Open in app

Sign in

Write

Sign in

Debit Card [Onboarding]

Shubham Baranwal
11 min readFeb 16, 2025

--

My first credit card was Flipkart — Axis bank.

Then I got Amazon — Axis and then I moved to a real credit card.

So, an app which sells cloths, food and electronics, how do they have an option to onboard a payment card, credit card specifically.

It sounds so nice to say, everyone start doing something but becomes fintech in the end, well that’s not wrong.

But the question is, how do they becomes fintech at the implementation and execution stage because this is beyond some townhall, boardroom PPTs and something to be discussed in a roadmap.

How do you actually make a shopping app and payments app.

Let’s start …………

I have 2 goals for this article :-

  1. Explain you how a Debit Card gets integrated to a non-bank product
  2. Document my learning

I’m try to keep it as non-gyan as possible and show you actual implementation stages which you might relate to if you have a co-branded card.

I have not worked on credit cards but only debit card, so below text will be about Co-branded Debit cards/Savings bank accounts.

Example — Debit Card Onboarding Flow

Internal Quality engine

1. App Navigation :-

The Relevance of this step is to star onboarding at some stage during user is exploring the app. It can be :-

a. Home Page Banner :- A promotion card will appear on the home page till the time the user has not started onboarding for any of the bank a/c. The reason why I’m saying any of the bank a/c because you must have seen in PayTM where they offer you multiple credit card.

The selection of payment card on the platform app, their order and even recommendation is the result of internal quality engine. This can be based on your PAN or even without PAN and just app activity.

b. User Profile :- Here platform can offer CTAs from where user can start onboarding for the card.

c. Product Exploration :- App can put special offer related to a card ready to onboard on the platform.

d. Checkout page :- At the time of payment, the platform can promote their card to onboard.

Clicking on any of these options will take user to the bank onboarding steps.

2. Bank Intro :-

1. Users will land on the card selection page and to start the onboarding journey.
2. Here detailed product benefits and features will be displayed for users.
3. A ‘create account’ CTA will be placed on the bottom to initiate onboarding.

At some stage during app usage, you have already given you PAN details to the platform and they might have pull your credit score and basic details such as Name and more from NSDL.

Bank Onboarding :-

1. Geofencing:-

a. As part of default check, user’s device location must be on when they login into the App.
b. Using that device permission, platform identifies if the user has started the onboarding from India or not.
c. If user’s location is not in India, then onboarding process must immediately notify user that they can not onboard until they are in India.

2. SIM binding

It will be done once only for the new users during onboarding only.

Steps :-

1. User’s mobile number is fetched from platform.
2. With the click of the CTA on this screen, the user will be taken to the SMS app to send SMS.
3. Once the user comes back after sending the SMS, a SIM binding check will be done.
4. If SIM Binding fails, the user will be asked to retry.
5. If the SIM Binding is successful:
— a. It will be checked if the Mobile Number selected by the user during the onboarding = Mobile number from which SMS was received, they
will be allowed to continue.
— b. If Mobile Number selected by the user != Mobile number from which SMS was received, the user will be asked if they want to continue with the number from which SMS was received.
— — i. If the user agrees, the mobile number will be updated and user will be allowed to continue.
— — ii. If user denies, they will be shown the steps to start with a different mobile number.

So many things can go wrong here, I’ll list a few of them here :-

  1. User Mobile Number is blocked (by bank, RBI, telecom provider or else)
  2. Device is blocked
  3. SIM not present
  4. Device not supported (Rooted device)
  5. Permission not given for read phone SMS.
  6. Permission not given to Send SMS.
  7. Customer already linked with another PAN
  8. PAN is linked with some other mobile number

and alot more.

3. Aadhaar Verification:

In this step, the platform will ask the user to enter their Aadhaar number. This is little tricky.

To collect Aadhaar details from a user, a platform need to have a Aadhaar Vault.

Keeping in the view of privacy of Aadhaar Numbers and its related data, the Unique Identification Authority of India (UIDAI), vide its circular of 2017, has made it compulsory to store all Aadhaar Numbers collected by authentication user Agency (AUA)/e-KYC user Agency (KUA)/Sub-AUAs/ or any other agency in a Centralized Dedicated storage in encrypted form identified as “Aadhaar Data Vault” (ADV).

The platforms usually do have ADV, but bank’s does.

So, this step is done on Bank’s SDK who’s UI is customized according to platform’s brand guideline.

The user will do the following steps :-

1. The customer enters his aadhaar number manually.
2. Platform has already takes consent for using aadhaar data for the onboarding.
3. He then enters the OTP received on his aadhaar-linked mobile number if entered aadhaar is in valid format.
4. If his mobile number is not linked to aadhaar, platform shows the error screen with how he may update his user details.

