Referential WS Client

API Reference

Referential WS Client is the standard referential interfaces exposed by the Issuers' Bank.
ACS is therefore client of the Bank Information System.

Thanks to this API ACS can :

get card information from the Bank Information System ;
update cards/users/credentials information to the Bank Information System.

Referential WS Server

API Reference

Referential WS Server is the standard referential interfaces exposed by ACS.
The bank is therefore client of ACS.

Thanks to this API the bank can :

get card information from ACS ;
update cards/users/credentials information to ACS.

Referential Batch

Version 24R2-1.2 of May 14th 2024

The referential card of an issuer is required. It is used for enrollment and authentication needs of cardholders.

In mode batch the issuer sends a periodic file to the platform in order to operate the provisionning of cardholder data.

The referential management is based on a XML file. This file takes in charge the creation of cardholders, cards and authentication data.

Retro compatibility with old XML and flat file formats is managed.

Glossary :

The following list gives a description of acronyms used :

WLP-AHB: Worldline Product – Authentication HuB
PAN: Primary Account Number
CAP: Chip Authentication Program
DDN: Birthdate
PWD: Password
SSN: Social Security number
PAM: Personal Assurance Message
PGP: Pretty Good Privacy
GPG: GNU Privacy Guard
PCI: Payment Card Industry

1. Historic

DATE	VERSION	TYPE DE UPDATE	REASONS FOR THE UPDATE
20/03/2017	AA	Creation	Document creation

17/08/2017	AB	Update	Update length
19/09/2017	AC	Update	Add CSV and Positional Format
17/01/2018	AD	Update	Add missing KeyTag attribute in some XML elements Update some French labels Remove CSV and Positional Format (refers to old specifications)
26/03/2018	AE	Update	Add/update xml messages examples
16/05/2018	AF	Update	Update length and comments for some fields Add TA Authentication
01/10/2018	AG	Update	Add Issuer and SubIssuer at card level
05/02/2019	AH	Update	Check rules
19/02/2019	AI	Update	Better handling of invalid inputs
03/01/2020	AJ	Update	Add skipped use case
05/10/2020	AK	Update	Added the DeleteTime attribute in “Card” record and structure. Change email control
02/12/2020	AL	Update	Change profil regex
16/02/2021	AM	Update	Change field status on card Level Update authentication means list
06/05/2021	V21R2 1.0	Update	Change versioning norm
29/06/2021	V21R2 1.1	Update	Fix typo “deletedTime”
13/07/2021	21R3 1.0	Update	Update cardholder ID constraints
18/08/2021	21R3 1.1	Update	Added QMYST example into “AuthentiactionData”
18/08/2021	21R3 1.1	Update	Added “cardId” attribute in “Card” structure
10/09/2021	21R3 1.2	Update	AuthenticationDataUpdateMode = Update to delete a credential : definition and example
05/10/2021	22R1 1.0	Update	Published version with new graphical charter
24/03/2022	22R2 1.0	Publication	First 22R2 Official version
23/05/2022	22R2 1.1	Update	Add cardID sample and in structure description
04/07/2022	22R3 1.0	Publication	First 22R3 Official version Remove DELETED card status
13/07/2022	23R1 1.0	Update	Fix back “DeleteTime” Fix various format controls
13/12/2022	23R1 1.1	Update	Complete paragraph “File reject”
20/01/2023	23R2 1.0	Update	Add optional field effectiveUpdateDate
30/03/2023	23R2 1.0	Publish	First 23R2 official version
05/07/2023	23R3 1.0	Publish	First 23R2 official version – no change
11/09/2023	24R1 1.0	Update	Removed references to QMYST
23/02/2024	24R2 1.0	Publish	First 24R2 official version – no change
03/05/2024	24R2 1.1	Update	The batch does not control the field FileNumber.
14/05/2024	24R2 1.2	Update	UpdateMode can be set by CREATE_OR_UPDATE and not CREATED_OR_UPDATE Add SMS as label in AuthenticationData

2. Description of referential file in format xml

The structure of file is given by the following figure. The possible values of each field and potential error codes are described in the following tables.

The maximum number of cardholders in a file is limited to 999 999 records.
An example of a report with errors is also available.

2.1. File transfer mode

File transfers are carried out through a VPN tunnel or on Internet. Two protocols are available FTPs or PesitSSL.

