Digital Cards

A digital card is an electronic representation of a card that exists on a cardholder's mobile device, on a web site, or in an email. Depending on how the card is deployed, cardholders can use digital cards to make purchases on web sites and in mobile apps as well as at physical points of sale.

In the Galileo system, digital cards take one of three forms:

  • Virtual card — A virtual card exists only as an image that is displayed inside a mobile app or on a website—it is never embossed. The product ID is for a virtual card product, as specified in the product parameters. The PANPAN - Primary account number. The 16-digit number that is printed on a card, beginning with the BIN. This number is not the same as the account identifier, which is the PRN, or the card identifier, which is the CAD., CVVCVV - Card verification value. A number that is included on a card to help verify that a cardholder has the actual card (physical or virtual) in hand. CVV1 is a value that is embedded in a card's magnetic stripe, CVV2 is a 3- or 4-digit number printed on the actual card, and iCVV is a number embedded in security chips. In most cases, "CVV" refers to CVV2., and expiry dateexpiry date - The date that a card expires. This date is displayed on a virtual or physical card and is randomly set at the time the card is created. The expiry date is encrypted in the Galileo system and cannot be retrieved by anyone who is not PCI compliant. are visible.
  • Digital image of a physical card — The card is created as a physical card that is sent to an embosser. In the meantime, a digital image of the card—with the same PAN, CVV, and expiry—is provided for the cardholder's use. The digital image is not associated with a virtual card product but with a physical card product.
  • Tokenized card — The card is provisioned to a mobile wallet such as Apple Pay, Google Pay, or Android Pay. The PAN, CVV, and expiry are not visible on a tokenized card—the wallet contains only a token that is associated with the PAN in a secured, remote database. The underlying product ID can be for either a virtual card or a physical card.

You can offer digital cards for these use cases, among others:

  • Virtual only — You offer only a virtual card for your product, without a corresponding physical card. The cardholder can view the PAN/CVV/expiry for use on e-commerce or other online sites.
  • Digital First program — You provide a digital image of a physical card, and the customer can use the digital card while waiting for the physical version to arrive in the mail. See the Digital First Program guide for more information.
  • Mobile wallets — You provision a tokenized card to a mobile wallet, which a cardholder can use at physical points of sale as well as online. See About Mobile Wallets for more information.
  • Temporary replacement — When a physical card is reported lost, stolen, or damaged, you issue a digital card for the cardholder to use while the replacement card is embossed and mailed to them.
  • One-time use — You create a virtual card with a different PAN from the primary card such that the virtual card is used for only one purchase or to set up only one recurring payment.

Creating a digital card account

How you create a digital card account varies according to the type of digital card and the way it's represented:

Digital image of a physical card

See the Digital First Program guide.

Tokenized card

See About Mobile Wallets for instructions.

Virtual card

To create a virtual card account you must first set up a virtual card product. See Galileo setup for the parameters. Consult this table for the endpoints to use when creating a virtual card account.

Use CaseEndpointParameters
Onboard a new customer and issue a virtual cardCreate Account

(Creating an Account guide)
prodId — Must be a virtual card product
Onboard a new customer and issue a virtual card. You must be PCI compliant to use this endpoint.Create Virtual Card Account

(Creating an Account guide)
prodId — Must be a virtual card product
Add a virtual card account to an existing customer recordAdd Account

(Adding an Account guide)
prodId — Must be a virtual card product

Lost or stolen digital cards

A digital card is considered lost when the device that displays the card has been lost.

A digital card is considered stolen when a malicious user obtains the PAN from a data breach or intercepts the PAN during transmission. It can also be considered stolen when the device that displays the card has been stolen.

See the Lost, Stolen, or Damaged Cards guide for information on reporting digital cards as lost or stolen.

Presenting digital cards

To present a tokenized card in a mobile wallet, see About Mobile Wallets.

To present a virtual card or a digital image of a physical card in your application, follow these steps:

  1. Provide a digital card template to Galileo
  2. From your app or your website, retrieve a token from Galileo
  3. Send the token and the image request to Galileo
  4. Present the image in your app or on your website

Creating a digital card template

To create a template for a tokenized card, follow these instructions:

For virtual cards and digital representations of physical cards, follow these instructions.

