Card issuing basics

To successfully integrate with the Pismo platform, either you or Pismo must enable the following.

Account management

KYC, AML, CFT, KYBKnow Your Customer (KYC) is a set of mandatory regulations for customer identity verification. Its purpose is fraud prevention, anti-money laundering (AML), and combating the financing of terrorism (CFT). KYC regulations require you to verify that a customer is who they say they are. Customers should provide proof of their identity and address. This can be done through ID card verification, biometric verification, and/or document verification.

KYC has three components:
1. Customer Identification Program (CIP) – You must verify that a customer is who they say they are. You do this by requiring them to provide information that verifies their identity.
2. Customer Due Diligence (CDD) – Conducting detailed risk assessments.
3. Continuous monitoring – You must closely monitor transactions for patterns of suspicious activity and report any that you find.

Similar to KYC, Know Your Business (KYB) is a set of regulations for verifying the identity of the businesses you deal with. You must conduct due diligence to ensure that a company is legitimate and is not just a shell company. This includes identifying the ultimate company owner and major shareholders.
You are responsible for following KYC and KYB rules and regulations.
OnboardingOnboarding refers to creating customer accounts.The Create account application endpoint enables new customer onboarding.
Credit engine (credit cards only)A credit engine (or credit decision engine) is a software platform that makes credit decisions based on the policies and rules you set up.If you plan to issue credit cards, you must provide your own method for making credit decisions.
Credit score, behavior score (credit cards only)A potential customer's credit score enables you to judge how much of a credit risk they represent.

Some issuers also set up an internal, proprietary scoring system to produce behavior scores for their existing customers. They do this, they mine a customer's payment history, their credit utilization over time, and sometimes even the amounts and types of products they purchase.
If you plan to issue credit cards, you need to purchase a credit score for each potential customer from a credit bureau.

In addition to this, you can set up your own additional proprietary scoring system to produce a behavior score for each customer.
Account lifecycleThe account lifecycle refers to the different statuses an account can go through after creation.The Update an account’s status endpoint enables you to update any account's status.
Web securityA vital part of security is ensuring that the data you transmit over the web is encrypted and stored securely. The Pismo platform operates on Amazon Web Services (AWS). All data storage, whether relational, non-relational, or files, are encrypted using the AWS Key Management Service (AWS KMS).
3DS, ACS3D Secure (3DS) is a protocol that adds an additional layer of security for online credit and debit card transactions. The name refers to the three domains that are involved in transactions:
- Acquirer domain – The financial institution that accepts the card payments (the merchant's bank).
- Issuer domain – The organization that issued the card used in the transaction.
- Interoperability domain – The payment systems that connect the acquirer and issuer domains.

A 3DS implementation usually uses an Access Control System (ACS) to authorize transactions. ACS is a security system that uses a wide array of details to manage the authentication process. Only cardholders who can submit legitimate credentials are allowed to complete transactions. Visa and Mastercard offer 3DS card brands called Visa Consumer Authentication Service (VCAS) and SecureCode, respectively.
3DS and ACS are mandatory in some countries, such as India. In other countries they are not mandatory, but most Pismo customers choose to implement them anyway.

Card network certification and integration

Card network certificationNetwork certification for a card issuer refers to the process of obtaining approval from a payment network, such as Visa or Mastercard, to issue credit or debit cards that can be used within their network. Though you are responsible for getting network certified, a Pismo representative will help guide you through the process. See Card network certification for more information.
Card network integrationThe Pismo platform offers card issuers two card network integration models they can implement - full and zero balance. See Card network integration for more information.

Card management

Message parsingCard networks send two types of authorization messages, created by two types of messaging systems: a single-message system (SMS) and a dual-message system (DMS). The clearing/base II reconciliation process handles these messages.
ValidationsA credit card is valid if the account that it's associated with is active. An account is active if its status is NORMAL.
LedgerThe Pismo platform uses accounts to keep track of money flowing into and out of a company's general ledger.
Anti-fraudThe Pismo platform integrates with your anti-fraud system.
Spending controlsThe Pismo platform provides flexible transaction controls that enable you to restrict a customer's financial operations. For example, you can set a maximum amount allowed for a certain transaction type.

See Cards management for more information.


Clearing parsingThe correct and timely transfer of funds from a customer's account to the merchant's account.
Adjustments (edge cases)It's sometimes necessary to add or remove money from a customer's account in order to reconcile balance inconsistencies (to credit an account when a transaction fails to be delivered or to return money to the customer).
Accounting eventsEvents on the Pismo platform that impact a company's records.


Transaction creationA transaction is a record of a purchase, transfer, payment, or manual adjustment. In most cases, the creation of a transaction is triggered by a cleared authorization.
Statement lifecycleCredit card balances and interest accruals are managed in cycles (billing periods). A statement corresponds to a single cycle. The first cycle begins the moment the card is activated. After that, the first full day of each cycle follows the closing date of the previous cycle. On the last day of a cycle, the cycle is closed, and a grace period begins. This grace period belongs to the next cycle. When the grace period ends, if the card balance has not been paid off, charges begin to accrue.
RefinancingYou must have processes in place that allow cardholders to refinance their credit card debt. To that end, your program must make the following options available:
- Installment advances – Used to settle future debt on the current cycle, rather than on a future cycle.
- Installment agreement – Used to refinance an existing credit card debt.
- Statement agreement – A contract that renegotiates all debt – past, present, and future.
PaymentsA customer's credit card debt must be adjusted whenever they make a payment.

See Understanding statements for more information.

Dispute management

Chargeback creationA chargeback is initiated with the card network.You can use the Pismo API's Create dispute endpoint to create a chargeback dispute with the network.
Chargeback lifecycleThe chargeback lifecycle refers to the different statuses a chargeback can go through after creation.

See the Disputes overview for more information.

Data and reporting

StreamingPismo APIs can stream event notifications and data to your cloud storage in real-time.
ReportsEvent notifications and other data can be stored in files as reports and sent to cloud storage or downloaded.

See the Data and reporting overview for more information.