Remote Transaction
  • 23 Oct 2024
  • 4 Minutes to read
  • Dark
    Light

Remote Transaction

  • Dark
    Light

Article summary

With the remote transaction feature of the Orchestration SDK, the user can perform a transaction to the Customer Website using the Customer Mobile Application, via a transaction request initiated on OneSpan Trusted Identity platform, and based on the corresponding risk evaluation.

The remote transaction process is initiated using the Customer Website and evaluated for risk by the OneSpan Trusted Identity platform before continuing with the Customer Mobile Application.

The transaction request is embedded in an orchestration command and can be transmitted via a push notification message initiated by the OneSpan Trusted Identity platform or by another communication channel handled by the Customer Website (e.g. image scanning).

The authentication request contains the following parameters:

  • A session identifier created by the Customer Application Server, which uniquely identifies the transaction session.

  • A request identifier created by the Customer Application Server, which uniquely identifies the transaction request.

  • An authentication method, which defines how the user must authenticate to be able to sign the transaction request (see Authentication methods).

  • Data to display on the Customer Mobile Application to provide transaction request information to the user; the user can choose to approve or reject it.

    The data to display is a string defined by the Customer Application Server, which must be interpreted by the Customer Mobile Application.

Remote transaction workflow illustrates the remote transaction workflow with the transmission of the transaction request via a push notification message.

Remote transaction workflow

Remote transaction workflow

  1. The user initializes a transaction request via the Customer Website (e.g. for money transfer purposes), providing their user identifier and the transaction data.

  2. The Customer Website transmits the user identifier and the Client Device Data Collector (CDDC) browser data to the Customer Application Server.

  3. The Customer Application Server calls the https://{tenant}.{environment}.tid.onespan.cloud/v1/users/{userID@domain}/transactions/validate endpoint from the OneSpan Trusted Identity platform API by providing their user identifier, a session identifier (dynamically generated and uniquely identifying the authentication request), the received CDDC browser data, and the data to display on the Customer Mobile Application.

  4. The OneSpan Trusted Identity platform evaluates the risk related to the Web browser used for the transaction request (based on multiple parameters provided in the previous step and on existing parameters related to the user, e.g. amount too high) and, in case of risk detection, initiates a step-up transaction request on the Customer Mobile Application with a given authentication method (see Authentication methods).

    Depending on the configuration defined in the OneSpan Trusted Identity platform, multiple scenarios are possible:

    • The transaction request can be transmitted via a push notification message initiated by the OneSpan Trusted Identity platform and sent by the Push Notification Service to the Customer Mobile Application. In this case, a push notification message is sent to all mobile devices of the user where the Customer Mobile Application is installed and activated.

    • The transaction request can be transmitted by the Customer Application Server via a different channel (e.g. display a Cronto image containing the orchestration command related to the transaction request and scan it with the Customer Mobile Application).

    • The transaction request can be blocking or non-blocking.

    The following steps describe a blocking scenario with the transaction request transmitted via push notification.

  5. The Push Notification Service sends a push notification message containing the orchestration command related to the transaction request to the Customer Mobile Application.

  6. The Customer Mobile Application obtains the orchestration command contained in the push notification message and calls the execute method of the Orchestration SDK to perform the remote authentication.

  7. The Orchestration SDK builds an orchestration command and transmits it to the Customer Mobile Application using the  onRemoteTransactionStepComplete method.

  8. The Customer Mobile Application transmits the orchestration command to the Customer Application Server.

  9. The Customer Application Server calls the orchestration-commands Web service of the OneSpan Trusted Identity platform by providing the orchestration command. A new orchestration command is returned as a result.

  10. The Customer Application Server transmits the orchestration command to the Customer Mobile Application as a response to the previous request.

  11. The Customer Mobile Application calls the execute method of the Orchestration SDK to continue the remote transaction process (only if the transaction request is still pending).

  12. The Orchestration SDK calls the onRemoteTransactionDisplayData method to transmit the data to display to the Customer Mobile Application.

  13. The Customer Mobile Application displays a screen to the user containing the data to display and two buttons to approve or reject the transaction request.

  14. The user must approve or reject the transaction request, according to the displayed data.

  15. Based on the user’s decision in the previous step, the Customer Mobile Application calls the onDataApproved or onDataRejected method of the Orchestration SDK.

  16. In both cases, the Orchestration SDK prompts the user to authenticate by using an authentication method defined by the OneSpan Trusted Identity platform, based on the evaluated risk (see step 4).

  17. The Orchestration SDK signs the transaction request, builds an orchestration command, and transmits it to the Customer Mobile Application using the onRemoteTransactionStepComplete method.

  18. Repeat steps 8 to 11.

  19. In case of validation by the OneSpan Trusted Identity platform, the Orchestration SDK calls the onRemoteTransactionSuccess method to notify the Customer Mobile Application.

  20. The Customer Mobile Application notifies the user that the transaction request has been validated.

  21. The OneSpan Trusted Identity platform provides a response to the call to the transactions/validate Web service from step 3, indicating the success of the transaction request.

  22. The Customer Application Server transmits the success status to the Customer Website. The user is informed that the transaction has been validated on the Customer Website.

For more information about integrating this feature, see Remote transaction.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant