Token Requestor

server components:
- Wallet Server - backend component,
- Wallet Admin Panel - frontend component,
mobile components:
- Wallet SDK - Android libraries.

Component	Description
MPA	Android Mobile Payment Application provides frontend interface to the user and uses part of Verestro Wallet SDK which is responsible for payments using HCE.
Verestro Wallet Server	Provides the backend services to support Mobile Payment Application via Verestro Wallet SDK and is responsible for managing users, devices, cards, Payment Tokens and communication with MDES. Wallet Server acts as Token Requestor on behalf of Issuer in context of digitization.
Verestro Wallet SDK	Provides all functionalities needed for MPA to perform all needed operations related to MCBP.
MDES	Token Service Provider which supports digitization(transforming the card into Payment Token) and is responsible for management, generation and provisioning of transaction credentials into mobile devices to enable simpler and more secure digital payment experience.
Remote Notification Service	Wallet Server communicates with the MPA also using Remote Notification Service. For Android is used Firebase Cloud Messaging.
Issuer	Issuer is responsible for card issuing, accepting authorization digitization requests and accepting transactions which uses token.

Field	Description
CDCVM	Consumer Device Cardholder Verification Method
CVM	Cardholder Verification Method
Contactless	Transactions performed by tapping the mobile device on a POS, which starts data exchange. On the Android device operating system passes received data from POS to the HCE service, implemented in the MPA, and then to VCP SDK. HCE support is required for contactless transactions
DSRP	Digital Secure Remote Payments - transactions initiated from a mobile device, engaging interaction with the remote merchant system. HCE support is not required for DSRP transactions
FCM	Firebase Cloud Messaging
HCE	Host Card Emulation
IBAN	Bank Account Number
MCBP	Mastercard Cloud Based Payments
MDC	Mobile Data Core. Verestro core library.
MPA	Mobile Payment Application - an application that uses VCP SDK for payments
NFC	Near Field Communication
One tap	Flow in a contactless transaction, in which the consumer after authentication(using the PIN, fingerprint, etc.) taps the device to POS to start exchanging data
PAN	Primary account number. Know as a card number.
Payment Instrument	Model keeping all data considering entity used for payments
POS	Point Of Sale
QRC	QR Code transactions - allows consumer generate QR code to present to a merchant, who then scans it to take payment
SUK	Single Use Key - unique credential used for single transaction
Two tap	Flow in a contactless transaction, in which consumer firstly taps device to POS, authenticates(using the PIN, fingerprint, etc.), then taps to POS one more time for exchanging data
TVC	Token Verification Code
EWS	External Wallet Server
VCP	Verestro Cloud Payment

Exception type	Exception class	Description
SDK validation	ValidationException	Additional reason codes for ValidationException used in Mobile DC SDK
Backend exception	BackendException	Additional reason codes for BackendException used in Mobile DC SDK. Note: Not applicable for External Wallet Server domain
SDK exception	UcpSdkException	Something went wrong on the SDK side, check the table below with possible reasons
Process related	-	As every process is different some methods could throw a specified exception Types of possible exceptions are described in the method description