He can check out the nearest enrolment centers from here: https://appointments.uidai.gov.in/EACenterSearch.aspx?value=2

5. If OTP is verified, then we get the customer’s data. Bank pull the customer details from UIDAI and verify from the user if it’s him.
6. If he rejects then go to step 1 to enter the aadhaar number.

7. Platform saves the Customer’s aadhaar details other than the Aadhaar number.
8. The customer’s PAN name should match aadhaar’s name.
9. If the name match is unsuccessful, we drop the customer with an appropriate error message informing him of the reason.

Fail scenarios :-

  1. Unable to get “Aadhaar Info”, please try again. Bank or UIDAI’s fault.
  2. Mobile number already linked with different Aadhaar
  3. Aadhaar is linked to other mobile number
  4. Aadhaar Verification Failed
  5. Aadhaar Verification not Completed
  6. At any point if aadhaar’s server is unresponsive/down, we show an appropriate message to the user and ask him to come back again for
    the onboarding.

4. Backend Checks :-

Now that platform have the user’s PAN details, bank will make some background checks on it.

If customers do not fall into these categories we process them and if not, we give the status with appropriate messages.
1. The user’s KYC documents will be checked if they are already available with the bank (KYC Dedupe).
— If the documents are found, the user will not be allowed to open a bank account.
2. The user’s age as fetched from Aadhaar will be used to check if they are a minor and in this case, the user will not be allowed to open a bank account.
3. The user’s KYC documents will be checked if they are blacklisted at the bank’s level (KYC Blacklisted).
— If the documents are found to be blacklisted, the user will not be allowed to open a bank account.

5. Aadhaar PAN name check

Bank will use NSDL APIs to fetch details from PAN entered and approved by customer.

At this stage bank also check the seeding of the PAN with Aadhaar.

Seeding is if PAN is linked with Aadhaar or not.

The response of this call will Fetch the Complete name of the PAN holder.

The names obtained from PAN and Aadhaar Card will be checked if they match or not. This logic is decided by the bank and/or the platform.

The users will be allowed as per the following conditions:

1. In the case of Partial and Exact Match, the name match will be approved and the user will be allowed to continue.
2. In the case of Failed Match, the name match will be considered failed and the user will not be allowed to continue.

6. Submit Personal Details

This step is to ask users to fill personal details related to account opening form. Few of the details have been captured already during platform’s onboarding.

Fields available from email ID/ Aadhaar/PAN will be utilized to auto-fill details wherever possible.

Fields :-

The following information will be required for account creation that will be captured at this stage.

Source’s priority order for auto-filling the user’s detail:

  1. Aadhaar,
  2. PAN
  3. Name to be displayed/printed on the card
  4. Father’s Name: auto-populated & editable (exclude Salutation)
  5. Mother’s Name: auto-populated & editable (exclude salutation)
  6. Marital Status: auto-populated & editable from the list below
  7. Place of Birth: Auto-suggest the city basis the name entered.
  8. Employment type and income range
  9. and more

7. Communication Address

The permanent address will be taken from Aadhaar (Non-editable).

  1. Users should have the option to add a communication address where the physical KYC (thumb print based) and physical card will be delivered.
  2. User will have option to use permanent address as communication address.
  3. On this screen, the serviceable addresses of the user from CRIF, Aadhaar, and user input will be shown on this screen.
  4. The addresses will be run through Additional Checks on the Communication Address mentioned before they are shown on the
    screen.
  5. The user will select any of the provided addresses or add new Communication Address and additional checks will be done here such as format, PIN Code serviceability and more.

If a user drops on this screen, they will be taken back to the Aadhaar OTP screen when they come back.

8. Nominee Details

This is a mandatory step in the onboarding process. This will be the final pre-Video KYC step where the user has to enter anything.

Fields:-

1. Nominee Name
2. Nominee DOB
3. Relationship with nominee
4. Nominee Address

9. Declaration and Consent

At this step, user will allow platform to submit the details to open a bank account.

Consider this step as submitting bank account opening form at the bank.

Once submission is done successfully bank will provide an application ID to user and they will be assigned a vKYC URL to procced.

10. KYC token

Whenever user completes Aadhaar OTP verification during onboarding, system provides a KYC token.

This KYC token is valid only for 72 hours.

If user submits their details after 72 hours of Aadhaar OTP verification, they have to re-verify Aadhaar Details.

This can happen at any stage such as personal details, address, nominee and consent.

11. Video KYC

If user have submitted the consent while KYC token is active, they receive the vKYC URL to more forward.
Navigate users to complete their KYC verification as a part of the onboarding and account creation process.

