Cards management

The Pismo platform offers you many different types of cards (credit, debit, prepaid, private label, and more) you can issue. These cards allow transactions to occur in almost all conceivable locations and circumstances - retail stores, online e-commerce, ATM withdrawals, recurring subscriptions, and so on.

📘

Getting started with card issuing

See the Getting started section in the Card issuing with Pismo guide.

Every card is associated with a single customer and account. Accounts can have multiple customers, typically to accommodate primary and additional cardholders, but only one owner. Customers can also have more than one account.

Pismo infrastructure handles all card information including sensitive data, which is stored in a dedicated, secure and Payment Card Industry (PCI) compliant environment.

Card management workflow.

📘

PCI endpoints

Certain endpoints are designated PCI endpoints and should be called in a PCI environment. For more information, see Environments and, specifically, PCI vs non-PCI endpoints.

Pismo enables you to:

Card data

Cards store the data necessary to complete a merchant transaction. In the table below, the expiration date and name are not considered sensitive PCI data.

FieldDescription
NameCard name, can be nickname or alias the cardholder wishes to use. Though a card is associated with one customer and account, a customer can have multiple accounts and cards.
Expiration dateDate when card is no longer valid. You can set this value during program configuration. If not set, the default is 72 months.
Primary Account Number (PAN)Unique number that IDs the card network, issuing bank, and cardholder account. For Visa and Mastercard, this is a 16-19 digit string. The PAN is generated from program settings, including the BIN and BIN ranges.
Card Verification Value (CVV or CVV2)Verification number that appears on the card's back, usually used for card not present transactions.
Personal Identification Number (PIN)Encrypted card password. Pismo randomly generates the initial PIN at card creation time.

The PIN, PAN, and expiration date are automatically generated at card creation time.

You can call the following API endpoints for a card's PIN:

Card types

Pismo offers the following card types.

TypeDescription
Physical (plastic/metal)You can use physical or plastic/metal cards at terminals to not only make purchases and withdrawals from ATMs, but also online in e-commerce using the card's data.

Pismo offers two ways to issue physical cards:

  1. Nominal - At card creation, the customer is designated the cardholder.
  2. Noname - Noname cards are batch-generated and not initially associated with customers, which occurs later. Noname cards work well for special use cases like gift cards or in countries or scenarios where a password or chip might be required but not necessarily a printed card name. When you are ready, you can assign a noname card to a customer and account. See Cards Management > Noname for more APIs and endpoints in the API Reference documentation.
The following applies to physical cards:
Contactless physical card
Contact transactions require inserting a card into a terminal. With contactless transactions, you can simply hold or tap the card on a contactless-enabled card reader to complete a transaction. This requires that both the card and the terminal have Near Field Communication (NFC) technology. All APIs that generate an embossed card have a contactless card option and Pismo sends this information to your configured embosser.
VirtualA card that exists digitally, used in e-commerce and subscriptions. You can change a virtual card's CVV periodically, increasing its security. Virtual cards provide greater customer flexibility to make a purchase as you can offer them via an application.

The following applies to virtual cards:
  • Can have multiple active cards per customer, but the card name needs to be different.
  • Can be tokenized for use in a digital wallet.
  • Have a fixed PAN and dynamic CVV. (When you create a virtual card, be aware that the cvv_rotation_interval_hours is a required field.)
  • Have a transaction limit you set at card creation. If not set, the account limit is used. Later, you can change the transaction limit with the Update card information endpoint.
  • Are created with the same endpoint as a physical card.
  • Do not need to be activated before use.
Temporary (virtual)A virtual card with a fixed PAN and CVV originally meant for short-term use, typically 24 hours (default). By default, it is renewable. For more information, see Configuring temporary cards below.
Recurring (virtual)A virtual card with a fixed PAN and CVV originally meant for use with recurring subscriptions. This type is being DEPRECATED and it is recommended you use Virtual instead.