Reason	Description
INTERNAL_ERROR	Error occurred on server
VALIDATION_ERROR	Client sent invalid data
CRYPTOGRAPHY_ERROR	Error occurred during cryptography operation
PAYMENT_CARD_PREDIGITIZE_ERROR	Predigitize of payment card failed
PAYMENT_IBAN_PREDIGITIZE_ERROR	Predigitize of payment IBAN failed
PAYMENT_CARD_DIGITIZE_ERROR	Digitize of payment card failed
PAYMENT_IBAN_DIGITIZE_ERROR	Digitize of payment IBAN failed
PAYMENT_CARD_PREDIGITIZE_NOT_EXECUTED	Predigitize for payment card must be executed
PAYMENT_IBAN_PREDIGITIZE_NOT_EXECUTED	Predigitize for payment IBAN must be executed
CLIENT_UNAUTHORIZED	Client of the API is unauthorized
USER_UNAUTHORIZED	User is unauthorized
CANT_FIND_USER	Cannot find user
CANT_FIND_DEVICE	Cannot find device
CANT_FIND_IBAN	Cannot find payment IBAN
CANT_FIND_CARD	Cannot find payment card
CANT_FIND_PAYMENT_TOKEN	Cannot find payment token
OPERATION_NOT_SUPPORTED	Requested operation is not supported
OPERATION_NOT_ALLOWED	Requested operation is not allowed
DEVICE_TEMPORARILY_LOCKED	Device is temporarily locked
DEVICE_PERMANENTLY_LOCKED	Device is permanently locked
INVALID_PAN	The PAN format is not valid, or other data associated with the PAN was incorrect or entered incorrectly
MISSING_EXPIRY_DATE	The expiry date is required for this product but was missing
PAN_INELIGIBLE	The PAN is not in an approved account range for TSP
DEVICE_INELIGIBLE	The device is not supported for use
PAN_INELIGIBLE_FOR_DEVICE	The PAN is not allowed to be provisioned to the device because of Issuer rules
IBAN_INELIGIBLE	The financial account does not have an associated account range in TSP
PARALLEL_REQUESTS_ATTEMPTS	Action is already processing. Please try again after the time included in headers
INVALID_JWS_TOKEN	Specified JWS token is invalid

Reason	Description
INVALID_SECURITY_CODE	Security code is empty
INVALID_LANGUAGE_CODE	Language code is empty
INVALID_PAYMENT_INSTRUMENT_ID	Payment instrument id is empty

Reason	Description
PUSH_INVALID_SOURCE	Relates to push processing process. Push message should be consumed in another module
PUSH_INVALID_PUSH_CONTENT	Cannot process push message. The message is invalid or some process failed
PAYMENT_INSTRUMENT_DEFAULT_NOT_FOUND	Cannot find default PaymentInstrument
PAYMENT_INSTRUMENT_NOT_FOUND	Selected PaymentInstrument cannot be found, is not digitized or active
APPLICATION_PROCESS_NOT_KILLED	Occurs when after using the reset method, there is a try of using any of the facade methods without previously stopping the application process

Parameter	Type	Description
id	String	Id of payment instrument. For card it is cardId, for IBAN sha256Hex. In the context of the External Wallet Server use tokenUniqueReference from MDES
paymentTokenId	String	Id of payment token. Used for getting transactions history (see Mobile DC documentation) only for selected token id
displayablePanDigits	String	Token last 4 digits which can be used to display
paymentInstrumentStatus	PaymentInstrumentStatus	Enum with status of payment instrument.
contactlessSupported	Boolean	Information if payment instrument supports contactless transactions.
dsrpSupported	Boolean	Information if the payment instrument supports DSRP transactions.
qrcSupported	Boolean	Information if the payment instrument supports QR transactions.
onDeviceCvmSupported	Boolean	Information about supporting CVM on device.
credentialsCount	Int	Amount of credentials that can be used for payments.
isDefaultForContactlessPayment	Boolean	Information if payment instrument is default for contactless payments.
isDefaultForRemotePayment	Boolean	Information if payment instrument is default for remote payments.
additionalAuthenticationRequired	Boolean	Is additional authentication for payment token activation required. If true, available authentication methods can be obtained using getAdditionalAuthenticationMethods
tokenLastFourDigits	String?	Payment Token last four digits. Present only when multistep digitization is used(checkEligibility and digitize called separately).
paymentInstrumentExpirationDate	String?	Payment instrument expiry date in format MM/YY. Present only when multistep digitization is used(checkEligibility and digitize called separately).
paymentInstrumentLastFourDigits	String?	Payment instrument last four digits. Present only when multistep digitization is used(checkEligibility and digitize called separately).
productConfig	ProductConfig?	Payment Token configuration. Present only when multistep digitization is used(checkEligibility and digitize called separately).
provisioningStatus	String	Current state of provisioning process. One of: IN_PROGRESS - in case of waiting for onProvisioningSuccess(), SUCCESS - when token is provisioned.
paymentTokenExpirationDate	String?	Payment token expiry date in format MM/YY. Not present when External Wallet Server is enabled.

Field	Description
INACTIVE	Payment instrument is not active, it can not be used for transactions. The activation process depends on integration. Read the product overview for more information.
ACTIVE	Payment instrument is active and it can be used for transactions.
SUSPENDED	Payment instrument is suspended.
DELETED	Payment instrument is DELETED.
UNKNOWN	Payment instrument status is unknown.

