Cards

The Apto platform supports debit, prepaid, and credit cards capable of operating on the Visa or Mastercard networks. Apto can provide cards that are physical or digital only. No matter what you order, cardholders can start using their cards right away.

Cards in the Instant Issuance program operate on the Mastercard network.

Physical cards

Physical cards are the standard payment cards we carry with us in our wallets. Apto allows you to design and issue contactless cards. The Instant Issuance program offers a range of color options to combine with your logo. Enterprise card programs allow for even more flexibility.

By default, all our cards display the cardholder’s Primary Account Number (PAN)—which identifies the card network, the issuing bank, and the cardholder’s account—an expiration date, and a CVC, which is the three-digit number that is used in online purchases. This information is available to the cardholder through the PCI SDK immediately upon card issuance. In this sense, they operate somewhat like digital cards. See card activation for more details.

Digital cards

Digital cards are equivalent to physical payment cards, but can be used in any kind of transaction immediately upon issuance.

By default, digital cards issued through the Instant Issuance program are “multi-use” meaning they can be used repeatedly.

In Enterprise programs, you can also create single-use digital cards with a unique card number for a specific, individual transaction. You call our API to issue the card and generate the card number and, when the transaction is complete, call our API again to deactivate the card number. Used this way, single-use cards prevent the exposure of your cardholder’s actual account details to the merchants they transact with. Single-use cards are only funded at the time of use and are easily reconciled with your ledgers.

Card design

Apto is committed to working with you to design the best looking card for your program.

Instant Issuance card designs

In the Instant Issuance program, you have several options for card color and can add your own logo. You’ll design your cards during account activation.

Color choices

StyleColorHexCMYK
LightWhite#F9F6EF1 2 5 0
DarkBlack#191D2378 69 60 73
DarkGrey#4E5C5467 49 61 30
DarkGreen#57BD8465 0 65 0
DarkCoral#F4805C0 62 66 00
DarkIndigo#2C486690 72 40 22
DarkBlue#0091C780 30 5 0

Card color choices

Logo design

If you choose to include a logo, it must be a .PNG file with a transparent background. We recommend the logo be either white or black to ensure optimal contrast with the underlying card color. If you submit a logo with a different color, you should ensure that the accompanying CMYK value still looks appropriate. The .PNG file should have a minimum size of 168 x 132 pixels (14mm x 11mm at 300 DPI).

Your logo will be positioned in the top right corner of your physical cards. To maximize the size of your logo, do not manually add padding. We automatically center your logo and stretch it to fill the available space.

Logo placement

Your logo should be sized to maintain its aspect ratio when scaled to fit within the logo area (shown in red below), and should be horizontally and vertically centered.

Logo size

For optimal contrast, you should submit a black logo if you choose a light background or a white logo for a dark background.

Logo contrast

Logo review

All logos are subject to review and must pass our guidelines. Logos must be your own, adhere to Mastercard’s and the issuing bank’s design guidelines, and be free of illegal, controversial, offensive, or profane images or references.

If a logo does not pass our review process, we will explain why. You can submit another logo for approval. After your logo passes our review process and your application is approved, you can switch to production to begin issuing live cards.

Card details

Physical cards display the Mastercard network logo and debit identifier on the front.

We print the cardholder’s name, Primary Account Number (PAN), CVC, and expiration date on the back of the card. The cardholder can also view these details in the mobile app.

In addition, all Apto cards also display the following issuer statement:

Cardholder, by use or permitting the use of this card, agrees to the terms and conditions on the Cardholder Agreement. The Apto card is issued by Evolve Bank & Trust, pursuant to a license from Mastercard International. This card must be surrendered upon demand. For Customer Service, contact Apto at: 1-855-459-0326.

The cardholder name, PAN, CVC, EXP and Issuing Statement are printed with white [#FFFFFF] text when displayed on either of the four light background and black text [#000000] when displayed on either of the two dark backgrounds. The issuing statement is printed in the same color at 50% opacity.

All text is Helvetica Neue normal weight font with the following sizes:

  • Issuing statement: 5px
  • Cardholder name: 11px
  • PAN, EXP, and CVC: 8px

Card text

Digital wallet card art

In the Instant Issuance program, your physical card art will not match the digital card art displayed in your cardholders’ Apple or Google wallets.

