Card details required
What card details need to be provided to Fidel to enrol a card?
If you are using our Create Card API, these are the required fields which need to be passed on to enrol a card:
- 3-digit Country code of the card issuing country
- Expiry Month and Year
- Card number (15 - 16-digit long)
- Acceptance of the Terms of Use or Cardholder consent
Please see more details below:
Error messages on card enrolment
What are the different error messages Fidel will send me, on an invalid card enrolment?
Please see all error messages here: Create Card Error Messages
Card Eligibility
Which cards does Fidel support?
Only Eligible Payment Cards may become Linked Cards. Please note that not all Visa, MasterCard and American Express cards are able to become Eligible Payment Cards. The Payment Cards not eligible to become Linked Cards are Visa, MasterCard, and American Express Corporate cards, Visa, MasterCard, and American Express Purchasing cards, non-reloadable prepaid cards, government-administered prepaid cards (including EBT cards), healthcare (including Health Savings Account (HSA) or Flexible Spending Account (FSA) or insurance prepaid cards), Visa Buxx, and Visabranded, MasterCard-branded, and American Express-branded cards whose transactions are not processed through the Visa payment system, MasterCard payment system, and/or American Express payment system, and any other type of card notified to you by Fidel API from time to time.
Fidel API and the Card Networks may in their sole and absolute discretion decide whether a Payment Card is eligible to become a Linked Card. Depending on the territory your registered debit card transaction must be processed as a 'credit' (i.e., authorized with signature and not a PIN) transaction to make sure the transaction can be monitored.
Apple Pay/ Google Pay cards/ virtual PANs
Can Fidel track cards added to digital wallets?
The answer is yes and no. Fidel can still track cards added to digital wallets such as Apple Pay and Google Pay as long as the physical PAN (i.e. long card number on the front of the card) has been enrolled. A digital wallet will tokenize the PAN information before sending your data to the merchant as a security measure. However, it has been tested previously that, as long as the physical PAN has been enrolled, Fidel will receive the transaction information.
User can’t enrol card
Why are some cardholders unable to enroll their cards?
If a cardholder is unable to complete the enrollment process, it may be due to one of the following reasons (that were identified until now, more might exist):
Issuer Restriction: Some card issuers have restrictions in place that may prevent enrollment. This is often a security or policy measure decided by the issuer or by the network itself. Example: Well Fargo credit card - Business Essential Mastercard. Wells Fargo asked Mastercard to not allow them to enroll this card on CLS (Mastercard Loyalty System used by Fidel).
Digital-PAN/ PAR/ Token: It could be that the user has enrolled the tokenised PAN/ PAR instead of the actual long-number of the PAN, as that changes with every transaction, Fidel can not enroll these to Select Transactions API, as these are not static.
Card might not be eligible for Loyalty/ Reward programs, please see section Card Eligibility
Please see more details on Apple/Google Pay cards
Card expired
What happens when my user's card expires? Are they required to re-enrol?
Fidel primarily tracks on the PAN (16 digit card card number). There are two scenarios here:
- Issuer sends new card with the same card number as before and new expiry date
In this scenario, the same card PAN will continue to exist, eliminating the need for the user to re-enter their details.
However, we would be returning the expiry date to you, so you know if the card has expired and you can ask the cardholder to update the date.
- Issuer sends new card number with new expiry date
In most cases, due to security, however the Issuer sends a new card number, in these cases the 'old card' will need to be deleted by you and the 'new card' to be re-enrolled, we recommend this process due to security reasons. You can use our Delete card API Delete Card to delete the 'expired card' and ask the cardholder to 'enroll' their new card to the program.
In both cases, Fidel will receive transactions from the networks for both the old PAN (until it is deleted) and the new PAN (once enrolled), which we will continue to forward to you.
Identify user
I wish to be able to identify my user when they enrol their card
Fidel does not collect or store personal information however there is a clear rationale for clients having access to this to fully maximise the card linking information. On each card enrolment, the client has the option to pass additional metadata which will be received and returned back to the client endpoint exactly as it has been submitted. In addition to this, each transaction that tracks on the enrolled card going forward, the metadata will be returned as part of the transaction payload.
SDK or API
I see that I can send cardholder data through one of your SDKs or direct to API via the createCard endpoint. Which one is more suitable for me?
The answer lies largely in the clients use case and more specifically how they handle their user information. However, there are some key considerations to take into account.
createCard (API)
First and foremost, this endpoint ingests card data in its raw form i.e. full PAN, Expiry Date and Country of Issue. The usage of this endpoint dictates that the sender must be fully PCI Compliant. Should the client indicate that they hold this certification, Fidel will require a copy of their Attestation of Compliance, this is essentially documented evidence that the customer has completed the applicable questionnaires and scans and that their license is still valid (typically an attestation will last for a period of 12 months).
Upsides:
You are in full control of your card enrolment phase;
If you currently hold cards on file you can send this information directly to the endpoint.
Downsides:
- PCI Compliance is required.
SDK
This is the more widely used option with the main benefit being that the customer is not required to hold PCI Compliance certification. The SDK will inject a secure iFrame into the clients card linking application (should the customer choose to integrate it first) thus as a result transmit raw card information directly to Fidel without the client being exposed to it.
Upsides:
Removes the requirement in becoming PCI Compliant;
Fidel has customisation options whereby you can align the iFrame with the branding of your app.
Downsides:
- Enrolment essentially becomes event based, card enrolment can only happen one at a time at which point the card data must be presented by the end-user. Where this can become a blocker is in the case where a client holds card information and/or has a requirement to send the data to an additional receiver. See below section on Vaulting as a possible solution.
Limit of no. of times a card can be enrolled
Is there a limit on the number of times a card can be enrolled?
A single payment card can only be enrolled once within a single program. In addition, Visa has a limitation of 5 active enrollments at the same time. This means that a single Visa card (including virtual cards) can only be enrolled in up to 5 programs simultaneously across Fidel API.
Card lost/ stolen
How does Fidel handle lost/ stolen Cards?
As a client, you need to inform clients if a cardholder has reported a lost/stolen card to you. You can simply delete the card and enroll the new card, once the cardholder has received it from their bank.
Cardholder Consent
What is cardholder consent and how can I obtain this?
Fidel’s SDK contains a block of text included here is a checkbox that the cardholder must tick in order to proceed with the enrolment.
Cardholder consent
Note: If the client is enrolling cards directly through the Create Card endpoint, they must ensure that the consent piece is managed by themselves and that this is obtained from the cardholder before any information is sent to Fidel API.