Unlike a physical card, a digital card has only one side, which displays the cardholder name, PAN, expiry, and CVV, as well as the chosen artwork. You need to provide two templates for the digital card that conform to the specifications below: one blank template and one template with all information populated, so that Galileo knows how to format the digital card image.

Galileo can work with you to make sure all the elements are properly included. Your bank must also approve the design. You then register your blank card template with Galileo when it is finished.

Blank card templateBlank card template

Blank card template

Card image with full PAN, name, expiry, and CVVCard image with full PAN, name, expiry, and CVV

Card image with full PAN, name, expiry, and CVV

A card template must fulfill these requirements:

  • Contact Galileo for the file format to use: JPG or PNG
  • 500 x 315 pixels
  • A label and space for the expiration date
  • A label and space for the CVV
  • Horizontal or vertical orientation
    • With vertical art, Galileo is flexible with the PAN layout—for example, you can have stacked blocks of 4, horizontal or sideways.

Additional card elements Galileo can configure:

  • Font – Galileo offers these fonts at no charge:
    • OpenSans-Regular
    • OpenSans-Semibold
    • OpenSans-Bold
    • OpenSans-Light
    • OpenSans-Italic
    • RHPFDinMono
    • OcrA
  • Font color
  • Font size
  • Lower-case letters and font mixing are not supported.
  • X/Y coordinates for data elements.
  • Spaces to use in between each card number chunk.

📘

Note

If you want to use a different font, a sizing charge may be applied as well as licensing costs from the font's foundry.

The cardholder name on the digital card image is limited to 21 characters. Names are displayed on the card in this order of precedence:

  • First + middle + last
  • First + middle initial + last
  • First + last
  • First initial + last
  • As much of the last name as possible

Galileo generates a configuration ID that corresponds to a card template and font specification, so for example, if your product offers three possible templates for a card, you would have a different configuration ID for each image/font combination. You can use the same configuration ID across multiple programs as long as all programs use the same template. The configuration ID is a required parameter when you build the URL to Galileo's asset application to retrieve the generated card image — this is the config parameter in the HTTP request for the image.

Retrieving a digital card image

This section describes the steps to retrieve a dynamically generated card image that displays full PAN, expiry, cardholder name, and CVV. Do not use this method with mobile wallets. You do not need to be PCI compliant to use this method.

To retrieve a card image you must send two requests to Galileo: a Get Access Token call and an HTTP request to retrieve the card image from Galileo's asset application.

Get Access Token call

These parameters are required for the Get Access Token call:

  • accountNo — Galileo recommends using the CAD (card_id) or PAN, but the PRN is valid as long as only one card has ever been associated with the account.
  • type — Pass 0 to retrieve a card-related token.

The response will contain these fields:

  • token — A case-sensitive alphanumeric string, for example, hpSVyayQScHmhJS6_MVXT1WlsFRQoDJrRu_fi_JlX2Jo2dgg5p
  • expires — The date/time the token expires, formatted as YYYY-MM-DD hh:mm:ss

The token has two properties: the expiration (default: 300 seconds) and the maximum times an access token can be used (default: 3). You can change the defaults in your program or product parameters, as shown in Galileo setup.

HTTP request for the image

With the token assemble an HTTP call to retrieve the card image, as shown in the example. The URL is an AWS instance that Galileo sets up for each client. Request an AWS URL from Galileo if you do not already have one. This example is for the CVCV - Client Validation. A test environment where you can test your implementation before moving it to Production. environment. For ProductionProduction - The live Galileo environment where real transactions are performed. change the cv in the URL to pd.

https://asset-[clientname].cv.gpsrv.com/asset/image?token=[token]&config=[config_id]

where:

  • clientname — Your Galileo system name
  • token — The token you retrieved with the Get Access Token call
  • config_id — The configuration ID that corresponds with the image to retrieve

Galileo returns the PNG or JPG binary data.

Galileo setup

These internal parameters must be set at Galileo, according to your use case.

ParameterLevelDescription
NNEXPProductPrevents a new expiry from being generated for the physical card. Set to Y for virtual cards to be upgraded to physical (product switch) or for digital images of physical cards.
TSECVProgram or productMaximum seconds of access-token validity (default: 300).
TUSECProgram or productMaximum times an access token can be used (default: 3).

Did this page help you?