Card issuing basics

To successfully integrate with the Pismo platform, either you or Pismo must enable the following:

Account management

KYC, AML, CFT, KYBKnow Your Customer (KYC) is a set of mandatory regulations for customer identity verification. Its purpose is fraud prevention, anti-money laundering (AML), and combating the financing of terrorism (CFT). KYC regulations require you to verify that a customer is who they say they are. Customers should provide proof of their identity and address. This can be done through ID card verification, biometric verification, and/or document verification.

KYC has three components:
1. Customer Identification Program (CIP) – You must verify that a customer is who they say they are. You do this by requiring them to provide information that verifies their identity.
2. Customer Due Diligence (CDD) – Conducting detailed risk assessments.
3. Continuous monitoring – You must closely monitor transactions for patterns of suspicious activity and report any that you find.

Similar to KYC, Know Your Business (KYB) is a set of regulations for verifying the identity of the businesses you deal with. You must conduct due diligence to ensure that a company is legitimate and is not just a shell company. This includes identifying the ultimate company owner and major shareholders.
You are responsible for following KYC and KYB rules and regulations.
OnboardingOnboarding refers to creating customer accounts.The Create account application endpoint enables new customer onboarding.
Credit engine (credit cards only)A credit engine (or credit decision engine) is a software platform that makes credit decisions based on the policies and rules you set up.If you plan to issue credit cards, you must provide your own method for making credit decisions.
Credit score, behavior score (credit cards only)A potential customer's credit score enables you to judge how much of a credit risk they represent.

Some issuers also set up an internal, proprietary scoring system to produce behavior scores for their existing customers. They do this, they mine a customer's payment history, their credit utilization over time, and sometimes even the amounts and types of products they purchase.
If you plan to issue credit cards, you need to purchase a credit score for each potential customer from a credit bureau.

In addition to this, you can set up your own additional proprietary scoring system to produce a behavior score for each customer.
Account lifecycleThe account lifecycle refers to the different statuses an account can go through after creation.The Update an account’s status endpoint enables you to update any account's status.
Web securityA vital part of security is ensuring that the data you transmit over the web is encrypted and stored securely. The Pismo platform operates on Amazon Web Services (AWS). All data storage, whether relational, non-relational, or files, are encrypted using the AWS Key Management Service (AWS KMS).
3DS, ACS3D Secure (3DS) is a protocol that adds an additional layer of security for online credit and debit card transactions. The name refers to the three domains that are involved in transactions:
- Acquirer domain – The financial institution that accepts the card payments (the merchant's bank).
- Issuer domain – The organization that issued the card used in the transaction.
- Interoperability domain – The payment systems that connect the acquirer and issuer domains.

A 3DS implementation usually uses an Access Control System (ACS) to authorize transactions. ACS is a security system that uses a wide array of details to manage the authentication process. Only cardholders who can submit legitimate credentials are allowed to complete transactions. Visa and Mastercard offer 3DS card brands called Visa Consumer Authentication Service (VCAS) and SecureCode, respectively.
3DS and ACS are mandatory in some countries, such as India. In other countries they are not mandatory, but most Pismo customers choose to implement them anyway.

Card management

Message parsingCard networks send two types of authorization messages, created by two types of messaging systems: a single-message system (SMS) and a dual-message system (DMS). The clearing/base II reconciliation process handles these messages.
ValidationsA credit card is valid if the account that it's associated with is active. An account is active if its status is NORMAL.
LedgerThe Pismo platform uses accounts to keep track of money flowing into and out of a company's general ledger.With zero balance integration, you are responsible for maintaining a general ledger.
Anti-fraudWith full balance integration, the Pismo platform provides anti-fraud integration via a partner.With zero balance integration, you are responsible for providing an anti-fraud system.
Spending controlsThe Pismo platform provides flexible transaction controls that enable you to restrict a customer's financial operations. For example, you can set a maximum amount allowed for a certain transaction type.With full balance integration, you use the Pismo API to restrict customers' financial operations. With zero balance integration, you are responsible for implementing such restrictions.

See the Cards overview for more information.


Clearing parsingThe correct and timely transfer of funds from a customer's account to the merchant's account.
Adjustments (edge cases)It's sometimes necessary to add or remove money from a customer's account in order to reconcile balance inconsistencies (to credit an account when a transaction fails to be delivered or to return money to the customer).With zero balance integration, you are responsible for making adjustments. You can do this using the Creating an adjustment endpoint.
Accounting eventsEvents on the Pismo platform that impact a company's records.With zero balance integration, you are responsible for handling accounting events via an accounting script.


Transaction creationA transaction is a record of a purchase, transfer, payment, or manual adjustment. In most cases, the creation of a transaction is triggered by a cleared authorization.With zero balance integration, you are responsible for transaction creation. You create a transaction by clearing an authorization.
Statement lifecycleCredit card balances and interest accruals are managed in cycles (billing periods). A statement corresponds to a single cycle. The first cycle begins the moment the card is activated. After that, the first full day of each cycle follows the closing date of the previous cycle. On the last day of a cycle, the cycle is closed, and a grace period begins. This grace period belongs to the next cycle. When the grace period ends, if the card balance has not been paid off, charges begin to accrue.With zero balance integration, you are responsible for managing the statement lifecycle.
RefinancingYou must have processes in place that allow cardholders to refinance their credit card debt. To that end, your program must make the following options available:
- Installment advances – Used to settle future debt on the current cycle, rather than on a future cycle.
- Installment agreement – Used to refinance an existing credit card debt.
- Statement agreement – A contract that renegotiates all debt – past, present, and future.
With zero balance integration, you are responsible for providing refinancing options to your customers.
PaymentsA customer's credit card debt must be adjusted whenever they make a payment.With zero balance integration, you are responsible for managing customer payments.

See Understanding statements for more information.

Dispute management

Chargeback creationA chargeback is initiated with the card network.You can use the Pismo API's Create dispute endpoint to create a chargeback dispute with the network.
Chargeback lifecycleThe chargeback lifecycle refers to the different statuses a chargeback can go through after creation.

See the Disputes overview for more information.

Data and reporting

StreamingPismo APIs can stream event notifications and data to your cloud storage in real-time.
ReportsEvent notifications and other data can be stored in files as reports and sent to cloud storage or downloaded.

See the Data and reporting overview for more information.