Due to constraints imposed by the card network and digital wallet providers, your digital wallet card art will not display your company’s logo. All digital wallet card art will simply show the Mastercard logo, debit identifier, and the default Apto design color (White: #F9F6EF).

This only relates to digital card art displayed in the user’s mobile wallet. You remain free to upload the accurate digital rendering of your physical cart art within your mobile application using our SDKs. In our example app, we’ve set the background color of the card image displayed as Black (#191D23).

Digital wallet card art

Upgrading your card art

As stated in the Selecting your program section, we recommend getting started with the Instant Issuance program regardless of the final integration you envision with Apto. It’s the fastest way to begin issuing cards. If your program gains traction, contact Sales and we can initiate the process to migrate your Instant Issuance program to an Enterprise BIN range. You’ll have the option to refresh and completely customize your physical card art, and submit the necessary approvals to ensure the digital card displayed in your cardholders’ Apple and Google wallets aligns.

Card carrier

Physical cards will be shipped to your users in a card carrier envelope. This carrier will contain the physical card, the card’s activation code, the issuing statement and the name of your program. It will be a simple black and white design.

Card carrier issuing statement Card carrier activation code

Custom card designs

If minute, pixel-perfect control of card art is essential to your brand identity from day one, we can make that dream come true within an Enterprise program. We work with a number of fulfillment vendors, including printers that offer low cost on-demand printing. If you want something of especially high quality, you would purchase card stock and they would print it for you, with a minimum of 1,000 cards. Cards are customizable and you have total control over card design, subject to bank, printer and network approval. Apto can send you samples as we get further into the process. Please contact sales to learn more.

Issuing cards

This section explains how to issue cards using the Apto Core API and the Apto Mobile API. You can also issue cards using the mobile SDK. For details, see the Apto mobile SDK docs on issuing cards for iOS or Android.

Issuing cards with the Core API

note

Issuing cards with the Core API is only possible in the sandbox and in Enterprise programs.

Card issuance using the Core API is a single-step process that creates a cardholder object, conducts KYC (Know Your Customer) on the data provided, and issues a card for the cardholder. It is a single request that returns the cardholder data and the cardholder’s KYC status. This is in contrast to the Mobile API, which requires that you first authenticate the applicant using 2FA to secure a session token before proceeding.

To issue a card in the Core API, submit a POST request to the /cardholders endpoint with cardholder data. For example:

{
"first_name": "Josh",
"last_name": "Wilson",
"custodian_uid": "your-external-user-id",
"email": "pat@wilson.com",
"phone_number": "+16508881111",
"date_of_birth": "1982-06-20",
"address": {
"street_one": "1800 Gates Ave",
"street_two": "2L",
"locality": "Ridgewood",
"region": "NY",
"postal_code": "11385",
"country": "USA"
},
"document": {
"type": "ssn",
"value": "490940000"
},
"card": {
"design_key": "blue",
"program_id": "Apto_GPR",
"initial_load": {
"currency": "USD",
"amount": 200
},
"additional_fields": {
"field_1": "some image url here",
"field_2": "https://dummyimage.com/600x400/000/fff.png",
"field_3": "some qr code here",
"field_4": "string",
"field_5": "string"
}
}
}

The response to this request includes the cardholder state, cardholder data, card type, and card state.

