ui registration form user... · web viewit is recommended that the filename contains the submitting...

Mobile Payment Application – User Interface Evaluation Form v2.2

Purpose of this formThis form has been created to allow Mastercard Mobile Payment Application developers to have their User Interface reviewed against Mastercard Brand Mark Guidelines and Mastercard CDCVM rules. A Digital Wallet needs to meet the requirements listed in “Use in digital payments” of Mastercard Branding Requirements and comply with Mastercard Security Rules and Procedures (available on Mastercard Connect) – see section 3.11.6 Issuer Responsibilities.

About the User Interface Evaluation processThe filename of your submitted registration form must follow the following format: UI_EvalForm_[company]_[product]_1.docx or .doc It is recommended that the filename contains the submitting company name and product name. The number 1 at the end of the filename indicates first registration form submitted for this UI. If subsequent evaluation forms need to be submitted for the UI due to errors in the first submission or changes, the number specified at the end of the filename should be incremented accordingly otherwise the evaluation form will be rejected.To have the user interface reviewed, the developer shall paste in screenshots (in English) for their User Interface in the table below in the “Screenshots for review” column and noting any additional points in the “Developer Comments” column. The completed form should be sent to Software Evaluations [email protected] .Mastercard will review the submission, add comments in the “Mastercard Review” column and send back the form with the evaluation conclusion completed.

Updated Mastercard brandingPlease see “AN 2061—Revised Standards—Mastercard Symbol Branding on Physical and Digital Cards and Acceptance Branding” (13 November 2018) The full colour (red and yellow) Mastercard Brand Mark will be featured on cards without the

word “mastercard®.” This will be referred to as the “Mastercard Symbol”. All Mastercard and Debit Mastercard card proofs submitted for review on or after 1 July 2020

must include the Mastercard Symbol.

1UI Evaluation Form v2.2

mailto:[email protected]

https://brand.mastercard.com/brandcenter/mastercard-brand-mark.html


Co-badged cardsPlease see Europe Region Operations Bulletin No. 4, 3 April 2017, “Clarification—Co-badged Cards and Cardholder Choice in the Digital Environment”. For EU and Norway issued co-badged cards the Issuer must submit additional screenshots (see section 4 in the form below) to provide evidence that the representation of the card in the wallet and consumer choice is meeting Mastercard requirements.

White Label WalletA White Label Wallet is one where the screen layouts and Mastercard branding elements are fixed. An individual Issuer/Affiliate can only customize the White Label Wallet with their own branding, colors and setting of options. In case a UI is registered as a White Label Wallet please list all of the Issuers/Affiliates who plan to use it.

Post-approval changes to User InterfaceWhere changes are made to the User Interface after the initial approval impacting how the Mastercard brand is represented or the CDCVM rules are implemented then a new User Interface Evaluation form must be submitted.

Derivative User InterfaceA User Interface which is based on a previously approved or a UI which is undergoing evaluation will be classified as a Derivative User Interface.

Issuers must declare the User Interface information and inheritance under the User Interface Details section

Only the Derivative UI section is required to be completed.

All the changes and differences between the parent and derivative UI must be provided under the Derivative UI section. They will be reviewed and assessed if an inheritance will be granted.

Wearable and Companion App User InterfacesFor Wearable and Companion App User Interfaces, the UI Evaluation and Approval will be done separately. Therefore:


https://w201.mastercardconnect.com/hsm3ca205/common/manpubs/english.nsf/viewTypeBody/F69B8E1A3B55E37E862580F700556C02



One UI Evaluation form must be submitted for each unique Wearable UI.

One Evaluation form must be submitted for each unique Companion App UI.

For a Wearable UI submission, the associated Companion App UI reference must be specified under “User Interface Details”.

For a Companion App UI submission, additional screenshots (see section 1.1 in the form below) are required to provide the mobile card/token activation process on the Wearable.

CDCVM Implementation DeclarationFor a Wallet which supports a Consumer-Device Cardholder Verification Method (CDCVM), for example a Mobile PIN or a Biometric sensor, please provide a declaration of its compliance status with Mastercard rules by completing Section 5 below. In the case the device is a wearable device supporting Persistent Authentication, please complete “Mastercard Wearable Device Vendor Registration Form” (Please contact [email protected] for this form).Note: Issuers are responsible to ensure their CDCVM solution(s) meet local regulatory requirements e.g. PSD2 in EEA countries. For MCBP Mastercard has published “Mastercard Cloud-Based Payments - PSD2 RTS on SCA Implementation Guidelines” to aid Issuers.

