Post on 11-Jul-2020
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
Purpose of this formThis form has been created to allow M/Chip Digital Wallet developers to have their User Interface reviewed against Mastercard Brand Mark Guidelines and Mastercard CDCVM rules . A Digital Wallet needs to meet the requirements listed in “Using in digital applications” of Mastercard Brand Mark Guidelines and comply with Mastercard Security Rules and Procedures – see section 3.9.6 Issuer Responsibilities. Note Masterpass UI evaluations are out of scope of this evaluation. (For Masterpass approvals please contact Masterpass_Approvals@mastercard.com ).
About the User Interface Evaluation processThe filename of your submitted registration form must follow the following format: UI_EvalForm_[company]_[product]_1.docx or .doc It is recommended that the filename contains the submitting company name and product name. The number 1 at the end of the filename indicates first registration form submitted for this UI. If subsequent evaluation forms need to be submitted for the UI due to errors in the first submission or changes, the number specified at the end of the filename should be incremented accordingly otherwise the evaluation form will be rejected.To have the user interface reviewed, the developer shall paste in screenshots (in English) for their User Interface in the table below in the “Screenshots for review” column and noting any additional points in the “Comments” column. The completed form should be sent to Software Evaluations Software_Evaluations@mastercard.com .Mastercard will review the submission, add comments in the “Mastercard review column” and send back the form with the evaluation conclusion completed.
Updated Mastercard branding.Please see Global Security Bulletin No. 4, 17 April 2017, “Extension of Transition Dates for New Brand Mark Artwork and Standards”. All Mastercard and Debit Mastercard card proofs submitted for review on or after 4 July 2017
must include the new Brand Mark. Issuers may update their digital card imagery (for use in digital wallets) at any time. However,
issuers must update these images no later than the update of the companion card plastic.
1UI Evaluation Template v1.6
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
Co-badged cards.Please see Europe Region Operations Bulletin No. 4, 3 April 2017, “Clarification—Co-badged Cards and Cardholder Choice in the Digital Environment”. For EU and Norway issued co-badged cards the Issuer must submit additional screenshots (see section 4 in the form below) to provide evidence that the representation of the card in the wallet and consumer choice is meeting Mastercard requirements.
Post-approval changes to User Interface.Where changes are made to the User Interface after the initial approval impacting how the Mastercard brand is represented or the CDCVM rules implemented then a new User Interface Evaluation form must be submitted.
Derivative User Interface.For the User Interface which is based off of an approved or in progress of evaluation User Interface, it will be classified as Derivative User Interface.
Issuers must declare the User Interface information and inheritance under User Interface Details section
Only Derivative UI section is required to be completed.
All the changes and differences between the parent and derivative UI must be provided under Derivative UI section. They will be reviewed and assessed if an inheritance will be granted.
Wearable and Companion App User Interfaces.For Wearable and Companion App User Interfaces, the UI Evaluation and Approval will be done separately. Therefore:
One UI Evaluation form must be submitted for each unique Wearable UI.
One Evaluation form must be submitted for each unique Companion App UI.
2UI Evaluation Template v1.6
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
For a Wearable UI submission, the associated Companion App UI reference must be specified under “User Interface Details”.
For a Companion App UI submission, additional screenshots (see section 1.1 in the form below) are required to provide the mobile card/token activation process on the Wearable.
CDCVM Implementation DeclarationFor a Wallet which supports a Consumer-Device Cardholder Verification Method (CDCVM), please provide a declaration of its compliance status with Mastercard rules by completing Section 5 below. In the case the device is a wearable device supporting Persistent Authentication, please complete “Mastercard Wearable Device Vendor Registration Form” (Please contact innovative_product_evaluation@mastercard.com for this form)
Revision HistoryPlease record changes made between different versions of the Evaluation form
Date Version Author Comments
3UI Evaluation Template v1.6
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
User Interface Details:
Company Legal Name
Company Address (including Country and ZIP/Postal Code)
Contact Name
Contact Email Address
Contact Telephone Number
User Interface Name and Version Ver.
Solution Type Cloud based
SE based
TEE based
UI Form Factor and Application TypeSelect
If “Mobile device”, please specify the Application Type: Select
If “Wearable”, please specify the respective Companion App name or reference:
Operating System Select
If “Others”, please specify
Card artworks are provisioned by MDES? Select
White Label Wallet? Select
Single or Multiple cards wallet implementation? Select
Co-badge support? Select
If “Yes”, please complete section 4
Registration number, CCS or LoA of previously registered/approved MPA/eSE/UICC (if any)
4UI Evaluation Template v1.6
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
Is this UI based off of another currently or previously assessed UI?
Select
If “Yes”, please complete section Derivative UI only
Is this UI part of a converged wallet with Masterpass?
Select
Does the wallet support Mastercard Digital Secure Remote Payment (DSRP) transactions?