2.2. Security of exchanges through file transfers

2.2.1 File encryption/decryption

Files containing sensitive data can be encrypted using PGP.

GPG is used.

The Issuer must use an encryption program that is compatible with the free GPG program used by equensWorldline, which makes it possible to ensure the authenticity and confidentiality of the transferred file with an RSA key.

GPG is a free implementation of the RSA algorithm that complies with the OpenPGP standard (RFC2440).

A REAL NAME (e.g. IssuerName_3DSAtos), a COMMENT (e.g. Atos 3DS signature by Issuer Name) and an E-MAIL ADDRESS will be specified to generate the keys.

The encryption algorithm used is AES256.

The ISSUER and equensWorldline exchange the public keys via e-mail in ASC format.

Keys are valid for 19 months.

To comply with PCI, the key must not be used for encryption for more than 12 consecutive months. The expiry date is set to 19 months to allow restoration for 6 months; an extra month is added to the validity period of the key.

File encryption/decryption procedure:

Exchange of keys (carried out every 12 months):

ISSUER generates a pair of keys: Public Key (P1) and Secret Key (S1);
equensWorldline generates a pair of keys: Public Key (P2) and Secret Key (S2);
Issuer and equensWorldline exchange their P1 and P2 public keys.

For the encryption/decryption of a file sent by ISSUER to equensWorldline, the file is encrypted with equensWorldline’s P2 key and signed with ISSUER’s S1 private key.

For the encryption/decryption of a file sent by equensWorldline to ISSUER, the file is encrypted with ISSUER’s P1 key and signed with equensWorldline’s S2 private key.

Keys are renewed through equensWorldline’s change tool. The application manager will get in touch with the customer contact appointed during the creation of the key to ask them to send the new public key; in return, they will provide equensWorldline’s new public key. The content to exchange will be the result of the export of the public key into ASCII. This will be sent via e-mail. To validate the public keys exchanged, each person involved will have to phone their appointed contract to obtain and validate the fingerprint of the key. It is imperative that the fingerprint be validated before the public key is used.

2.2.2. Data security

The sensitive data contained in the file must be encrypted. Authentication data and card information are considered as sensitive.

For the repository file, the data to encrypt are:

The PAN of the Card element;
The value of the Authentication element (Phone number, email, date of birth, etc.).

All encrypted data will be encoded in Base64.

Symmetric encryption uses the AES algorithm.

The data are encrypted using 256-bit AES in CBC mode (Cipher Block Chaining); more precisely, it uses a Java implementation called javax.crypto.Cipher "AES/CBC/PKCS5Padding".

Upon each encryption operation, an IV (Initialization Vector) set to empty is used.

The encryption and decryption keys are identical.

The AES key is generated by the Issuer.

A different key will be used for each environment.

The exchange of such key whose generation remains at the responsibility of the issuer is not specified in this document.

2.3. XML file for updating the cardholder repository

XML format è equensWorldline provides the Issuer with the .XSD file that makes it possible to generate this format.

The format will be XML in “MAJ” format according to the particularities of equensWorldline.

A different file transfer identifiers have to be defined for acceptance and production.

Description of referential file in a XML format

The structure of file is given by the following figure. The possible values of each field are described in the following tables. The maximum number of cards in a flat file is limited to 999 999 records.

2.4. Description of fields

Each field must respect constraints in order not to be rejected. The following list gives a description of possible format controls:

AN: Alphanumeric
A: Alphabetic
N: Numeric
H: Hexadecimal
B64: Base 64

2.4.1. Record « Header »

	Name	Mandatory	length	Pattern / Values / Contraints	Comments
Header (mandatory 1-1)	Issuer	Y	5	N	Issuer Code / Issuer Identifier
	SubIssuer	N	5	N	SubIssuer Code / SubIssuer Identifier
	FileNumber	Y	6	N	See specification below
	Updated	Y	8	N (format YYYYMMDD)	Date of generation of the file
	UpdateMode	Y	-	AN (CREATE_ONLY or CREATE_OR_UPDATE)	CREATE_ONLY: this mode will create only new cards. If card already exists, do nothing.CREATE_OR_UPDATE: create new cards, update existing one
	CardHolderCount	Y	1-6	N (< 999 999)	Number of cardholders records presents in the file

2.4.2. Structure « Header »

The field FileNumber is incremental and depends on the day when the file is received. So, if this field is valued by 728502, it means that the file is the 2nd file of day 285 of the year 2007. ~~The batch can controls that there does not exist two files with the same identifier and reject it in case of duplication.~~ The batch does not control the field FileNumber.

