# Card issuing reference The following are essential concepts and terms for card issuing. ## Roles The following table describes the key participants in the card payment ecosystem and their respective roles in processing transactions. | Participant | Role | | :--------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Cardholder | Person authorized to use a card. | | Merchant | Store or vendor authorized to receive card payments from its customers pursuant to an agreement with card brands. | | Network | Company that processes card payments worldwide such as Visa and Mastercard. Networks are also called *card schemes*. | | Issuer | Financial institution that issued the card used in a transaction. Issuers are usually banks, but they can be other types of financial entities, such as fintechs. | | Acquirer | Financial institution that receives the payment authorization request from the merchant. Acquirers are usually banks, but they can be other types of financial entities, such as fintechs. For simplicity, the acquirer is sometimes referred to as the *merchant's bank*, although it doesn't have to be a bank. | | Third party processors | Companies that help banks and other organizations to set themselves up as card issuers. They often handle much of the processing that would otherwise fall on the shoulders of their clients. Pismo falls into this category. | Different financial institutions offer different sets of services. A financial institution can be both an issuer and an acquirer, but that's not always the case. For example, most banks need to handle credit card transactions, but many do not issue credit cards. ## Account management The following table outlines key topics and responsibilities involved in account management, including regulatory compliance, onboarding, credit evaluation, and security protocols.
Topic Description Responsibilities
KYC, AML, CFT, KYB * \*Know Your Customer (KYC)**is a set of mandatory regulations for customer identity verification. Its purpose is fraud prevention,**anti-money laundering (AML)**, and**combating the financing of terrorism (CFT)\*\*. KYC regulations require you to verify that a customer is who they say they are. Customers should provide proof of their identity and address. This can be done through ID card verification, biometric verification, and/or document verification. KYC has three components: 1. **Customer Identification Program (CIP)** – You must verify that a customer is who they say they are. You do this by requiring them to provide information that verifies their identity. 2. **Customer Due Diligence (CDD)** – Conducting detailed risk assessments. 3. **Continuous monitoring** – You must closely monitor transactions for patterns of suspicious activity and report any that you find. Similar to KYC, **Know Your Business (KYB)** is a set of regulations for verifying the identity of the businesses you deal with. You must conduct due diligence to ensure that a company is legitimate and is not just a shell company. This includes identifying the ultimate company owner and major shareholders. You are responsible for following KYC and KYB rules and regulations.
Onboarding * \*Onboarding\*\* refers to creating customer accounts. The [Create account application](https://developers.pismo.io/pismo-docs/reference/post-acquisitions-v3-s2s-applications) endpoint enables new customer onboarding.
Credit engine (credit cards only) A **credit engine** (or credit decision engine) is a software platform that makes credit decisions based on the policies and rules you set up. If you plan to issue credit cards, you must provide your own method for making credit decisions.
Credit score, behavior score (credit cards only) You can assess a potential customer's credit risk by reviewing their **credit score**. Some issuers also set up an internal, proprietary scoring system to produce **behavior scores** for their existing customers. To do this, they mine a customer's payment history, their credit utilization over time, and sometimes even the amounts and types of products they purchase. If you plan to issue credit cards, you need to purchase a credit score for each potential customer from a credit bureau. In addition to this, you can set up your own additional proprietary scoring system to produce a behavior score for each customer.
Account lifecycle The **account lifecycle** refers to the different statuses an account can go through after creation. Use the [Update an account’s status](https://developers.pismo.io/pismo-docs/reference/patch-accounts-v2-accounts-accountid-status) endpoint to update any account's status.
Web security A vital part of security is ensuring that the data you transmit over the web is encrypted and stored securely. The Pismo platform operates on **Amazon Web Services (AWS)**. All data storage, whether relational, non-relational, or files, are encrypted using the **AWS Key Management Service (AWS KMS)**.
3DS, ACS * \*3D Secure (3DS)\*\* is a protocol that adds an additional layer of security for online credit and debit card transactions. The name refers to the three domains that are involved in transactions: * \*Acquirer domain\*\*–The financial institution that accepts the card payments (the merchant's bank). * \*Issuer domain\*\*–The organization that issued the card used in the transaction. * \*Interoperability domain**–The payment systems that connect the acquirer and issuer domains. A 3DS implementation usually uses an**Access Control System (ACS)\*\* to authorize transactions. ACS is a security system that uses a wide array of details to manage the authentication process. Only cardholders who can submit legitimate credentials are allowed to complete transactions. Visa and Mastercard offer 3DS card brands called Visa Consumer Authentication Service (VCAS) and SecureCode, respectively. 3DS and ACS are mandatory in some countries, such as India. In other countries they are not mandatory, but most Pismo customers choose to implement them anyway.
