Guidance on PIN Set

This guide explains how Clients can enable a personal identification number (PIN) set feature for their Customer’s debit cards. Rize uses a procedure that transfers PCIPCI - Payment Card Industry (PCI) compliance refers to the data security standards that businesses must adhere to if they capture, process, transmit, or store credit or debit card information.-sensitive information directly from the cardholder’s device to Rize using a PIN-set form. Clients do not need to be PCIPCI - Payment Card Industry (PCI) compliance refers to the data security standards that businesses must adhere to if they capture, process, transmit, or store credit or debit card information.-compliant to use this feature. After the PIN is set on the Debit Card, the status on the Debit Card will move from usable_without_pin to normal.

To set a Customer’s PIN, Clients must perform the following steps:

  1. Send Rize their domain for whitelisting before accessing this feature in production and moving forward to next steps.
  2. Retrieve a token for the Customer’s Debit Card through the PIN change token endpoint.
  3. Supply the token in a request to Rize’s PIN set service: https://web-card-service-release.rizefs.com/?token…..
    (Note: the URL is environment-specific. Please see the reference table of URLs below.)
  4. Render the supplied iframe for Customers to enter and verify their PIN.

*Environments will allow clients to exercise the data exchange and render an iframe but will not set the PIN or move the debit card status from usable_without_pin to normal.

The default iframe with no styling is below. Rize will supply a CSS or SCSS form to apply styling to the PIN set form.

The duration between PIN set auth token requests must be 5 minutes for the first token to expire. The recommended flow for setting a PIN and managing failure cases is:

  1. Client application issues a request for a PIN set token to Rize.
  2. Rize Returns the PIN set token.
  3. Client application supplies the PIN set token in the PIN set service URL.
  4. Rize sends the PIN set form.
  5. The Customer enters their PIN and clicks Submit on the supplied form

Using the Rize MQ, Clients can get event updates that will help them design their PIN set flow.
Below are some example scenarios where the MQ can be leveraged:

  • If Rize returns a debit_card_status MQ event, updating the card status to normal, then the flow ends and the PIN is set.
  • If Rize returns the pin_commit_failed MQ event, the developer can request a new PIN set token and retrieve a new PIN set form.
  • If Rize returns no MQ Events, then the process of submitting the PIN was interrupted. The developer must wait at least 5 minutes from the time the original PIN set token was requested before requesting a new PIN set token and restarting the process. Five minutes is the duration required for the token to expire."