Skip to content

Cards

The Cards tab was previously named Users

person person person person
System Administrators, Issuer Administrators, Business Administrators, Helpdesk Users

Cards tab

This section is used for registering and maintaining individual users or cards. You can search for users or cards; enable or disable users or cards; view user and card information (including the enrolment status); update user and card information; and pre-register new users or cards.

Info

Please see Upload Registration Files in the Issuers section for uploading card data for bulk registration or pre-registration of cardholders.

Note

This page will not be available for remote issuers.

Cards has the following sub menu options:

  • Find Card - for maintaining cards and card details

  • New Card - for adding new cards

  • Find User - for maintaining users and user details

  • New User - for adding new users

The first Cards page is Find Card.

Find Card

Cards > Find Card

This page allows you to access card related information by searching for cards based on name on card, card number, issuer, BIN, enrolment status, card status, device authentication enabled or disabled, pre-registration or registration date range.

Note

Finding a card using a card number is only possible if you enter the full card number. There is no partial number search or wild card search available.

Note

Search results display the first 400 cards only.

Note

An export function, which allows you to download lists, is available for the following:

  • Pre-registered cardholders for an issuer or issuer group, using the Confirmation Method

  • Cardholders for an issuer or issuer group using the Confirmation Method.

Although the display is limited to the first 400 cards for the selected issuer or issuer group, the full list can be downloaded when the Export link is selected.

Use the following fields to find cards to download a list of pre-registered cards:

Note

Only Issuers or Issuer Groups that are using the Confirmation Method can download a list of pre-registered cards.

  • Select an Issuer or Issuer Group

  • Select Pre-registered as the Enrolment Status.

  • Click the Search button

    The Search Result page will be displayed, showing the pre-registration date, in addition to the standard fields.

  • Click the Export button to download a file containing the relevant cardholder data.

Note

Exporting is only available to administrators with System Admin and Issuer Admin access level.

Use the following fields to find cards to download a list of cardholders:

Note

It is only possible to download a list of cardholders for Issuers or Issuer Groups that are using the Confirmation Method. Cardholders can be filtered by confirmation status and confirmation date.

  • Select an Issuer or Issuer Group

  • Select Registered as the Enrolment Status.

  • Click the Search button

    The Search Result page will be displayed, showing the pre-registration date, in addition to the standard fields.

  • Click the Export button to download a file containing the relevant cardholder data.

Note

Exporting is only available to administrators with System Admin and Issuer Admin access level.

Use the following fields to search for a particular card:

  • There are two options when searching for a card: by entering the card number or by entering the cardholder name (exactly as embossed on the card) and selecting the issuer from the drop down list.

  • Enter the cardholder's full Name on Card and select the Issuer of the card from the drop down list to view all matching records. The cardholder name is not case sensitive.

  • Enter the full Card number. Multiple search results are displayed when a card account has more than one cardholder.

  • Enter the full Authentication Method to show cards from only one authentication scheme. J/Secure, ProtectBuy, SafeKey, SecureCode and VbV schemes available.

  • Select the Issuer from the drop down list or select the Group from the drop down list.

  • Select the BIN from the drop down list.

  • Select the card's Enrolment Status from the drop down list. You can choose to search for All, Pre-registered, Registered, or Re-activated cards.

  • Select the card's Status from the drop down list. You can choose to search for enabled, disabled or locked cards.

  • Select to search for card for which Device authentication enabled or disabled. This allows you to limit the results for cards that support two-factor authentication over 3-D Secure or those that do not.

  • Select the Device type that has been registered for the Card from the drop down list. You can choose to search for VASCO, SMS, RSA, Email, CAP (M-Chip 4), or CAP (M-Chip 2).

  • Enter the Device serial number (unique device identifier) that has been registered for the Card.

  • Enter the card's record identifier (Card ID) to locate a specific record. This is used for advanced diagnostics where the record identifier is obtained directly from the database.

  • Specify an optional date range to limit search results based on the card's Pre-registration Date.

  • Specify an optional date range to limit search results based on the card's Registration Date.

  • Click the Search button.

The Search Result page will be displayed.