Parameter	Type	Description
id	String	Identifier of additional authentication method
name	String	Method name. One of: OTP_TO_CARDHOLDER_NUMBER, OTP_TO_CARDHOLDER_EMAIL, CARDHOLDER_TO_CALL_CUSTOMER_SERVICE, CARDHOLDER_TO_VISIT_WEBSITE, CARDHOLDER_TO_USE_ISSUER_MOBILE_APPLICATION, ISSUER_TO_CALL_CARDHOLDER_NUMBER
value	String	Value depends on method name. Described below.
issuerParameters	AuthMethodsIssuerParameters?	Non null if method is CARDHOLDER_TO_USE_ISSUER_MOBILE_APPLICATION

Method	Value	Description
`OTP_TO_CARDHOLDER_NUMBER`	Masked phone number	Text message to Account holder’s mobile phone number. The value will be the Account holder’s masked mobile phone number.
`OTP_TO_CARDHOLDER_EMAIL`	Masked email	Email to Account holder’s email address. The value will be the Account holder’s masked email address.
`CARDHOLDER_TO_CALL_CUSTOMER_SERVICE`	Phone number	Account holder-initiated call. The value will be the phone number for the Account holder to call Customer Service.
`CARDHOLDER_TO_VISIT_WEBSITE`	Website URL	Account holder to visit a website. The value will be the website URL.
`CARDHOLDER_TO_USE_ISSUER_MOBILE_APPLICATION`	Application name	(Conditional) Issuer’s mobile app name. The method is available for both MDES and VTS but the value will be presented only for VTS.
`ISSUER_TO_CALL_CARDHOLDER_NUMBER`	Masked phone number	Issuer-initiated voice call to Account holder’s phone. The value will be the Account holder’s masked voice call phone number.

Parameter	Type	Description
mdes	AuthMethodsIssuerParametersMdes?	Plain AuthMethodsIssuerParametersMdes object, required for MDES Payment Token
vts	AuthMethodsIssuerParametersVts?	Required for VTS Payment token

Parameter	Type	Description
android	AuthMethodsIssuerParametersMdesAndroid	Plain AuthMethodsIssuerParametersMdesAndroid object. Required for Android device
ios	AuthMethodsIssuerParametersMdesIos	Plain AuthMethodsIssuerParametersMdesIos object. Required for IOS device

Parameter	Type	Description
action	String?	Name of the action to be performed
packageName	String?	The package name of the issuer's mobile app
extraTextValue	String?	Contains the data to be passed through to the target app in the intent as an extra key/value pair with key ‘android.intent.extra.TEXT’. This is Base64-encoded data of a JSON object of the MobileAppActivationParameters. This object is not described since the whole payload is passed to the issuer app

Parameter	Type	Description
deepLinkingUrl	String?	The deep linking URL of the issuer’s iOS mobile app. This identifies the app that the URL will resolve to. If the app is not installed on the user’s device, this URL can be used to open a link to the appropriate iOS app store for the user to download and install the app.
extraTextValue	String?	Contains the data to be passed through to the target app in the deep linking URL as a query parameter. It should be appended to the deepLinkingUrl when invoked in the format: deepLinkingUrl + ‘?extraTextValue=’ + extraTextValue. This is Base64-encoded data of a JSON object of the MobileAppActivationParameters. This object is not described since the whole payload is passed to the issuer app.

Parameter	Type	Description
android	AuthMethodsIssuerParametersVtsAndroid?	Plain AuthMethodsIssuerParametersVtsAndroid object. Required for Android devices
ios	AuthMethodsIssuerParametersVtsIos?	Plain AuthMethodsIssuerParametersVtsIos object. Required for IOS devices

Parameter	Type	Description
currencyCode	ByteArray	Code of currency, that was used in transaction. Formatted in ISO 4271.
amount	ByteArray	Transaction amount in bytes. Can be formatted as Int in pennies.
transactionRange	ContactlessTransactionRange	Type of transaction range.
richTransactionType	ContactlessRichTransactionType	Rich transaction type.
merchantAndLocation	ByteArray	Merchant and location data from terminal. Can be formatted as String, by using UTF_8 Charset.

