> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/nfc-wallet/nfc-wallet-backend/card-enrollment/capture-card-credentials.md). # Capture card credentials ## Overview To support card enrollment, the digital wallet application must first capture the card credentials. You can provide card credentials from: * **Digital wallet backend**. For example, when the digital wallet application is an issuer application. * **End user input**. For example, manual entry or camera scan in an open wallet that supports cards from multiple issuers. Card credentials are sensitive. Encrypt them before you start card enrollment with the NFC Wallet SDK. Next: * Review [Encryption requirements](/nfc-wallet/nfc-wallet-backend/card-enrollment/capture-card-credentials.md#encryption-requirements) to confirm the supported encryption format. * See [Card information payload](/nfc-wallet/nfc-wallet-backend/card-enrollment/capture-card-credentials.md#card-information-payload) to format the card credentials payload before encryption. {% hint style="info" %} See [Token information payload](/nfc-wallet/nfc-wallet-backend/card-enrollment/capture-card-credentials.md#token-information-payload) if you support token-for-token enrollment. {% endhint %} ## Requirements ### Encryption requirements Card information uses the PKCS#7 encryption format defined in RFC 2315 and RFC 5652. Use these encryption criteria: * Content encryption algorithm: `AES256/CBC/PKCS7Padding` * Key encryption algorithm: `RSA` with an issuer public key length of 2048 bits The card payload must be valid JSON and contain the fields described below. Base64-encode the encryption result. ### Card information payload To support card enrollment, provide the following encrypted payload. | JSON field | Description | Requirement | Length | | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------ | | `fpan` | Funding PAN to digitize. | Required | 16-20 | | `exp` | Card expiry date in `MMYY` format. | Required | 4 | | `cvv` | Card security code. Provide it only if the issuer requires it. | Conditional | 3-4 | | `name` | Name on the card. For Mastercard (MDES), use `LASTNAME/FIRSTNAME` or `FIRSTNAME LASTNAME`. For Visa (VTS), use the full name printed on the card. | Optional | 27 | | `billingAddress` | End user billing address. See the definition below. | Optional | - | | `nonce` | Ephemeral value used only for green enrollment. If you provide it, also provide the SHA-256 hash of the `nonce` in the authentication token. Allowed characters: `0-9`, `A-Z`, `a-z`, `-`, `_`. | Optional | 1-50 | #### Billing address payload The table below describes the supported JSON fields when you provide the billing address. | JSON field | Description | Requirement | Length | | ------------ | --------------------------------------------------------- | ----------- | ------ | | `line1` | First line of the end user's address. | Optional | 1-64 | | `line2` | Second line of the end user's address. | Optional | 1-64 | | `city` | City of the end user's address. | Optional | 1-34 | | `state` | State or province code in ISO 3166-2 format. | Optional | 1-6 | | `country` | Country code in ISO 3166-1 alpha-2 format. Example: `FR`. | Optional | 2 | | `postalCode` | Postal code. | Optional | 1-16 | ### Token information payload To support token-for-token enrollment, provide the following encrypted payload. | JSON field | Description | Requirement | Length | | ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | ------ | | `scheme` | Card scheme. Supported values: `VISA`, `MASTERCARD`. | Required | - | | `issuerId` | Unique identifier of the issuer. | Required | 10 | | `cardProductId` | Card product ID. Required if the issuer supports several card products for the same scheme. | Conditional | 1-48 | | `dpan` | DPAN of the original token to digitize for Visa token-for-token enrollment. | Optional | 16-20 | | `cvv` | CVV of the funding card associated with the original token. Provide it for Visa. Its use is project-dependent and must be defined with your Visa representative. | Optional | 3-4 | | `digitalCardId` | Digital card ID of the original token, as defined by the TSP. For Mastercard, this field is required. For Visa, this field is optional. In MDES APIs, it corresponds to `tokenUniqueReference`. In VTS APIs, it corresponds to `vProvisionedTokenID`. For Visa, the token requestor can provide `digitalCardId`, `dpan`, or both. | Conditional | 1-64 | | `digitalCardRequestorId` | Digital card requestor ID of the original token. The TSP defines this value. | Optional | 1-11 | | `nonce` | Ephemeral value used only when an authentication token is provided to define wallet scoring. If you provide it, also provide the SHA-256 hash of the `nonce` in the authentication token. Allowed characters: `0-9`, `A-Z`, `a-z`, `-`, `_`. | Optional | 1-50 | --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.payments.thalescloud.io/nfc-wallet/nfc-wallet-backend/card-enrollment/capture-card-credentials.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.