## Card network certification and integration The following table provides an overview of key processes related to card network certification and integration, including issuer responsibilities and available implementation models. | Topic | Description | | :------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Card network certification | Network certification for a card issuer refers to the process of obtaining approval from a payment network, such as Visa or Mastercard, to issue credit or debit cards that can be used within their network. Though you are responsible for getting network certified, a Pismo representative will help guide you through the process. Refer to [Card network certification](https://developers.pismo.io/pismo-docs/docs/network-certification) for more information. | | Card network integration | The Pismo platform offers card issuers two card network integration models they can implement - full and zero balance. Refer to [Card network integration](https://developers.pismo.io/pismo-docs/docs/card-network-integration) for more information. | ## Card management The following table outlines key components of transaction processing and account management on the Pismo platform, including message handling, validations, ledger tracking, and fraud prevention tools. | Topic | Description | | :---------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Message parsing | Card networks send two types of authorization messages, created by two types of messaging systems: a **single-message system (SMS)** and a **dual-message system (DMS)**. The clearing/base II reconciliation process handles these messages. | | Validations | A credit card is valid if the account that it's associated with is active. An account is active if its status is NORMAL. | | Ledger | The Pismo platform uses [accounts](https://developers.pismo.io/pismo-docs/docs/setup-overview#account) to keep track of money flowing into and out of a company's general ledger. | | Anti-fraud | The Pismo platform integrates with your anti-fraud system. | | Spending controls | The Pismo platform provides [flexible transaction controls](https://developers.pismo.io/pismo-docs/docs/flex-controls) that enable you to restrict a customer's financial operations. For example, you can set a maximum amount allowed for a certain transaction type. | Refer to [Cards management](https://developers.pismo.io/pismo-docs/docs/cards-overview-1) for more information. ## Reconciliations The following table summarizes key financial operations on the Pismo platform, including fund transfers, balance adjustments, and accounting-related events. | Topic | Description | | :----------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Clearing parsing | The correct and timely transfer of funds from a customer's account to the merchant's account. | | Adjustments (edge cases) | It's sometimes necessary to add or remove money from a customer's account in order to reconcile balance inconsistencies (to credit an account when a transaction fails to be delivered or to return money to the customer). | | Accounting events | Events on the Pismo platform that impact a company's records. | ## Statements The following table outlines key credit card operations managed on the Pismo platform, including transaction creation, billing cycles, refinancing options, and payment handling.
Topic Description
Transaction creation A **transaction** is a record of a purchase, transfer, payment, or manual adjustment. In most cases, the creation of a transaction is triggered by a cleared authorization.
Statement lifecycle Credit card balances and interest accruals are managed in **cycles** (billing periods). A statement corresponds to a single cycle. The first cycle begins the moment the card is activated. After that, the first full day of each cycle follows the closing date of the previous cycle. On the last day of a cycle, the cycle is closed, and a grace period begins. This grace period belongs to the next cycle. When the grace period ends, if the card balance has not been paid off, charges begin to accrue.
Refinancing You must have processes in place that allow cardholders to refinance their credit card debt. To that end, your program must make the following options available: * \*Installment advances\*\*–Used to settle future debt on the current cycle, rather than on a future cycle. * \*Installment agreement\*\*–Used to refinance an existing credit card debt. * \*Statement agreement\*\*–A contract that renegotiates all debt – past, present, and future.
Payments A customer's credit card debt must be adjusted whenever they make a payment.
Refer to [Understanding statements](https://developers.pismo.io/pismo-docs/docs/understanding-statements) for more information. ## Dispute management The following table outlines the chargeback process, including how chargebacks are created and the stages they go through after initiation. | Topic | Description | Responsibilities | | :------------------- | :---------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------- | | Chargeback creation | A chargeback is initiated with the card network. | You can use the Pismo API's [Create dispute](https://developers.pismo.io/pismo-docs/reference/post-v1-networkauthorization-disputes) endpoint to create a chargeback dispute with the network. | | Chargeback lifecycle | The chargeback lifecycle refers to the different statuses a chargeback can go through after creation. | | Refer to the [Disputes overview](https://developers.pismo.io/pismo-docs/docs/disputes-overview) for more information. ## Data and reporting The following table highlights how the Pismo platform supports data delivery through real-time streaming and downloadable reports. | Topic | Description | | :-------- | :------------------------------------------------------------------------------------------------------------ | | Streaming | Pismo APIs can stream event notifications and data to your cloud storage in real-time. | | Reports | Event notifications and other data can be stored in files as reports and sent to cloud storage or downloaded. | Refer to the [Data and reporting overview](https://developers.pismo.io/pismo-docs/docs/data-reporting-overview) for more information.