Core functionalities
Card issuing
Enables debit card provisioning and physical card ordering, allowing customers to start spending immediately through virtual cards while their physical card is in transit.
Card lifecycle management
Empowers users with self-service controls to activate new cards, view sensitive card details securely, and manage security settings like PIN changes or temporary card freezing.
Limit management
Allowing customers to set and adjust daily or monthly transaction ceilings for different categories like online shopping or ATM withdrawals.
Wallet management
Facilitates seamless “Push to Wallet” functionality for Apple Pay and Google Pay, ensuring customers can digitize their cards securely.
3DS authentication
Secures online transactions through a frictionless authentication experience, using pre-selected authentication methods to verify the cardholder’s identity during high-risk purchases.
Travel notice management
Enhances global card usability by allowing customers to log upcoming travel dates and destinations, reducing the risk of legitimate international transactions being flagged as fraud.
Use cases coverage:
Card issuing
| Feature | Key capabilities |
|---|---|
| Card number generation | Service responsible for creating a new, unique, and valid card number (PAN) according to issuer and scheme rules. This ensures compliance and uniqueness for every new card product or issuance. |
| New card creation | Initiates the issuance process for a new physical or virtual card, linking it to the customer’s account and initiating production/digital delivery. It streamlines the process of issuing primary, secondary, or replacement cards. |
| Card to device linking | Manages the secure association of a card to a specific consumer device (e.g., for in-app payments). This supports device-specific functionality and modern security protocols. |
Card lifecycle management
| Feature | Key capabilities |
|---|---|
| View or Search Card Status | Provides the capability to retrieve a comprehensive list of all cards associated with a cardholder profile, fetching statuses for active, blocked, and expired cards for a complete portfolio overview. |
| View CVV | A secure API endpoint to retrieve the Card Verification Value (CVV2). It is configured for temporary display for a short duration to ensure security. |
| View PIN | A dedicated secure API endpoint to retrieve the PIN for cardholder access. Like the CVV, it features a fixed-duration display. |
| Card Activation | Allows cardholders to instantly activate new physical or virtual cards, either fully or partially (e.g., e-commerce only), ensuring immediate usability via real-time CMS updates. |
| Block/Unblock | Enables dynamic control over a card’s status, supporting both Temporary Blocks (suspension) for convenience and Permanent Blocks (cancellation) for security, with instant unblocking capabilities. |
| Replace Card | Initiates the replacement of an existing physical card due to damage or expiry while retaining the same account details, facilitating a seamless transition with minimal disruption. |
| Terminate Card | Allows for the permanent cancellation and closure of a card, removing it from the active portfolio. This finalizes the card lifecycle when accounts are closed or compromised. |
Spending limit management
| Feature | Key capabilities |
|---|---|
| Modify Spending Limits | Enables cardholders or administrators to adjust transactional limits, such as daily spending or ATM withdrawals. This provides flexible financial control and allows users to actively manage their risk exposure. |
| Update Security Controls | Allows users to configure and update specific security preferences, such as toggling ATM, e-commerce, or international transaction types. This empowers users with granular control to enhance card security. |
Digital wallet provisioning
| Feature | Key capabilities |
|---|---|
| Wallet Eligibility Check | The essential first step in wallet provisioning; a real-time API inquiry that confirms the card, cardholder, and transaction context meet criteria for wallet provisioning. This ensures compliance and minimizes fraud risk before provisioning begins. |
| Wallet Provisioning | Facilitates the secure “push” of card credentials to digital wallets by replacing the sensitive PAN with a unique, non-sensitive Token. It protects the card number during transactions and manages the full token lifecycle (creation, suspension, or deletion). |
Transaction security (3D Secure authentication)
| Feature | Key capabilities |
|---|---|
| 3DS Authentication | Provides support for the latest EMV 3-D Secure standard for secure e-commerce transactions. It facilitates real-time communication with the Access Control Server (ACS) to determine the appropriate authentication level required for a transaction. |
| Authentication Flow | Supports Frictionless Authentication for low-risk transactions (no user interaction) and authentications as per customer configuration for high-risk cases. It helps balances fraud reduction with a smooth user experience. |
Travel notice management
| Feature | Key capabilities |
|---|---|
| Create Travel Notice | Allows cardholders to pre-notify the system of upcoming travel plans, including specific dates and destinations. This significantly reduces the likelihood of legitimate transactions being declined due to false fraud flags while abroad. |
| Modify Travel Notice | Enables cardholders to update the dates or destinations of an existing travel notification. This provides the flexibility to adjust itineraries without the need to delete and recreate a new notice. |
| Delete Travel Notice | Allows cardholders to remove an active or pending travel notification. This ensures the system remains updated and clears outdated information if travel plans are changed or canceled. |
| Get Travel Notice | Retrieves details of any existing travel notifications associated with a specific card. It displays the active start and end dates as well as all locations currently covered by the notice. |
Out-of-Scope for PCI Compliance - By utilizing the Grand Central Unified API, your infrastructure remains outside of PCI-DSS scope. Sensitive cardholder data, such as the Primary Account Number (PAN), CVV2, and PIN, is handled exclusively by the underlying connectors. Your systems only interact with non-sensitive tokens or encrypted payloads, significantly reducing your regulatory burden and data liability.