Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Capture card credentials

Overview

To support card enrollment, the digital wallet application must first capture the card credentials.

You can provide card credentials from:

  • Digital wallet backend. For example, when the digital wallet application is an issuer application.

  • End user input. For example, manual entry or camera scan in an open wallet that supports cards from multiple issuers.

Card credentials are sensitive. Encrypt them before you start card enrollment with the NFC Wallet SDK.

Next:

See Token information payload if you support token-for-token enrollment.

Requirements

Encryption requirements

Card information uses the PKCS#7 encryption format defined in RFC 2315 and RFC 5652.

Use these encryption criteria:

  • Content encryption algorithm: AES256/CBC/PKCS7Padding

  • Key encryption algorithm: RSA with an issuer public key length of 2048 bits

The card payload must be valid JSON and contain the fields described below.

Base64-encode the encryption result.

Card information payload

To support card enrollment, provide the following encrypted payload.

JSON field
Description
Requirement
Length

fpan

Funding PAN to digitize.

Required

16-20

exp

Card expiry date in MMYY format.

Required

4

cvv

Card security code. Provide it only if the issuer requires it.

Conditional

3-4

name

Name on the card. For Mastercard (MDES), use LASTNAME/FIRSTNAME or FIRSTNAME LASTNAME. For Visa (VTS), use the full name printed on the card.

Optional

27

billingAddress

End user billing address. See the definition below.

Optional

-

nonce

Ephemeral value used only for green enrollment. If you provide it, also provide the SHA-256 hash of the nonce in the authentication token. Allowed characters: 0-9, A-Z, a-z, -, _.

Optional

1-50

Billing address payload

The table below describes the supported JSON fields when you provide the billing address.

JSON field
Description
Requirement
Length

line1

First line of the end user's address.

Optional

1-64

line2

Second line of the end user's address.

Optional

1-64

city

City of the end user's address.

Optional

1-34

state

State or province code in ISO 3166-2 format.

Optional

1-6

country

Country code in ISO 3166-1 alpha-2 format. Example: FR.

Optional

2

postalCode

Postal code.

Optional

1-16

Token information payload

To support token-for-token enrollment, provide the following encrypted payload.

JSON field
Description
Requirement
Length

scheme

Card scheme. Supported values: VISA, MASTERCARD.

Required

-

issuerId

Unique identifier of the issuer.

Required

10

cardProductId

Card product ID. Required if the issuer supports several card products for the same scheme.

Conditional

1-48

dpan

DPAN of the original token to digitize for Visa token-for-token enrollment.

Optional

16-20

cvv

CVV of the funding card associated with the original token. Provide it for Visa. Its use is project-dependent and must be defined with your Visa representative.

Optional

3-4

digitalCardId

Digital card ID of the original token, as defined by the TSP. For Mastercard, this field is required. For Visa, this field is optional. In MDES APIs, it corresponds to tokenUniqueReference. In VTS APIs, it corresponds to vProvisionedTokenID. For Visa, the token requestor can provide digitalCardId, dpan, or both.

Conditional

1-64

digitalCardRequestorId

Digital card requestor ID of the original token. The TSP defines this value.

Optional

1-11

nonce

Ephemeral value used only when an authentication token is provided to define wallet scoring. If you provide it, also provide the SHA-256 hash of the nonce in the authentication token. Allowed characters: 0-9, A-Z, a-z, -, _.

Optional

1-50

PreviousCard enrollmentNextBuild authentication token

Last updated

Was this helpful?