Skip to main content

Card issuing

General card issuing FAQ

Q: I am interested in the card issuing project. On whose side must the customer balances be?

A: They can be both client-side and Verestro. If the client chooses to have them on their side, he will have to expose appropriate methods to Verestro to enable required communication.

Q: How do I access the Antaca API or LC API on the Verestro side?

A: This requires signing a contract with Verestro for access to these services. Verestro will then add to the Whitelist on its side the IPs of the devices from which the API requests will be made, and exchange with customer and sign certificates.

Q: What steps should we conduct in the process?

A: First steps are described here: https://developer.verestro.com/books/card-management-system/page/quick-start

Q: Is it possible to use the White Label app for card issuing offline?

A: It depends on the configuration of the application, but overall apps can be configured in a way that end user will be able to move between some of the screens without internet connection.

Q: I tried to register a new user on the white label app, but it displays an error message on the PIN page and I can’t register!

A: Please verify the e-mail or phone used on the registration, as this data is probably already registered on our systems.

Certificates & Security

Q: Is the same certificate used for both the lifecycle api and card management api ?

A: Yes, the same certificate will be used for all Verestro APIs. The certificate is the same for both endpoints:

Lifecycle API: https://lifecycle.upaidtest.pl/

Antaca API: https://sandbox-antaca.verestro.dev/

Q: Where I can find a Verestro Public Key for JWE?

A: Public key used to generate JWE can be download from method GET /lifecycle/v1/public-key Please find a link with some details attached below: https://developer.verestro.com/books/user-lifecycle-card-management-api-sdk/page/overview.

Q: What is the difference in “CSR” vs “mTLS” auth

A: Actually, it is the same. mTLS is a security protocol that utilizes CSRs to establish a secure connection.

KYC

Q: For KYC on card issuing with Verestro Card Issuing (Quicko as payment organization), what type of documents are allowed to be sent as valid ones?

A: Allowed formats: passport and sometimes other documents valid internationally, we strongly prefer English language in documents (local languages are usually not accepted).

Q: For the KYC API, is it mandatory to send 2 images? (in case of documents that can be opened or have only one side)

A: Yes, but they can be the same file, if only one image has all the customer information needed.

Q: I need to send KYC documents received from my clients to Verestro. How can I do that?

A: Request example here:  https://developer.verestro.com/books/card-management-system/page/quick-start Step 2. Create user verification form.

Q: Which formats are allowed for “imagefront” field in KYC API?

A: The allowed formats for "imagefront" is: jpeg, jpg, png. Additionally, please remember to include 'Content-Type: multipart/form-data' in the header.

Q: What are the accepted values for “riskLvl” field in KYC API?

A: Accepted values for risk levels are:

  • 'LOW',
  • 'NORMAL',
  • 'HIGH',
  • 'NOT_ACCEPTABLE'.

Q: How to deploy documents for small firms in KYC API?

A: Document submission for verification must be done individually, as there is no option to upload documents for multiple users or firms at once.

Q: If user uploads wrong document’s photos (e.g. bad quality) what behavior would we expect from the system? Would system block user’s cards, balance, etc?

A: In case if KYC will be managed from your side, our system will not recognize that, as we need to have a view for that data only for audit.

Q: Is it possible to increase the file upload limit to 4MB?

A: It is not possible to increase the limit.

IBAN

Q: How do I generate an IBAN? What is the flow?

A: Verestro has internal configuration of supported currencies per client. If customer wants to receive the IBAN then:

  1. Customer should create user with LifeCycle API.
  2. User has to pass KYC process.
  3. Customer should create balance. Currency of the balance can be determined in the body of the request.
  4. If in step 2 EUR balance was created, then making a request for GET /IBAN method will result in returning EUR IBAN as a response. If balance was created in PLN, same method will return PLN IBANs.

Q: Can we open an IBAN without a card?

A: IBAN is created as a separate tool for payments, making it unnecessary to have a card there.

Notifications

Q: I would like to receive notifications about new transaction made by user. How should the endpoint look like?

A: Authorization should be done either using mTLS or basic authorization. Endpoint should be ready to handle following parameters from POST request “{ "id": 20, "timestamp": "1665557034" }”.