2.4.3. Record « CardHolder »

			Name	Mandatory	Length	Pattern / Values / Contraints	Comments
Cardholder (optional 0-999 999)			IdElement	Yes	1-6	N	Counter of cardholder in the file (incremental)
			CardCount	Yes	1-2	N	Number of cards declared for this cardholder
			Identifier	Yes	1-36	AN + ‘-‘	Cardholder identifier
			Name	No	1-50	A – Clear value	Lastname of the cardholder
			Name	No	-	B64 – encrypted value	Lastname of the cardholder
			FirstName	No	1-50	A - Clear value	FirstName of the cardholder
			FirstName	No	-	B64 – encrypted value	FirstName of the cardholder
			Language	No	2	A - ISO 639-1	Language
	Card (optional 0-X)		IdElement	Yes	1-2	N	Counter of card for the current CardHolder (incremental)
			PAN	Yes	-	B64 – encrypted value	Card Number (encrypted and base64 or in clear)
			PAN	Yes	16-19	N – clear value	Card Number (encrypted and base64 or in clear)
			OldPAN	No	-	B64 – encrypted value	Old Card Number (encrypted and base64 or in clear)
			OldPAN	No	16-19	N – clear value	Old Card Number (encrypted and base64 or in clear)
			ExpiryDate	No	24	B64 – encrypted value	Expiry date (encrypted and base64 or in clear). Clear value must have the following pattern: YYYY-MM
			ExpiryDate	No	7	YYYY-MM – clear value
			ProfilSetName	No	1-32	AN + ‘-‘	Specific profileset to assign to the card instead of bin range profileset
			DeleteTime	No	14	yyyyMMddHHmmss	Date and time of card deletion.
			AuthenticationDataUpdateMode	Yes	-	« UPDATE » or « DELETE_AND_CREATE »	When a card already exists (and UpdateMode is CREATE_OR_UPDATE), specify what to do with AuthenticationData · UPDATE: if AuthenticationData is provided for an authentication mean, replace existing values (if any) with provided one. Other authentication means (not provided in file) will be kept. If AuthenticationData is provided with one specific authentication mean and value = DELETED, the credential will be deleted of all the attached value. · DELETE_AND_CREATE: Existing AuthenticationData (for all authentication means) will be deleted and replaced by provided one. When the card doesn’t exist yet, you can provide any of the two values (result will be the same).
			Status	No	6-9	A	ACTIVE orINACTIVE. In case of null or invalid value, ACTIVE is chosen by default
			Issuer	No	5	N	Issuer Code / Issuer Identifier
			SubIssuer	No	5	N	SubIssuer Code / SubIssuer Identifier
			CardId	No	2-36	AN + ‘-‘	Unique Card identifier
			EffectiveUpdateDate	No	14	yyyyMMddHHmmss	Date used to update user, card and credential. If effectiveUpdate date is superior to cardHolder/card/authenticationData updatedTime field in database, the data will be updated otherwise not. Only work with AuthenticationDataUpdateMode = UPDATE.
		AuthenticationData (optional 0-X)	IdElement	Yes	1-2	N	Counter of Authentication data for the current Card (incremental)
			Label	Yes	0-20	AN	Authentication data label
			Value	Yes	1-50	AN – clear value	Authentication data value (encrypted and base64 or in clear)
			Value	Yes	1-50	B64 – encrypted value
			Pattern	No	0-25	AN + ‘-‘	NONE, DD/MM/YYYY…
			Miscellaneous	No	0-200	AN	Future use

		CardData (optional 0-1)	RID	No	-	H	Future use
			PIX	No	-	H
			DKI	No	2	H
			PSN	No	2	H
			ATC	No	4	H
			AIP	No	4	H
			CVN	No	2	N
			ExpiryDate	No	?	?
			ExpiryDate	No	?	B64 – encrypted value
			Mode	No	-	A

2.4.4. Structure « CardHolder »

2.4.5. Structure « Card »

2.4.6. Authentication Data

To process the authentication flow, several authentication data can be stored:

PHONE: the phone number (Deprecated)
SMS : mobile phone number
SVI : fix phone number for IVR authentication
EMAIL: the email address
SSN: the Social Security Number, person identifier
PAM: the Personal Assurance Message
TOKEN: the identifier of the token
DDN: the birthdate
PWD: the password
TA: trusted authentication

HUB phone number must be in international standard E.164 format.
E.164 numbers are formatted [+] [country code] [subscriber number including area code] and can have a maximum of fifteen digits.

