To verify their payment card in the Samsung Wallet application, the user must accept the terms and conditions, after which Samsung Wallet initiates token provision through the Samsung Token Requestor (TR) from the Trust Service Provider (TSP). The TSP provides Samsung Wallet with the available ID&V methods and the data needed to perform user verification through your application.
When the user selects “Open banking app” in Samsung Wallet, an Android activity launches your application through an intent. The intent contains information from the TSP server.
You can implement app-to-app ID&V support in your banking application in 2 ways:
- Token activation through bank server
After user verification, the token is activated through your bank’s backend and TSP APIs. - Token activation through Samsung Wallet application
After user verification, your bank server returns an authorization code to Samsung Wallet, which is used to activate the token the Samsung TR and TSP.
The following figure shows the app-to-app ID&V process flow.
Launch the application
To launch your application, the Samsung Wallet application calls the startActivityForResult() method, providing the following intent data from the TSP server:
-
Package name of your application
-
Intent action, whose specific name depends on the TSP
-
Additional data in the Intent.EXTRA_TEXT key, depending on the card type:
- Mastercard: A Base64-encoded JSON object with the following elements: paymentAppProviderId, paymentAppInstanceId, tokenUniqueReference, accountPanSuffix, and accountExpiry
- Visa: An encrypted JSON payload including PAN ID, TR ID, token reference ID, last 4 digits of PAN, device ID, and wallet account ID
Intent data is generated with the getApp2AppIntent() method in the Samsung Wallet application:
public Intent getApp2AppIntent() {
Intent app2appIntent = new Intent();
app2appIntent.setPackage(packageName);
app2appIntent.setAction(action);
if(!TextUtils.isEmpty(extraText)) {
app2appIntent.putExtra(Intent.EXTRA_TEXT, extraText);
}
return intent;
}
Note
: For information about the data in the Intent.EXTRA_TEXT key, refer to the card network’s own specifications. The Samsung Wallet application only transfers the data to your application for handling.
Process the ID&V request
To enable your application to handle the intent data transmitted from the Samsung Wallet application, in your “AndroidManifest.xml” file, define an activity with the intent action used by the TSP:
<activity android:name="App2AppIdnvActivity">
<intent-filter>
<action android:name="com.bank.mobileapp.action.LAUNCH_A2A_IDV"/>
<category android:name="android.intent.category.DEFAULT"/>
</intent-filter>
</activity>
When your application is called by Samsung Wallet, start the activity to process the ID&V request. The data passed by the intent can be processed through your backend server along with other data that the application already has, such as user and account information.
If user verification is successful, you can activate the token by calling the TSP API.
Return to Samsung Wallet
After the user has completed verification, your application must direct the user back to Samsung Wallet using the Activity.setResult(resultCode, resultIntent) method.
If the value of resultCode is RESULT_OK, the resultIntent object must contain extra bundle data.
- The STEP_UP_RESPONSE key must have one of the following values depending on the scenario:
Intent result = new Intent();
// Authentication successful
result.putExtra("STEP_UP_RESPONSE", "accepted");
// Authentication failed; do not add the user’s card
result.putExtra("STEP_UP_RESPONSE", "declined");
// Authentication failed; allow user to retry or select another ID&V method
result.putExtra("STEP_UP_RESPONSE", "failure");
// Authentication failed because the application was not ready
result.putExtra("STEP_UP_RESPONSE", "appNotReady");
activity.setResult(RESULT_OK, result);
- To use an authentication code to activate the token in Samsung Wallet, you must also include the ACTIVATION_CODE key-value:
Intent result = new Intent();
result.putExtra("STEP_UP_RESPONSE", "accepted");
result.putExtra("ACTIVATION_CODE", authCode);
activity.setResult(RESULT_OK, result);
Otherwise, the value of resultCode is RESULT_CANCEL, when the user has canceled the operation:
Intent result = new Intent();
activity.setResult(RESULT_CANCEL);