Card Search Result

Cards > Find Card > Search Result

Cards are listed according to the search criteria you entered on the Find Card page. You can select any card and delete, enable or disable them.

The search result page shows card number, name on card, expiry date, issuer enrolment status and card status. Expiry date is an optional field and is only displayed if it was provided at registration.

The card's enrolment status can be either pre-registered or registered.

The Search Result page may return multiple results for a single card number depending on whether this is an account with multiple cardholders or not. Card numbers with multiple cardholders can be distinguished based on the cardholder name.

Note

The issuer system uses the combination of card number and cardholder name (name on card) as the key identifier for authentication purposes.

Card numbers with different card names are treated independently and as such each cardholder can have their separate authentication data. This also means that enabling/disabling registration are handled separately. For example if you wish to completely remove a card from the issuer system, be sure to select and remove all cardholders.

You can browse to the card details page by following the link under Card Number or Name on Card.

Use the following steps to delete, enable or disable a card:

  • Choose one or more cards by clicking the Select checkbox adjacent to the Card Number

  • Click the appropriate button.

    A confirmation message will be displayed.

Use the following steps to select a card:

  • Click the Card Number hyperlink for the card you wish to view or edit details.

    The Card Details page is displayed.

Use the following steps to select all items that match the search criteria:

  • Click the box under the Select column to select or unselect all items. This allows you to perform the desired task on all selected items.

    You should note that all items matching the search criteria will be affected. This includes items displayed on other pages and even those omitted due to the large number of results (display of search results is limited to a maximum of 400 records).

Note

Important: If you are selecting a large number of records, you should remember that the operation can take a long time to complete and will generate an audit log record per affected item. Use this functionality on large number of records with diligence and where only strictly necessary.

Card Details

Cards > Find Card > Search Result > Card Details

The following card details can be viewed/ edited on this page:

  • Issuer

    Shows card's issuing bank and cannot be changed.

  • BINs - Displays a list of BINs assigned to the issuer. This field is for information only. Issuer BIN can be modified by an administrator with System Admin access level through System Management > Issuers > Issuer Details > BIN Management page.

  • Card ID - Unique card number, which cannot be changed.

  • Status - Can be Enabled, Disabled or Locked. A card is enabled when the cardholder is first enrolled.

    For security reasons, administration staff may temporarily disable a card.

    A card may also be locked by the system if multiple unsuccessful authentication attempts are detected.

    If the cardholder is enrolled and the card is disabled or locked, it cannot be used to make authenticated payments.

    If the cardholder is not enrolled, the enrolment process cannot be completed if the card is disabled.

    Cards that are locked by the system can be unlocked by administration staff or after a time-out period, as specified in the issuer settings. A card cannot be manually locked.

  • BIN status - Shows the BIN status, which is either Enabled or Disabled, indicating the availability of the 3-D Secure service for the card. Cards with a Disabled BIN cannot be enrolled, registered or authenticated.

  • Registration date - Displayed if cardholder is enrolled.

  • Enrolment - Shows the enrolment status, which is either registered or pre-registered, along with the Pre-registration and Registration date. If the Issuer is using the Confirmation method, the Confirmation status and Confirmation date will also appear in this section.

  • Authentication Method - Specifies the card's authentication scheme and cannot be changed. Currently SafeKey, ProtectBuy, J/Secure, SecureCode and Verified by Visa schemes are supported.

  • Card number - Full card number, partially masked.

Note

Please note that the card number must comply with the Luhn / mod 10 algorithm.

  • Name on Card - Cardholder name as specified on the card.

  • Expiry date - Card expiry date (MM/YYYY).

  • Device authentication (if enabled) - Drop down list shows the status of two-factor authentication for 3-D Secure as Enabled. Select Disabled to disable device authentication for this card and the drop down list will be removed once you click Apply.

    A card, for which device authentication is enabled, can use an authentication device in addition to the conventional 3-D Secure password as a second factor of authentication.

  • Number of ADS cancellations - Shows the number of times a cardholder has refused to complete activation during shopping by either opting out of ADS or cancelling the transaction.

  • ADS proof of attempts granted - Shows the number of times a cardholder has been granted proof of authentication attempt without being required to complete the activation during shopping process.

