Overview
The bank might not have an access to the Card Number (PAN) or issuers and program managers do not issue a physical card, but they want user to see full card details through their app. MeaWallet as PCI-DSS approved authority can integrate and fetch card data from the bank’s 3rd party vendor (Issuer Processor) or another instance within the bank and deliver card data to the app.
In this case the bank provides virtual Card ID
and Secret
and MeaWallet verifies the Secret
and make a request to the 3rd party vendor to receive full card data. See manual Generate Time-based Secret.
Functional Requirements and Guidelines
- The user must perform authentication before requesting the data.
- The card data must be specifically asked for by the cardholder (e.g. the user clicks a button).
- Card data can not be stored on the app/device. A new request must happen every time the cardholder requests the data.
- The temporary storage/display of the card data should be removed and deleted when the session terminates or expires. For example:
- User leaves the card screen
- User logs out
- After 45-60 seconds
Solutions
MeaWallet provides the following MCD SDK options to retrieve card data from 3rd party vendors.
MCD SDK - Easy Launch Card View
Android and iOS MCD SDK include native Easy Launch Card View for easier and faster setup. It is built on top of SDK functionality and encapsulates most of the data management tasks allowing a developer to focus on user interface and user experience.
- Android: Android Easy Launch Card View
- iOS: iOS Easy Launch Card View
Easy Launch Web functionality is provided by embedding card view iframe.
- Web: Web Easy Launch
Sequence Diagram
MCD Web
This workflow can be used by Issuer's online banking site. In this case Issuer is implementing MCD Web Easy Launch component.
Sequence Diagram
MCD API
This workflow can be used by PCI-DSS compliant Issuer's online banking site. In this case Issuer is implementing connection to MeaWallet Card Data API directly by themselves.
Sequence Diagram
Documentation
- Card Data API documentation (requires permissions): carddata.docs.apiary.io
Mea-Secret
header field calculation manual: Mea-Secret Header Field Calculation- One-time session key wrapping manual: One-time Session Key Wrapping