2.4.7. Structure « CardData »

Note: CardData is not currently used.

2.4.8. XML message example

Here is an example with:

A card where all authentication data are replaces with provided ones,
Another card where only EMAIL authentication data is created/updated,
And a last one where nothing is created/updated/deleted (since no authentication data is provided)

Here is another example with:

A card to which we delete the value of a credential,
A card where all authentication data are replaces with provided ones

2.4.9. File processing report

During the integration process of XML, a log file can be provided by file transfer. This file contains all rejected records with an error label associated to each reject. The file describes a global report of execution of integration and each error is formatted according to the following rules:

If the reject happens in the section Header:
- Format: Error on Header : Error Label
- Example: Error on Header : Issuer is invalid
- Signification: The issuer code mentioned in the Header has invalid format.
If the reject happens in the section CardHolder
- Format: Error on CardHolder(identifier): Error Label
- Example: Error on CardHolder(identifier=12345678901234567890123456789012345678) : The length of the identifier must be between 1 and 36
- Signification: The Cardholder with identifier 12345678901234567890123456789012345678 has a field Identifier whose length is too long.
If the reject happens in the section Card
- Format: Error on CardHolder(identifier) - Card# : Error Label
- Example: Error on CardHolder(identifier=111447612) - Card#1 : PAN is invalid Signification: The PAN of card having the IdElement=1 in section CardHolder having identifier=111447612 is invalid or missing.

2.4.10. Example file log report

2.4.11. Description

For each batch, the report file starts by “start execution date” and “file name” and finishes by “returned code”, “job Id”, “end execution date” and “duration”.

Between the start and the end of execution, we have all reported data errors, as described in previous section. This is followed by a summary of the number of cards treated, and number of found records for each kind of movement.

3. Validation rules for xml format

3.1. Header

Section	Field	Presence	Controls	Type of reject	Error Label
Header (Mandatory)	Issuer	Mandatory	5 digits	File	Issuer is missing Issuer is invalid
	Issuer	Mandatory	Existing in DB	File	Error on Issuer/Subissuer retrieval
	SubIssuer	Optional	5 digits	File	SubIssuer is invalid
	SubIssuer	Optional	Existing in DB	File	Error on Issuer/Subissuer retrieval
	FileNumber	Mandatory	6 digits	File	File number is missing File number is invalid
	Updated	Mandatory	Date in YYYYMMDD format	File	Updated is missing
	UpdateMode	Mandatory	Equals to CREATE_ONLY or CREATE_OR_UPDATE	File	Update mode is missing UpdateMode is invalid
	CardHolderCount	Mandatory	Numeric >0	File	The number of cardholder is missing The number of cardholder cannot be less than 1

3.2. CardHolder

Section	Field	Presence	Controls	Type of reject	Error Label
CardHolder	IdElement	Mandatory	Numeric >0	CardHolder	The idElement is missing The idElement must be numeric >0
	CardCount	Mandatory	Numeric >0	CardHolder	The cardCount is missing The cardCount must be numeric >0
	Identifier	Mandatory	Alphanumeric (and ‘-‘) of length [1;36]	CardHolder	The identifier is missing The length of the identifier must be between 1 and 36
	Name	Optional	Alphanumeric of length [0;50]	CardHolder	Name length cannot be more than 50 characters
	FirstName	Optional	Alphanumeric of length [0;50]	CardHolder	FirstName length cannot be more than 50 characters
	Language	Optional	Alphabetic of length [2]	CardHolder	Language is invalid

