Cards management
The Pismo platform offers you many different types of cards (credit, debit, prepaid, private label, and more) you can issue. These cards allow transactions to occur in almost all conceivable locations and circumstances - retail stores, online e-commerce, ATM withdrawals, recurring subscriptions, and so on.
Getting started with card issuing
See the Getting started section in the Card issuing with Pismo guide.
Every card is associated with a single customer and account. Accounts can have multiple customers, typically to accommodate primary and additional cardholders, but only one owner. Customers can also have more than one account.
Pismo infrastructure handles all card information including sensitive data, which is stored in a dedicated, secure and Payment Card Industry (PCI) compliant environment.
PCI endpoints
Certain endpoints are designated PCI endpoints and should be called in a PCI environment. For more information, see Environments and, specifically, PCI vs non-PCI endpoints.
Pismo enables you to:
- Choose card types that best suit your customers' needs.
- Customize a card’s attributes, behaviors, and lifecycle, including limits on spending, the number of card uses, and the number of active cards.
- Work with the card embosser of your choice.
- Tokenize card data for use in a digital wallet.
Card data
Cards store the data necessary to complete a merchant transaction. In the table below, the expiration date and name are not considered sensitive PCI data.
Field | Description |
---|---|
Name | Card name, can be nickname or alias the cardholder wishes to use. Though a card is associated with one customer and account, a customer can have multiple accounts and cards. |
Expiration date | Date when card is no longer valid. You can set this value during program configuration. If not set, the default is 72 months. |
Primary Account Number (PAN) | Unique number that IDs the card network, issuing bank, and cardholder account. For Visa and Mastercard, this is a 16-19 digit string. The PAN is generated from program settings, including the BIN and BIN ranges. |
Card Verification Value (CVV or CVV2) | Verification number that appears on the card's back, usually used for card not present transactions. |
Personal Identification Number (PIN) | Encrypted card password. Pismo randomly generates the initial PIN at card creation time. |
The PIN, PAN, and expiration date are automatically generated at card creation time.
You can call the following API endpoints for a card's PIN:
- Get card password
- Change card password
- Reset password try count
- Get PIN as PINBlock
- Update PIN from PINBlock
Card types
Pismo offers the following card types.
Type | Description |
---|---|
Physical (plastic/metal) | You can use physical or plastic/metal cards at terminals to not only make purchases and withdrawals from ATMs, but also online in e-commerce using the card's data. Pismo offers two ways to issue physical cards:
Contact transactions require inserting a card into a terminal. With contactless transactions, you can simply hold or tap the card on a contactless-enabled card reader to complete a transaction. This requires that both the card and the terminal have Near Field Communication (NFC) technology. All APIs that generate an embossed card have a contactless card option and Pismo sends this information to your configured embosser. |
Virtual | A card that exists digitally, used in e-commerce and subscriptions. You can change a virtual card's CVV periodically, increasing its security. Virtual cards provide greater customer flexibility to make a purchase as you can offer them via an application. The following applies to virtual cards:
|
Temporary (virtual) | A virtual card with a fixed PAN and CVV originally meant for short-term use, typically 24 hours (default). By default, it is renewable. For more information, see Configuring temporary cards below. |
Recurring (virtual) | A virtual card with a fixed PAN and CVV originally meant for use with recurring subscriptions. This type is being DEPRECATED and it is recommended you use Virtual instead. |
About CVV rotation for virtual cards
The logic for virtual card CVV rotation belongs to Pismo. The card networks are not updated every time this happens. This might impact scenarios where the card network validates the CVV before sending a transaction to Pismo.
Configuring temporary cards
As stated in the table above, temporary cards are virtual cards with a fixed PAN and CVV originally meant for short-term use, typically 24 hours (default). By default, it is also renewable.
Through Pismo Control Center program parameter configuration, you can define:
- Validity period (in hours) for temporary cards. The default is 24, but can be configured differently
- Transactions limit for temporary cards. Only authorized transactions are counted
- Skip auto-renewal for temporary cards
Temporary card renewal
Only temporary cards can have an INOPERATIVE
status, which occurs automatically when the validity period expires. You can call the Get PCI card info endpoint to renew it. However, the following applies if you do this:
- If the "Skip auto-renewal for temporary cards" program parameter is
true
, the card is not renewed. In this case, the card's status becomes permanentlyINOPERATIVE
- If the Skip parameter is
false
(default), then the card is renewed. In this case, the card's status becomesNORMAL
Note: A temporary card's validity date is different from a card's expiration date. The expiration date applies to all card types - only temporary cards have a validity date.
Branded and private label cards
You need to see your Pismo representative to set up branded and private label cards.
-
Branded - Visa and Mastercard cards that allow customers to make purchases at all establishments accepting these brands.
-
Private label - For companies seeking customer loyalty, private label cards are a good option as you can provide benefits such as discounts and better payment terms. They are usually only accepted at stores in the same network. With a private label, it is possible to control and monitor issuer transactions.
Create a combination card with card modes
You can use a combination card for both debit and credit transactions. What makes this possible are modes . A card can have a credit mode or a debit mode or both (combination cards). A mode is derived from a program/account, which can be either credit or debit.
A card's initial mode comes from the program/account it is issued with but, if you create a card with the parameter mode_type
set to COMBO
, you can add an additional mode to the card with the Add card mode API endpoint at a later time to create a combination card.
Removing a card mode
A card mode can't be removed, but it can be suspended and made inactive with the Change card mode status endpoint.
Mode object
A card mode has an object and an identifier:
{
"modes": [
{
"id": 128876,
"mode": "CREDIT",
"program_id": 88490,
"customer_id": 102377856,
"account_id": 102378693,
"password_tries": 3,
"transaction_limit": 750.05,
"number_of_transactions": 40,
"status": "SUSPENDED",
"card_owner": "TN-f878e4a1-2879-48ba-be16-821e73ac98db"
}
]
}
Card mode API endpoints
The following endpoints pertain to modes:
- Create card - Issue a card setting mode parameters.
- Add card mode - Add a mode (credit or debit account) to a card.
- Get card modes - Get information about a specific card's modes. Each mode has an ID and an object.
- Change card mode status - Change a card mode's status - active or suspended.
Digital wallets - Pismo, Apple Pay, Google Pay, and others
Cards you issue through Pismo can be stored in digital wallets, which let you tokenize cards and use them for payments without exposing sensitive data such as the CVV or PAN. Pismo provides its own digital wallet and supports those of other payment apps like Samsung Pay or Google Pay.
For more information see:
Mastercard's Automatic Billing Updater option
For a Mastercard card, you have the option to enable their Automatic Billing Updater (ABU) feature. When account credentials change, it’s challenging for consumers to inform all of their merchants. As a result, their card-not-present payments may be declined. This creates service disruptions for consumers, as well as lost revenue and decreased customer loyalty for merchants.
When a card is created, reissued, or a card's account credentials change, such as the card being lost, stolen, or closed, Pismo automatically notifies Mastercard if this feature is enabled. Mastercard, in turn, notifies the merchants it has on file for that card. Update notifications are sent to Mastercard on a daily basis.
To enable ABU for a program, create a Service Desk ticket with request type = Settings/Configuration
.
You can enable ABU for a card via the following API endpoint:
For more information, see Mastercard's Automatic Billing Updater documentation.
Card APIs and endpoints
Pismo APIs and endpoints give you a rich set of functionality (creating, updating, embossing, tokenization, and so on) you can use to create and manage your cards. See Cards in the API Reference documentation for a complete list.
Updated 3 days ago