Balance

Q: What are the differences between a credit balance and a debit balance?

A: A credit balance allows you to make deposits to user balances up to the amount of deposited funds. The deposit balance allows you to exceed this amount when making deposits to user balances, but the amount of card transactions cannot exceed the amount of deposited funds.

As for the transaction of transferring money between accounts using Antaca's "debit" and "credit" methods, they work in such a way that "credit" "gives" money, while "debit" "takes" it, but there is no mention here of where they give and where they take it. If a request is made 2 times to debit user x and to credit user y, then by splicing these 2 requests, it can be said that it is one transaction (taken away from x and given to y).

Q: What’s the difference between Master Account and Company Balance?

A: The Master Balance is used to secure funds necessary for on-going user spend, that BIN sponsor uses in the settlement process with Mastercard. More here: https://developer.verestro.com/books/card-management-system/page/overview#bkmrk-balances.

Company balance is a place where FX/Interchange/Fees are settled.

Q: Where can I verify the balance of a company on Budget control system?

A: CardAlias APIs can be used, the same information is also available on the transaction details APIs, under the parameter balanceMinorValueAfterTransaction.

Q: Is there any dashboard provided by Verestro to have an access to customer balances thorough the interface to control Master Balance?

A: Yes, Verestro provides a Wallet Admin Panel, which is a web frontend application dedicated for customers to follow user transactions and manage the Master Balance. Available on the Verestro Developer Zone at: https://developer.verestro.com/books/money-transfers/page/overview

Cards

Q: Where the physical cards can be tracked, when this card is issued or what is the current status?

A: We do not provide it via API, but they can do it through an agreement with a courier company that will deliver cards from the personalization company to users.

Q: For the cards issued with Quicko, there is any ATM limitation for withdrawals with the cards, like a specific network cannot be used?

A: They should. The only dependence could be different surcharge per operator, but some cards may be limited by the network without previous warning.

Q: Can one user as corporation have multiple cards, like 100 000 cards?

A: Yes, there is lack of limitations.

Q: Can a single user have multiple cards and are there any limitations on card total number?

A: One user can have multiple balances and multiple cards under each balance. Each card can have different limits. We do not have card limits per user.

Q: Client is asking about physical cards and where they can track when this card is issued or what is the current status?
A: We do not provide it via API, but they can do it through an agreement with a courier company that will deliver cards from the personalization company to users.

Q: What is the difference between synchronous and asynchronous process of card’s creations?

A: In a synchronous process in a response you’ll receive a card data, in asynchronous the ID by which you can check if the card has been generated already.

Q: In which case we should use secure/cards/{cardID}/activation method?

A: This method should be used for physical cards only.

Q: Is a PIN code required for the virtual card?

A: In context of virtual cards PIN is only required if customer would like to withdraw money from ATM using X-Pay.

Q: How does the customer receive the PIN?

A: You would need to pass it somehow to customer, you can either show it somewhere in the app or send it somehow for example via email.

Q: Is it possible to change the PIN code? If yes, how can this be done?

A: Yes, there is method in Antaca API for that purpose you can use "Change card PIN" method from https://developer.verestro.com/books/card-management-system/page/technical-documentation-4Wl

Q: Are we correct in understanding that the card details (number, expiration date, CVV) created with the POST /secure/customers/{customerId}/cards/virtual method will be identical to the physical card that will be issued later for the specific user? Or will it be a separate card?

A: Those will be different cards, so all the details on physical cards are going to be completely different than on the virtual ones. Having same credentials on both types of cards is only possible once company is "Digital first" enabled on Mastercard side.

3DS

Q: What data should be delivered to Verestro to configure 3DS?

A:

  1. Title: Purchase confirmation 
  2. Main text: Please enter the OTP sent to your mobile number. For help contact us on ### ### ####.

Error Screen

  1. title: Authentication error
    4. Main text: There was an error processing your request. Please try again.
  2. Terms and conditions – short text about accepting conditions or URL. 

Company logo in PNG format, no larger than 50px by 150px. (Could push to be max 75 pixels by 155 pixels)

Transactions

Q: Can we get transaction info per card?

