The bank might not have an access to the Card Number (PAN) or issuers and program managers do not issue a physical card, but they want user to see full card details through their app. MeaWallet as PCI-DSS approved authority can integrate and fetch card data from the bank’s 3rd party vendor (Issuer Processor) or another instance within the bank and deliver card data to the app.
In this case the bank provides virtual
Card ID (for GPS customers this is Public Token ID) and
Secret and MeaWallet verifies the
Secret and make a request to the 3rd party vendor to receive full card data. See manual Generate Time-based Secret.
Functional Requirements and Guidelines
- The user must perform authentication before requesting the data.
- The card data must be specifically asked for by the cardholder (e.g. the user clicks a button).
- Card data can not be stored on the app/device. A new request must happen every time the cardholder requests the data.
- The temporary storage/display of the card data should be removed and deleted when the session terminates or expires. For example:
- User leaves the card screen
- User logs out
- After 45-60 seconds
MeaWallet provides the following MCD SDK options to retrieve card data from 3rd party vendors.
Easy Launch Card View
Android and iOS MCD SDK include native Easy Launch Card View for easier and faster setup. It is built on top of SDK functionality and encapsulates most of the data management tasks allowing a developer to focus on user interface and user experience.
Easy Launch Web functionality is provided by embedding card view iframe.
- Web: Web Easy Launch
This workflow can be used by Issuer's online banking site. In this case Issuer is implementing MCD Web Easy Launch component.
This workflow can be used by Issuer's online banking site. In this case Issuer is implementing connection to MeaWallet Card Data API directly by themselves.