Note

Where Business Rules are being used and a rule has matched, this value is set to the maximum automatically and therefore the value may not be a true representation of the number of ADS proof of authentication attempts that have been granted to this cardholder.

  • Extended cardholder information - Each card is also associated with one or more authentication or data fields. The issuer determines the format and number of these fields. Extended cardholder information is only displayed if the system administrator enables this option in the Issuer Management section.

    For example a card may be accompanied by / associated with:

    • A PAM (Personal assurance message or the greeting message as required in VbV, J/Secure, ProtectBuy, SafeKey and SecureCode schemes)

    • An Internet PIN (for secure online transactions). Fields such as Internet PIN are always displayed masked.

    • Question and Answer fields used for Challenge and Response.

    • A user's authentication Password

  • Assigned Devices appears for cards for which device authentication is enabled and links to a Search Results page, which displays authentication devices assigned to this card.

  • Account History links to Account History details page, which shows actions affecting account status or the devices attached to the account.

  • Show Transactions links to the Search Results page, which displays all transactions for this card.

  • Generate Activation Code link allows the administrator to generate an activation code for a replacement device. The link is only shown if the card's primary device is marked as lost or damaged. The cardholder requires this activation code before they can complete linking the replacement device with an existing account.

Assigned Devices

Cards > Find Card > Search Result > Card Details > Assigned Devices

Assigned Devices displays all devices attached to the selected card. It enables you to assign a new device to a card, remove an assignment or change the status of assigned devices to Lost, Damaged or Temporarily disabled.

The following fields and links are displayed:

  • Device Management - links to the Device Management page for manually assigning a new or existing device to the card, or deleting an existing device.

The following fields and links are displayed for each assigned device:

  • Select checkbox - for selecting the device to use in conjunction with the Remove Assignment button or Delete button. To remove assignment of all devices, click the select checkbox in the column heading and then click the Remove Assignment button. To completely delete a previously registered device from the system, click the adjacent Select checkbox and then click the Delete button.

    If you select all devices a Warning dialog is displayed asking you to confirm that you want to remove all records that match the search criteria.

  • Device ID links to the Device Details page

  • Assign date - Date and time device was assigned

  • Serial Number - The unique device identifier

  • Device type - The type/make of the device such as VASCO, RSA, Email, CHIP, etc

  • Status - Active/Lost/Damaged/Temporarily disabled. An active device can be used in device authentication. If a device is reported lost, stolen, damaged, or temporarily disabled, it must be flagged accordingly. A lost or damaged device can no longer be used for authentication and the user must be issued with a new device. A temporarily disabled device allows administrators to generate a new backup token.

  • Mark as -

    • Lost - click to change the status of the selected device to lost.
    • Damaged - click to change the status of the selected device to damaged.
    • Temporarily disabled - click to change the status of the selected device to temporarily disabled.

  • Generate Backup Token link is only shown when the card's primary authentication device is marked as temporarily disabled. Providing the user with a backup token allows the user to continue using the service while they wait for the replacement authentication device to arrive.

    The application currently supports two mechanisms for generating backup tokens: a replacement password (the default) and SMS.

    A replacement password is a static password that can be used as the second factor of authentication for a limited time and for a limited number of times. Using a static password will not be as secure as using an authentication device. Administrators should only issue backup tokens if allowed by the issuer's security policy and if in line with the issuer's requirements for identifying a user.

    A more secure alternative is to use SMS as the backup token, if supported by the issuer device settings. This allows the admin to temporarily switch the user's authentication process to SMS authentication. The user will need to provide a mobile number to which the second factor of authentication will be sent via SMS.

    Note that the first SMS batch is not sent immediately. The SMS is sent when the user attempts to perform their next authentication. They may have to wait a few minutes, once they attempt to login next time, for the batch SMS to arrive. Once they receive the first batch SMS, they will continue to receive replacement batch SMS tokens when they use up all the numbers in their current batch.

Device Management

Device Management provides the option to manually assign a new or existing device to the card, or delete an existing device. This is useful for call centre assisted registration of cards. The user needs to provide a token generated by their device in order to complete the assignment. You can either find an existing device that is already registered in the system and verify it or specify a new device to assign and activate.

