A method includes receiving a payment request for a transaction between a merchant and a customer. The payment request includes a payment token and an amount of the transaction in currency. The rewards account stores a number of rewards points. The method includes authenticating the payment request. The method includes determining a currency conversion value for the rewards points. The currency conversion value is based on a conversion rate and a merchant multiplier. The method includes determining the number of rewards points is not enough to cover the transaction. The method includes identifying a secondary payment source that contains sufficient funds to cover a remaining balance of the transaction. The method includes transmitting an approval message to a merchant computing system.

A comprehensive cybersecurity platform includes a cybersecurity intelligence hub, a cybersecurity sensor and one or more endpoints communicatively coupled to the cybersecurity sensor, where the platform allows for efficient scaling, analysis, and detection of malware and/or malicious activity. An endpoint includes a local data store and an agent that monitors for one or more types of events being performed on the endpoint, and performs deduplication within the local data store to identify distinct events. The agent provides the collected metadata of distinct events to the cybersecurity sensor which also performs deduplication within a local data store. The cybersecurity sensor sends all distinct events and/or file objects to a cybersecurity intelligence hub for analysis. The cybersecurity intelligence hub is coupled to a data management and analytics engine (DMAE) that analyzes the event and/or object using multiple services to render a verdict (e.g., benign or malicious) and issues an alert.

A second data source may retrieve metadata for one or more versions of a set of versions of a file stored at the first data source. In some examples, the metadata for the one or more versions of the file may include at least an identifier of the file, a timestamp, and a cryptographic signature. In some examples, generation of the cryptographic signature may be based on the identifier of the file, the timestamp, and a cryptographic key. The second data source may identify a set of versions of the file that were uploaded from a trusted data source to the first data source based on a comparison of the cryptographic signature to a computed cryptographic signature. The second data source may then determine a targeted version of the file and retrieve the targeted version of the file from the first data source.

Techniques are described for enabling an IT and security operations application to detect and remediate advanced persistent threats (APTs). The detection of APTs involves the execution of search queries to search event data that initially was associated with lower-severity activity or that otherwise did not initially rise to the level of actionable event data in the application. The execution of such search queries may thus generally be configured to search non-real-time event data, e.g., event data that outside of a current window of days or a week and instead searches and aggregates event data spanning time periods of many weeks, months, or years. Due the nature of APTs, analyses of historical event data spanning such relatively long periods of time may in the aggregate uncover the types of persistent activity associated with APTs that would otherwise go undetected based only on searches of more current, real-time event data.

A method including receiving, by a receiving device from a transmitting device, a sharing link to be utilized by the receiving device to obtain access to encrypted content that is stored in a storage device, the sharing link including static portion information to enable the receiving device to reach the storage device and dynamic portion information including an identifier that uniquely identifies the receiving device; transmitting, by the receiving device to the storage device based at least in part on utilizing the static portion information, a request to access the encrypted content; and receiving, by the receiving device from the storage device, access to the encrypted content based at least in part on transmitting the request is disclosed. Various other aspects are contemplated.

An access control system is provided to prevent the surreptitious granting of access to privacy related functionality on an electronic device. Software-based events to grant access to device functionality can be validated by confirming that the software event corresponds with a hardware input event. This validation prevents the spoofing of a user interface input that may be used to fraudulently grant access to specific functionality.

A system, method, and computer-readable media for providing contextual data loss prevention (DLP) within a group-based communication system. At least a portion of a DLP policy may be suspended within a DLP engine based on a context for which a user input is to be displayed. Accordingly, the user input may be displayed without interference from the DLP engine.

Embodiments described herein provide for a fraud detection engine for detecting various types of fraud at a call center and a fraud importance engine for tailoring the fraud detection operations to relative importance of fraud events. Fraud importance engine determines which fraud events are comparative more important than others. The fraud detection engine comprises machine-learning models that consume contact data and fraud importance information for various anti-fraud processes. The fraud importance engine calculates importance scores for fraud events based on user-customized attributes, such as fraud-type or fraud activity. The fraud importance scores are used in various processes, such as model training, model selection, and selecting weights or hyper-parameters for the ML models, among others. The fraud detection engine uses the importance scores to prioritize fraud alerts for review. The fraud importance engine receives detection feedback, which contacts involved false negatives, where fraud events were undetected but should have been detected.

User system authentication includes a service infrastructure system receiving, from the user system, an authentication request including a user account identifier, generating a first validation code by performing a hash algorithm on the user account identifier and a first timestamp associated with the authentication request, sending to an email account associated with the user account identifier, an email message including the first validation code, receiving from the user system, a verification code, in response to receiving the verification code, generating a second timestamp, validating the second timestamp, in response to determining that the second timestamp is valid, generating a second validation code by performing the hash algorithm on the user account identifier and the first timestamp associated with the authentication request, comparing the verification code and the second validation code, and authenticating the user system, in response to a determination that the verification code and the second validation code match.

A process for authenticating a communication device may include receiving a request from a communication device to synchronize time with a server, and providing an authorization network time to the communication device. An authentication request including an access credential having a timestamp generated by the communication device may be received by the server. A determination can be made as to whether the communication device had successfully executed a predetermined shutdown sequence by determining whether the access credential has reliable timestamp information. The communication device can be authenticated when the timestamp has a non-reset value indicating that the communication device had successfully executed the predetermined shutdown sequence, and that the access credential has not expired. Step-up authentication for the communication device can be requested when the access credential has unreliable timestamp information indicating that the communication device did not successfully execute the predetermined shutdown sequence.