various rules for the secondary purchase card can be facilitated, such as rules that govern purchase limits, activation parameters, deactivation parameters, and/or automatic replenishment schedules for the secondary purchase card.

An indication is obtained of interaction of a putative human user with a computing device. Responsive to the indication, presentation of a haptic pattern to the putative human user is facilitated; the pattern is not amenable to machine perception. Prompting of the putative human user to input information indicative of human perception of the pattern is facilitated. Information input by the putative human user is obtained responsive to the prompting. When the information input by the putative human user indicates that the putative human user is an actual human user, the interaction is permitted to continue. Haptic techniques are also provided for access control and/or to defend against malevolent web sites which masquerade as legitimate web sites.

A point of sale (POS) device includes a nest portion and a cradle portion. The nest portion includes one or more payment card or near field communication (NFC) readers. The cradle portion couples to differently-sized interchangeable frames, which in turn help secure a mobile computing device to the cradle portion of the POS device. The mobile computing device is connected via a connector to the rest of the POS device. Payment card information read by the readers is conveyed to the mobile computing device over the connector for processing. The POS device may also include tamper detection circuitry.

A method of conducting secure electronic credit payments to a payment acquirer using a credit payment unit, including a smart card, a portable card reader device and a mobile phone, and a payment server. The method is based on using a unique reader key in the card reader device to encrypt all the sensitive smart card information communicated to the payment server, and thus being able to use an unsecure mobile phone to communicate with the payment server. The payment server then completes the transaction with the payment acquirer over a secure line.

A multimode system for receiving data in a retail environment includes: a secure input module for receiving high security input and low security input from a customer, the high security input to be communicated by the secure input module in cipher text, and the low security input to be communicated by the secure input module in plaintext. The multimode system is adapted to operate in a high security mode and a low security mode. The multimode system is adapted to enter the low security mode upon detection by the multimode system of a security breach condition. In the high security mode, the secure input module accepts low security input and high security input. In the low security mode, the secure input module accepts the low security input and does not accept the high security input.

A point of sale (POS) device includes a nest portion and a cradle portion. The nest portion includes one or more payment card or near field communication (NFC) readers. The cradle portion couples to differently-sized interchangeable frames, which in turn help secure a mobile computing device to the cradle portion of the POS device. The mobile computing device is connected via a connector to the rest of the POS device. Payment card information read by the readers is conveyed to the mobile computing device over the connector for processing. The POS device may also include tamper detection circuitry.

Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.

A multimode system for receiving data in a retail environment includes: a secure input module for receiving high security input and low security input from a customer, the high security input to be communicated by the secure input module in cipher text, and the low security input to be communicated by the secure input module in plaintext. The multimode system is adapted to operate in a high security mode and a low security mode. The multimode system is adapted to enter the low security mode upon detection by the multimode system of a security breach condition. In the high security mode, the secure input module accepts low security input and high security input. In the low security mode, the secure input module accepts the low security input and does not accept the high security input.

The invention relates to a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user, comprising the following steps: authenticating the user with respect to the ID token, authenticating a first computer system with respect to the ID token, after successful authentication of the user and the first computer system with respect to the ID token, read-access by the first computer system to the at least one attribute stored in the ID token for transfer of the at least one attribute to a second computer system.