This guide explains how Clients can enable a personal identification number (PIN) set feature for their Customer’s debit cards. Rize uses a procedure that transfers PCIPCI - Payment Card Industry (PCI) compliance refers to the data security standards that businesses must adhere to if they capture, process, transmit, or store credit or debit card information.-sensitive information directly from the cardholder’s device to Rize using a PIN-set form. Clients do not need to be PCIPCI - Payment Card Industry (PCI) compliance refers to the data security standards that businesses must adhere to if they capture, process, transmit, or store credit or debit card information.-compliant to use this feature. After the PIN is set on the Debit Card, the status on the Debit Card will move from
To set a Customer’s PIN, Clients must perform the following steps:
- Send Rize their domain for whitelisting before accessing this feature in production and moving forward to next steps.
- Retrieve a token for the Customer’s Debit Card through the PIN change token endpoint.
- Supply the token in a request to Rize’s PIN set service: https://web-card-service-release.rizefs.com/?token…..
(Note: the URL is environment-specific. Please see the reference table of URLs below.)
- Render the supplied iframe for Customers to enter and verify their PIN.
PIN Set Service URL
*Environments will allow clients to exercise the data exchange and render an iframe but will not set the PIN or move the debit card status from
The default iframe with no styling is below. Rize will supply a CSS or SCSS form to apply styling to the PIN set form.
The duration between PIN set auth token requests must be 5 minutes for the first token to expire. The recommended flow for setting a PIN and managing failure cases is:
- Client application issues a request for a PIN set token to Rize.
- Rize Returns the PIN set token.
- Client application supplies the PIN set token in the PIN set service URL.
- Rize sends the PIN set form.
- The Customer enters their PIN and clicks Submit on the supplied form
Using the Rize MQ, Clients can get event updates that will help them design their PIN set flow.
Below are some example scenarios where the MQ can be leveraged:
- If Rize returns a
debit_card_statusMQ event, updating the card status to
normal, then the flow ends and the PIN is set.
- If Rize returns the
pin_commit_failedMQ event, the developer can request a new PIN set token and retrieve a new PIN set form.
- If Rize returns no MQ Events, then the process of submitting the PIN was interrupted. The developer must wait at least 5 minutes from the time the original PIN set token was requested before requesting a new PIN set token and restarting the process. Five minutes is the duration required for the token to expire."
Updated 2 months ago