EP-4736487-A1 - SYSTEMS AND METHODS TO PROVIDE CONTACTLESS CARDS FOR TRANSACTIONS

Abstract

Systems and methods to provide contactless cards for transactions are disclosed. In an exemplary transaction provisioning system, an authentication server receives, from a backend server, a session creation request for provisioning a contactless card and transmits, to the backend server, a session creation response and a session token. The authentication server receives, from the backend server, an authentication process function request that includes encrypted data associated with the contactless card, decrypts the encrypted data to yield a decrypted authentication code, and compares the decrypted authentication code to an expected authentication code. After an unsuccessful comparison, the authentication server transmits, to the backend server, a notification indicating an unsuccessful authentication to the backend server. After a successful comparison, the authentication server transmits, to the backend server a session identifier associated with the session creation request and a funding primary account number.

Inventors

• KOSHY, Bob Uni
• RAHMAN, Narmeen
• HUANG, MARIANNE
• ABDULLAH, Edward Michael

Assignees

• Capital One Services, LLC

Dates

Publication Date

20260506

Application Date

20240628

Claims (1)

1. Docket No.1988.10282WO CLAIMS What is claimed is: 1. A transaction provisioning system, comprising: an authentication server in data communication, comprising: a processor, and a memory storing an expected authentication code for a contactless card, wherein the authentication server: receives, from a backend server, a session creation request for provisioning the contactless card, transmits, to the backend server, a session creation response and a session token, receives, from the backend server, an authentication process function request comprising encrypted data associated with the contactless card, decrypts the encrypted data to yield a decrypted authentication code, compares the decrypted authentication code to the expected authentication code, transmits, after an unsuccessful comparison, a notification indicating an unsuccessful authentication to the backend server, and transmits, after a successful comparison, a session identifier associated with the session creation request and a funding primary account number. 2. The transaction provisioning system of claim 1, wherein the authentication server: receives, from the backend server, a request to establish a virtual card number (VCN) autofill procedure, receives, from a token server, an eligibility request associated with the contactless card, and transmit, to the token server after determining the contactless card is eligible, a notification indicating eligibility. 3. The transaction provisioning system of claim 1, wherein the authentication function request further comprises at least one selected from the group of the session identifier, a consent date, and a device identifier. 4. The transaction provisioning system of claim 3, wherein the authentication function request further comprises a wallet identifier associated with a digital wallet. Docket No.1988.10282WO 5. The transaction provisioning system of claim 3, wherein the authentication function request comprises one or more risk signals. 6. The transaction provisioning system of claim 5, wherein the one or more risk signals comprises at least one selected from the group of a device phone number, an email address, an account risk score, a device risk score, an internet protocol (IP) address, a device geolocation, an account to device bonding identifier, and a device to account bonding age. 7. The transaction provisioning system of claim 6, wherein the device phone number and the email address are hashed. 8. The transaction provisioning system of claim 1, wherein: the authentication process function request further comprises one or more risk signals, and the one or more risk signals are generated by the backend server. 9. The transaction provisioning system of claim 8, wherein prior to transmitting the session identifier and the encrypted funding primary account number, the authentication server: assesses the one or more risk signals, and transmits, to the backend server after determining the authentication process function request is fraudulent based on the one or more risk signals, a notification indicating a fraudulent transaction. 10. The transaction provisioning system of claim 8, wherein the authentication server: assesses the one or more risk signals, and determines, prior to transmitting the session identifier and the encrypted funding primary account number, that the authentication process function request is not fraudulent based on the one or more risk signals. 11. A transaction provisioning method performed by an authentication server comprising a processor and a memory, the method comprising: receiving, from a backend server, a session creation request for provisioning a contactless card; transmitting, to the backend server, a session creation response and a session token; Docket No.1988.10282WO receiving, from the backend server, an authentication process function request comprising encrypted data associated with the contactless card; decrypting the encrypted data to yield a decrypted authentication code; comparing the decrypted authentication code to an expected authentication code associated for the contactless card; transmitting, after an unsuccessful comparison, a notification indicating an unsuccessful authentication to the backend server; and transmitting, after a successful comparison, a session identifier associated with the session creation request and a funding primary account number. 12. The method of claim 11, wherein the funding primary account number is encrypted prior to transmission. 13. The method of claim 11, wherein: the authentication process function request further comprises one or more risk signals, and the one or more risk signals are generated by the backend server. 14. The method of claim 13, further comprising, prior to transmitting the session identifier and the encrypted funding primary account number: assessing the one or more risk signals; and transmitting, to the backend server after determining the authentication process function request is fraudulent based on the one or more risk signals, a notification indicating a fraudulent transaction. 15. The method of claim 13, further comprising: assessing the one or more risk signals; and determining, prior to transmitting the session identifier and the encrypted funding primary account number, that the authentication process function request is not fraudulent based on the one or more risk signals. 16. The method of claim 11, wherein the authentication function request further comprises at least one selected from the group of the session identifier, a consent date, and a device identifier. Docket No.1988.10282WO 17. The method of claim 11, wherein the authentication function request further comprises a wallet identifier associated with a digital wallet. 18. A non-transitory computer readable medium containing instructions, wherein, upon execution by a processor, the instructions cause the processor to perform procedures comprising: receiving, from a backend server, a session creation request for provisioning a contactless card; transmitting, to the backend server, a session creation response and a session token; receiving, from the backend server, an authentication process function request comprising encrypted data associated with the contactless card; decrypting the encrypted data to yield a decrypted authentication code; comparing the decrypted authentication code to an expected authentication code associated for the contactless card; transmitting, after an unsuccessful comparison, a notification indicating an unsuccessful authentication to the backend server; and transmitting, after a successful comparison, a session identifier associated with the session creation request and a funding primary account number. 19. The non-transitory computer readable medium of claim 18, the procedures further comprising: receiving, from the backend server, a request to establish a virtual card number (VCN) autofill procedure; receiving, from a token server, an eligibility request associated with the contactless card; and transmitting, to the token server after determining the contactless card is eligible, a notification indicating eligibility. 20. The non-transitory computer readable medium of claim 18, wherein the authentication function request further comprises at least one selected from the group of the session identifier, a consent date, and a device identifier.

