CVV & PIN Management

Back
Next

CVV & PIN Management

After card issuance is complete, your system can use the Payblr PSP API to retrieve CVV status and PIN information, and perform unblock operations when supported. In this flow, the cardholder interacts with your mobile or web application, while your system sends the corresponding requests to Payblr and returns the confirmed result to the cardholder.

Overview

This page covers three related capabilities:

  • CVV status checks

  • PIN retrieval and PIN status checks

  • CVV and PIN unblock operations

These flows help your system supports sensitive card operations in a controlled way while keeping the cardholder experience within your own channels.

What this diagram covers

This diagram focuses on the status-management journey from the point of view of the cardholder and your system. The cardholder requests a status change through a mobile or web experience, your system submits the update request to Payblr, and then retrieves the latest status to confirm what should be shown back to the cardholder. The retrieve-status operation returns the current status code together with its description, which makes it a clean confirmation step after an update.

1. CVV Status Retrieval

This flow allows your system to check the current CVV status and the number of remaining attempts.

How the flow works

  1. A cardholder requests CVV information through your mobile or web application.

  2. Your system sends the request to Payblr using:
    GET /thr/thredd/card-cvv/{publicToken}/cvv/status

  3. Payblr returns: 200 OK. The response also includes the CVV status and remaining tries.

  4. Your system displays the returned status and remaining tries to the cardholder.

Important note on CVV retrieval

The flow shown in this diagram covers CVV status checks, not retrieval of the actual CVV value. If your implementation needs to display or deliver the actual CVV, your system should use the Get Card Data secure-data flow instead. Get Card Data is the endpoint used to share secure card data to the cardholder’s device through an encrypted payload, and it requires a device-generated session key in the request.

2. Retrieve current PIN

This flow allows your system to retrieve the current PIN.

  1. A cardholder requests the PIN through your mobile or web application.

  2. Your systems send the request to Payblr using:
    GET /thr/thredd/card-pin/{publicToken}/pin

  3. Payblr returns: 200 OK. Also, returns the current PIN.

  4. Your system displays the returned PIN to the cardholder according to your security and presentation rules.

3. Check PIN status

This flow allows your system to check PIN status and remaining attempts.

  1. A cardholder requests PIN status information through your mobile or web application.

  2. Your system sends the request to Payblr using:
    GET /thr/thredd/card-pin/{publicToken}/pin/status

  3. Payblr returns: 200 OK. Also, returns the PIN status and remaining tries.

  4. Your system displays the returned status and remaining tries to the cardholder.

Unblock Operations

This flow allows your systems to unblock CVV or PIN when the operation is supported.

4. Unblock CVV

  1. A cardholder requests to unblock CVV through your mobile or web application.

  2. Your system sends the request to Payblr using:
    PUT /thr/thredd/card-cvv/{publicToken}/cvv/status

  3. Payblr returns: 204 No Content

  4. Your system confirms to the cardholder that the CVV has been unblocked.

5. Unblock PIN

  1. A cardholder requests to unblock PIN through your mobile or web application.

  2. Your system sends the request to Payblr using:
    POST /thr/thredd/card-pin/{publicToken}/pin/unblock

  3. Payblr returns: 204 No Content

  4. Your systems confirm to the cardholder that the PIN has been unblocked.

This operation also resets the PIN attempt counter.