  • Click the appropriate tab to select the following options:
    • Find Device
    • Assign Existing Device
    • Assign New Device.

Find Device

Cards >Card Details > Assigned Devices > Device Management > Find Device

  • Select an Issuer or All from the drop down list

  • Enter a Creation date and time (dd/mm/yyyy HH:MM) or specify a date and time range for the search result by entering dates and times in the From and To fields. The date and time format is dd/mm/yyyy HH:MM. Leave the time field empty if you do not wish to limit your search for a particular time of day.

  • Select a Device type, such as VASCO, SMS, RSA, Email, CHIP, etc

  • Enter a Device Serial number or specify a serial number range for the search result by entering serial numbers in the Start and End fields.

  • Click Search

A list of devices matching the search criteria will be displayed.

  • To remove a device, click the Select radio button, adjacent to the appropriate Device ID, and click the Delete button.

    This will remove the device from the system.

Assign Existing Device

Cards > Card Details > Assigned Devices > Device Management > Assign Existing Device

Use the following fields to find an existing device:

  • Select an Issuer or All from the drop down list

  • Enter a Creation date and time (dd/mm/yyyy HH:MM) or specify a date and time range for the search result by entering dates and times in the From and To fields. The date and time format is dd/mm/yyyy HH:MM. Leave the time field empty if you do not wish to limit your search for a particular time of day.

  • Select a Device type, such as VASCO, SMS, RSA, Email, CHIP, etc

  • Enter a Serial number or specify a serial number range for the search result by entering serial numbers in the Start and End fields.

  • Click Search

    A list of devices matching the search criteria will be displayed.

  • Click the Select radio button, adjacent to the appropriate Device ID, and click the Apply button

    The Verify Device page is displayed

Assign New Device

Cards > Card Details > Assigned Devices > Device Management > Assign New Device

Use the following fields to assign a new device:

  • Select the Assign New Device tab
New SMS Device

  • Select SMS from the Device type drop down list.

  • Click the Apply button.

    The New SMS Device page is displayed.

  • Select an SMS centre from the drop down list.

  • Select the Country calling code for the country that the mobile number is registered to.

  • Enter the Mobile number of the cardholder. Mobile number should be no longer than 20 characters, including the Country code. Allowed characters are 0-9, '(', ')', '-' and space.

  • Click the Apply button

    A token will be sent to the mobile number and the Activate Device page will be displayed.

    Existing devices need to be verified and new devices need to be activated, using the token sent to the cardholder's mobile, which is generated by assigning the device.

  • Enter the token received by the cardholder's mobile in Enter the token sent to your mobile number.

  • Click the Apply button.

New Email Device

  • Select Email from the Device type drop down list.

  • Click the Apply button.

    The New Email Device page is displayed.

  • Enter the Email address of the cardholder.

  • Click the Apply button

    A token will be sent to the email address and the Activate Device page will be displayed.

    Existing email addresses need to be verified and new email addresses need to be activated, using the token sent to the cardholder's email address, which is generated by assigning the email address.

  • Enter the token received by the cardholder's email address in Enter the token sent to you by email.

  • Click the Apply button.

Generate Backup Token

Cards > Card Details > Assigned Devices > Generate Backup Token

When the user's primary authentication device is marked as lost or damaged, you can link from the User Details > Assigned Devices page to provide the user with a backup token, which all services can use until a replacement device is received.

  • Select the Backup device type:

    • Default - supplies a static password that can be used as the second factor of authentication for a limited time and for a limited number of times.

    • SMS - displayed only if supported by the issuer device settings. This allows the admin user to temporarily switch the cardholder's authentication process to SMS authentication. The cardholder will need to provide the country calling code and a mobile number to which the second factor of authentication will be sent via SMS. Mobile number should be no longer than 20 characters, including the Country Code. Allowed characters are 0-9, '(', ')', '-' and space.

    • Email - displayed only if supported by the issuer's device settings. This allows the admin user to temporarily switch the cardholder's authentication process to Email authentication. The cardholder will need to provide the email address to which the second factor of authentication will be sent via email.

  • Click the Generate button.

    A confirmation message will be displayed.