Description

Docket No.1988.10282WO SYSTEMS AND METHODS TO PROVIDE CONTACTLESS CARDS FOR TRANSACTIONS CROSS-REFERENCE TO RELATED APPLICATIONS [0001] The present application claims the benefit of priority to U.S. Provisional Patent Application No.63/524,601, filed June 30, 2023, the contents of which are hereby incorporated by reference in their entirety. BACKGROUND [0002] Contactless card products have become so universally well-known and ubiquitous that they have fundamentally changed the manner in which financial transactions and dealings are viewed and conducted in society today. Contactless card products are most commonly represented by plastic or metal card-like members that are offered and provided to customers through credit card issuers (such as banks and other financial institutions). With a card, an authorized customer or cardholder is capable of purchasing services and/or merchandise without an immediate, direct exchange of cash. Data security and transaction integrity are of critical importance to businesses facilitating these transactions and to the customers. This need continues to grow as electronic transactions performed with contactless cards constitute an increasingly large share of commercial activity. Accordingly, there is a need to provide businesses and users with an appropriate solution that overcomes current deficiencies to provide data security, authentication, and verification for contactless card. BRIEF SUMMARY [0003] In one aspect, a transaction provisioning system, includes an authentication server including a processor, and a memory storing an expected authentication code for a contactless card, where the authentication server receives, from a backend server, a session creation request for provisioning the contactless card, transmits, to the backend server, a session creation response and a session token, receives, from the backend server, an authentication process function request that includes encrypted data associated with the contactless card, decrypts the encrypted data to yield a decrypted authentication code, compares the decrypted authentication code to the expected authentication code, transmits, after an unsuccessful comparison, a notification indicating an unsuccessful authentication to the backend server, and transmits, after a successful Docket No.1988.10282WO comparison, a session identifier associated with the session creation request and a funding primary account number. [0004] The transaction provisioning system may also include where the authentication server receives, from the backend server, a request to establish a virtual card number (VCN) autofill procedure, receives, from a token server, an eligibility request associated with the contactless card, and transmit, to the token server after determining the contactless card is eligible, a notification indicating eligibility. [0005] The transaction provisioning system may also include where the authentication function request further includes at least one selected from the group of the session identifier, a consent date, and a device identifier. [0006] The transaction provisioning system may also include where the authentication function request further includes a wallet identifier associated with a digital wallet. [0007] The transaction provisioning system may also include where the authentication function request includes one or more risk signals. [0008] The transaction provisioning system may also include where the one or more risk signals includes at least one selected from the group of a device phone number, an email address, an account risk score, a device risk score, an internet protocol (IP) address, a device geolocation, an account to device bonding identifier, and a device to account bonding age. [0009] The transaction provisioning system may also include where the device phone number and the email address are hashed. [0010] The transaction provisioning system may also include where the authentication process function request further includes one or more risk signals, and the one or more risk signals are generated by the backend server. [0011] The transaction provisioning system may also include where prior to transmitting the session identifier and the encrypted funding primary account number, the authentication server assesses the one or more risk signals, and transmits, to the backend server after determining the authentication process function request is fraudulent based on the one or more risk signals, a notification indicating a fraudulent transaction. [0012] The transaction provisioning system may also include where the authentication server assesses the one or more risk signals, and determines, prior to transmitting the session identifier Docket No.1988.10282WO and the encrypted funding primary account number, that the authentication process function request is not fraudulent based on the one or more risk signals. [0013] In one aspect, a transaction provisioning method performed by an authentication