Ordering cards

After creating a profile, cards can now be ordered. The first step is to retrieve the available card programs. A card program gives information on the type of card, the network that the card is on, as well as the default currency of the card.

If there are no card programs returned in the API call, it means that the profile cannot order any additional cards.

• Virtual - No physical card will be printed. This card can be used for online transactions and added to digital wallets.
• Physical - A physical card will be printed. On top of virtual card capabilities, physical cards can also be used at physical terminals and ATMs.

After retrieving the card program, use the card order API to create a card order. It is also best practice to use the card address validation API to ensure the formatting of the address is correct.

The address is required for both virtual and physical cards as it will be used for AVS (address verification service) checks for transactions without a card present.

When the status of the card order is CARD_DETAILS_CREATED, a card will now be available to be retrieved.

The card token is the unique identifier for this card.

For physical card orders, it is recommended to subscribe to the card order status change webhook event to be notified of card order status changes.

You can cancel a card order by updating the card order status to CANCELLED with a reason. This can only be done when the card order is still in the PLACED status.

In order to control the number of cards a profile can create, we have card order limits in place. On production, the number of card orders is limited to 1 active physical card and 3 active virtual cards per personal profile. On sandbox, we allow up 10 physical cards and 30 virtual cards for testing. Additionally, no more than 3 virtual cards can be ordered per day. This limit includes existing cards and card orders.

Retrieving the sensitive card details (PAN, PIN, CVV) of a card requires us to do so in a PCI-DSS compliant way, follow our sensitive card details guide on how to do so.

Card PIN

Some card terminals and ATMs require users to enter their card PIN to authenticate transactions. By default, both physical and virtual card PINs are randomly set.

Optionally, we offer a feature to pre-set the PIN of the card during the card order process. Reach out to your account manager for this feature as Wise will first need to configure this to be done on our side.

To mitigate the possibility of fraudulent transactions on the card in the event of misdelivery of the card, users need to activate their card before they can use it for certain transactions. We offer two activation methods: Chip and PIN or Partner Control.

For Chip and PIN activation, contactless and magnetic stripe transactions attempted prior to the first successful Chip and PIN transaction will be declined. For Partner Control activation, all transactions will be declined until the card status has been set to ACTIVE.

Physical cards issued with an ACTIVE card status require the cardholder to make a Chip and PIN transaction (inserting the card into the terminal and keying in the card PIN) to start using the card for contactless and magnetic stripe transactions.

Before the first Chip and PIN transaction, all spending permissions are enabled except POS_CONTACTLESS and POS_MAGSTRIPE, which are locked. At this point, the card is already ACTIVE and can be used for certain transactions.

After the first Chip and PIN transaction has been successfully performed, POS_CONTACTLESS and POS_MAGSTRIPE permissions will be enabled, with no change to other permissions. The card order status is moved to COMPLETED.

When you have Cards issued with an INACTIVE card status, you must activate the card to start using it for any transaction. You can activate the card by updating the card status to ACTIVE.

Before activation, no transactions can be performed.

After you have activated the card, it can immediately be used for transactions - as long as the spending permission for that transaction type is enabled. Activating the card also moves the card order status to COMPLETED.

You should only update the card status to ACTIVE when you have confirmation from the cardholder that they have received their physical card. You can do this by asking them to validate the last 4 digits on the card.

To implement this, you should ensure that card details such as the PAN (Primary Account Number) should initially be hidden from the end customer.

You can add an additional step requiring the end customer to key in the last 4 digits of their physical card upon receiving it. This can be validated against the lastFourDigits in the Card resource.