Cardholder individual enrollment walkthrough
Steps in Cardholder individual enrollment via the SDK
1. Customer Introduction
The first stage we recommend in any card enrollment journey is to clearly outline to your customers the scope of the data sharing they are about to consent to and any important information about how their data will be used.
This step improves user conversion by providing a feeling of trust and security.
2. Card Data Collection
The second stage of the card-linking journey requires the collection of card data and consent. It is at this stage that a user provides you with their sensitive data and opts into the terms of the data-sharing arrangement explicitly.
3. Card verification
As mentioned in Cards, Subscriptions, and Verifications, this is the expected 3DS card verification flow:
-
Device fingerprint is collected;
-
Device fingerprint is transmitted to the issuer's Access Control System (ACS)
-
Depending on the issuer's response, a (3DS) challenge is required
-
If the fingerprint is determined low risk, this skip is stepped. (Risk Assessment factors in Cards, Subscriptions, and Verifications)
-
If the fingerprint is approved but deemed higher risk, the challenge is initiated
-
If the fingerprint fails, it is usually due to a lost/stolen card, an inactive card, or a card that is otherwise unable to transact.
-
This is the general verification flow.
4. Success & Completion
Once the cardholder has successfully provided the challenge data to their issuer, the user is presented with a success screen.
Consent
What is Card Holder Consent?
Cardholder consent refers to the approval a cardholder gives to allow their transaction data to be accessed and used by third parties like Astrada. This consent is essential for complying with card network requirements and ensuring data security.
Why We Collect Consent
Contractual Requirement from Card Networks
Card networks mandate obtaining cardholder consent to ensure that their transaction data is shared responsibly and ethically.
Through Astrada's SDK, cardholders can opt-in and authorize the sharing of their data. This opt-in process is crucial for Astrada and our customers to access such data legitimately.
Data Security and Best Practices
Collecting consent ensures that sensitive cardholder data is not accessed or shared inappropriately, adhering to stringent data security standards.
How We Collect Consent
Astrada initiates the consent collection process when a customer enrolls a card for the first time.
Consent is gathered through a clear and conspicuous request, ensuring the cardholder is fully informed and has the freedom to either consent or refuse. The request will explain the purpose of data collection and the specifics of how data will be used.
We use consent language approved by card networks to ensure uniformity and compliance. This language is integrated into our card enrollment SDK by default.
Cardholders must agree to Network-specific and Astrada-specific terms separately, ensuring clarity and compliance with privacy laws.
Upon receiving affirmative opt-in consent, Astrada verifies the identity of the cardholder to ensure the consent is valid and associated with the correct individual.
We maintain detailed records of consents, including date and time stamps, to comply with legal requirements and for audit purposes.
By integrating with Astrada, our customers ensure that all data is fully compliant with both legal and network requirements.
Updated about 1 month ago