| CPC G06Q 20/352 (2013.01) [G06K 19/0723 (2013.01); G06Q 20/202 (2013.01); G06Q 20/3224 (2013.01); G06Q 20/3829 (2013.01); G06Q 20/409 (2013.01); G06Q 20/4018 (2013.01); H04L 9/088 (2013.01); G06Q 2220/00 (2013.01)] | 18 Claims |
|
1. A non-transitory computer-readable storage medium storing executable computer-readable program code that when executed by a processor causes the processor to perform the steps of:
receiving a request from an account application of a mobile device, the request comprising encrypted data and location data, the location data associated with the mobile device;
decrypting the encrypted data using a cryptographic algorithm and a key, wherein the key is associated with a contactless card;
determining, based on one or more rules associated with an account and the decryption of the encrypted data, that the location data is within a threshold distance of one or more locations the contactless card is permitted for use;
preauthorizing a transaction based on the decryption of the encrypted data and the determination that the location data is within the threshold distance of the one or more locations the contactless card is permitted for use;
selecting a first level of preauthorization for the transaction from a plurality of levels of preauthorization based on the decryption of the encrypted data and the determination that the location data is within the threshold distance of the one or more locations the contactless card is permitted for use;
storing an indication of the preauthorization for the transaction, the indication comprising: (i) the first level of preauthorization, (ii) a timestamp of the preauthorization, and (iii) the location data, wherein the indication of the preauthorization is one of a plurality of indications of preauthorization, wherein each indication of preauthorization is for a respective transaction of a plurality of transactions including the transaction, wherein each indication of preauthorization further comprises a unique identifier of the respective indication of preauthorization;
transmitting, to the account application, the indication of the preauthorization for the transaction;
receiving, from a point of sale (POS) device, transaction data comprising: (i) an indication of an account number of the contactless card, (ii) an indication of an expiration date of the contactless card, and (iii) the indication of the preauthorization of the transaction, wherein the indication of the preauthorization of the transaction is received by the POS device from the contactless card, wherein the transaction data comprises an EMV payload;
identifying the indication of the preauthorization of the transaction in a first field of the EMV payload;
identifying the indication of the account number, the indication of the expiration date, and an indication of a card verification value (CVV) in one or more other fields of the EMV payload;
determining that the unique identifier of the indication of the preauthorization of the transaction in the EMV payload matches the unique identifier of the stored indication of the preauthorization for the transaction; and
approving the transaction based at least in part on the determination that the unique identifier of the indication of the preauthorization of the transaction in the EMV payload matches the unique identifier of the stored indication of the preauthorization for the transaction.
|