3.3. Card

Section	Field	Presence	Controls	Type of reject	Error Label
Card	IdElement	Mandatory	Numeric >0	CardHolder	The idElement is missing The idElement must be numeric >0
	PAN	Mandatory	Numeric of length [16;19]	CardHolder	PAN is invalid
	OldPan	Optional	Numeric of length [16;19]	CardHolder	Old PAN is invalid
	OldPan	Optional	Existing in DB	CardHolder	Can't replace Card because old card doesn't exist with given PAN!
	ExpiryDate	Optional	Format YYYY-MM	CardHolder	ExpiryDate is invalid
	ProfilSetName	Optional	Alphanumeric (and ‘-‘) of length [1;32]	CardHolder	The profilSetName is invalid
	AuthenticationDataUpdateMode	Mandatory	Equals to UPDATE or DELETE_AND_CREATE	CardHolder	The authentication data update mode is missing The authentication data update mode is invalid
	Issuer	Optional	5 digits	CardHolder	Issuer is invalid
	Issuer	Optional	Existing in DB	CardHolder	Error on Issuer/Subissuer retrieval
	SubIssuer	Optional	5 digits	CardHolder	SubIssuer is invalid
	SubIssuer	Optional	Existing in DB	CardHolder	Error on Issuer/Subissuer retrieval
	Status	Optional	-	-	-
	CardId	Optional	Alphanumeric (and ‘-‘) of length [2;36]	CardHolder	The length of the card identifier must be between 2 and 36
	DeleteTime	Optional	yyyyMMddHHmmss	CardHolder	-
	EffectiveUpdateDate	Optional	yyyyMMddHHmmss	CardHolder	-

3.4. AuthenticationData

Section	Field	Presence	Controls	Type of reject	Error Label
AuthenticationData	IdElement	Mandatory	Numeric >0	CardHolder	The idElement is missing The idElement must be numeric >0
	Label	Mandatory	Alphanumeric (and ‘-‘) of length [0;20]	CardHolder	The authentication label is missing The authentication label is invalid
	Label	Mandatory	Equals to SMS, PHONE, EMAIL, PWD, SSN, TOKEN, PAM, DDN, …	AuthenticationData	An unknow authentication mean ([LABEL]) appears in the file (once or more). It will be ignored.
	Pattern	Optional	Alphanumeric (and ‘-‘) of length [0;25]	CardHolder	The pattern is invalid
	Value	Mandatory	PHONE, SMS, SVI: has phone number format (according to the Google API PhoneNumberUtil) EMAIL: corresponds to regular expression: *^(\w[-.\w])@([-\w]+(?:\.[-\w]+))\.([A-Za-z]{2,20})$* CCP: corresponds to regular expression: ^[A-Za-z0-9]{11}$ DDN: DD/MM/YYYY	CardHolder	Authentication value format isn't correct The value is missing The pattern is invalid

4. Functional Validation rules

4.1. File reject

If more than 5% of lines are in error the file is rejected with an error code 12 : “Batch KO, number of line errors greater than 5%”.

The blocking errors :

If the header is empty the file is rejected with an error code 40 : "No header specified"
If the header format is invalid the file is rejected with an error code 41 : "Specified header is incorrect"
If the header format is invalid the file is rejected with an error code 18 : "Error read input file xml"

Non-blocking errors threshold:

A skip limit can be defined for the non-blocking exceptions if this limit is reached the file is rejected.
By default the parameter is set to 100%.

Skip limit parameter : ${app-skip-limit}

4.2. Skipped requests

On batch process, the skipped card are corresponding to the specific use case :

On ACS3 XML format
- Record Card in UpdateMode = CREATE_ONLY but the card is already exist in Data Base, so we can’t create it , so request is skipped
On ACS1 XML or CSV format
- Record Card with ModificationType = RENEWAL but the card doesn’t exist in Data Base, so we can’t renewal it, so request is skipped
- Record Card with ModificationType = DELETION but the card doesn’t exist in Data Base, so we can’t delete it, so request is skipped
- Record Card with ModificationType = REPLACE but the card doesn’t exist in Data Base, so we can’t replace it and retrieve the initial credentials, so request is skipped

Card Referential

Read more about Card Referential

Card Referential

The card referential contains card holder information, PAN and credentials.

The master referential can be on ACS side or on bank side.

When the master referential is on ACS side the provisioning can be done by batch or/and an API the Referential WS Server.

When the master referential is on bank side ACS retrieves information by an API the Referential WS Client.

