A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder's authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described.

The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

Example embodiments of systems, methods, and computer-accessible mediums for transaction authorization are provided. An exemplary system can comprise a card including an input device and a display device in data communication with a server. The server can generate an authorization passcode upon an initiation of a transaction session, and the card can receive an entered passcode through the input device, display the entered passcode on the display device, and transmit the entered passcode to the server for comparison to the authorization passcode. Upon a determination that the entered passcode is a match for the authorization passcode, the server can transmit a match notification indicating the transaction session is valid, and upon a determination that the entered passcode is a mismatch for the authorization passcode, the server can transmit a mismatch notification terminating the transaction session.

The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication.

The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

Example embodiments of systems, methods, and computer-accessible mediums for transaction authorization are provided. An exemplary system can comprise a card including an input device and a display device in data communication with a server. The server can generate an authorization passcode upon an initiation of a transaction session, and the card can receive an entered passcode through the input device, display the entered passcode on the display device, and transmit the entered passcode to the server for comparison to the authorization passcode. Upon a determination that the entered passcode is a match for the authorization passcode, the server can transmit a match notification indicating the transaction session is valid, and upon a determination that the entered passcode is a mismatch for the authorization passcode, the server can transmit a mismatch notification terminating the transaction session.

Apparatus and methods are provided for a smart card which enables users to securely complete online transfers without entering sensitive transaction information into a third-party system. The smart card may include a touch-sensitive screen configured to display selectable transfer options. The smart card may include a microprocessor and wireless interface. The wireless interface may provide wireless communication capabilities and the ability to initiate online transfers based on information captured by the touch-sensitive screen. The smart card may be a parent smart card associated with a parent account. The parent account may be linked to a dependent account. The parent smart card may receive a communication related to the dependent account. Selectable transfer options displayed on the touch-sensitive screen may enable a transfer from the parent account to the dependent account.

A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed.

Example embodiments of systems, methods, and computer-accessible mediums for transaction authorization are provided. An exemplary system can comprise a card including an input device and a display device in data communication with a server. The server can generate an authorization passcode upon an initiation of a transaction session, and the card can receive an entered passcode through the input device, display the entered passcode on the display device, and transmit the entered passcode to the server for comparison to the authorization passcode. Upon a determination that the entered passcode is a match for the authorization passcode, the server can transmit a match notification indicating the transaction session is valid, and upon a determination that the entered passcode is a mismatch for the authorization passcode, the server can transmit a mismatch notification terminating the transaction session.

Apparatus and methods are provided for a smart card which enables users to securely complete online transfers without entering sensitive transaction information into a third-party system. The smart card may include a touch-sensitive screen configured to display selectable transfer options. The smart card may include a microprocessor and wireless interface. The wireless interface may provide wireless communication capabilities and the ability to initiate online transfers based on information captured by the touch-sensitive screen. The smart card may be a parent smart card associated with a parent account. The parent account may be linked to a dependent account. The parent smart card may receive a communication related to the dependent account. Selectable transfer options displayed on the touch-sensitive screen may enable a transfer from the parent account to the dependent account.