🚧

About CVV rotation for virtual cards

The logic for virtual card CVV rotation belongs to Pismo. The card networks are not updated every time this happens. This might impact scenarios where the card network validates the CVV before sending a transaction to Pismo.

Configuring temporary cards

As stated in the table above, temporary cards are virtual cards with a fixed PAN and CVV originally meant for short-term use, typically 24 hours (default). By default, it is also renewable.

Through Pismo Control Center program parameter configuration, you can define:

  • Validity period (in hours) for temporary cards. The default is 24, but can be configured differently
  • Transactions limit for temporary cards. Only authorized transactions are counted
  • Skip auto-renewal for temporary cards

Temporary card renewal

Only temporary cards can have an INOPERATIVE status, which occurs automatically when the validity period expires. You can call the Get PCI card info endpoint to renew it. However, the following applies if you do this:

  • If the "Skip auto-renewal for temporary cards" program parameter is true, the card is not renewed. In this case, the card's status becomes permanently INOPERATIVE
  • If the Skip parameter is false (default), then the card is renewed. In this case, the card's status becomes NORMAL

Note: A temporary card's validity date is different from a card's expiration date. The expiration date applies to all card types - only temporary cards have a validity date.

Branded and private label cards

You need to see your Pismo representative to set up branded and private label cards.

  • Branded - Visa and Mastercard cards that allow customers to make purchases at all establishments accepting these brands.

  • Private label - For companies seeking customer loyalty, private label cards are a good option as you can provide benefits such as discounts and better payment terms. They are usually only accepted at stores in the same network. With a private label, it is possible to control and monitor issuer transactions.

Create a combination card with card modes

You can use a combination card for both debit and credit transactions. What makes this possible are modes . A card can have a credit mode or a debit mode or both (combination cards). A mode is derived from a program/account, which can be either credit or debit.

A card's initial mode comes from the program/account it is issued with but, if you create a card with the parameter mode_type set to COMBO, you can add an additional mode to the card with the Add card mode API endpoint at a later time to create a combination card.

📘

Removing a card mode

A card mode can't be removed, but it can be suspended and made inactive with the Change card mode status endpoint.

Mode object

A card mode has an object and an identifier:

{
  "modes": [
    {
      "id": 128876,
      "mode": "CREDIT",
      "program_id": 88490,
      "customer_id": 102377856,
      "account_id": 102378693,
      "password_tries": 3,
      "transaction_limit": 750.05,
      "number_of_transactions": 40,
      "status": "SUSPENDED",
      "card_owner": "TN-f878e4a1-2879-48ba-be16-821e73ac98db"
    }
  ]
}

Card mode API endpoints

The following endpoints pertain to modes:

Digital wallets - Pismo, Apple Pay, Google Pay, and others

Cards you issue through Pismo can be stored in digital wallets, which let you tokenize cards and use them for payments without exposing sensitive data such as the CVV or PAN. Pismo provides its own digital wallet and supports those of other payment apps like Samsung Pay or Google Pay.

For more information see:

Mastercard's Automatic Billing Updater option

For a Mastercard card, you have the option to enable their Automatic Billing Updater (ABU) feature. When account credentials change, it’s challenging for consumers to inform all of their merchants. As a result, their card-not-present payments may be declined. This creates service disruptions for consumers, as well as lost revenue and decreased customer loyalty for merchants.

When a card is created, reissued, or a card's account credentials change, such as the card being lost, stolen, or closed, Pismo automatically notifies Mastercard if this feature is enabled. Mastercard, in turn, notifies the merchants it has on file for that card. Update notifications are sent to Mastercard on a daily basis.

You can enable ABU for a card via the following API endpoints:

For more information, see Mastercard's Automatic Billing Updater documentation.

Card APIs and endpoints

Pismo APIs and endpoints give you a rich set of functionality (creating, updating, embossing, tokenization, and so on) you can use to create and manage your cards. See Cards in the API Reference documentation for a complete list.