QR CodeA Wallet which supports Mastercard Consumer Presented QR transactions, must comply with the branding requirements set out in “Mastercard QR Branding requirements for consumer presented QR payments” which can be download from https://brand.mastercard.com/brandcenter/other-marks.html Please complete Section 6 below.

Revision HistoryPlease record changes made between different versions of the Evaluation form

Date Version Author Comments

3

UI Evaluation Form v2.2

https://brand.mastercard.com/brandcenter/other-marks.html

https://mastercard.sharefile.com/home/shared/fo0e05d9-6ea7-467e-8555-cd8ff6be2ad3

https://mastercard.sharefile.com/home/shared/fo0e05d9-6ea7-467e-8555-cd8ff6be2ad3

mailto:[email protected]


User Interface Details:

Company Legal Name

Company Address (including Country and ZIP/Postal Code)

Contact Name

Contact Email Address

Contact Telephone Number

User Interface Name and Version Ver.

Solution Type Select

UI Form Factor and Application Type Select

If “Mobile device”, please specify the Application Type: Select

If “Wearable”, please specify the respective Companion App name or reference:

Operating System Select

If “Others”, please specify

Card artworks are provisioned by MDES? Select

White Label Wallet?

Select If “Yes”, please list Issuers/Affiliates who plan to use this White Label Wallet

Single or Multiple cards wallet implementation? Select

Co-badge support? Select

If “Yes”, please complete section 4

Mastercard Consumer Presented QR support? Select




Registration number, CCS or LoA of previously registered/approved MPA/eSE/UICC (if any)

Does the wallet support a CDCVM solution? Select


Is this UI based off of another currently or previously assessed UI?

Select

If “Yes”, please complete section Derivative UI only

Does the wallet support Mastercard Digital Secure Remote Payment (DSRP) transactions?

Select

If “Yes”, please answer the question below

When the Unpredictable Number (UN) is not provided by the Merchant or Masterpass (for a Masterpass checkout flow), please declare how a genuine UN will be generated

Approval by PCI (www.pcisecuritystandards.org)

Following international guidance on random number generation (e.g. ISO/IEC 18031) and satisfying international statistical tests (e.g. NIST SP 800-22).

Other – please explain


http://www.pcisecuritystandards.org/


No. Branding Standard : Using in digital applications - Requirements

Reference screen Screenshot for review

DeveloperComment

MastercardReview

1 Minimum Brand Requirements.When a merchant, digital wallet operator, service provider, or other digital entity actively participates in the tokenization of a Mastercard credential in accordance with EMVCo standards, the Mastercard card image (instead of the Mastercard Symbol) must be shown in all payment user interfaces. To ensure the consumer is aware of the Mastercard credential being used in a transaction, the following principles must be followed:Prior-to-Purchase

1.1 Loading card account/credentials on file.

For Companion App:When provisioning the mobile card/token to the Wearable after a card account has been activated in the Companion App

1.2 Selecting card

account/credentials for payment



1.3 Reviewing card account/credential details prior to payment execution

Card account transaction history

Card account details / information screen

Post-Purchase1.4 When a post-purchase

confirmation is provided upon completion of the transaction, the consumer must receive confirmation of the Mastercard credential used.

2 Using a Mastercard Card Image

2.1 The card image must include, at a minimum, the relevant Mastercard branding and the last four digits of the account number

2.2 All other PAN digits must be obscured or removed.The chip, cardholder name, expiration date(s), and other personalized elements are optional, but are strongly recommended to be removed.



Mastercard program identifiers, if applicable, must be proportionately sized to match or exceed physical card design standards.Debit and Prepaid cards must display the “debit” Identifier (if required in the respective region).

