Equifax Inc.
Embedded third-party application programming interface to prevent transmission of sensitive data

Abstract:

Aspects and examples are disclosed for improving security of authentication elements for validating a user of a user device. In one example, a processor of a user device establishes a first communication channel with a host computing system, and a user interface capable of transmitting information to the host computing system via the first channel. An API on the user device establishes a second communication channel with an identification-and-authentication system. The API receives sensitive information entered in the user interface and prevents transmission of the sensitive information to the host computing systems via the first channel. The API also transmits to the identification-and-authentication system, via the second channel, a signal including the sensitive information. The identification-and-authentication system may use the signal to send to the host computing system an additional signal verifying that the user of the user device is authenticated.