A Card object represents a credit or debit card. It contains many useful pieces of information about the card but importantly, it does not contain the full card number and CVC (which are kept securely in the ProcessOut Vault). However, you can use the card for a single payment by creating a card token with it. If you want to use the card for multiple payments, then you can use the card token to create a reusable customer token. Note that once you have used the card token either for a payment or to create a customer token, the card token becomes invalid, and you cannot use it further.

You can use the expires_soon field of the Card object to identify cards that will become invalid in the near future. When we detect that a card is about to expire, we will also fire an event to notify your webhook endpoint. You might respond by prompting the customer to supply a new payment card, for example.

Card object

List of fields

📘
While the card object may seem to contain many parameters, only a handful are useful to merchants. Other may be used under specific scenarios as ProcessOut is fully transparent with the data it gathers. The following list contains most parameters that may be useful to merchants

Field	Type	Description
id	string readonly	String value that uniquely identifies the card.
project_id	string readonly	Project that the card belongs to.
name	string	Cardholder’s name. Maximum 255 characters long
address1	string	First line of cardholder’s address. Maximum 255 characters long
address2	string	Second line of cardholder’s address. Maximum 255 characters long
city	string	City of cardholder’s address. Maximum 255 characters long
state	string	State or county of cardholder’s address. Maximum 255 characters long
country_code	string readonly	Country where the card was issued, derived from the IIN/BIN lookup (ISO-3166, 2-character format).
billing_country_code	string	Billing country of the card holder, as supplied on the card's contact. Must be a valid ISO 3166 country code with 2 characters
zip	string	ZIP code of cardholder’s address. Maximum 16 characters long
ip_address	string	IP address of the cardholder Must be a valid IP address
metadata	object	Metadata related to the card, in the form of key-value pairs (string - string).
preferred_scheme	string	Preferred scheme defined by the Customer. This gets priority when processing the Transaction.
scheme	string readonly	Scheme of the card, such as Visa or Mastercard.
co_scheme	string readonly	Co-scheme of the card, such as Carte Bancaire.
type	string readonly	Card type (`debit`, `credit`, `deferred debit`, `prepaid`, `charge` or `unknown`).
bank_name	string readonly	Name of the card’s issuing bank.
brand	string readonly	Brand of the card, such as Electron, Classic or Gold.
category	string readonly	Card category (`consumer`, `commercial`, `business`, `corporate`, `governement` or `probably-consumer`).
iin	string readonly	Issuer identification number. Corresponds to the first 6 or 8 digits of the main card number. By default, your project will be configured with 8 digits, compliant with PCI specification
last_4_digits	string readonly	Last 4 digits of the card.
fingerprint	string readonly	Hash value that remains the same for this card even if it is tokenized several times. Note that this value is different for each project and cannot be used for payment.
exp_month	integer	Month of the expiration date.
exp_year	integer	Year of the expiration date.
cvc_check	string readonly	CVC check status. Can be: `pending`: The check was not verified yet `unavailable`: The request has been sent, but no response has been received (typically, the issuer or acquirer isn't compatible) `unknown`: We couldn't verify the status `failed`: The CVC check has failed (CVC invalid) `passed`: The CVC check has succeeded (CVC valid)
avs_check	string readonly	AVS check status. Can be: `pending`: The check was not verified yet `unavailable`: The request has been sent, but no response has been received (typically, the issuer or acquirer isn't compatible) `unknown`: We couldn't verify the status `failed`: The AVS check has failed `failed-name`: The AVS check has failed because the name is invalid `failed-address`: The AVS check has failed because the address is invalid `failed-postal`: The AVS check has failed because the postal code is invalid `failed-address-passed-postal`: The AVS check has failed because the address is invalid, but the postal code is valid `failed-postal-passed-address`: The AVS check has failed because the postal code is invalid, but the address is valid `passed`: The AVS check has succeeded
token_type	string readonly	Contains the name of a third party tokenization method (such as `applepay`), if one was used or `null` otherwise.
used	boolean readonly	Denotes whether or not this card has been assigned to a Customer Token or has been successfully authorized. This field is tied with `has_been_authorized`, depending on its value: If `has_been_authorized` is `null`: `used=true` means that this card can't be assigned to a Customer Token, nor can it be used to authorize using this card as the `source` `used=false/null` means that this card can be assigned to a Customer Token or can be used to authorize using this card as the `source` If `has_been_authorized` is not `null`: `used=true` means that this card can't be used to authorize using this card as the `source` `used=false/null` means that this card can be used to authorize using this card as the `source`
has_been_authorized	boolean readonly	Denotes whether or not this card has been successfully authorized. `true`: This card can't be assigned to a Customer Token `false`: This card can be assigned to a Customer Token `null`: Refer to the `used` field description
sandbox	boolean readonly	Denotes whether or not this card was created in the sandbox testing environment.
created_at	datetime readonly	Date and time when this card was created.

📘
The billing address of the Card will be overwritten with the billing address of the invoice, if it is set during transaction processing (except for the card country code, which is automatically derived from the card number). In order of priority, ProcessOut uses the invoice billing address, then the Card billing address, before falling back to the Customer billing address if no other address is available.

JSON object

{
    "card": {
        "project_id": "proj_IFCgGTmyClrgTOzsschN1y7GJttHVQ7S",
        "update_type": null,
        "update_reason_code": null,
        "scheme": "visa",
        "co_scheme": null,
        "preferred_scheme": null,
        "type": "debit",
        "bank_name": "REVOLUT LIMITED",
        "brand": "visa infinite",
        "category": "consumer",
        "iin": "41659815",
        "last_4_digits": "4111",
        "fingerprint": "5543c446bbacd7ab48f22e1fe0e4d88e590ba37ecb9ab2cfd3f7e7269bd194e7",
        "exp_month": 12,
        "exp_year": 2027,
        "cvc_check": "passed",
        "avs_check": "passed",
        "checks": {
            "cvc_check": "passed",
            "cvc_check_reason": null,
            "avs_check": "passed",
            "avs_postal_check": "passed",
            "avs_postal_check_reason": null,
            "avs_street_check": "passed",
            "avs_street_check_reason": null,
            "avs_name_check": "passed",
            "avs_name_check_reason": null
        },
        "token_type": null,
        "name": "Pierre L",
        "address1": "133 rue Lamarck",
        "address2": null,
        "city": "Paris",
        "state": "Ile de France",
        "country_code": "FR",
        "billing_country_code": "FR",
        "zip": "75018",
        "ip_address": "1.2.3.4",
        "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Safari/605.1.15",
        "header_accept": "*/*",
        "app_color_depth": 24,
        "app_java_enabled": false,
        "app_language": "en-US",
        "app_screen_height": 900,
        "app_screen_width": 1440,
        "app_timezone_offset": -60,
        "header_referer": "https://js.processout.com/",
        "expires_soon": false,
        "metadata": {},
        "used": true,
        "has_been_authorized": false,
        "sandbox": true,
        "created_at": "2023-04-24T11:27:12.943960085Z",
        "updated_at": "2023-04-24T11:27:12.943960014Z",
        "id": "card_iyBjJk4tClg445emITDYv6paTXZDgwsP",
        "cvc_tokenized": true,
        "tokenization_method": null,
        "payment_source_detail": null
    },
    "success": true
}

What’s Next

What’s Next