Card issuing basics

To successfully integrate with the Pismo platform, either you or Pismo must enable the following:

  • Account management
  • Card management
  • Authorizations, reconciliations, and statements
  • Dispute management
  • Data handling

Account management

Topic

Description

Responsibilities

KYC, AML, CFT, KYB

Know Your Customer (KYC) is a set of mandatory regulations for customer identity verification. Its purpose is fraud prevention, anti-money laundering (AML), and combating the financing of terrorism (CFT). KYC regulations require you to verify that a customer is who they say they are. Customers should provide proof of their identity and address. This can be done through ID card verification, biometric verification, and/or document verification.

KYC has three components:

  • Customer Identification Program (CIP) – You must verify that a customer is who they say they are. You do this by requiring them to provide information that verifies their identity.
  • Customer Due Diligence (CDD) – Conducting detailed risk assessments.
  • Continuous monitoring – You must closely monitor transactions for patterns of suspicious activity and report any that you find.

Similar to KYC, Know Your Business (KYB) is a set of regulations for verifying the identity of the businesses you deal with. You must conduct due diligence to ensure that a company is legitimate and is not just a shell company. This includes identifying the ultimate owner of the company and identifying major shareholders.

You are responsible for following KYC and KYB rules and regulations.

Onboarding

Onboarding refers to the process of creating customer accounts.

The Register application form endpoint enables the onboarding of new customers.

Credit engine (credit cards only)

A credit engine (or credit decision engine) is a software platform that makes credit decisions based on the policies and rules you set up.

If you plan to issue credit cards, you must provide your own method for making credit decisions.

Credit score, behavior score (credit cards only)

A potential customer's credit score enables you to judge how much of a credit risk they represent.

Some issuers also set up an internal, proprietary scoring system to produce behavior scores for their existing customers. They do this by mining a customer's payment history, their credit utilization over time, and sometimes even the amounts and types of products they purchase.

If you plan to issue credit cards, you need to purchase a credit score for each potential customer from a credit bureau.

In addition to this, you can set up your own additional proprietary scoring system to produce a behavior score for each customer.

Account lifecycle

The account lifecycle refers to the different statuses an account can go through after creation.

The Update an account’s status endpoint enables you to update any account's status.

Web security

A vital part of security is ensuring that the data you transmit over the web is encrypted and stored securely. The Pismo platform operates on Amazon Web Services (AWS). All data storage, whether relational, non-relational, or files, are encrypted at rest using the AWS Key Management Service (AWS KMS).

3DS, ACS

3D Secure (3DS) is a protocol that adds an additional layer of security for online credit and debit card transactions. The name refers to the three domains that are involved in transactions:

  • Acquirer domain – The financial institution that accepts the card payments (the merchant's bank).
  • Issuer domain – The organization that issued the card used in the transaction.
  • Interoperability domain – The payment systems that connect the acquirer and issuer domains.

A 3DS implementation usually uses an Access Control System (ACS) to authorize transactions. ACS is a security system that uses a wide array of details to manage the authentication process. Only cardholders who can submit legitimate credentials are allowed to complete transactions. Visa and Mastercard offer 3DS card brands called Visa Consumer Authentication Service (VCAS) and SecureCode, respectively.

3DS and ACS are mandatory in some countries, such as India. In other countries they are not mandatory, but most Pismo customers choose to implement them anyway.

Card management

Topic

Description

Responsibilities

Message parsing

Card networks send two types of authorization messages, created by two types of messaging systems: a single-message system (SMS) and a dual-message system (DMS). The clearing/base II reconciliation process handles these messages.

Validations

A credit card is valid if the account that it's associated with is active. An account is active if its status is NORMAL.

Ledger

The Pismo platform uses accounts to keep track of money flowing into and out of a company's general ledger.

With zero balance integration, you are responsible for maintaining a general ledger.

Anti-fraud

With full balance integration, the Pismo platform provides anti-fraud integration via a partner.

With zero balance integration, you are responsible for providing an anti-fraud system.

Spending controls

The Pismo platform provides flexible transaction controls that enable you to restrict a customer's financial operations. For example, you can set a maximum amount allowed for a certain type of transaction.

With full balance integration, you use the Pismo API to restrict customers' financial operations. With zero balance integration, you are responsible for implementing such restrictions.

Reconciliations

Topic

Description

Responsibilities

Clearing parsing

The correct and timely transfer of funds from a customer's account to the merchant's account.

Adjustments (edge cases)

It's sometimes necessary to add or remove money from a customer's account in order to reconcile balance inconsistencies (to credit an account when a transaction fails to be delivered or to return money to the customer).

With zero balance integration, you are responsible for making adjustments. You can do this using the Creating an adjustment endpoint.

Accounting events

Events on the Pismo platform that impact a company's records.

With zero balance integration, you are responsible for handling accounting events via an accounting script.

Statements

Topic

Description

Responsibilities

Transaction creation

A transaction is a record of a purchase, transfer, payment, or manual adjustment. In most cases, the creation of a transaction is triggered by a cleared authorization.

With zero balance integration, you are responsible for transaction creation. You create a transaction by clearing an authorization.

Statement lifecycle

Credit card balances and interest accruals are managed in cycles (billing periods). A statement corresponds to a single cycle. The first cycle begins the moment the card is activated. After that, the first full day of each cycle follows the closing date of the previous cycle. On the last day of a cycle, the cycle is closed, and a grace period begins. This grace period belongs to the next cycle. When the grace period ends, if the card balance has not been paid off, charges begin to accrue.

With zero balance integration, you are responsible for managing the statement lifecycle.

Refinancing

You must have processes in place that allow cardholders to refinance their credit card debt. To that end, your program must make the following options available:

  • Installment advances – Used to settle future debt on the current cycle, rather than on a future cycle.
  • Installment agreement – Used to refinance an existing credit card debt.
  • Statement agreement – A contract that renegotiates all debt – past, present, and future.

With zero balance integration, you are responsible for providing refinancing options to your customers.

Payments

A customer's credit card debt must be adjusted whenever they make a payment.

With zero balance integration, you are responsible for managing customer payments.

Dispute management

Topic

Description

Responsibilities

Chargeback creation

A chargeback is initiated with the card network.

You direct Pismo to create a chargeback by using the Pismo API to Create a dispute form.

Chargeback lifecycle

The chargeback lifecycle refers to the different statuses a chargeback can go through after creation.

Data handling

Topic

Description

Responsibilities

Streaming

Pismo APIs can stream event notifications and data to your cloud storage.

Reports

Event notifications and other data can be stored in files as reports and sent to cloud storage or downloaded.


Did this page help you?