Auto Enrollment Flow for iOS
casan221saas
Typically, a payment card is valid for a fixed duration. This is denoted by the validity period printed on the card. At the end of this validity period, the bank issues a new card to replace the existing card. This replacement card has a new card number, validity period, and so on.
CA Strong Authentication supports auto enrollment of replacement card accounts. This Auto Enrollment flow is a variant of the Activation flow. On the user's mobile, the Auto Enrollment flow takes place when the user uses the replacement card to perform a transaction.
The following topics provide information about the Auto Enrollment flow for a replacement card account:
For information about the APIs mentioned in these topics, see API Reference for iOS.
The screenshots shown in these steps were taken on a reference app. Some of the screenshots from the Auto Enrollment flow on the reference app have not been included in this section.
The app UI and actual steps in the flow can vary depending on the flow that you design.
Prerequisites for the Auto Enrollment Flow
The enterprise Operations team or IT team must complete the following server-side steps before a replacement card can be activated on the user’s mobile. This is the
Enrollment on Server
stage.- Upload an abridged record of the replacement card to CA Transaction Manager.
- Link the replacement card with other accounts of the user for which CA Strong Authentication has already been activated.On CA Identity Risk Insight Service, support for the Linked Accounts feature is a prerequisite for using the Auto Enrollment feature.
Steps in the Auto Enrollment Flow
The following steps take place when the user performs a transaction by using the replacement card. This is the
Activation on User's Mobile
stage.- The user reaches the payment stage of a 3-D Secure purchase transaction.
- The CA Strong Authentication server sends push notification to the user.
- The user taps the push notification or opens the app on the mobile, the transaction details are displayed.

- The user taps the YES button to show that she wants to proceed with the transaction.
- Suppose both PIN authentication and biometric authentication are enabled on the mobile. The user is prompted to select an authentication type.

- The user selects biometric authentication and then responds to the authentication prompt.

- After the user successfully clears authentication, the card account is set up on the app. At the same time, a message stating that the transaction has been approved is displayed.

- The user can see the newly set-up account by using the Display Accounts option. The user can now use this card account for authentication during 3-D Secure transactions.

Sequence Diagrams for the Auto Enrollment Flow
The following sequence diagram summarizes the API flows that take place between the app and SDK during the Auto Enrollment flow:

Auto Enrollment Flow Diagram
The following flow diagram shows the sequence of API calls that take place during the Auto Enrollment flow:
Auto Enrollment Flow - iOS

Sample Code for the Auto Enrollment Flow
The following is sample code for the Auto Enrollment flow:
// Sample code for TransactionViewController.m// API call to authenticate the transaction-(void) authenticateUsingUserAuth : (AuthenticationType) authType{NSString * autoEnrollId = [txndetailsObj autoEnrollId];if(authType == (AuthenticationType) BIOMETRIC_AUTH){// Check if it has auto enroll feature idif(autoEnrollId != nil && ![autoEnrollId isEqualToString:@""]){// Verify PIN using biometric authentication[self verifyPINUsingTouchId:autoEnrollId withTransactionalDetailResponse:txndetailsObj];return;}. . .. . .}// API call to verify the PIN using biometric authentication-(void) verifyPINUsingTouchId:(NSString *)autoEnrollId withTransactionalDetailResponse:(TransactionDetailsResponse*)txnDetailResponse {[m3dsobject verifyPINUsingTouchID:autoEnrollId withTxnalDetailsResponse:txnDetailResponse SuccessHandler:^(VerifyPINResponse * successPinResponse) {// for success case handling[self withPin:successPinResponse withTransactionDetailResponse:txnDetailResponse];[lastScreenController setMessage:AUTHENTICATION_SUCCESS_MESSAGE];[self performSegueWithIdentifier:@"lastscreen" sender:self];} FailureHandler:^(VerifyPINResponse *failurePinResponse) {// for failure case handlingdispatch_async(dispatch_get_main_queue(), ^{[pinViewController SetisForVerification:@"YES"];[pinViewController setTransactionDetails:self.txndetailsObj];[self performSegueWithIdentifier:@"PIN" sender:self];});} FallbackHandler:^{// for fallbackdispatch_async(dispatch_get_main_queue(), ^{[pinViewController SetisForVerification:@"YES"];[pinViewController setTransactionDetails:self.txndetailsObj];[self performSegueWithIdentifier:@"PIN" sender:self];});} CancelHandler:^{// for cancelreturn;}];
// Sample code for PinViewController.m// API call to authenticate the PIN- (IBAction)SubmitPIN:(id)sender {// TO DO App Developer: Validate the PIN for NULL and size...AuthenticationHandler * authHandler =[[AuthenticationHandler alloc] init];AuthenticationResponse * authenticationResponse;VerifyPINResponse * verifyPINResponse;NSString * autoEnrollId = [transactionDetails autoEnrollId];BOOL isAutoEnrollmentFlow = false;// Check if the Auto Enrollment flow is to be appliedif(autoEnrollId != nil && ![autoEnrollId isEqualToString:@""]){isAutoEnrollmentFlow = true;verifyPINResponse = [authHandler verifyPIN:UserPin:transactionDetails:autoEnrollId];}else{ // Else conduct the standard transaction flowauthenticationResponse = [authHandler authenticateUsingUserPin:transactionDetails :UserPin];}// Start the Auto Enrollment flowif(isAutoEnrollmentFlow){if(verifyPINResponse != nil){if([verifyPINResponse attemptAgain]){// TO DO App Developer: Show incorrect PIN message}else{if([[verifyPINResponse status] isEqualToString:SUCCESS]){// TO DO App Developer: Set a name for the new accountAutoEnrollmentResponse * autoEnrollResponse = [authHandler autoEnrollAccount:displayName];if([[autoEnrollResponse status] isEqualToString:SUCCESS]){[lastScreenController setMessage:AUTHENTICATION_SUCCESS_MESSAGE];}else{[lastScreenController setMessage:AUTHENTICATION_FAILURE_MESSAGE];}}else{NSString * message;if([[verifyPINResponse status] isEqualToString:FAILURE]) {// TO DO App Developer: Display error message corresponding to the// error code returnedif([[verifyPINResponse errorCode] isEqualToString:ERROR_ATTEMPTS_EXHAUSTED]){message = ERROR_ATTEMPTS_EXHAUSTED_MESSAGE;}else if([[verifyPINResponse errorCode] isEqualToString:ERROR_INACTIVE_ACCOUNT]){message = ERROR_INACTIVE_ACCOUNT_MESSAGE;}else{message = AUTHENTICATION_FAILURE_MESSAGE;}} else {// TO DO App Developer: Show a custom error message//}}}}........