Select
If “Yes”, please answer the question below
When the Unpredictable Number (UN) is not provided by the Merchant or Masterpass (for a Masterpass checkout flow), please declare how a genuine UN will be generated
Approval by PCI (www.pcisecuritystandards.org)
Following international guidance on random number generation (e.g. ISO/IEC 18031) and satisfying international statistical tests (e.g. NIST SP 800-22).
Other – please explain
5UI Evaluation Template v1.6
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
No. Branding Standard : Using in digital applications - Requirements
Reference screen Screenshot for review
DeveloperComment
MastercardReview
1 Minimum Brand Requirements.A full-color Mastercard Brand Mark or a full-color image of a Mastercard card must appear in proximity to the account representation in order to provide clear brand identification. Mastercard product branding must appear in the following locations in within the user interface :
1.1 When activating an account
For Companion App:When provisioning the mobile card/token to the Wearable after a card account has been activated in the Companion App
1.2 When selecting
credentials/ account for payment
1.3 When viewing account details (e.g. selecting a card to digitize, looking at transaction history etc...)
6UI Evaluation Template v1.6
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
1.4 When completing the use of credentials/ account in a transaction
2 Using a Mastercard Card Image
2.1 A card image may be an exact replica of the corresponding physical card provided all Mastercard branding elements are included at their required sizes proportionally and personalization elements such as account number have been truncated or removed.
2.2 A card image may be a generic representation of a Mastercard card provided all Mastercard branding elements are sized and positioned per physical card design standards.
2.3 A card image may depart from conventional physical card layout and design. For example, a square icon-style image could be used provided minimum brand mark size
7UI Evaluation Template v1.6
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
requirements are met2.4 The EMVCo
Contactless Indicator should be represented in the mobile application to indicatecontactless card / device capability.
3 Minimum Sizes3.1 Mastercard Brand
Mark : Minimum final display width is 7.0mm*
☐Brand Mark is at least 7mm width
3.2 Mastercard Card Image : Minimum final display width is 15.0mm*
☐Card width is at least 15mm width
4 For Co-badge cards(EU)
4.1 Show how both brands are displayed in the wallet , either
2 separate cards images (with brand parity ), or
1 card image (with brand parity ) and a toggle switch
4.2 Provide a screenshot showing Cardholder selection of the default brand at provisioning time.
Note: *The above sizes apply to 240 dpi or greater. On lower resolution screens, larger brand artwork may be required to ensure reasonable legibility.
8UI Evaluation Template v1.6
Brand BB
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
5. CDCVM Implementation Declaration
Description Implementation Comments
5.1 CDCVM authentication methods supported
Prolonged Authentication
Persistent Authentication (In case Persistent Authentication is supported, please complete “Mastercard Wearable Device Vendor Registration Form” )
5.2
The duration of Prolonged Authentication:
Contactless transactions (Domestic):
Number of minutes Prolonged Authentication remains valid.
Max number of High Value Transactions allowed.
Maximum Cumulative amount allowed
Minutes
High Value Transactions
Domestic Currency Units
In-App/Web transactions:
Number of minutes Prolonged Authentication remains valid.
Maximum number of transactions allowed.
Minutes
Transactions
5.3
Consumer authentication is required after how many consecutive contactless Low Value Transactions (excluding high throughput transit environment)?
Transactions
5.4Consumer Consent Action. Describe the consumer consent action for a Contactless Transaction e.g. Tap against POS
Consent for Contactless
9UI Evaluation Template v1.6
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
5.5Does the wallet implement a HVT/LVT detection based on a defined amount (such as Floor Limit)?
Yes No
If Yes, please provide the limit:
Domestic Currency unit
5.6
An eligibility check has been performed to determine if the authentication mechanism(s) on the device(s) to be used for a payment service has been successfully evaluated by Mastercard before allowing it to be used for a payment service.
Yes No
5.7
Issuers shall have the capability of disabling the use of a particular CDCVM used by the payment service in case of any weakness identified on that CDCVM
Yes No
5.8
I declare that I have verified via testing (e.g. against a terminal simulator or ISTP platform) that the CDCVM implementation is as described above.
Yes No
Derivative UI Mastercard Review
Currently or Previously Assessed UI Registration Number:
Declaration of changes: New card artworks? ☐
Provide all new card artworks here for branding review:
Modified or new functional flow?
☐
Describe what have been changed in the derivative UI
Other changes? ☐
Describe what have been changed in the derivative UI and provide the related screenshots for review
10UI Evaluation Template v1.6
Mastercard M/Chip Digital
Mobile Payment Application – User Interface Evaluation Form v1.6
Mastercard evaluation conclusion (to be completed by Mastercard)Registration Number : UI Evaluation Decision : Approved Rejected Pending, more information required
Approved with corrective action planUI Comments & Restrictions: CDCVM Evaluation Decision: Approved Rejected Pending, more information required CDCVM Comments & Restrictions:
Date : Reviewer :
11UI Evaluation Template v1.6