Value
PURCHASE
REFUND
CASH
TRANSIT
PURCHASE_WITH_CASHBACK
UNKNOWN

Parameter	Type	Descruption
amount	Long	Transaction amount
currencyCode	Int	Code of currency, that was used in transaction.
countryCode	Int	Code of country.
issuerCryptogramType	String	Cryptogram type.

Value	Description
WALLET_CANCEL_REQUEST	Indicates that the wallet has requested a transaction cancellation during payment.
CARD_ERROR	This indicates that a problem has been detected in the MChipEngine processing. In some implementations, this can indicate badly formatted card profile data.
TERMINAL_ERROR	This indicates incorrect terminal behavior.
NO_TRANSACTION_CREDENTIALS	There are no transaction credentials to finalize payment. The application should call replenish Credentials method to enable payment possibility.
NO_CARDS	There is no active PaymentInstrument to start payment. Called when no card is added to Wallet or SDK is cleared by Security Issue (onSecurityIssueAppeared event).
TERMINAL_INACTIVITY_TIMEOUT	There is a problem with communication between the terminal and payment device. For example, the terminal could abort communication with the mobile device for a long period of time and then trigger a timeout. Usually, a mobile device loses connection during payment due to a wrong or too short tap on the terminal. The application should ignore this status as SDK waits for connection establishment and it could produce getting duplicate callbacks during payment. Note: When user authentication is already provided it could be cleared - the application should handle card selection (if a non-default card is selected) and payment authentication again. Note: Deprecated in 2.6.7, no longer used due to time difference between connection lost and providing result to application. Replaced by CONNECTION_LOST which works immediatelly.
CONNECTION_LOST	Connection between terminal and device is lost and payment is terminated.

Parameter	Type	Description
appId	String?	Unique identifier for the application within the application store.
appUrl	String?	URL of the application in the application store.
intentUrl	String?	URL of banking app designed to respond to authentication code handling.
requestPayload	String?	The request payload is to be sent to the banking application on behalf of Visa. This field is opaque to wallet providers.

Value	Description
LVT	Low value transaction
HVT	High value transaction
UNKNOWN	Unknown

Field	Type	Description
clientTransactionId	String?	Identifier of transaction in TSP
type	String	The transaction type. One of: [UNKNOWN, PURCHASE, REFUND, PAYMENT, ATM_WITHDRAWAL, CASH_DISBURSEMENT, ATM_DEPOSIT, ATM_TRANSFER]
amountMinor	Long	The monetary amount in terms of the minor units of the currency. For example, `EUR 2.35' will return 235, and `BHD -1.345' will return -1345
currency	String	3-digit ISO 4217 currency code
timestamp	String	The date/time when the transaction occurred. In ISO 8601 extended format
merchantName	String?	The merchant (``doing business as'') name
merchantPostalCode	String?	The postal code of the merchant
transactionCountryCode	String?	The country in which the transaction was performed. Expressed as a 3-letter (alpha-3) country code as defined in ISO 3166-1
comboCardAccountType	String?	An indicator if Credit or Debit was chosen for a tokenized combo card at the time of the transaction. One of: [UNKNOWN, CREDIT, DEBIT]
issuerResponseInformation	String?	Additional information is provided by the issuer for a declined transaction. Only returned if the transaction is declined. One of: [UNKNOWN, INVALID_CARD_NUMBER, FORMAT_ERROR, MAX_AMOUNT_EXCEEDED, EXPIRED_CARD, PIN_AUTHORIZATION_FAILED, TRANSACTION_NOT_PERMITTED, WITHDRAWL_AMOUNT_EXCEEDED, RESTRICTED_CARD, WITHDRAWL_COUNT_EXCEEDED, PIN_TRIES_NUMBER_EXCEEDED, INCORRECT_PIN, DUPLICATE_TRANSMISSION]
status	String	The authorization status of the transaction. One of: [AUTHORIZED, DECLINED, CLEARED, REVERSED]
paymentTokenId	String	Identifier of payment token in VCP

