Secure validation of financial transactions

What is claimed is: 1. A computerized method for secure validation of financial transactions, the method comprising: registering, by a server computing device, a mobile device to receive notification messages from the server computing device, wherein registering comprises: receiving, by the server computing device, a request to register the mobile device from a client computing device, the request including a first set of authentication credentials for a user of the client computing device; generating, by the server computing device, a user profile record based upon the first set of authentication credentials, the user profile record including a user identifier; transmitting, by the server computing device, an application to the mobile device; installing, by the mobile device, the application received from the server computing device; generating, by the application on the mobile device, a device footprint for the mobile device comprising one or more data elements each containing values that in combination are unique to the mobile device; establishing, by the mobile device, a first communication session with the server computing device; transmitting, by the application on the mobile device, the device footprint and a second set of authentication credentials received from a user of the mobile device to the server computing device via the first communication session; validating, by the server computing device, the second set of authentication credentials to determine an authenticated identity of the user of the mobile device; generating, by the server computing device, a session record that includes a session identifier assigned to the first communication session and the authenticated identity of the user of the mobile device; encrypting, by the server computing device, the session identifier into a secure credential; generating, by the server computing device, an opaque token using carrier information in the device footprint; transmitting, by the server computing device, the secure credential, the opaque token, and a contact address for a carrier associated with the mobile device to the mobile device via the first communication session; establishing, by the mobile device, a communication session with a computing device at the carrier using the contact address for the carrier; transmitting, by the application on the mobile device, the secure credential and the opaque token to the computing device at the carrier; receiving, by the server computing device, carrier response data comprising the secure credential, the opaque token, and an identity of an owner of the mobile device; matching, by the server computing device, the identity of the owner of the mobile device received in the carrier response data with the authenticated identity of the user; generating, by the server computing device, a device record including a public device identifier used to index the device record; generating, by the server computing device, a private device identifier; and storing, by the server computing device, the private device identifier and a phone number for the mobile device in the device record; establishing, by the server computing device, a second communication session with the registered mobile device; transmitting, by the server computing device, a notification message via the second communication session to a notification agent executing on the registered mobile device, wherein the message identifies activity associated with a financial account of a user of the registered mobile device; receiving, by the server computing device, a response to the notification message via the first communication session from the application executing on the registered mobile device; storing, by the server computing device, the response in a database coupled to the server computing device; and based upon the response, the server computing device either: allowing the identified activity when the response is a first type; denying the identified activity when the response is a second type; or denying and reporting as fraud the identified activity when the response is a third type. 2. The method of claim 1 , further comprising: generating, by the mobile device, an encryption key pair comprising a public key and a private key; storing, by the mobile device, the private key in an application-specific secure data store; transmitting, by the mobile device, the public key to the server computing device; storing, by the server computing device, the public key in the user profile record; encrypting, by the server computing device, the user identifier, the public device identifier, and the private device identifier using the public key; transmitting, by the server computing device, the encrypted user identifier, the encrypted public device identifier, and the encrypted private device identifier to the mobile device; and storing, by the mobile device, the encrypted user identifier, the encrypted public device identifier, and the encrypted private device identifier in the application-specific secure data store. 3. The method of claim 2 , further comprising: requesting, by the server computing device, registration approval from the mobile device; receiving, by the server computing device, a response to the registration approval request from the mobile device; and registering, by the server computing device, the mobile device to receive subsequent notifications based upon the response to the registration approval request. 4. The method of claim 3 , wherein requesting registration approval from the mobile device comprises: transmitting, by the server computing device, an alert requesting registration approval to the notification agent of the mobile device via the second communication session; launching, by the mobile device, the application in response to a user action based upon the alert; transmitting, by the application on the mobile device, a request via the first communication session to the server computing device to display a registration approval notification message, the display request including the encrypted user identifier, the encrypted public device identifier, and the encrypted private device identifier; validating, by the server computing device, the encrypted user identifier, the encrypted public device identifier, and the encrypted private device identifier against the user profile record and the device record; transmitting, by the server computing device, the registration approval notification message via the first communication session to the mobile device for display. 5. The method of claim 1 , further comprising verifying, by the server computing device, the device footprint received from the mobile device. 6. The method of claim 5 , wherein verifying the device footprint comprises: transmitting, by the server computing device, the device footprint to a computing device of a risk management service; evaluating, by the risk management computing device, the device footprint to generate a risk score for the footprint; and transmitting, by the risk management computing device, the risk score to the server computing device. 7. The method of claim 6 , further comprising rejecting, by the server computing device, registration of the mobile device if the risk score meets or exceeds a predetermined threshold. 8. A system for secure validation of financial transactions, the system comprising a server computing device and a mobile device, the mobile device comprising a processor and a memory storing instructions that, when executed by the processor, cause the processor to perform the steps of: receiving an application from the server computing device; installing the application received from the server computing device; generat