SCA to Capture SSN

Introduction

Capturing SSN is key to the Risk Check process in Norway and Sweden. Merchants based in other countries can disregard this process. Additionally, Riverty will only use SCA to capture SSN if the merchant is unwilling or unable to provide the consumer's SSN.

Sequence

1. Customer Registration with Empty SSN:
   • The merchant send Create New Customer Request to CustomerAPI with SSN left blank
2. Subscription Initiation with SCA Enforcement:
   • Merchant Sends create New Subscription Request with customerNumber provided in response from Customer API
   • SubscriptionAPI responds with a 202 Accepted status, attaching an SCA initiation URL via hypermedia links.
3. Consumer Interaction:
   • Consumer is informed and receives the SCA initiation URL from the Merchant.
   • Consumer then initiates the SCA process by accessing the SCAWeb using the provided URL.
4. BankID Authentication:
   • SCAService prompts the consumer for identification via BankID authentication.
     
   • Consumer provides the identification number
     
   • Customer also enters the OTP and password to complete the authentication
     
     
5. The system provides instant feedback on the authentication outcome.
6. Update Customer Information:
   • Upon successful authentication, the system securely updates the customer profile with the Social Security Number.
7. Complete Subscription:
   • The subscription creation process is finalized and created from draft. If the authentication fails, subscription will not be created.
8. Success Confirmation:
   • Consumer will be redirected to merchant’s system/app with success result.
9. Error/Failure Handling:
   • If the SCA status indicates an error or failure:
     • The system updates the draft status accordingly
     • The system redirects the Merchant with the status indicating the failure