Loyalty Platform

Verestro loyalty platform, which offers various integration possibilities and functionalities.

Introduction

The Verestro Loyalty platform offers many functionalities and possibilities to support loyalty services.

Including: rewards catalogue management, rewards redemption, voucher system management, benefits management, customized offers and much more.

Note: Some of these components require an additional connection to the Mastercard Reward System (MRS).

Architecture

bez nazwy (2).png

Our Core platform is responsible for the main functionalities and data flow between services.  

We offer various integration models with our platform:

Additionally, we offer services integrated with external Partners - such as Mastercard, from where we have access to additional APIs.

Intro slides

Rewards & Loyalty

Loyalty platform integrated with Mastercard Rewards Systems and other solutions enables collection of points, redemption of rewards and various value added functionalities.

Priceless Mastercard Rewards & Loyalty.png

MRS.png

Priceless Specials.png

Enrollment Widget

This document is intended for Mastercard partners willing to integrate their mobile applications or website solutions with Mastercard Reward System using Enrollment Website/Widget tool provided by Verestro.

The document is designed to cover the following fundamentals:

Abbreviations:

AES – Advanced Encryption Standard ,

API – Application Programming Interface,

MRS - The Mastercard Rewards System - the platform from Mastercard dedicated to deliver loyalty solutions for customers,

PCI DSS - Payment Card Industry Data Security Standard.

Overview

Online Enrollment Capability (Enrollment Website/Widget) is a tool that can be integrated with Merchants, Issuers or other Clients and allows secure registration of cardholder PAN (and PII data, if applicable) into the MRS system. In addition to card enrollment (and PII, if applicable) into MRS, it also allows to perform certain  card management activities (optional), including unenrollment and card replacements.

The Enrollment Capability (Enrollment Website/Widget) designed by Verestro supports all key web-browsers (see further in the document) and has mobile responsive design, as well as can be embedded into mobile applications (WebView). Also, it can be customized & localized per specific Client/Country (with unique URL) and enabled upon specific request from Mastercard.

Verestro is using MRS API v.2.0 to facilitate operation of Enrollment Capability (Enrollment Website/Widget). The Enrollment Capability will be hosted in Poland (EU) in Verestro PCI DSS certified environment (hosting center).

Limited PII data elements, stored in Verestro database are encrypted using AES 256 encryption standard. PAN is not stored in Verestro database at any time.

High Level Description of Flow and Requirements

Enrollment

Initialization Process

In order to start using Verestro solution, each Client is required to be setup in the Verestro back-end system. The Client setup process includes assignment of unique Client ID, Program ID, and Security Key exchange process.

In order to initialize Enrollment Website/Widget capability, Client will be required to trigger a dedicated URL provided by Verestro with parameters included into signed request described in 3.2 “Initialization process” (HTTP POST action /company/non_auth_initialize request with JWT token (RFC 7519) which contains valid payload data). For any new registration, payload should contain valid actionCode parameter that is equal to “N” value for new customer/card enrollments.

Please note – Client is required to authenticate/verify the customer and submit valid Customer ID in the initialization request to Verestro. If the Client does not provide Customer ID during the initialization of enrollment, Verestro will generate a Customer ID on behalf of the Client. In such case, Verestro will provide back to the Client the assigned Customer ID value and will display assigned value to the customer. The Customer ID enables further card management purposes such as e.g. opt-out) but is not a default option and will require additional security measures on Verestro side (including Re-captcha and/or 3DS process).

Upon successful validation on Verestro side, the Website/Widget is displayed, where user can enter the following data:

The PAN during customer’s input in Website/Widget is validated using Luhn algorithm in real-time (in the browser). If successful Luhn check is passed in the browser, Verestro will encrypt the PAN using MC public key (see full process in section Security 3.3) and will pass the encrypted card information into MRS. After successful MRS enrollment, MRS will supply back to Verestro successful enrollment notification with Account Ref ID or RANAC (unique ID assigned by MRS per card) for further card management activities.

