Visa Debit Cards
This is only applicable for Programs that have enabled Visa debit cards.
Please discuss with your program manager if you require this feature.
The Core Banking API allows a program to generate and issue a Visa debit card for each underlying profile account.
The Figure Pay internal banking system will be responsible for managing full service card and transaction management, including transaction authorizations, clearings, etc.
Card Enrolling
Enrolling for a card requires an approved profile and an open account. Each account can have only one active card associated with it. The card's PIN can be optionally be set as part of enrolling for a card. Once enrolled, your digital card can be used immediately while the physical card is mailed to the profile's address.
POST /cards/enroll
{
"account_id": "0cbd4f31-20fb-4d3c-ad9e-103254b89268",
"pin": "1234",
"profile_id": "c7d1c8d6-709a-447e-b3fc-f916db9b7491"
}
Response:
{
"account_id": "0cbd4f31-20fb-4d3c-ad9e-103254b89268",
"created_dt": "2022-01-02T03:04:05.123456-05:00",
"expiration": "2024-11-31",
"form_type": "PHYSICAL",
"id": "v-401-0cbd4f31-20fb-4d3c-ad9e-103254b89268",
"pan_last_four": "1234",
"status": "ACTIVE",
"updated_dt": "2022-01-02T03:04:05.123457-05:00"
}
Physical Card Activation
The physical card be activated with the card ID once it is received by the card-holder.
POST /cards/:id/activate
Response:
{
"account_id": "0cbd4f31-20fb-4d3c-ad9e-103254b89268",
"created_dt": "2022-01-02T03:04:05.123456-05:00",
"expiration": "2024-11-31",
"form_type": "PHYSICAL",
"id": "v-401-088a9e58-d5b4-4cf1-8abb-47d1861afcd2",
"pan_last_four": "1234",
"status": "ACTIVE",
"updated_dt": "2022-01-02T03:04:05.123457-05:00"
}
Reporting a Lost or Stolen Card
A new card can be issued when a card is reported as lost or stolen. The previous card cannot be used after it is replaced.
POST /cards/:id/report-lost-stolen
Response:
{
"account_id": "0cbd4f31-20fb-4d3c-ad9e-103254b89268",
"created_dt": "2022-01-02T03:04:05.123456-05:00",
"expiration": "2024-11-31",
"form_type": "PHYSICAL",
"id": "v-401-0cbd4f31-20fb-4d3c-ad9e-103254b89268",
"pan_last_four": "1234",
"status": "ACTIVE",
"updated_dt": "2022-01-02T03:04:05.123457-05:00"
}
Card Number
If you require the card number, it can be retrieved by providing us a public certificate which we use to encrypt the card number with.
POST /cards/:id/card-number
{
"public_certificate": "-----BEGIN CERTIFICATE----- MIIDODCCAiACCQC1ov/uGA30PDANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJV UzELMAkGA1UECAwCUEExFTATBgNVBAcMDFBoaWxhZGVscGhpYTENMAsGA1UECgwE VGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAeFw0yMjA4MTYxOTQz MDJaFw0yMzA4MTYxOTQzMDJaMF4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJQQTEV MBMGA1UEBwwMUGhpbGFkZWxwaGlhMQ0wCwYDVQQKDARUZXN0MQ0wCwYDVQQLDARU ZXN0MQ0wCwYDVQQDDARUZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAxbW8RQs5Jr1c6RE4hAebeoGjrfznROK3Yp2tvdxQLkaR6lm8pany4EA5A1mi 6ZNq4O3TUFco6Kcj0SUU+BIJdCt/OhkW3JDIAXb7WP3iUY0/WkdSS5t8TsCI/dQb E4OxRsAsl61o0M0dB7R1XcAZ5htQp6oFW+vpKHrVFah7UY/8cCZ8z9c/ZWRaF1UW P06ai5yPRibpFCCPZYN3Ma0NQB4MAMxrIEl8LZYFNkvESIGB2mxekvnJlu32ihB5 9HkD4LDIszFw1RFAjRBMzR6JiEloJG1XMc6I64Q2RivkjMk7qpswhHjT+KmUSPwg TlKDM9pMByM/WO3vt52zKuKC4wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQC3EtSm /GiLJORUbkQk7aVxSgDG2xgdQY/4Zs7vpDtm+wzoUQ5kb/0TKeZ6NK0/TzaT8PvE OrfxUTVt3PithQnzFXoYpjKaxOWeSQDhd9AoV5ZdTceIxCmGa//Eg/iKALsikyg9 MS4rOSaddditU81Kg/VqHy6FVn6Zk7+FDAZ5ahhT7iNcuXK5+H0xdnwAcxrduZM+ no+82CCqfwy1yAdlN+9epCM4NXRw682oarCLielzWr8Sx6ZXqc7iG1zp6YL+zBQS Sv1hwJ4TdH8x4P0C3a1h3uQO1w4hxdIruPIsvdfOgZBF4TNQoSG9x/7SSmntibzs 6UNcbX51LIz9s+uk -----END CERTIFICATE-----"
}
Response:
{
"encrypted_card_number": "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.WncRs20omSZ7msSx1zgAH9adyFKGnkuCBfuh1xtDEexLD78q-hVCZDcnmxBYzQvjqiwy1CUbIucmr8nYQd764sxJBGbGukS2eQRxBDYDzyijd-At6hBAwK3BKWFK1ise9MZhaxW0LXbMGFA4NUBi-p3FyBZOuls8ym9_qwCZD5US4Qzk67-oE8ZJVDBFm-P5JDkdJXHDUqjikQwENyxPC4edJZfbo488PmpDiC4k0cqZOP9ylFvnkjdJo6HLucLT8BFAFydNXBaCp2Y5x0IKblElaBzbkYJ9OKcEm9_FbHTFX9M_8rQNPNPaDREE0qMfU8FGiGVTDkmJhBvA84wyeA.9Elw2ujE_HTVJAyK.VHKO5rq3Y50oUQ8GvQF-gdckEzb9kFISmAAQ1K7pdAo2iKZFHdJwbLUFIwfqwX7H5fIywyW9MciKfOJR6FemffAoLXPimR8mWD_Ms00ES045SS1lx3o-VvAnOsi3XCUgdHuvubzz94papw5jGnRhUBPyU0c0A5UrYaw2lmxseg.Toc0J-SjqcLaa_CEYvzmsQ"
}
The response is a JWE that can be decrypted with your private key. Below is a sample in JavaScript using Node for convenience.
// npm install node-jose
const fs = require('fs');
const jose = require('node-jose');
const privateKeyPath = process.argv[2];
const jwe = process.argv[3];
const privateKey = fs.readFileSync(privateKeyPath);
jose.JWK.asKey(privateKey, 'PEM').then(function (result) {
jose.JWE.createDecrypt(result).decrypt(jwe, { contentAlg: 'A128GCM', alg: 'RSA-OAEP-256' }).then(function (decryptedResult) {
var plaintextCardNumber = String(decryptedResult.plaintext);
console.log(plaintextCardNumber)
});
}).catch(function (reason) {
console.log('Decryption failed due to ');
console.log(reason);
});
After decryption, the response will look like the JSON below.
{
"resource": {
"primaryAccountNumber": "0000000000000000"
},
"receivedTimestamp": "2022-08-16T20:57:51.523Z",
"processingTimeinMs": 52
}