Consumer initiates enrollment process with the client: The consumer starts the enrollment process via the client's user interface. This initial step involves the consumer providing all necessary personal information, such as name, address, and other identifying details. The consumer also selects their preferred consent options during this phase, specifying what personal data they are willing to share and for what purposes.
Identity verification: The method of verifying the consumer's identity may differ based on the specific use case. For example, in the case of financial services, the system may use Visa's 3D Secure service. This service provides an added layer of security for online credit and debit card transactions by authenticating the cardholder's identity at the time of purchase.
Consent details submission: After the consumer's identity has been verified, the client forwards the consent details to Visa for validation. This includes the consent options that the consumer selected during the enrollment process.
Consent validation: Visa then verifies the consent details, ensuring that they are accurate and adhere to the client use case configuration. Once the validation is complete, Visa returns a unique consent ID. This ID is used to track and manage the consumer's consent.
Service enrollment: With the unique consent ID provided by Visa, the client can now enroll the consumer in the service. The client securely stores the consent ID, ensuring it's available for future reference and consent management.
Consent management: The client uses additional consent APIs provided by Visa to manage the consent life cycle. This includes tasks such as reading the current consent status, updating consent details, and revoking consent if the consumer chooses to withdraw their consent.
Notification receipt: Visa sends notifications to the client regarding any updates to the consents. These notifications include information about updates to the consent details, revocations of consent, and expiration of consent. This ensures that the client is always up-to-date with the current consent status of each consumer.