Display Card Details

Overview

This guide explains how to securely display full card details (PAN, expiry date, cardholder name, and CVV2/dCVV2) with the D1 SDK.

You have two approaches:

Get the card details and render them yourself in the issuer application UI.
Delegate the rendering to the D1 SDK to minimize data exposure.

Avoid logging, analytics, or crash reports that could capture PAN, expiry date, cardholder name, or CVV2/dCVV2. Always wipe sensitive data from memory as soon as it is no longer needed.

User experience

Option 1: get the card details

In this approach, the issuer application calls getCardDetails() to retrieve the full card information and is responsible for rendering it.

To protect confidentiality, the D1 SDK returns values as byte arrays rather than plain text strings. You can retrieve:

PAN
Expiry date
Cardholder name (end user) — optional
CVV2 or dCVV2

Sequence diagram

Prerequisites:

End user and cards are registered in D1.
D1 SDK is properly initialised.
Issuer Application called D1 SDK login API.

D1 SDK Integration

String cardID = ""; // card id received from backend
D1Task.Callback<CardDetails> callback = new D1Task.Callback<CardDetails>() {
    @Override
    public void onSuccess(CardDetails cardDetails) {
        // handle cardDetails object from server, convert byte array type to string
        String cardHolderName = null;
        String pan = new String(cardDetails.getPan(), StandardCharsets.UTF_8);
        String expiryDate = new String(cardDetails.getExpiryDate(), StandardCharsets.UTF_8);
        String cvv = new String(cardDetails.getCvv(), StandardCharsets.UTF_8);
        if (cardDetails.getCardHolderName() != null) {
            cardHolderName = new String(cardDetails.getCardHolderName(), StandardCharsets.UTF_8);
        }
        
        // wipe byte array variables of cardDetails object
        cardDetails.wipe();
    }
 
    @Override
    public void onError(D1Exception exception) {
        // Refer to D1 SDK Integration – Error Management section
    }
};

d1Task.getCardDetails(cardID, callback);

let cardID = "" // obtained e.g. from server
d1Task.cardDetails(cardID) { cardDetails, error in
    if let error = error {
        // Refer to D1 SDK Integration – Error Management section
    } else if var cardDetails = cardDetails {
        // Proceed with subsequent flows e.g. update UI
        print("Exp: \((String(data: cardDetails.expiryDate, encoding: .utf8) ?? ""))")
        print("CVV: \((String(data: cardDetails.cvv, encoding: .utf8) ?? ""))")
        print("Name: \(String(data: cardDetails.cardHolderName ?? Data(), encoding: .utf8) ?? "")")
        print("PAN: \(String(data: cardDetails.pan, encoding: .utf8) ?? ""))")

        // after usage, wipe byte array cardDetails
        cardDetails.wipe()
    }
}

Best for issuers who need custom UI/UX and full control over the rendering lifecycle. Ensure you minimize in‑memory lifetimes and call wipe() immediately after use.

Option 2: delegate display to the D1 SDK

To reduce PAN exposure, use displayCardDetails. Unlike getCardDetails, this API does not return card data. Instead, you pass UI components via CardDetailsUI, and the D1 SDK sets their text content securely. The issuer application retains full control of styling and layout.

CardDetailsUI provides:

setPanMaskCharacter to set the PAN mask character for maskCardDetails (default: *).
setPanSeparatorCharacter to set the PAN separator every 4 digits (default: space).
setExpiryDateFormat to set the expiry date format (default: MM/YY).
insecureCopyToClipboard to copy the PAN to the system clipboard. Not recommended.

The following values can be displayed:

PAN
Expiry date
Cardholder name (end user) — optional
CVV2 or dCVV2

Sequence diagram

Prerequisites:

End user and cards are registered in D1.
D1 SDK is properly initialised.
Issuer application called D1 SDK login API.

CardDetailsUI contains DisplayTextView (Android) and D1DisplayTextField (iOS), which subclass the native TextView and UITextField. To limit exposure, getText() is restricted.

Refer to the Android security guidelines to obfuscate DisplayTextView.

D1 SDK Integration

View view = null; // Inflate your layout here

DisplayTextView panTextView = null; // view.findViewById(R.id.panText);
DisplayTextView expiryDateTextView = null; // view.findViewById(R.id.expiryDateText);
DisplayTextView cvvTextView = null; // view.findViewById(R.id.cvvText);
DisplayTextView cardHolderNameTextView = null; // view.findViewById(R.id.cardHolderNameText);

CardDetailsUI cardDetailsUI = CardDetailsUI.getInstance(panTextView, expiryDateTextView, cvvTextView, cardHolderNameTextView);

String cardID = ""; // card id received from backend
D1Task.Callback<Void> callback = new D1Task.Callback<Void>() {
    @Override
    public void onSuccess(Void ignore) {
        // UI is updated
    }

    @Override
    public void onError(D1Exception exception) {
        // Refer to D1 SDK Integration – Error Management section
    }
};

mTask.displayCardDetails(cardID, cardDetailsUI, callback);

let panTextField = D1DisplayTextField()
let cvvTextField = D1DisplayTextField()
let expiryDateTextField = D1DisplayTextField()
let cardHolderNameTextField = D1DisplayTextField()

/* e.g. layout the textfields */

let cardDetailsUI = CardDetailsUI(panTextField: panTextField,
        expiryDateTextField: expiryDateTextField,
        cvvTextField: cvvTextField,
        cardHolderNameTextField: cardHolderNameTextField)

let cardID = "" // obtained e.g. from server
d1Task.displayCardDetails(cardID, cardDetailsUI: cardDetailsUI) { error in
    if let error = error {
        // Refer to D1 SDK Integration – Error Management section
    } else {
        // UI is updated
    }
}

insecureCopyToClipboard exposes PAN to the system‑wide clipboard and is not recommended.

Mask and show card details

For convenience, CardDetailsUI lets you mask and show card details:

maskCardDetails masks the details.
showCardDetails shows the details. For security, this always refetches data from the server.

Best practice: set a short timer (for example, 1 minute) to automatically re‑mask details by calling maskCardDetails and reduce exposure.

// mask the card details
cardDetailsUI.maskCardDetails();

D1Task.Callback<Void> callback = new D1Task.Callback<Void>() {
    @Override
    public void onSuccess(Void ignore) {
        // UI is updated
    }

    @Override
    public void onError(D1Exception exception) {
        // Refer to D1 SDK Integration – Error Management section
    }
};

// show the card details again
cardDetailsUI.showCardDetails(callback);

// mask the card details
cardDetailsUI.maskCardDetails()

// show the card details again
cardDetailsUI.showCardDetails() { error in
    if let error = error {
        // Refer to D1 SDK Integration – Error Management section
    } else {
        // UI is updated
    }
}

PreviousDisplay Card Metadata NextIntegrate D1 API

Last updated 3 months ago

Was this helpful?