In addition, Verestro will be required to immediately feedback the enrollment result with assigned values to the Client (Customer ID, Account Ref ID or RANAC, additional values if required). Partner can use the one of initialization parameters (ranac_url) to send a specific endpoint to which Verestro will send RANAC after successful enrollment.

3DS authentication (optional)

Optionally, Verestro allows to trigger 3DS 2.0 authentication after submission of the registration data. If the card authentication is successful, the card enroll is performed into MRS.

This case must enable the decryption of the card on the API side.

Un-Enrollment User Flow

In order to initialize the Enrollment Website/Widget to execute un-enrollment, Client will be required to trigger dedicated URL provided by Verestro with required parameters included into signed request described in 3.2 “Initialization process”. In this case actionCode parameter should contain “C” value and Customer ID value is always required.

Verestro system will perform a search of Account Ref ID or RANAC assigned to Customer ID in Verestro database (decrypt stored values) and will trigger updateCustomerAccount MRS API with “CANCELLED” status. Upon successful un-enrollment in MRS, Verestro will immediately feedback the result of un-enrollment to the Client.

After X days from the status change to Canceled, the record with the any associated PII data (including Customer ID, Account Ref ID or RANAC, others) will be completely removed (deleted) from Verestro database. Please note – if there are multiple cards under single Customer ID, Verestro will be required to search Account Ref ID or RANAC having last 4 digits of card to perform card un-enrollment under associated Customer ID (only Account Ref ID or RANAC will be purged upon cancelation of card).

X – it is parameter configurable per Client/Program (e.g. 30 days).

Replacement User Flow

In order to initialize the Enrollment Website/Widget to execute replacement, Client will be required to trigger dedicated URL provided by Verestro with required parameters included into signed request described in 3.2 “Initialization process”. In this case actionCode parameter should contain “R” value and Customer ID is always required.Verestro system finds the cards assigned to this Customer ID in Verestro database and display the cards list in the following format:

- 1234 XXXX XXXX 1234

User can select the card he wants to replace and enters a new PAN.

Upon selection of card to replace, Verestro will propose to enter a new PAN. Verestro will capture & validate a new card number (in browser) and will trigger the new card enrollment into MRS (2.1 Enrollment). Upon successful enrollment of the new card, the cancelation of the old card will be triggered by Verestro into MRS (sequence will be followed). If by any reason, the card enrollment of the new card is not successful, Verestro will not delete the old card and will inform Client about the unsuccessful replacement attempt.

Verestro will immediately feedback the results of replacement including Customer ID, new Account Ref ID or RANAC (additional data if any) to the Client and confirm the successful replacement of old card.

After X days from the replacement, the record with the any associated PII data (including Customer ID, Account Ref ID or RANAC, others) will be completely removed (deleted) from Verestro database. X – it is parameter configurable per Client/Program (e.g. 30 days).

Widget Customization & Localization

Some parts of Enrollment Capability (Enrollment Website/Widget) can be customized per each integrating partner:

Supported format is: PNG. Supported proportion is 21:9 with transparent background. Minimum height is 100px.

Supported format is: PNG Supported resolution is: Full HD (1920px x 1080px)

The client will receive a translation file in JSON format, example below.

{

   "register":{
      "header":"Mastercard - Rewards",
      "tittle":"Registration",
      "accept_terms":"Accept Terms&Conditions",
      "userData":{
         "card_number":"Your card number",
         "first_name":"First name",
         "last_name":"Last name",
         "email":"E-mail"
      },
      "optional":"optional",
      "confirm":"Confirm"
   },
   "error":{
      "title":"Something went wrong...",
      "info_first_part":"Your card does not belong to the program. Read more about how to join the program.",
      "info_second_part":"Incident identifier: "
   },
   "success":{
      "title":"Success!",
      "info":"Your card has been attached to the program."
   },
   "read_more":"Read more"
}