2.3 On some very small form factors (e.g., digital activity tracker), use of the Mastercard card image might not be feasible. In these cases, the Mastercard Symbol and the last four digits of the account number may be used

2.4 The Contactless Indicator, if applicable, is optional.

3 Minimum Sizes3.1 Mastercard Symbol :

Minimum final display width is 24 pixels / 7.0mm*

☐Brand Mark is at least 7mm width

3.2 Mastercard Card Image : Minimum final display width is 54 pixels/15.0mm*

☐Card width is at least 15mm width

4 For Co-badge cards(EU)

4.1 Show how both brands are displayed in the wallet , either

2 separate cards images (with brand parity ), or

1 card image 9

UI Evaluation Form v2.2

Brand BB




(with brand parity ) and a toggle switch

4.2 Provide a screenshot showing Cardholder selection of the default brand at provisioning time.

Note: *The above sizes apply to 240 dpi or greater. On lower resolution screens, larger brand artwork may be required to ensure reasonable legibility.



5. CDCVM Implementation Declaration

Description Implementation(select all that apply)

Developer Comments

Mastercard Review

5.1 CDCVM authentication methods supported

Prolonged Authentication

Persistent Authentication

Mobile PIN / CDCVM Always

Device Unlock

Biometrics

Others – please describe

If Prolonged Authentication is supported, please complete 5.2.

If Persistent Authentication is supported, please complete “Mastercard Wearable Device Vendor Registration Form”

5.2 The duration of Prolonged Authentication:

Contactless transactions (Domestic):

Number of minutes Prolonged Authentication remains valid.

Max number of High Value Transactions allowed.

Minutes

High Value Transactions

In-App/Web transactions:

Number of minutes

Minutes



Prolonged Authentication remains valid.

Maximum number of transactions allowed.

Transactions

5.3

Consumer authentication is required after how many consecutive contactless Low Value Transactions (excluding high throughput transit environment)?

Transactions

5.4

Consumer Consent Action. Describe the consumer consent action for a Contactless Transaction e.g. Tap against POS

5.5

Does the wallet implement a HVT/LVT detection based on a defined amount (such as Floor Limit)?

Yes No

If Yes, please provide the limit:

Domestic Currency unit

5.6

Issuers shall have the capability of disabling the use of a particular CDCVM used by the payment service in case of any weakness identified on that CDCVM

Yes No

5.7

I declare that I have verified via testing (e.g. against a terminal simulator or ISTP platform) that the CDCVM implementation is as described above.

Yes No



6 For Wallet supporting Mastercard Consumer Presented QR

Reference Screen Screenshot for Review

Developer Comment/Declaration

MastercardReview

6.1 To activate the display of a QR Code, the EMV® QR Payment Mark shall be used

6.2 When displaying a QR code the Mastercard brand must be displayed.

☐The QR code display zone should be sizedat least 35% of the overall screen size ☐ The Mastercard Brand Mark must beat least 25% of the QR code width andpositioned 1-3 “m” below the QR code,where “m” equals the height of the “m” in the word “mastercard”

6.3 Module size : The size of each QR code

☐ The module size is at least 5



module (inpixels), generally 5 pixels/module is sufficient

pixels/module

6.4 When confirming the use of cardaccount/credentials in a transactionand showing the transaction history itmust include details of the card used,merchant name, transaction amount,and transaction time/date

6.5 Once generated, a QR code must be displayed for a maximum of 3 minutes.

☐ QR code display period <= 3 minutes.

6.6 When a QR Code is displayed on the device, the mobile payment application must ignore and not perform any contactless transaction (where supported) that may be initiated during that time.

☐ When a QR code is displayed, a contactless transaction is not processed.

6.7 The Consumer must perform a fresh CDCVM for each QR code generated.

☐ Fresh CDCVM code for each QR code (CDCVM Always)

6.8 After a CDCVM is performed the generation of a QR code must only be possible for a maximum of 3 minutes.

☐ QR code is generated a maximum of 3 minutes after CDCVM was performed.



Derivative UI Developer Comments

Mastercard Review

Currently or Previously Assessed UI Registration Number:

Declaration of changes: New card artworks? ☐

Provide all new card artworks here for branding review:

Modified or new functional flow?

☐

Describe what have been changed in the derivative UI

Other changes? ☐

Describe what have been changed in the derivative UI and provide the related screenshots for review

Mastercard evaluation conclusion (to be completed by Mastercard)Registration Number : UI Evaluation Decision : Approved Rejected Pending, more information required

Approved with corrective action planUI Comments & Restrictions: CDCVM Evaluation Decision: Approved Rejected Pending, more information required

Not Applicable CDCVM Comments & Restrictions:

Date : Reviewer :


ui registration form user... · web viewit is recommended that the filename contains the submitting...

Documents