User devices, such as mobile phones, can utilize access data to obtain access to a resource or a location. For example, a mobile phone may include data which is passed to an access device (referred herein as a “transaction”) to allow the user of the mobile phone to access a room in a building. In another example, the mobile phone may have access data such as account data which is passed to an access device of a merchant to gain access to an account to perform a transaction.
Traditionally, the security of access data was largely dependent on the capacity of the end product (e.g., card, chip on the mobile phone, etc.) to protect that data. With cloud-based systems or Host Card Emulation (HCE) systems, where the primary access data is not stored on hardware but downloaded onto the user device, authentication of the user device becomes critical for security. For example, the user device may be lost, stolen or otherwise compromised. In such situations, access data associated with the user device may be at risk of being used by fraudsters.
Moreover, requiring user authentication every time the user device is to be used in a transaction is cumbersome and/or a deterrent in consumer's efforts to conduct the transaction using the user device.
Embodiments of the invention are directed to methods and systems of improving data security. Embodiments of the invention address these and other problems, individually and collectively.