Implement identity verification

To implement identity verification (ID&V) with App-to-App ID&V:

  1. Enable your app to be launched by the Samsung Wallet app.
  2. Process the verification request.
  3. Activate the token or retrieve the authorization code.
  4. Return the verification result to Samsung Wallet.

Enable your app to be launched by the Samsung Wallet app

The Samsung Wallet app uses an Android intent to launch your app for identity verification. When the customer taps Open banking app in the Samsung Wallet app, the app invokes the startActivityForResult() method with an intent.

To enable the Samsung Wallet app to launch your app, declare an activity and its intent filter in your AndroidManifest.xml. The intent filter must include the action name agreed with your token service provider and the CATEGORY_DEFAULT category:

<activity android:name="App2AppIdvActivity">
  <intent-filter>
    <action android:name="<your-action-name>" />
    <category android:name="android.intent.category.DEFAULT" />
  </intent-filter>
</activity>

Process the verification request

When your app is launched by the Samsung Wallet app:

  1. Samsung Wallet passes ID&V-related data obtained from the card network into your activity through the launching intent. Extract this data from the intent’s extras using the EXTRA_TEXT key.

    The data passed in the intent depends on the card network:

    • Mastercard: Base64-encoded JSON object that includes fields such as paymentAppProviderId, paymentAppInstanceId, tokenUniqueReference, accountPanSuffix, and accountExpiry
    • Visa: Encrypted JSON payload that includes the PAN ID, token requester ID, token reference ID, last 4 digits of the PAN, device ID, and wallet account ID

    For more details, see the card network's own specifications.

  2. Use the extracted data and your app's existing authentication methods, such as PIN code, one-time passcode (OTP), or biometrics, to identify the card and complete the identity verification.

Activate the token or retrieve the authorization code

If the identity verification succeeds, use one of the following options to activate the token that Samsung Wallet generated for the card:

  • Activate the token directly by calling your token service provider from your server.

  • Delegate token activation to Samsung Wallet. In this case, your server must generate an authorization code and return it to Samsung Wallet along with the verification result, as defined in the next section.

Return the verification result to Samsung Wallet

After the identity verification is complete, return the result and hand control back to Samsung Wallet by calling the Activity.setResult(resultCode, resultIntent) method:

  • If resultCode is RESULT_OK, the resultIntent object must include the following:

    • Samsung-defined status value that lets Samsung Wallet know how to proceed.

      Add the status value to the STEP_UP_RESPONSE key using the putExtra() method.

      The possible values are:

      • accepted: User verification succeeded. Samsung Wallet proceeds with card enrollment.
      • declined: Verification failed due to authentication errors. Samsung Wallet stops the enrollment process.
      • appNotReady: Verification failed because your app could not process the request. The Samsung Wallet app returns to the Verify card screen so the customer can try again or select another method.
      • failure: Verification failed due to other issues (such as internal errors). The Samsung Wallet app returns to the Verify card screen so the customer can try again or select another method.
    • Authorization code generated by your server (only needed if you delegate token activation to Samsung).

      Add the code value to the ACTIVATION_CODE key using the putExtra() method.

  • If resultCode is RESULT_CANCEL, the customer cancelled the flow and no resultIntent object is needed.

The following code snippet is an example of returning a success result:

Intent result = new Intent();
result.putExtra("STEP_UP_RESPONSE", "accepted");
// Only if the Samsung Wallet app activates the token:
// result.putExtra("ACTIVATION_CODE", authCode);

setResult(RESULT_OK, result);