Issuing Virtual Cards

A virtual card is a type of payment card which usually refers to a digital substitute of a physical card. It is a card which is fully functional and it is an ideal solution for online payments as it is extremely helpful in keeping your account secure online.

A virtual card exists in a virtual form. You can make online and in-app purchases with this card. A virtual card has card details (e.g. 16 digit card number, an expiry and a CVV2) which users can retrieve and use for online payments. The virtual card will be created for a card product already defined in the system. A card can only belong to a single card product and will inherit all of its features and characteristics applied to the card product.

Virtual cards can be used instantly after creation. You can issue a virtual card and use it in the following steps.

  • Create a user

  • Create a card

  • Fund the account

  • Use the card

Below you can find a virtual card issuance decision flow:

Create a user

A user is an entity which can be an individual that holds an account at nCore which is represented by the user object.

Please refer to the section Users for more information.

Create a card

At nCore platform, payment cards are identified as an object of the cards resource, you can create a card by sending a POST request to /cards endpoint.

The card object stores data about the card for example, name on card, card number, expiry date, CVV2, card product etc.

Note: Create a user and a card product before creating a card. It is mandatory to provide the the identifier of the user who owns the card, the type of card (virtual/physical), and the identifier of the card product in POST /cards request as shown below.

POST /cards

{ "user_id": "d089a80f-e641-4045-8a80-54841e4a7458", "card_type": "VIRTUAL", "card_product_id": "b4eabfc-f839-4e51" }

Please note that virtual card’s PAN, expiry date, and a CVV2 are provided to the cardholders in 2 ways:

  • For non PCI DSS compliant customers: Virtual cards details are displayed to the cardholder by using PCI widgets. For further information, please refer to the PCI widget section.

  • For PCI DSS compliant customers: Virtual card details can be retrieved by sending a GET request to /cards/{id}/show_info endpoint. For further information on PCI DSS please refer to the Security section.

Retrieve a card

To retrieve a specific card, you can include the card ‘ID’ path parameter in your GET request and send it to /card/{id} endpoint.

GET /cards/{id}

Fund the account

Whenever a new card is issued a General Ledger (GL) account will be automatically created and linked to the card. The card account is a term which is usually used to refer to this account. The account holds the funds of the card.

To access account and retrieve details, please follow these steps:

  • Send a GET request to /cards/{id}/accounts endpoint to fetch the accounts linked to the card. Send this request with the Card ID parameter field.

GET /cards/{id}/accounts

  • Once you have the card accounts, you can then send a GET request to /accounts/{id} endpoint with the account ID to retrieve the account details like account currency, balance etc.

GET /accounts/{id}

To fund the card account, please refer to the Funding section.

Use the card

After the card account is funded the card is ready to be used for online and in-app purchases.

For digital wallets (ApplyPay, SamsungPay & GooglePay), a user is limited to a maximum of 10 tokens per card from the respective wallet providers (Terminated tokens are excluded).

Also take into account that a card is temporarily blocked for 24 hours for provisioning if the user makes five consecutive invalid CVV2 or expiry attempts.

Last updated