Show Transactions

Cards > Find Card > Search Result > Card Details > Show Transactions > Show Recent Transactions

Show Transactions allows access to lists of all recent and archived 3-D Secure (payment authentication) or ActiveDevice (two-factor authentication) transactions matching the selected card or user.

Note

If the bank supports RuPay PaySecure authentication, a separate administration interface is available for viewing RuPay Transactions. ---!>

The following fields and links are displayed:

Show Archived Transactions - links to the Archived Transactions page which displays the archived 3-D Secure (payment authentication) or ActiveDevice (two-factor authentication) transactions matching the selected card or user.

Use the following steps to select a transaction and view its details:

  • Click the Date (and time) hyperlink for the transaction you wish to view.

  • The Transaction Details page displays the following fields and links:_

  • Show Recent Transactions - links to the Recent Transactions page which displays the recent 3-D Secure (payment authentication) or ActiveDevice (two-factor authentication) transactions matching the selected card or user.

Use the following steps to select a transaction and view its details:

  • Click the Date (and time) hyperlink for the transaction you wish to view.

    The Transaction Details page is displayed.

New Card

Cards > New Card

You can use the New Card function to manually register cardholders. This function pre-registers cardholders. Cardholders have to finalise their registration by going through the issuer's standard enrolment process.

Creating a new card:

  • Select an Issuer from the drop down list of available issuers.

    All issuers that your username is assigned to will be listed here.

  • BINs

    Displays a list of BINs assigned to the issuer. This field is for information purposes. When you enter a new card, the card's BIN number must be one of the existing BINs for the selected issuer.

  • Select the Authentication method supported by the card

  • Currently J/Secure, ProtectBuy, SafeKey, SecureCode and VbV schemes are supported.

Note

Please note that selecting the authentication method alone does not guarantee that the card can be used in the specified authentication scheme. Other pre-arrangements may also be required. For example in Verified by Visa, a card may not be able to participate before a valid card range that entails the card has been sent to the directory service.

  • Select the Status of Enabled or Disabled from the drop down list.

    A card is normally enabled when the cardholder is first enrolled. The administration staff for security reasons may temporarily disable a card. A card may also be automatically locked by the system itself if multiple unsuccessful authentication attempts are detected.

    When a card is disabled or locked, it cannot be used to make authenticated payments if cardholder is enrolled or alternatively if cardholder has not enrolled yet, the enrolment process cannot be completed before this situation is resolved.

  • Enter the full Card number

Note

The card number must comply with the Luhn / mod 10 algorithm.

  • Enter the cardholder name as specified on the card as Name on Card

  • Enter the card Expiry date using mm/yyyy format

dc_new.png

Note

The card Expiry date is mandatory for Mastercard.

  • Enter information required for any Extended cardholder information

  • Each card is also associated with one or more authentication or data fields. The issuer determines the format and number of these fields. Extended cardholder information is only displayed if the system administrator enables this option in the Issuer Management section.

    For example, a card may be accompanied by a PAM (Personal assurance message or the greeting message as required in VbV, J/Secure, ProtectBuy, SafeKey and SecureCode schemes) or may be associated with a PIN (for secure online transactions), etc. Fields such as Internet PIN are always displayed masked.

Find User

Cards > Find User

You can search for users based on the Issuer to which they belong, by specifying the complete username (or user ID). The username is case sensitive.

Use the following field to search for a particular user:

  • Select an Issuer or All from the drop down list

  • Enter the user's Full Name, which can be partial and case insensitive. Note that full name is not a mandatory field for a user account and may not be populated for all users.

  • Select a Status - Can be All, Enabled, Disabled, Deleted or Locked.

  • If you want to search for current users only, select the Exclude deleted users from search results checkbox.

  • Click the Search button.

    The Search Result page will be displayed.

User Search Result

Cards > Find User > Search Result

Users matching the search criteria entered on the Find User page are listed. You can select any user and delete, enable or disable them.

The search result page shows username, full name, enrolment status and user status.

You can browse to the User Details page by following the Username link.

You can select all users by clicking the checkbox in the Select column heading. This will select all the items matching your search criteria (i.e. you are not only selecting the items on the current page but all the items on all pages). You can then apply the changes you want to all these items by pressing the corresponding action button.