Lexical

Read more about Lexical

Lexical

ACS lexical

Here below you will find the acronyms used and their meanings:

Acronym/Common Name	Meaning
3DS	3D-Secure – Three Domains Secure
AC / CA	Certification Authority
ADS	3D Secure service use case (registration of a new authentication credential)
AES	Advanced Encryption Standard
API	Application Programming Interface
APM	Authentication Process Management
CAP	Chip Authentication Program
CH	Card Holder
CR	Central Repository
DS	Directory Server
GCM	Galois/Counter Mode
GZip	GZip is a compressed file format base on the deflate algorithm. Please refer to RFC 1952 for more information
HTTPS	HyperText Transfer Protocol Secure
IS	Information System, all the data processing, organisation and human resources
ITA	Identity, Trust and Authentication
JSON	JavaScript Object Notation
OOB	Out Of Band
OTP	One Time Password
OTRC	One Time Registration Code
PAN	Primary Account Number
PCI	Payment Card Industry
RBA	Risk-Based Assessment
REINIT	3D Secure service use case (update of existing authentication credential)
REST	reStructuredText
UCR	Unconnected Card Reader
UPM	Universal Electronic Banking Portal
URL	A Uniform Resource Locator (also known as web address, particularly when used with HTTP), is a specific character string that constitutes a reference to a resource. Please refer to RFC 3986 for more information.
UUID	Universally Unique Identifier. Please refer to RFC 4122 for more information.
WL	Worldline

Referential WS Server

View Documentation

Read more about Referential WS Server

Referential WS Client

View Documentation

Read more about Referential WS Client

VoP Requesting PSP API

Read more about VoP Requesting PSP API

Requesting PSP API

API Reference

This API based service is for requesting PSPs in the Worldline VoP Hub ecosystem and EPC scheme. It allows to process the verification of a payee identity via a single request to the Worldline VoP Hub, based on identification data and account data entered bv the Requester (Payer) in any payment channel of the PSP.

Diagram of VoP processing steps for Requesting PSP role

Features

The service will route the request to the corresponding responding bank using its dedicated directory service, obtain or compute a matching result (depending on the source of account holder information data or direct match result), and return it to the requesting PSP under 3 seconds (or timeout).

The API supports name + IBAN matching (returning a corrected name in case of a close match) as well as additional identifiers when supported by the responding bank.

Process

The Requesting bank gathers information from the Requester (payer) about the subject of the VoP (Payee), before initiating a payment from any Sepa Credit Transfer channel.
The API client authenticates towards VoP Hub and sends a request containing the gathered identification data and account reference.
The VoP Hub routes the request to the corresponding responding bank, part of its reachable VoP interfaces.
The VoP Hub receives the match result or necessary account holder information from the responding PSP.
The API client receives the resulting API response, which may include the corrected name according to the responding bank, in case of close matches.
The Requester is informed of the matching result, applies potential corrections and proceeds with payment initiation.

API Security

Authentication: The Worldline VoP Hub uses an authentication service that adheres to the OIDC standard protocol.
For enhanced security, the client must present an (qualified) SSL certificate to authenticate.
Secure Communication: All communications utilize MTLS with TLS 1.2 or higher, ensuring that data in transit is secure.

To learn more about how security at the transport layer is implemented through encryption, token management, and digital signatures to protect communication and authentication processes, please visit our Security pages.

VoP Responding PSP

Read more about VoP Responding PSP

Responding PSP

In the EPC VoP scheme

According to the EPC Document 218-23, "Verification Of Payee Scheme Rulebook" first version for public consultation :

The Responding PSP is the Participant that receives the VOP Request from the Requesting PSP and Instantly processes that VOP Request.
The Responding PSP is also obliged to Instantly send a VOP Response containing a matching result about the received details of the Payment Counterparty or another reason, back to the Requesting PSP.
The Responding PSP may also be the Payment Counterparty.

Worldline provides API and file exchange based services for scheme participants who need to fulfil this role and intend to comply with all its rules.

The following simplified diagram represents how the Worldline VoP services operate on behalf of Responding PSPs in the EPC scheme :

Services

To produce match results on behalf of the Responding PSP, Worldline needs access to account related information of the subject of the Verification of Payee.

Two services are available for that purpose, and are detailed at the following locations in this developer portal :

Responding PSP API : a real time API definition to expose account holder data to the Worldline VoP Services.
Account Data Management : an API or file exchange based service for responding PSPs to delegate the storage of account holder data to the Worldline VoP services, then used to produce match results when answering VoP requests.

To learn more about how security at the transport layer is implemented through encryption, token management, and digital signatures to protect communication and authentication processes, please visit our Security pages.

Subscribe to