Cards

Introduction

This section of the documentation site contains guides for every aspect of issuing and managing debit cards for your customers.

What's in this section?

  • Creation & servicing: Instructions on how to issue cards, how cardholder names and addresses are generated, and how to perform a variety of important actions related to cards (e.g., block/unblock a card, report a card as stolen).
  • Cards Smart Agent: How to implement Solaris' card fraud detection feature.
  • Card spending controls: How to place limits on your customers' card transactions, including transaction type, transaction amount, frequency, and more.
  • Encrypted PIN change: How to securely change a customer's card PIN.
  • Foreign exchange mark-up: Important information that you must display to customers when they make non-Euro card transactions.
  • Push provisioning: How to enable your customers to add their cards to their Apple or Google wallets.
  • Transaction processing and settlement: Information about how Solaris handles customer card transactions.

Cards API reference

The Solaris API offers a dedicated set of endpoints for creating and managing debit cards.

PCI compliance and sensitive information

The Solaris API does not expose PCI-relevant information. Therefore, you are not required to be PCI compliant.

However, you must not log or store sensitive data that the customer passes to the Solaris API. The following are considered sensitive data:

  • Full PAN (the masked PAN is not sensitive)
  • PIN
  • CVV
  • API authentication token

In case sensitive data passes through your system, ensure that you do not log or store the sensitive data in any way.

Warning
  • Never include sensitive data in any form (including images) in your customer support requests.
  • Never ask your customers to include sensitive data in customer support requests to you.

In the event you receive sensitive data from a customer:

  • Inform the customer that they should not include sensitive data in customer support requests or any other communication with you.
  • Instruct the customer to close the affected card. They can then order a new one if they wish.
  • Delete the sensitive data you received from your entire system.
  • Inform Solaris about the incident as soon as the card is closed or if the customer does not act within five days.

What to do if sensitive data is exposed

If sensitive data is at any point exposed or logged in your solution, then you must inform Solaris about the incident. Solaris will reach out with further instructions, which will include closing the affected cards.