You should remember that changing the status of items in this manner may take a long time depending on the number items selected. It will also create a huge amount of data in the database as the changes for each single item is saved in the audit log.

Use the following steps to delete, enable or disable a user:

  • Choose one or more users by clicking the Select checkbox adjacent to the Username

  • Click the appropriate button.

    A confirmation message will be displayed.

Use the following steps to select a user:

  • Click the Username hyperlink for the user you wish to view or edit details.

    The User Details page is displayed.

Use the following steps to select all items that match the search criteria:

  • Click the box in the Select column heading to select or unselect all items. This allows you to perform the desired task on all selected items.

    You should note that all items matching the search criteria will be affected. This includes items displayed on other pages and even those omitted due to the large number of results (display of search results is limited to a maximum of 400 records).

Warning

Important: If you are selecting a large number of records, you should remember that the operation can take a long time to complete and will generate an audit log record per affected item. Use this functionality on large number of records with diligence and only where strictly necessary.

User Details

Cards > Find User > Search Result > User Details

This page can be used to view/ update user related information.

The following user details can be viewed/ edited on this page:

  • Issuer - Shows user's bank and cannot be changed.

  • User ID - Internal user identifier, which cannot be changed.

  • Status - Can be enabled, disabled, deleted or locked. A user is normally enabled when they are first enrolled. The administration staff for security reasons may temporarily disable a user. A user may also be automatically locked by the system itself if multiple unsuccessful authentication attempts are detected.

    An authentication attempt by a user whose account is disabled or locked is denied.

    Users that are automatically locked can be either unlocked by the administration staff or after a time-out period as specified in the issuer settings. A user may not be manually locked, however.

    Changing the status of a user to 'deleted' simply marks the account for deletion. It does not physically remove the account from the system. An account that has been marked for deletion may be purged when the archive procedure is run. The archive procedure removes these accounts if they fall outside the specified retention period. For example if the data retention policy for your organisation is 12 months, all accounts that have been deleted for 12 or more months are removed by the archive procedure.

    You may undelete an account by simply changing the status of the account to any status other than Deleted.

  • Enrolment Status - Shows the enrolment status, which is either registered or pre-registered, along with the registration or pre-registration date.

  • Username - User's username or user ID as recognised by the issuer system

  • Full name - optional full name for the user

  • Password: An optional password can be specified for the user. This will require the user to enter a static password in addition to their device one-time password. The password should only be used where both the first factor and the second factor of the authentication is being handled by ActiveAccess.

Note

Using this field where the first factor of authentication is handled by the issuer system is not recommended.

  • Email - optional information for sending notification message to users via email.

  • Assigned Devices links to the Search Results page, which displays all devices attached to this account.

  • Account History links to Account History details page, which shows actions affecting account status or the devices attached to the account

  • Show Transactions links to the list of transactions performed by the user starting with the most current transactions.

  • Generate Activation Code link allows the administrator to generate an activation code for a replacement device. The link is only shown if the user's primary device is marked as lost or damaged. The user requires this activation code before then can complete linking the replacement device with an existing account.

New User

Cards > New User

You can use the New User function to manually register users. This function pre-registers users. Users have to finalise their registration by going through the issuer's standard enrolment process.

Creating a new user:

  • Select the Issuer to which this user belongs from the drop down list of available issuers.

  • Status - select the initial status of the user.

  • Username - Enter the user's username or user ID as recognised by the issuer system. The username can be an alphanumeric string up to 128 ASCII characters.

  • Full name - You can specify an optional full name for the user up to 256 ASCII characters.

Note

The username and full name can contain international characters, which will be stored as UTF-8 encoded strings. The system allows for storage of international characters as long as the UTF-8 encoded equivalent does not exceed the ASCII size limit.

  • Password - An optional password can be specified for the user. This will require the user to enter a static password in addition to their device one-time password. The password should only be used where both the first factor and the second factor of the authentication is being handled by ActiveAccess.

Note

Using this field where the first factor of authentication is handled by the issuer system is not recommended.

  • Email - optional information for sending notification messages to users via email.