Parameter	Type	Description
currencyNumber	Int	Currency number assigned to the currencyCode in ISO 4271 e.g.: for PLN is 985.
currencyCode	String?	Code of currency, that was used in transaction formatted in ISO 4271. e.g.: PLN Could be null as the terminal provides only the currencyNumber and a valid code could be not found.
amountMinor	Long	The monetary amount in terms of the minor units of the currency. For example, `EUR 2.35' will return 235,
transactionRange	ContactlessTransactionRange	Type of transaction range.
richTransactionType	ContactlessRichTransactionType	Rich transaction type.
merchantAndLocation	String	Merchant and location data from terminal. Deprecated - field shouldn't be used as it could be not configured in terminal configuration or provides invalid data.

Parameter	Type	Description
name	String	Action name
description	String	Action details message.
isSuccess	Boolean	Result of action. True when action is finished successfully, false otherwise.
timestamp	Long	Time when the action occurred.
errorMessage	String?	Detailed error message when isSuccess is false.

Value	Description	Is success on MPA side
AUTHORIZE_ONLINE	This indicates that the SDK returned an ARQC cryptogram using valid credentials and the POS will send the transaction online for authorization. The SDK is not informed whether or not the issuer actually approved or declined the transaction since this information is only returned to the terminal. Should be treated as transaction success on the MPA side.	Yes
AUTHENTICATE_OFFLINE	This indicates that the POS requested a decline (AAC) with a CDA signature. SDK will have returned a cryptogram using valid credentials and the POS can authenticate the card offline using the CDA signature. Typically a POS will request a decline when it simply wants to authenticate that a legitimate digital card is being used without requesting any authorization. Should be treated as transaction success on the MPA side.	Yes
DECLINE_BY_TERMINAL	The POS has requested a decline without a CDA signature. This may correspond to a real decline by the terminal, or (in rare cases) to an online authentication request. Paying on the terminal with offline-only network connectivity can also return this callback. Application Cryptogram was generated with genuine credentials. Should be treated as transaction success on the MPA side.	Yes
DECLINE_BY_CARD	The digitized card has declined the transaction. A non-exhaustive list of possible reasons may be: Context mismatch between first and second tap Terminal is offline-only Terminal is a transit gate, and transit transactions are not allowed by the card profile Transaction is international, while the card profile is domestic-only	No
WALLET_ACTION_REQUIRED	If the getFinalDecisionForTransaction returns an AUTHENTICATION_REQUIRED status then this result will be returned. The SDK will have declined the transaction but requested that the POS should keep the context active for a subsequent tap. If the POS does not support mobile devices then the merchant may need to repeat the transaction with the same amount so that the second tap can take place.	No

Metod	Parameter	Description	Validation conditions
withApplication	Application	Application context.	Not empty
withCvmModel	WalletCvmModel (enum)	Customer Verification Method: CDCVM_ALWAYS, FLEXIBLE_CDCVM, CARD_LIKE	Not empty
withUserAuthMode	WalletAuthMode (enum)	User authentication mode: WALLET_PIN, CUSTOM, NONE Contact Verestro to select proper configuration	Not empty
withUcpPaymentInstrument EventListener	UcpPaymentInstrument EventListener	Global listener for actions on PaymentInstrument.	Not empty
withUcpTransaction EventListener	UcpTransactionEventListener	Deprecated - use MobileDcApiConfigurationBuilder.withOptionalMobileDcTransactionEventListener from MDC SDK instead. Global listener for actions during transaction processing	Not empty
withTransactionAcceptance EventListener	UcpTransactionAcceptance EventListener	Global listener which allow application take final decision about transaction acceptance during transaction	Not empty
withReplenishThreshold	Int	Number of credentials below which replenish process will automatically begin	Not empty
withMcbpPinningCertificates	List<String>	List of public key certificates in PEM format. Pass list with empty String if withOptionalUcpMcbpHttpExecutor mentioned below is used with custom HTTP communication.	Not empty List
withOptionalEventsReports	UcpEventReportListener	Global listener for most important internal SDK actions related to token management. Could be useful for logs grabbing and debugging on debug.	Optional
withOptional ExternalWalletServer	Boolean	Prepares SDK for using external wallet server.	Optional
withOptional UcpMcbpHttpExecutor	UcpMcbpHttpExecutor/ DefaultUcpMcbpHttpExecutor	Global listener for connection between SDK and MasterCards API. Could be use for adding action before connection - use DefaultUcpMcbpHttpExecutor or for completely replace this connection - use UcpMcbpHttpExecutor.	Optional
withOptional UcpReProvisionEventListener	UcpReProvisionEventListener	Global listener for actions during reprovisioning.	Optional
withOptional UcpTransactionConfiguration	UcpTransactionConfiguration	Transaction configuration. Allow to enable deprecated authentication timer called when authentication is peformed. Timer is disabled by default, usage is not recomended.	Optional
withOptionalWalletMcbpHttpExecutor	Boolean	Prepares SDK for processing CMS-D HTTP requests with Wallet Server proxy.	Optional

