Cards overview

The Pismo platform offers you many different types of cards (credit, debit, prepaid, private label, and more) you can issue. These cards allow transactions to occur in almost all conceivable locations and circumstances - retail stores, online e-commerce, ATM withdrawals, recurring subscriptions, and so on.

Every card is associated with a single customer and account. Accounts can have multiple customers, typically to accommodate primary and additional cardholders, but only one owner. Customers can also have more than one account.

Pismo infrastructure handles all card information including sensitive data, which is stored in a dedicated, secure and Payment Card Industry (PCI) compliant environment.

Pismo enables you to:

Card data

Cards store the data necessary to complete a merchant transaction. In the table below, the expiration date and name are not considered sensitive PCI data.

NameCard name, can be nickname or alias the cardholder wishes to use. Though a card is associated with one customer and account, a customer can have multiple accounts and cards.
Expiration dateDate when card is no longer valid. You can set this value during program configuration. If not set, the default is 72 months.
Primary Account Number (PAN)Unique number that IDs the card network, issuing bank, and cardholder account. For Visa and Mastercard, this is a 16-19 digit string. The PAN is generated from program settings, including the BIN and BIN ranges.
Card Verification Value (CVV or CVV2)Verification number that appears on the card's back, usually used for card not present transactions.
Personal Identification Number (PIN)Encrypted card password. Pismo randomly generates the initial PIN at card creation time.

The PIN, PAN, CVV, and expiration date are automatically generated at card creation time.

You can call the following API endpoints for a card's PIN:

Card types

Pismo offers the following card types.



Physical (plastic/metal)

You can use physical or plastic/metal cards at terminals to not only make purchases and withdrawals from ATMs, but also online in e-commerce using the card's data.

Pismo offers two ways to issue physical cards:

  1. **Nominal** - At [card creation](ref:post-v2-card), the customer is designated the cardholder.
  2. **Noname** - Noname cards are [batch-generated](ref:create-bulk) and not initially associated with customers, which occurs later. Noname cards work well for special use cases like gift cards or in countries or scenarios where a password or chip might be required but not necessarily a printed card name. When you are ready, you can [assign a noname card to a customer and account](ref:post-v2-card-bind). See **Cards Management** > **[Noname](ref:create-bulk)** for more APIs and endpoints in the **API Reference** documentation.
**The following applies to physical cards**:
  • Only one per customer and account. Customers can have more than one account and card.
  • Can be [tokenized](doc:wallet-overview) for use in a [digital wallet](doc:wallet-overview)
  • Have a fixed PAN and CVV
  • Have to be [activated](ref:put-v1-card-activate) before use
  • Can be both a [credit and debit](#create-a-combination-card-with-card-modes) card
** _Contactless_ physical card** Contact transactions require inserting a card into a terminal. With **contactless** transactions, you can simply hold or tap the card on a contactless-enabled card reader to complete a transaction. This requires that both the card and the terminal have [Near Field Communication (NFC)]( technology. All APIs that generate an embossed card have a contactless card option and Pismo sends this information to your [configured embosser](doc:physical-card-embossing).


A card that exists digitally, used in e-commerce and subscriptions. You can change a virtual card's CVV periodically, increasing its security. Virtual cards provide greater customer flexibility to make a purchase as you can offer them via an application.

The following applies to virtual cards:

  • Can have multiple active cards per customer, but the card name needs to be different.
  • Can be tokenized for use in a digital wallet.
  • Have a fixed PAN and dynamic CVV. (When you create a virtual card, be aware that the cvv_rotation_interval_hours is a required field.)
  • Have a transaction limit you set at card creation. If not set, the account limit is used. Later, you can change the transaction limit with the Update card information endpoint.
  • Are created with the same endpoint as a physical card.
  • Do not need to be activated before use.

Recurring (virtual)

A virtual card with a fixed PAN and CVV originally meant for use with recurring subscriptions. This type is being DEPRECATED and it is recommended you use Virtual instead.