{
"cardholder": {
"livemode": false,
"id": "crdhldr_1cd68f70917cb5ed",
"email": "pat@wilson.com",
"kyc_passed_at": "2016-10-19T23:20:21.034Z",
"kyc_status": "PASSED",
"kyc_identity_reason": null,
"kyc_address_reason": null,
"kyc_file_reason": null,
"first_name": "Josh",
"last_name": "Wilson",
"phone": 6157915911,
"custodian_uid": "your-external-user-id",
"cards": [
{
"card": {
"id": "crd_fde2d61d233455b9",
"program_id": "Apto_GPR",
"design_key": "blue",
"devices": [
{
"name": "Wilson*s iPhone",
"type": "iPhone",
"status": "ACTIVE"
}
],
"last_four": "5542",
"status": "CREATED",
"dda_number": "9990000267938",
"aba_routing_number": "121182810",
"activated_at": "2016-10-19T23:20:21.034Z",
"network": "VISA",
"issued_at": "2016-10-19T23:20:21.034Z",
"shipped_at": "2016-10-19T23:20:21.034Z",
"created_at": "2016-10-19T23:20:19.000Z",
"cardholder_id": "crdhldr_1cd68f70917cb5ed",
"ordered_status": "AVAILABLE",
"number": 4013111122223333,
"expiration": "03/26",
"cvv": 123,
"livemode": true,
"additional_fields": {
"field_1": "some image id here",
"field_2": "https://dummyimage.com/600x400/000/fff.png",
"field_3": "some qr code here",
"field_4": "string",
"field_5": "string"
}
}
}
],
"created_at": "2016-10-19T23:20:17.000Z"
}
}

The cardholder state refers to the cardholder’s KYC status and whether it is “passed”, “not passed”, or “pending”. The card type refers to whether the issued card is digital or physical.

Card state refers to the card’s lifecycle, shown here:

StateDescription
CreatedCards that have been created, but not yet activated. This state only applies to physical cards.
ActivatedCards that are activated can be used to conduct transactions.
DeactivatedCardholders can freeze their cards temporarily. In this state, incoming transactions for this card are rejected by our transaction authorization module. Cardholders can activate deactivated cards at any time.
ClosedCards can be closed by our customer support team for a variety of reasons: cards lost or stolen, cards that are expired, etc. Incoming transactions for closed cards are rejected by our transaction authorization module. Closed cards cannot be reopened.

Issuing cards with the Mobile API

note

Issuing cards with the Mobile API is for Enterprise integrations. However, our SDKs wrap the Mobile API. For more, see the Apto Mobile SDK docs for iOS or Android.

Card issuance with the Mobile API is a multi-step process:

  1. Verify the applicant and generate a secure session token
  2. Create a cardholder object
  3. Issue a card

Step 1: Verify a cardholder’s primary credential

You can begin the verification process by sending a POST request to the /verifications/start endpoint with the applicant’s phone number:

{
"datapoint_type": "phone",
"datapoint": {
"country_code": "1",
"phone_number": "2025550141"
}
}

When you submit this request, we send a one-time password (OTP) via SMS to the applicant’s phone number. The OTP expires after 15 minutes. The response includes a verification object, identified by the verification_id field—with a status of “pending”:

{
"type": "verification",
"verification_id": "entity_27288bc122db1339",
"status": "pending"
}

The applicant must enter the OTP in the app. Then the app can send a POST request with this password to the /verifications/{verification_id}/finish endpoint to complete the verification.

{
"secret": "string"
}

The response includes the status of the verification, which can be "pending", "passed", "failed", or "expired":

{
"type": "verification",
"verification_id": "entity_27288bc122db1339",
"status": "passed"
}

Once the applicant’s verification is “passed”, you can use their primary credential to create a cardholder object.

Step 2: Create a cardholder object

To create a cardholder object from a verified primary credential, send a POST request to the /user endpoint:

{
"data_points": {
"type": "list",
"data": [
{
"type": "phone",
"country_code": "1",
"phone_number": "2025550141"
}
]
}
}

This request makes sure the primary credential verification is valid, and then creates the cardholder object. The response contains the user_id and user_token for the new cardholder:

{
"type": "user",
"user_id": "crdhldr_b04f29605a018f7d72a2",
"user_token": "E5PWX4T9dcPriIo ... ao0QZLC6YL/dAyaA8",
"user_data": {
"type": "list",
"data": [
{
"type": "phone",
"country_code": "1",
"phone_number": "2025550141"
}
],
"page": 0,
"rows": 5,
"has_more": true,
"total_rows": 10
}
}

Step 3: Issue a card

To issue a card, send a POST request to the /user/accounts/issuecard endpoint with the applicant’s user token:

{
"type": "card",
"balance_version": "v1",
"card_product_id": "entity_entity_ed56f762f2c407fa",
"balance_store": {
"type": "custodian",
"custodian_type": "coinbase",
"credential": {
"type": "credential",
"credential_type": "oauth",
"access_token": "3a1psty6xga9qhbbjp7j95sisw69pqfl02zxmwlfg2ryqnoz23ucygxfusfw7qvb",
"refresh_token": "nllp1sr5p2jzqhx4geosztae63rk3hqe5dfbe254dil0wr5boe7bpinuhjqku17f"
}
}
}

The response contains the basic, non-PCI-protected data of the card, including the card’s state, which can be "active", "inactive", "cancelled", "created", or "unknown".

{
"type": "card",
"account_id": "crd_98hnhu9sc7i9ay73375",
"last_four": "1234",
"card_network": "VISA",
"card_brand": "Marvel Card",
"card_issuer": "Apto Payments",
"expiration": "2021-03",
"pan": "4000123456739010",
"cvv": "123",
"state": "active",
"kyc_status": "resubmit_details",
"kyc_reason": "Please contact customer service to check your ID documents",
"spendable_today": {
"currency": "USD",
"amount": "1457.87"
},
"native_spendable_today": {
"currency": "USD",
"amount": "1457.87"
},
"total_balance": {
"currency": "USD",
"amount": "1457.87"
},
"native_total_balance": {
"currency": "USD",
"amount": "1457.87"
},
"ordered_status": "ordered",
"cardholder_first_name": "Anthony",
"cardholder_last_name": "Stark",
"issued_at": "2019-07-30T07:03:55+00:00",
"name_on_card": "TONY STARK",
"features": {
"get_pin": {
"status": "enabled",
"type": "IVR",
"ivr_phone": {
"country_code": 1,
"phone_number": 9366666715
}
},
"set_pin": {
"status": "enabled",
"type": "IVR",
"ivr_phone": {
"country_code": 1,
"phone_number": 9366666715
}
},
"support": {
"status": "enabled",
"type": "IVR",
"ivr_phone": {
"country_code": 1,
"phone_number": 9366666715
}
},
"card_style": {
"background": {
"background_type": "COLOR",
"background_color": "string",
"background_image": "string",
"card_logo": "string"
},
"text_color": "string"
},
"add_funds": {
"status": "enabled",
"soft_descriptor": "My company descriptor",
"card_networks": [
"MASTERCARD"
],
"limits": {
"daily": {
"max": {
"currency": "USD",
"amount": "1457.87"
},
"remaining": {
"currency": "USD",
"amount": "1457.87"
}
},
"monthly": {
"max": {
"currency": "USD",
"amount": "1457.87"
},
"remaining": {
"currency": "USD",
"amount": "1457.87"
}
}
}
}
}
}

Card fulfilment

If your applicant passes all necessary compliance tests, physical cards typically take 1-2 days to print. Cards are mailed via the USPS and typically take 5-7 days to arrive at the cardholder’s address when sent with standard shipping, or 2 days when sent with express shipping. Cards are shipped individually. Please contact Apto sales for bulk shipping or express shipping.

Card activation

Digital cards are activated when they are created, and are available to use immediately. When physical cards are issued, the cardholder is given the card number immediately to usein card-not-present (ecommerce) transactions and in digital wallets for POS signature transactions while the card is being printed and delivered. Card numbers for physical cards are not available for card-present transactions until the cardholder receives and activates the physical card.

For security purposes, physical cards are blocked from use until the cardholder activates the card. Apto provides two mechanisms for doing so:

  • Activate via mobile app: Apto provides an API endpoint that can be called by the mobile SDK. This allows the cardholder to authenticate themselves and activate their card from within the mobile app upon receiving the card.

  • Activate via phone: The cardholder may also call Apto’s automated card activation line. During this call, the cardholder is prompted to confirm their registered phone number and the last 4 digits of the card number. The first step is not necessary if the incoming call is recognized as the registered phone number. If the initial verification fails, the cardholder is prompted to enter additional data such as the last 4 digits of their SSN, the ZIP code where their card was received, or their date of birth. The additional identifying information is configurable during program setup. If this additional verification fails, the call is transferred to Customer Service.

When the cardholder is verified, their card will be activated, and the cardholder will be prompted to set a 4-digit security PIN.