# Working Modes
source: https://developer.mastercard.com/mdes-pre-digitization/documentation/configuring-services/working-modes/index.md

Depending on the options selected in each Messaging Profile, there are three basic working modes:

* [Web Services only](https://developer.mastercard.com/mdes-pre-digitization/documentation/configuring-services/index.md#web-services-only)
* [Network Messages only](https://developer.mastercard.com/mdes-pre-digitization/documentation/configuring-services/index.md#network-messages-only)
* [Hybrid](https://developer.mastercard.com/mdes-pre-digitization/documentation/configuring-services/index.md#hybrid)

## Web Services Only {#web-services-only}

This is a mode where an issuer selects from two options of a functional class the "right-side" option(s) in each selection window:

* Authorize Service (AS) (mandatory)
* Request Activation Methods (RAM) (conditional)
* Deliver Activation Code (DAC) (conditional)
* Notify Service Activated (NSA) (optional)
* Notify TokenUpdated (NTU) (optional)
* Validate Activation Code (VAC) (optional)
* Notify Suspicious Events (NSE) (optional)

![](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/card-avail-elig.png)
![](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/auth-act-msg-select.png)
![](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/token-complete.png)
![](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/token-lifecycle.png)
![](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/susp-events.png)

Depending on which entity generates and verifies the activation code, two working modes may apply to the web services as follows:

1. MDES controls Activation Code - this is the default mode.
2. Issuer controls Activation Code - this is a working mode available only on demand through your Customer Implementation Services (CIS) representative. An overview of the flow corresponding to this working mode is presented in the figure below.

![Token Requestor Model](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/token-requstor-model-02.png)

### Process {#process}

1. The web service generates the Activation Code and sends it to the consumer out-of-band, using the channel indicated by the selected ACDM. Note: MDES does not generate the activation code itself. It delivers the Activation Code Distribution Method (ACDM) chosen by the consumer to the web service.
2. Consumer presents the received activation code to the Token Requestor, which relays it to MDES.
3. MDES simply forwards it to the web service, who will perform the validation. MDES does not perform the validation of the activation code because it does not have the reference value.
4. The result of the Activation Code validation performed by the web service will be transmitted back to MDES in the Validate Activation Code API response.
5. If SUCCESS is reported, MDES will activate the token and will notify the activation to the web service.

## Network Messages Only {#network-messages-only}

This is a mode where an issuer selects from the two options of a functional class the "left-side" option(s) in each selection window:

* Tokenization Eligibility (TE) (optional)
* Token Authorization (TA) (mandatory)
* Activation Code Notification (ACN) (conditional)
* Tokenization Complete Notification (TCN) (optional)
* Tokenization Event Notification (TVN) (optional)

![](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/nw-card-avail-elig.png)
![](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/nw-auth-act-msg-select.png)
![](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/nw-token-complete.png)
![](https://static.developer.mastercard.com/content/mdes-pre-digitization/documentation/img/nw-token-lifecycle.png)

The ACN option is conditionally selected when:

* An Activation Methods List is present in the TA response when the decision to the TA authorization service request is DE 39 = 85 (Approve, but require additional authentication)
* Issuer provides one or more Activation Methods and distribution channels through which the cardholder can receive the activation code.

## Hybrid {#hybrid}

In this mode issuers may combine network messages and web services. When configuring the Message Profile options, issuers must consider the rules listed below:

* Either AS or TA must be selected.
* When AS is selected neither the TE option nor the TA option can be selected.
* When TA is selected the TE option can be selected.
* TA and AS are mutually exclusive: when an Issuer chooses for the TA option for authorizing a service, it cannot select the AS option and vice-versa, when the AS option is selected for authorizing a service the TA/TE option is deactivated.
* RAM option can be selected regardless of the TA/TE vs. AS selection.
* Issuers may select the RAM option if they outsource the management of the Activation Methods for the Cardholder Activation and Authentication to a specialized Authentication Services Provider.

### Protocol design recommendations - 1 {#protocol-design-recommendations---1}

1. Issuers that formerly performed the service authorization using the TA option with an "Approve/Decline" only decision -- without considering a "yellow" path of verifying the Cardholder Activation and Authentication -- may migrate towards a "yellow" path with Activation Code verification by adding the RAM option to the existing configuration.
2. In the current release, choosing RAM after AS has limited effect when both APIs expose the same AML managed by the same web server.
   * In case the RAM option is selected, MDES will compile a composite AML from the AML2 returned by the RAM and the AML1 returned by either TA/TE or the AS, in this order.

Depending on who is delivering the Activation Code to the Cardholder i.e., whether the Issuer Host, the web service or both, an Issuer may choose any combination of (ACN, DAC, ACN AND DAC):

* If the ACN option is selected, MDES delivers the Activation Code to the Issuer Host through an ACN network message.
* If the DAC option is selected, MDES delivers the Activation Code to the web service through a DAC API message.
* If both options are selected MDES delivers the Activation Code to both the Issuer Host and to the web service.

### Protocol design recommendations - 2 {#protocol-design-recommendations---2}

1. Issuers select ACN option if they manage the distribution channel with the Cardholder, through an out-of-band communication mechanism, for example, call center, email, or SMS.
2. Issuers select DAC option if they outsource the management of the distribution channel with the Cardholder to a specialized Communications Service Provider.
3. Issuers select simultaneously ACN and DAC if they decide to implement the dual channel assurance technique (see Note 3 in section Cardholder Activation and Authentication Messages Selection).

Depending on who is informed about the service activation completion, i.e., whether the Issuer Host, the web service or both, the Issuer may choose any combination of (TCN, NSA, TCN AND NSA):

* If the TCN option is selected, MDES informs the Issuer Host about the service activation completion, through a TCN network message.
* If the NSA option is selected, MDES informs the web service about the service activation completion, through an NSA API message.
* If both options are selected, both Issuer Host and web service are informed on the service activation completion.

### Protocol design recommendations - 3 {#protocol-design-recommendations---3}

1. The service activation completion will be signalled to the entity that performed the service authorization.
   * If AS was performed for service authorization then NSA will be paired with it.
   * If TA was performed for service authorization then TCN will be paired with it.
2. If the entity that performed Cardholder Activation and Authentication is different than the entity that performed the service authorization then the service activation completion will be reported to both.
   * If TA was performed for service authorization and RAM for getting the AML then the service activation completion can be reported with a TCN to the Issuer and with an NSA API message to the web service.

Depending on who is informed about a token event, i.e., whether the Issuer Host, the web service or both, the Issuer may choose any combination of (TVN, NTU, TVN AND NTU):

* If the TVN option is selected, MDES informs the Issuer Host about the change of a Token status and/or about an Activation Code error, through a TVN network message.
* If the NTU option is selected, MDES informs the web service only about the change of a Token status, through an NTU API message.
* If both options are selected, both Issuer Host and web service are informed on the Token status change.

### Protocol design recommendations - 4 {#protocol-design-recommendations---4}

1. The token event will be signalled to the entity that performed the service authorization.
   * If AS was performed for service authorization then NTU will be paired with it.
   * If TA was performed for service authorization then TVN will be paired with it.
2. If the entity that performed Cardholder Activation and Authentication is different than the entity that performed the service authorization then the token event will be reported to both.
   * If TA was performed for service authorization and RAM for getting the AML then the token event can be reported with a TVN to the Issuer Host and with an NTU to the web service.