Method name	Parameters	Description
onProvisioning Success	paymentInstrument: PaymentInstrument	Method called after provisioning process. Information about PaymentInstrument activation process will be provided in onPaymentInstrumentStatusChanged callback described below
onProvisioning Failure	errorMessage: String?, exception: Exception?	Method called after provisioning failure. Try processing digitization again
onReplenish Success	paymentInstrument: PaymentInstrument numberOfTransactionCredentials: Int	Method called after successfully transaction credentials replenish. Provides information about PaymentInstrument and number of new transaction credentials. Depending on flow is called after activation process and when requested by SDK based on replenishThreshold configuration. Note: Replenish could be called just after transaction based on withRplenishThreshold configuration. It's recommended to not do complex process here. It could affect on next transaction processing time when multiple transactions are done in row
onReplenish Failure	paymentInstrument: PaymentInstrument, errorMessage: String?, exception: Exception?	Method called after replenish failure with PaymentInstrument Note: Replenish could be called just after transaction based on withRplenishThreshold configuration. It's recommended to not do complex process here. It could affect on next transaction processing time when multiple transactions are done in row
onPayment Instrument StatusChanged	newStatus: PaymentInstrument Status paymentInstrumentId: String	Provides information about PaymentInstrumentStatus state (check model) for selected payment instrument id
onNewTransaction	newTransaction: NewTransaction	Provides online result with details of transaction processed in VCP Works only when application is online

Method name	Parameters	Description
onAuthRequired ForContactless	paymentInstrument: PaymentInstrument, transactionInformation: ~~ContactlessTransactionInformation~~ transactionData: ContactlessTransactionData	Called when user authentication is required during contactless transaction ContactlessTransactionInformation is deprecated in version 2.2.4.
onAuthRequired ForDsrp	paymentInstrument: PaymentInstrument, dsrpTransactionInfo: DsrpTransactionInfo	Called when user authentication is required during Dsrp transaction
onAuthTimer Updated	secondsRemaining: Int	Called on every update of remaining time for performing transaction, as SDK starts transaction timer based on card profile configuration. Note: Deprecated and disabled by default in version 2.6.7. To enable use configuration avaialble in SDK setup::withOptionalUcpTransactionConfiguration.
onContactless PaymentStarted	-	Called on very beginnging of every transaction start (SELECT_PPSE APDU command). E.g. first tap to terminal or second tap if onAuthRequiredForContactless method was called. Locks communication until method is finished. Method duration directly impacts on transaction time.
onContactless Payment Completed	paymentInstrument: PaymentInstrument transactionInformation: ~~ContactlessTransactionInformation~~ transactionResult: ContactlessTransactionResult transactionData : ContactlessTransactionData	Called when transaction is completed with information about transaction and result. ContactlessTransactionInformation is deprecated in version 2.2.4.
onContactless Payment Incident	paymentInstrument: PaymentInstrument, exception: Exception	Called when something went wrong during transaction and Mastercard marked transaction as incident
onContactless Payment Aborted	paymentInstrument: PaymentInstrument?, abortReason: TransactionAbortReason, exception: Exception	Called when transaction is aborted during payment from some reason described in method parameter PaymentInstrument could be null if abortReason = TransactionAbortReason.NO_CARDS is returned. Note: SDK clears passed selected card with method selectForPayment() and authentication with setUserAuthenticatedForPayment()
onTransaction Stopped		Method called on transaction stopped by SDK. Deprecated in version 2.6.7, no longer used.