Temporary (virtual)

A virtual card with a fixed PAN and dynamic CVV originally meant for short-term use, typically 24 hours. This type is being DEPRECATED and it is recommended you use Virtual instead.

Branded and private label cards

You need to see your Pismo representative to set up branded and private label cards.

  • Branded - Visa and Mastercard cards that allow customers to make purchases at all establishments accepting these brands.

  • Private label - For companies seeking customer loyalty, private label cards are a good option as you can provide benefits such as discounts and better payment terms. They are usually only accepted at stores in the same network. With a private label, it is possible to control and monitor issuer transactions.

Create a combination card with card modes

You can use a combination card for both debit and credit transactions. What makes this possible are modes . A card can have a credit mode or a debit mode or both (combination cards). A mode is derived from a program/account, which can be either credit or debit.

A card's initial mode comes from the program/account it is issued with but, if you create a card with the parameter mode_type set to COMBO, you can add an additional mode to the card with the Add card mode API endpoint at a later time to create a combination card.

Mode object

A card mode has an object and an identifier:

  "modes": [
      "id": 128876,
      "mode": "CREDIT",
      "program_id": 88490,
      "customer_id": 102377856,
      "account_id": 102378693,
      "password_tries": 3,
      "transaction_limit": 750.05,
      "number_of_transactions": 40,
      "status": "SUSPENDED",
      "card_owner": "TN-f878e4a1-2879-48ba-be16-821e73ac98db"

Card mode API endpoints

The following endpoints pertain to modes:

Card lifecycle and statuses

The following shows possible card statuses. Card termination statuses are on the right.

Initially, the default status for a physical card is Created, though you can override this in your program configuration to be Normal. After activation, it changes to Normal and can never transition back. Similarly, all statuses on the right side are final, and cannot be changed.

The default status for a virtual card is Normal, since it does not need to be activated.

Card status enums:

  • CREATED - Created in the system.
  • NORMAL - Active and eligible for transactions. Default for virtual cards.
  • BLOCKED - Temporarily blocked until further status changes. When a physical card is assigned to a customer, but before activation, a card's status is BLOCKED. When a Reissue physical card request is made, the status is changed to BLOCKED.
  • PENDING - Created and is pending until further processing, such as account verification. Until then, transactions are disabled.
  • WARNING- A general alert flag is set and transactions are disabled. After investigation, it could, typically, transition to FRAUD or revert back to NORMAL.

Card termination statuses - transactions disabled

  • LOST - Reported lost
  • ROBBED - Reported stolen
  • EXPIRED - Card date expiration reached
  • DAMAGED - Reported damaged
  • FRAUD - Suspected fraud
  • CANCELED - Canceled
  • DELETED - Deleted

Call the Update card status endpoint to change a card's status.

Card reissues

You need to reissue a card once it has a termination status. Similar to your embossing configuration, your card reissuing configuration and process needs to be personalized for your brand. This is done because every brand has different reissue reasons and associated costs. After setting up your program, meet with your Pismo representative to configure this.

You can call the following APIs to view your reissuing configuration and reissue a card:

Automatic card reissue updates

This service is offered in partnership with Brands to simplify a customer's life. When a new customer card number is issued, it is automatically updated on the various websites, applications, and digital services where the customer already has a record with the old card.

Digital wallets - Pismo, Apple Pay, Google Pay, and others

Cards you issue through Pismo can be stored in digital wallets, which let you tokenize cards and use them for payments without exposing sensitive data such as the CVV or PAN. Pismo provides its own digital wallet and supports those of other payment apps like Samsung Pay or Google Pay.

For more information see:

Card APIs and endpoints

Pismo APIs and endpoints give you a rich set of functionality (creating, updating, embossing, tokenization, and so on) you can use to create and manage your cards. See Cards in the API Reference documentation for a complete list.

Did this page help you?