System and methods for latent applet activation

What is claimed is: 1 . A computer-implemented method for activating an applet, the method comprising: selecting, by a mobile application, the applet using a shadow application identifier (AID), wherein in the initial inactive state the applet is configured to respond exclusively to the shadow AID; reading, by the mobile application from the applet, one or more applet-specific identifiers; sending, by the mobile application to a remote service, the one or more applet-specific identifiers; receiving, at the mobile application from the remote service, a cryptographic authenticator, wherein the cryptographic authenticator is generated by the remote service based at least in part on the one or more applet-specific identifiers; sending, from the mobile application to the applet, a write command comprising the received cryptographic authenticator and one or more control bits; and transitioning, by the applet, from the initial inactive state to the subsequent active state in response to a successful validation of the cryptographic authenticator, wherein said transitioning comprises enabling the applet to respond to the standard NDEF AID and disabling the applet from responding to the proprietary AID. 2 . The computer-implemented method of claim 1 , wherein sending the one or more applet-specific identifiers to the remote service is through a switchboard system configured to route the applet-specific identifiers to the remote service based on the Issuer ID. 3 . The computer-implemented method of claim 1 , wherein the one or more applet-specific identifiers comprise an Issuer Identifier (ID), a Key ID, and a Platform Unique Identifier (PUID). 4 . The computer-implemented method of claim 1 , wherein the cryptographic authenticator is a Control Message Authentication Code (MAC). 5 . The computer-implemented method of claim 4 , wherein the write command comprises the received Control MAC and one or more control bits configured to instruct the applet to transition to the active state. 6 . A method for activating a applet, the method comprising: performing, by a mobile application, a first read operation on the applet; receiving, by the mobile application from the applet, a first message comprising one or more identifiers and a cryptogram field populated with a predetermined fixed value indicating an inactive state; detecting, by the mobile application, said predetermined fixed value in the cryptogram field; sending, from the mobile device to a remote service, the one or more identifiers; receiving, at the mobile application from the remote service, a cryptographic authenticator; and performing, by the mobile application, a write operation to transmit the cryptographic authenticator to the applet, causing the applet to validate the cryptographic authenticator and transition from the inactive state to an active state, wherein in the active state. 7 . The method of claim 6 , comprising perform a subsequent second read operation on the applet causes the applet to return a second message comprising a dynamically computed cryptogram. 8 . The method of claim 6 , wherein the one or more identifiers comprise an issuer identifier (Issuer ID), a key identifier (Key IDID), and a platform unique identifier (PUID). 9 . The method of claim 6 , wherein the mobile application is a web application that utilizes WebNFC to perform the first read operation and the write operation. 10 . The method of claim 6 , wherein sending the one or more identifiers further comprises routing the identifiers to a remote service based on the Issuer ID. 11 . The method of claim 6 , wherein the cryptographic authenticator is a Control MAC and causing the applet to validate the Control MAC comprises the applet internally recalculating an expected MAC and comparing it to the transmitted Control MAC. 12 . A method for controlling fraud on a prepaid card, the method comprising: providing the prepaid card with a preloaded applet, wherein the prepaid card is initially in an inactivated state; receiving, from a merchant system, a first transaction request associated with the prepaid card, the first transaction request comprising a permanent account number (PAN) of the prepaid card; in response to the first transaction request, determining that the prepaid card is in the inactivated state and requires a physical tap for activation; subsequent to said determining, receiving, from a user's mobile device, tap data generated by a physical tap of the prepaid card against the mobile device, the tap data comprising a platform unique identifier (pUID) distinct from the PAN; correlating the received pUID with the PAN associated with the first transaction request to identify the prepaid card; activating the prepaid card based on the successful correlation; and initiating a registration process on the user's mobile device, wherein the registration process associates user contact information with the now-activated prepaid card to enable subsequent transaction verification. 13 . The method of claim 12 , wherein initiating the registration process comprises causing the applet to launch a website of a card issuer on the user's mobile device. 14 . The method of claim 12 , wherein the user contact information comprises at least one of a phone number or an email address. 15 . The method of claim 14 , further comprising utilizing the associated user contact information to send a challenge, via a 3D Secure protocol, for verifying a subsequent transaction on the prepaid card. 16 . The method of claim 12 , further comprising: displaying the first transaction request as a pending transaction to a user during the registration process; and receiving, from the user, an approval or denial of the pending transaction. 17 . The method of claim 16 , further comprising sending an alert to the user in response to the user denying the pending transaction, the alert indicating that a fraudulent transaction was attempted. 18 . A contactless card, comprising: a processor; and a memory storing a secure applet, the secure applet having an initial inactive state, wherein, in the initial inactive state, the secure applet is configured to be non-responsive to a selection request comprising a standard NFC Data Exchange Format (NDEF) Application Identifier (AID); and respond exclusively to a selection request comprising a secret, non-standard Shadow AID known only to a trusted activation application, and wherein the secure applet is configured to transition from the initial inactive state to a subsequent active state only upon successful validation of a cryptographic authenticator received from an application, the transitioning comprising enabling the secure applet to respond to the standard NDEF AID and permanently disabling the secure applet from responding to the proprietary Shadow AID. 19 . The contactless card of claim 18 , wherein the cryptographic authenticator is a one-time Control Message Authentication Code (MAC). 20 . The contactless card of claim 19 , wherein the Control MAC is generated by a remote service based on one or more identifiers read from the secure applet via the proprietary Shadow AID. 21 . The contactless card of claim 20 , wherein the one or more identifiers comprise an Issuer ID, a Key ID, and a Platform Unique Identifier (PUID). 22 . The contactless card of claim 18 , wherein, in the initial inactive state, the only permitted operations on the secure applet are read and write access