Parameter	Type	Description	Validation conditions
paymentInstrumentId	String	Id of PaymentInstrument to delete	Not empty.
reason	CharArray?	Optional reason of deletion

Token Requestor

Introduction

Intro slides

Card Tokenization

Implementation Steps

Architecture

Overview

Benefits of Payment Token

MCBP Introduction

MCBP High Level Architecture

MCBP Key Components

Description

Wallet Types

Implementation Models

Architecture

Server Components

Deployment Models

Wallet Server

Wallet Admin Panel

Mobile Components

Wallet SDK

Requirements

Security

Remote Notification Service

Access

Configuration

User Experience for Contactless Transactions

CDCVM Types

Mobile PIN CDCVM

Locally-verified CDCVM

CVM Models

Always CVM

Flexible CVM

Card-like CVM

Lost & Stolen Options

Transit Transactions

Tokenization/Digitization

Digitization decisions

Main processes

User and cards registration into wallet server

Pairing device for particular user by trusted identity

Digitization of the card

Digitized card profile provisioning on the device

Transaction credentials replenishment

Payment

Payment history(Optional)

Main steps and implementation

Use Cases

Wallet Server LC API Initiated

User with Card Registration

Card Reissuing

User Deletion

Card Deletion

Wallet SDK Initiated

Wallet SDK Setup

Pair Device on Wallet Server

Pair Device By Trusted Identity

Card Digitization

Card Digitization Ways

Card Digitization Ways - One Step

Card Digitization Ways - Multi step

Card Digitazation Outcomes

APPROVED

DECLINE

REQUIRE_ADDITIONAL_AUTHENTICATION

Card Digitization Activation

Handle Message From Server

Update RNS Token

Profile Provisioning

Getting Asset

Transaction Credentials Replenishment

Transaction Credentials - Automatic Replenishment

Transaction Credentials - Initial Replenishment

Transaction Credentials - Manual Replenishment

Transacting

Contactless Transaction

E-commerce transaction

Transaction Processing

Setting Defaults for Payment

Login On Wallet Server

Parameter	Type	Description
paymentInstrumentId	String	Identifier of payment instrument
paymentInstrumentType	PaymentInstrumentType	Payment instrument type. One of: [MASTERCARD]
userLanguage	String	User language
userCountry	String	User country

Parameter	Type	Description
paymentInstrument	PaymentInstrument	Plain object of PaymentInstrument
additionalAuthenticationMethods	List<AdditionalAuthenticationMethod>?	All available additional authentication method
productConfig	ProductConfig	Plain object of ProductConfig, contains Payment Token configuration
externalPaymentTokenId	String?	Optional. External payment token id configured by the consumer. In case of identifier duplicate an random id is generated

