Overview

Identity verification (ID&V) is the process of confirming that an individual or entity is legitimate. In mobile payments, ID&V ensures that only the rightful cardholder can add their payment card to a digital wallet.

The App-to-App ID&V service is an ID&V method supported by Samsung Pay for verifying the customer's identity for new card enrollment. When a customer is in the Samsung Wallet app, wanting to enroll a new card, Samsung Wallet launches the card issuer app asking the issuer to verify that the card belongs to the customer.

During the verification process, a token that Samsung Wallet has created for the card is activated. There are 2 ways to activate the token after the customer has been verified:

  • Use your backend server to call the token service provider directly.
  • Use your backend server to generate an authorization code and let Samsung Wallet handle the activation with the code.

The following sections provide all the information you need to integrate App-to-App ID&V:

User experience

The following figure illustrates the user experience of being verified by App-to-App ID&V as part of the Samsung Wallet app's card enrollment process.

User experience

  1. In the Samsung Wallet app, the customer selects the type of card they want to enroll.

  2. The customer provides the card details manually or through Near Field Communication (NFC), and agrees to the terms of service.

  3. The customer selects the verification method they want to use.

  4. The Samsung Wallet app opens the issuer app where the customer logs in and activates the card for future use in online purchases.

  5. The Samsung Wallet app displays the enrolled card.

Service flow

The following diagram illustrates the overall App-to-App ID&V flow.

App-to-App ID&V flow

  1. The customer accepts the Samsung Wallet app's terms and conditions.
  2. Samsung Wallet sends a token provisioning request to Samsung Token Requestor.
  3. Samsung Token Requestor sends a token provisioning request to the token service provider (TSP).
  4. The TSP returns the data related to the customer's identity verification to Samsung Token Requestor.
  5. Samsung Token Requestor sends the identity verification options to Samsung Wallet.
  6. The Samsung Wallet app displays the identity verification options to the customer.
  7. The customer selects the Open banking app option.
  8. Samsung Wallet requests app-to-app data from Samsung Token Requestor.
  9. Samsung Token Requestor returns the app-to-app data to Samsung Wallet.
  10. The Samsung Wallet app launches the issuer app with Android intent and the issuer app authenticates the customer.
  11. If the card token is activated by the card issuer - start
    The issuer app requests the issuer server to activate the token.
  12. The issuer server contacts the TSP for the activation.
  13. The TSP activates the token and notifies Samsung Token Requestor of the token status.
  14. Samsung Token Requestor notifies Samsung Wallet of the token status.
  15. The issuer app returns the identity verification result to Samsung Wallet, and the Samsung Wallet app notifies the customer that the card enrollment is complete.
    If the card token is activated by the card issuer - end
  16. If the card token is activated by Samsung Wallet - start
    The issuer app requests the issuer server for an authorization code.
  17. The issuer server returns the authorization code to the issuer app.
  18. The issuer app returns the identity verification result and the authorization code to Samsung Wallet.
  19. Samsung Wallet sends the authorization code to Samsung Token Requestor.
  20. Samsung Token Requestor sends the authorization code to the TSP.
  21. The TSP activates the token and notifies Samsung Token Requestor of the token status.
  22. Samsung Token Requestor notifies Samsung Wallet of the token status, and the Samsung Wallet app notifies the customer that the card enrollment is complete.
    If the card token is activated by Samsung Wallet - end