Great visuals! Thank you.
Not as a criticism, but as a thought:
A security code is sent to the registrant after the details have been entered into the database. This means that a bogus database entry will need removal at some stage. This extra step is not included in your diagrams.
My thought is to send a security code prior to a database entry. That way the database entries will always be authentic.
Please have a look at
