>>Omaha - InHouse Credit-Debit
Proposed Workflow for Reporting and Re-issuing a Lost/Stolen Card on the Omaha Platform for In-House Credit/ Debit
- For the CUs using CO-OP for Fraud and Disputes, the Mobile Banking /Online Banking (MB/OLB) Server through apps will need to redirect cardholders to report the incident via phone.
- Once the card is reported Lost/Stolen, cardholders could get a new card issued using the “New Card” flow.
- /omaha/lost-stolen-presentation-instrument (separate entity) or /omaha/lost-stolen-account (single entity) - Required
- /omaha/lost-stolen-add-to-warning-bulletin - Optional
- /omaha/new-account.create - Required
- /omaha/external-status - Optional
- /omaha/update-auth-plus-strategy - Optional (Debit Only)
- /omaha/card-activation - Optional
- /omaha/memo - Optional
- /key-wrap.get - Required
- /omaha/dci-cvv.get - Required
Proposed Sample Steps
- The card is marked Lost or Stolen.
- The Compromised Card is added to the Industry Warning Bulletin. Record the old PAN as Lost on the account and a New PAN is generated by CORE.
- The New PAN is sent via the New Account endpoint to the Omaha platform for New Account Creation. PAN and expiration must be included in the new account API to allow real time calculation of the CVV value.
- If your Financial Institution PCF (Product Control File) settings are configured to create new accounts with an external status of "A" by default, you will want to update the external status to remove "A" block to allow your members to make e-commerce purchases.
- Auth Plus Strategy for Debit Cards Process to determine who performs the auth, limits, stand in, and the location of where to send messages. Similar to PCF for Debit Cards performed on the NEW ACCOUNT. (Debit and IHC)
- If your Financial Institution PCF (Product Control File ) settings are configured to create new accounts activated by default, you will want to deactivate the PAN. E-commerce purchases will still be allowed until the card is activated via normal channels.
- Optional - Memo for Audit.
- The Encryption Key needs to be sent by the client in order to receive securely wrapped key credentials.
- DCI API Request: Obtain and return the CVV and Expiration Date. Add Memo for the Card Management System.
The Cardholder receives the plastic card ordered in step #1 by mail.