Skip to main content

Overview

The bank might not have an access to the Card Number (PAN) or issuers and program managers do not issue a physical card, but they want user to see full card details through their app. MeaWallet as PCI-DSS approved authority can integrate and fetch card data from the bank’s 3rd party vendor (Issuer Processor) or another instance within the bank and deliver card data to the app. In this case the bank provides virtual Card ID (for GPS customers this is Public Token ID) and Secret and MeaWallet verifies the Secret and make a request to the 3rd party vendor to receive full card data. See manual Generate Time-based Secret.

Functional Requirements and Guidelines#

  • The user must perform authentication before requesting the data.
  • The card data must be specifically asked for by the cardholder (e.g. the user clicks a button).
  • Card data can not be stored on the app/device. A new request must happen every time the cardholder requests the data.
  • The temporary storage/display of the card data should be removed and deleted when the session terminates or expires. For example:
    • User leaves the card screen
    • User logs out
    • After 45-60 seconds

Solutions#

MeaWallet provides 3 solutions for card data retrieval from 3rd party vendors.

MCD SDK#

Mobile Android SDK and iOS SDK allows to easily integrate Card Data functionility into mobile app.

Sequence Diagram#

MCD SDK

MCD Easy Launch Web Widget#

MCD Easy Launch Web Widget allows to easily get Card Data - PAN (plaint text) or Image (base64) from web app.

MCD API#

This workflow can be used by Issuer's online banking site. In this case Issuer is implementing connection to MeaWallet Card Data API directly by themselves.

Sequence Diagram#

Backend API

Documentation:#