Skip to main content

Overview

The bank might not have an access to the Card Number (PAN) or issuers and program managers do not issue a physical card, but they want user to see full card details through their app. MeaWallet as PCI-DSS approved authority can integrate and fetch card data from the bank’s 3rd party vendor (Issuer Processor) or another instance within the bank and deliver card data to the app. In this case the bank provides virtual Card ID and Secret and MeaWallet verifies the Secret and make a request to the 3rd party vendor to receive full card data. See manual Generate Time-based Secret.

Functional Requirements and Guidelines

  • The user must perform authentication before requesting the data.
  • The card data must be specifically asked for by the cardholder (e.g. the user clicks a button).
  • Card data can not be stored on the app/device. A new request must happen every time the cardholder requests the data.
  • The temporary storage/display of the card data should be removed and deleted when the session terminates or expires. For example:
    • User leaves the card screen
    • User logs out
    • After 45-60 seconds

Solutions

MeaWallet provides the following MCD SDK options to retrieve card data from 3rd party vendors.

MCD SDK - Easy Launch Card View

Android and iOS MCD SDK include native Easy Launch Card View for easier and faster setup. It is built on top of SDK functionality and encapsulates most of the data management tasks allowing a developer to focus on user interface and user experience.

Easy Launch Web functionality is provided by embedding card view iframe.

Sequence Diagram

MCD SDK

MCD Web

This workflow can be used by Issuer's online banking site. In this case Issuer is implementing MCD Web Easy Launch component.

Sequence Diagram

MCD Web

MCD API

This workflow can be used by PCI-DSS compliant Issuer's online banking site. In this case Issuer is implementing connection to MeaWallet Card Data API directly by themselves.

Sequence Diagram

MCD API

Documentation