Systems and methods for token-based device binding during merchant checkout

What is claimed is: 1 . An authentication server comprising: a non-transitory memory; and one or more processors communicatively coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the authentication server to perform operations comprising: receiving a user credential associated with a user initiating a transaction on a user device having at least one application; performing a matching operation between the user credential and a stored user credential; in response to the matching operation detecting a match between the received user credential and the stored user credential, performing a user eligibility operation associated with the transaction; in response to the user eligibility operation determining that the user is eligible for the transaction, generating an authentication challenge for the user; in response to receiving an indication that the user successfully completed the authentication challenge, retrieving a payment credential of the user; authorizing a checkout operation associated with the transaction; and binding the user device and/or application based on authorizing the checkout. 2 . The authentication server of claim 1 , wherein the user credential is hashed and includes personal identification information (PII). 3 . The authentication server of claim 1 , wherein the payment credential is associated with a payment processor entity. 4 . The authentication server of claim 1 , further comprising transmitting the retrieved payment credentials to a third party entity for storage. 5 . The authentication server of claim 1 , wherein the user eligibility operation includes: determining whether a metric associated with the user has been established with the authentication server for a time period equal to or greater than a predetermined time period. 6 . The authentication server of claim 1 , wherein the authentication challenge operation is a one time code sent with an SMS text to the user's device (SMS-OTP operation). 7 . The authentication server of claim 1 , wherein the one or more processors are further configured to provide the user credential and a virtual card number (VCN) to a third party entity for storage as a card on file for future card not present (CNP) transactions in response the user successfully completing the authentication challenge. 8 . The authentication server of claim 1 , wherein the binding operation comprising: generating a public key and a private key pair, associating the private key with a user identification, storing the public key, transmitting the private key to an entity associated with the transaction for storage in a cookie associated with the web browser of the user 9 . The authentication server of claim 1 , wherein the binding operation further comprising: Generating a public key and a private key pair; and transmitting a token including a private key to the user device and an entity associated with the transaction. 10 . A user device comprising: a non-transitory memory; and one or more processors communicatively coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the user device to perform checkout operations comprising: requesting a user credential from a user initiating a transaction on a user device having at least one application; transmitting a received user credential to a third party entity to perform a hashing operation of the user credential, wherein a hashed user credential is transmitted to an authentication server, the authentication server being configured to perform a matching operation between the received hashed user credential and a stored hashed credential stored at the authentication server; receiving an authentication challenge from the authenticating server, the authentication challenge being received in response to the authenticating server detecting a match between the received hashed user credential and the stored hashed user credential, performing a user eligibility operation associated with the first transaction, and determining that the user is eligible for the first transaction; transmitting a user response to the authentication challenge to the authentication server; and performing a checkout operation associated with the first transaction in response to receiving an authorization from the authenticating server, the authorization including payment credentials of the user. 11 . The user device of claim 10 , wherein the payment credentials are a token and/or cookie that includes a private key. 12 . The user device of claim 10 , wherein the user credential includes personal identification information (PII). 13 . The user device of claim 10 , wherein the third party entity is a payment processor entity. 14 . The user device of claim 10 , wherein the received payment credentials are stored at the third party entity or at the user device. 15 . The user device of claim 10 , wherein the authentication challenge operation is a one time password sent with an SMS text to the user's device. 16 . The user device of claim 10 , wherein, in addition to receiving the authorization, the one or more processors are further configured to receive, from the authentication server, a token including a private key corresponding to a public key stored at the authentication server, the token being used to authenticate the device in future transactions by processing the private key in the token as a user signature to the user challenge from the authentication server. 17 . A non-transitory computer readable medium including instructions that, when executed by one or more processors of an authentication server, cause the one or more processors to perform authentication operations in response to receiving a user initiated a first transaction through the authentication server using a first application running on a user device, the authentication operations comprising: receiving a hashed user credential from the third party entity; performing a matching operation between the received hashed user credential and a stored hashed credential in response to the matching operation detecting a match between the received hashed user credential and the stored hashed user credential, performing a user eligibility operation associated with the first transaction; in response to the user eligibility operation determining that the user is eligible for the first transaction, generating an authentication challenge to the user; in response to receiving an indication that the user successfully completing the authentication challenge, retrieving payment credentials of the user and authenticating the user; and authorizing a checkout operation associated with the first transaction. 18 . The non-transitory computer readable medium of claim 17 , wherein the user eligibility operation includes: determining whether a metric associated with the user has been established with the authentication server for a predetermined time period; in response to the metric being associated with the authentication server for a time period equal to or greater than the predetermined time period, determining that the user is eligible for the first transaction; and in response to the metric being associated with the authentication server for a time period less than the predetermined time period, determining that the user is not eligible for the first transaction, or determining whether a different metric associated with the user has been established with the authentication