A: Yes, you can get transactions per card. There is API decribction uder linke https://developer.verestro.com/books/transaction-history-api/page/technical-documentation-thc-external-api

Q: Are ATM withdrawals possible with a virtual card?

A: Yes, but only if those virtual cards have configuration for it turned on and only if they have defined PIN (PIN is required when withdrawing money from ATM).

Q: On transaction history API, what kind of values can be received on merchantTransactionID parameter?

A: Any value that is sent to our system from the processor, varying from UUIDs, integers or strings

Q: Is there an endpoint that returns transactions done by card?

A: Yes, you can get it but on dedicated beta environment. It is not  present in Sandbox environment.

Q: Why Processor’s loadReversal is not being written on THC (Transaction History) as a transaction or update?

A: LoadAuthorization is a QUESTION: "is it possible to DEDUCT/CREDIT a given card?” and it does not cause any movements on the balance/limits/etc, therefore its not reported to THC.

This question is usually followed by loadAdjustment, which already DEDUCTS / CREDITS the balance and this movement is reported to THC. If a loadReversal comes instead of loadAuthorization, its handled as “there was no previous question” and is still not reported to THC.

Q: Why the REVERSED transaction is showing amount:0?

A: The value is updated according with the actual transaction value. For example, a 100.00 EUR authorization will show in THC (Transaction History) 100.00 EUR with status is AUTHORIZED. If 20.00 EUR is reversed on this transaction, the updated amount in THC will be 80.00 EUR and status will still be AUTHORIZED. If instead, it was a 100.00 EUR reversal, the updated amount in THC will be 0.00 EUR and the status would change to REVERSED.

Q: I’m using a simulator to send transactions to the system, why I’m not receiving all the transaction status?

A: The simulator will send exactly what was selected to be sent. If a REVERSAL is sent, only the REVERSAL will reach our systems. Same for all the other status.

Q: In the case when a user is offline on a plane and makes a payment with a card, how is the balance on their card checked?

A: Offline transactions are transactions you cannot reject. From the MC side, we find out that the money has been taken away and they don't ask if this might happen. Offline transaction can occur for example in metro or in airplane. In general, they occur very rarely. In such situations, the only thing you can do is report chargebacks after.

Q: What transaction type should we use instead of withdrawal when a user initiates a crypto purchase?

A:  for sell/buy with the user when the funds do not leave our "digital system" the best types will be:

  •  when the user is charged (buys crypto) - transactions/debit with the type funding
  •  when the user is credited (sells crypto) - transactions/credit with the type payment

Q: What is the difference between FEE & COMMISSION types? Please specify in which cases a transaction with type COMMISSION will be created

A: Commission (if it applies) refers to performing any sort of transactions (for example it can bet set up that for each abroad transaction customer will be charged 0,3EUR or 0,1% value of the transaction). Fees can apply to BIN-Sponsor related fees (if there are any set) like for example charging customer monthly for having active card or balance opened.

Limits

Q: In the documentation for card limits management through the API, we found that there are only three periods: daily, weekly, monthly. What about the limit per transaction? Is it limited to Mastercard limits or is it also set on your side?

A: Yes, it is possible to set limit per transaction. We can indicate limits, such as e-commerce limit, ATM limit, or limit in another currency. Those limits are configured and can be managed by API. More information’s about limits and how to set them up can be found in documentation: https://developer.verestro.com/books/card-management-system/page/technical-documentation-4Wl.

Q: on setting the limits on the cards, like Monthly, weekly, daily. What datetime does it actually start-end?

A: Limits are cleared accordingly:
Daily: every day at 11:59PM
Weekly: 12:00AM on Mondays
Monthly: 12:00AM on the first day of the month
CRON, which clears the limits, runs in UTC time

Finance Admin Panel

Q: Does admin panel is available on sandbox environment?

A: No, it is not available in the Sandbox environment.

Q: Can we create users and validate them in the admin panel?

A: No, it is an administrative tool. You can read about admin panel functions under below link: https://developer.verestro.com/books/administration-panel/page/finance-administration-panel-overview

Back to top