A virtual card is a payment card that exists only in digital form. It is activated for immediate use upon creation. Once funded it enables online purchases, and other card-not-present transactions. Add the card to a digital wallet for in-store contactless payments.
Before being permitted to create a card a user must first have successfully authenticated and fulfilled any regulatory prerequisites as instructed by the get spending prerequisites operation.
Authentication
The authentication processes are described in the authentication guide. As the user account is anchored by control of the private key, there is no distinct prior explicit registration or signup process needed before authenticating.
Provision Funding Source
A Funding Source is required for card creation. Besides this requirement, cards and Funding Sources are managed independently. See Create a Funding Source for an account and the Card Funding guide.
Create a card
Call the create a card operation to request Immersve to generate a card.
If successful a create a card request will return a card ID. Immersve will provision and activate the card by default. It is provisioned and activated when the get card details response payload includes a status
of "active"
. All cards are currently long-lived. expiresAt
field returns exact card expiry timestamp. expiry
field returns expiry date usually printed on physical cards.
Issue a Card
Having created a virtual card via the create a card operation and confirmed it is "active"
, you are in a position to be able to obtain the sensitive card details to be presented to the cardholder.
There are two steps in this process;
- Obtaining a token for transmission to the client application to which the card details are to be provided (i.e. the application that will display the card data to the cardholder) and;
- The exchange, by that client application, of the token for the card data.
It is not recommended that the card token is supplied to any application other than one that resides within the cardholder environment (i.e. their mobile application or web application running in their browser) unless that system is sufficiently compliant with PCI-DSS requirements and is audited as such.
Get a Card Token
Generate a single-use card token
using the get a card token operation. The token is typically then transmitted to the cardholder's environment (i.e. web application or mobile application running in their web browser) to complete the final step completing the card issuance.
Get Sensitive Card Details
To obtain the full PAN and CVV2 for display to the cardholder your client-side application should exchange the token for the sensitive card data. See fetching secure card information.