Parties involved -

1. Bank: To approve the video KYC for onboarding completion and account creation process
2. Partner: To facilitate the video session for the customer and bank
3. Platform: To allow the user to schedule an online appointment with the agent, based on availability
4. Agent: To conduct the video KYC process for the user, based on availability and follow maker — checker process.

Process :-

  1. Customers will be asked to accept terms and conditions for using video KYC platform.
  2. A mandatory consent needs to be taken as a regulatory requirement as part of RBI’s Video KYC mandate.
  3. The browser and device-based permissions are requested at every stage of the call before taking any technical access
  4. The Bank official who was on a video call with the customer reviews the application and sends the verification status.
  5. The auditor from the bank has to review the application post-maker’s approval.
  6. The official turnaround time for the auditor update is 48 hours from the maker’s approval.

Fail Scenarios :-

  1. If rejected, based on the maker’s rejection reason, platform will either allow customers to retry Video KYC or communicate to schedule Biometric KYC.
  2. In certain cases, Account creation might fail even after the completion of KYC successfully. In this case, platform calls the status update API at regular intervals to check the account creation state.
  3. In the meantime, if the user visits the app, post-completion of vKYC they should be able to see the status (Approved/Pending/Rejected etc).
  4. The number of Video KYC reattempts are usually configurable.

12. Account Opening and final Consent

If vKYC is done successfully, then user’s bank account will open and they’ll be asked a final consent.

Consider this step as your account is opened and your bank RM is calling you to collect your debit card.

Steps:-

The platform displays the following information to the user when his account gets created:
Bank Account Details — Account Key, Customer ID, and IFSC

Once the user has given their consent to Bank Terms and Conditions, the bank account creation will start.

In case the Bank Account Creation fails:

  1. There should be a retrial to ensure that the bank account can be created in the next attempts without expecting the user to do anything.
  2. In case the user drops off during the process of Bank Account Creation:
    a. There will be a background retrial irrespective of whether the user comes to the app or not.
    b. If the user comes back to the app, they should see an information screen till the account creation is successfully completed.

Once vKYC is completed, user have to sign a consent that they want to show their bank account details on platform as a third party app.

This will be a temporary but mandatory consent which user have to reattempt in next 1–2 years.

Negative Scenarios:-

1. Video KYC is done but the account hasn’t opened yet.
2. Status update API is not giving correct response
3. Opening opening is taking more time than TAT

13. Set mPIN

Once user has given consent, then they have to set mPIN for the platform -Bank Savings account, which may/may not be different from platform app’s pin.

This mPIN will be used as future UPI pin also. 1FA Auth will be done while taking consent.

14. Issue Virtual Card

With instant account opening, platforms offer their users a virtual card so that users can start making transactions.
Platform show the user’s virtual card details and settings in the app itself.
Users uses VC(virtual card) till the time the PC(physical card) is activated (setting ATM PIN).

In case the user doesn’t order/get a physical card, VC stays valid till 5 years from its generation.

Constraints

Virtual Card & Physical Card(VISA Platinum) should have the same card details since the virtual card issued to the user is the replica of the physical card to be ordered by the customer.

User Journey

  1. To generate a virtual card, we have to provide the name to be printed on the card given by the customer within the character limit defined by the bank.
  2. The same name will be printed on the card and will have no impact on the user’s journey.
  3. Post account creation, a virtual card is to be generated immediately and card details become readily available to the user.
  4. Virtual Cards will come pre-activated.Platform informs users that VC is a permanent card and will be the same as a physical card once delivered.
  5. Users can copy card numbers to the clipboard. CVV & expiry can’t be copied.
  6. Once a physical card is delivered, the user can see the same card in ‘Card Settings’.

Features accessible for Virtual card

1. Lock/unlock the card
2. View card details
3. Set PIN — only when he has ordered a physical card.
4. Set card limits — for e-com only
5. Order physical card
Once the user sets the card PIN, we shall assume that he has received the card and we enable all the settings for the physical card( locks&
limits).

19. Returning Customer

When a customer resumes onboarding they are landed at the last saved checkpoints.

The last saved checkpoints can be :-

  1. Aadhaar OTP
  2. Add Nominee
  3. Video KYC
  4. Declaration
  5. and more

I think this’ll be a 3 part series for Debit card.

Part 2 will be related to banking operations such as set limits and more

Part 3 will be card control and manage transactions.

Product Management
Fintech
Startup
Payments
Legacy

--

--

Shubham Baranwal
Shubham Baranwal

Written by Shubham Baranwal

37 Followers
8 Following

Just a curious guy ✌️

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams