MCD overview

MeaWallet's role

The Bank might not have access to the Card Number (PAN) or issuers and program managers do not issue a physical card, but they want user to see full card details through their app. Then MeaWallet as PCI-DSS approved authority can integrate and fetch card data from the bank’s 3rd party vendor (Issuer Processor) or another instance within the bank and deliver card data to the app. In such scenario the bank will provide virtual CARD_ID (For the GPS customers this is Public Token Id) and SECRET and MeaWallet will verify the SECRET and make a request to the 3rd party vendor to receive full card data.

Functional requirements and guidelines

  • The user must perform authentication before requesting the data
  • The card data must be specifically asked for by the cardholder (e.g. the user clicks a button)
  • Card data can not be stored on the app/device. A new request must happen every time the cardholder requests the data
  • The temporary storage/display of the card data should be removed and deleted when the session terminates or expires. For example:
    • User leaves the card screen
    • User logs out
    • After 45-60 seconds

Implementation

The bank needs to provide virtual CARD_ID (For the GPS customers this is Public Token Id) and SECRET, MeaWallet will verify the SECRET and make a request to the 3rd party vendor to receive full card data.

Guide for SECRET generation can be found at the How to Generate Time-based Secret page.

MeaWallet provides two solutions for card data retrieval from 3rd party vendors.

Workflow using MeaWallet Android and iOS mobile SDKs

Card Data API Sequence diagram without MeaWallet SDKs

Workflow like this can be used by the issuer’s online banking site or mobile applications when MeaWallet mobile SDKs are not an option. In this case issuer is implementing connection to MeaWallet Card Data API directly by themselves.

Info

Usage of Card Data API is not necessary if MeaWallet Android SDK or iOS SDK is used in mobile application.

Used Terms

Term Description
PAN Personal Account Number
PCI-DSS Payment Card Industry Data Security Standard
On this page