Parameter	Type	Description
isCoBranded	Boolean	Whether the product is co-branded
coBrandName	String?	Name of the co-branded partner
foregroundColor	String	Foreground color, used to overlay text on top of the card image
backgroundColor	String	Background color, used to overlay text on top of the card image
labelColor	String?	Label color of the mobile wallet entry for the card
issuerName	String	Name of the issuing bank
shortDescription	String	A short description for this product
longDescription	String?	A long description for this product
custoremServiceUrl	String?	Customer service website of the issuing bank
customerServiceEmail	String?	Customer service email address of issuing bank
customerServicePhoneNumber	String?	Customer service phone number of the issuing bank
productConfigIssuer	ProductConfigIssuer?	Contains one or more mobile app details that may be used to deep link from the Mobile Payment App to the issuer mobile app
onlineBankingLoginUrl	String?	Login URL for the issuing bank's online banking website
termsAndConditionsUrl	String?	URL linking to the issuing bank's terms and conditions for this product
privacyPolicyUrl	String?	URL linking to the issuing bank's privacy policy for this product
issuerProductConfigCode	String?	Freeform identifier for this product configuration as assigned by the issuer
contactName	String?	Name of the issuing bank
bankAppName	String?	Name of banking application for display
bankAppAddress	String?	The package name for the destination mobile application
unsupportedPresentationTypes	String?	The presentation types that are not supported such as "MSR" (for example). This is an advisory field to tell the wallet provider that they should not include the unsupported presentation type returned in this field in the provisioning request
unsupportedCardVerificationTypes	String?	The card verification types that are not supported such as "AVS" (for example). This is an advisory field to let the wallet provider know which card verification services are not supported for a given payment instrument. The wallet provider can use this information to relax any field validations on the Customer UI (such as Address)
issuerFlags	List<ProductConfigIssuerFlags>?	List of plain ProductConfigIssuerFlags object. Contains issuer flags
brandLogoAssetId	String	The Mastercard or Maestro brand logo associated with this card. Provided as an Asset ID
issuerLogoAssetId	String	The logo of the issuing bank. Provided as a Asset ID
coBrandLogoAssetId	String?	The co-brand logo (if any) for this product. Provided as an Asset ID
cardBackgroundCombinedAssetId	String?	The card image used to represent the digital card in the wallet. This ‘combined’ option contains the Mastercard, bank and any co-brand logos. Provided as an Asset ID
cardBackgroundAssetId	String?	The card image used to represent the digital card in the wallet. This ‘non-combined’ option does not contain the Mastercard, bank, or cobrand logos. Provided as an Asset ID
iconAssetId	String	The icon representing the primary brand(s) associated with this product. Provided as an Asset ID

Parameter	Type	Description
openIssuerAndroidIntent	ProductConfigOpenIssuerAndroidIntent?	AndroidIntent object can be used to open the issuer mobile app
activateWithIssuerAndroidIntent	ProductConfigActivateWithIssuerAndroidIntent?	AndroidIntent object can be used to open the issuer mobile app
openIssuerIOSDeepLinkingUrl	ProductConfigOpenIssuerIOSDeepLinkingUrl?	IOSDeepLinkingUrl object can be used to open the issuer mobile app
activateWithIssuerIOSDeepLinkingUrl	ProductConfigActivateWithIssuerIOSDeepLinkingUrl?	IOSDeepLinkingUrl object can be used to open the issuer mobile app

Parameter	Type	Description
action	String	The name of the action to be performed. This is a fully qualified name including the package name in order to create an explicit intent
packageName	String	The package name of the issuer’s mobile app. This identifies the app that the intent will resolve to. If the app is not installed on the user’s device, this package name can be used to open a link to the appropriate Android app store for the user to download and install the app
extraTextValue	String	Contains the data to be passed through to the target app in the intent as an extra key/value pair with key ‘android.intent.extra.TEXT’. This is Base64-encoded data of a JSON object

Parameter	Type	Description
deepLinkinUrl	String	The deep linking URL of the issuer’s iOS mobile app. This identifies the app that the URL will resolve to. If the app is not installed on the user’s device, this URL can be used to open a link to the appropriate iOS app store for the user to download and install the app
extraTextValue	String	Contains the data to be passed through to the target app in the deep linking URL as a query parameter.It should be appended to the deepLinkingUrl when invoked in the format: deepLinkingUrl + ‘?extraTextValue=’ + extraTextValue. This is Base64-encoded data of a JSON object

Parameter	Type	Description
deviceBinding	Boolean	Device binding
cardholderVerification	Boolean	Whether the issuer participating in step-up flow
trustedBeneficiaryEnrollment	Boolean	Whether this is a trusted beneficiary enrollment
delegateAuthenticationSupported	String	Whether issuer supports delegated authentication

Parameter	Type	Description	Validation conditions
paymentInstrumentId	String	Id of instrument to retrieve	Not empty
refresh	Boolean	Refresh selected PaymentInstrument state with remote VCP server (network required)

Parameter	Type	Description
(DEPRECATED) cloudDigitizationSuccess	Boolean	Cloud Token Digitization Details
result	CloudDigitizationResult	Cloud Token Digitization Details. One of: SUCCEED, FAILED, DISABLED, UNKNOWN

Parameter	Type	Description
accountNumber	CharArray	Primary Account Number for the transaction – this is the Token PAN
dynamicExpiryDate	CharArray	Dynamic expiration date for the token. Expressed in YYMM format
dynamicCVC	CharArray	Dynamic CVC