On This Page
FILTER BY TAG

Include Card Prefix

You can control the length of the card number prefix to be received in the response to the capture context
/sessions
 request:
  • Six digits
  • Eight digits
  • No prefix
To specify your preferred card number prefix length, include or exclude the
transientTokenResponseOptions.includeCardPrefix
 field in the capture context
/sessions
 request.
To receive a six-digit card number prefix in the response, follow this step:
Do not
 include the
transientTokenResponseOptions.includeCardPrefix
 field in the capture context
/sessions
 request.
This example shows how a six-digit card number prefix
411111
 is returned in the transient token response:
"maskedValue" : "XXXXXXXXXXXX1111”,
                        "bin" : "411111"
To receive an eight-digit card number prefix in the response, follow this step:
Include the
transientTokenResponseOptions.includeCardPrefix
 field in the capture context request, and set the value to
true
.
IMPORTANT
This PCI DSS requirement applies only to card numbers longer than 15 digits and only for Discover, Mastercard, and Visa brands.
  • If the card type entered is not part of these brands, a six-digit card number prefix is returned instead.
  • If the card type entered is not part of these brands but is
    co-branded
     with these brands, an eight-digit card number prefix is returned.
This example shows how an eight-digit card prefix
41111102
 is returned in the transient token response:
"maskedValue" : "XXXXXXXXXXXX1111”,
                        "prefix" : "41111102"
To not receive a card number prefix in the response, follow this step:
Include the
transientTokenResponseOptions.includeCardPrefix
 field in the capture context request, and set the value to
false
.
This example shows how a card number is returned without a card number prefix in the transient token response:
"maskedValue" : "XXXXXXXXXXXX1111"
Best practice:
If your application does not require card number prefix information for routing or identification,
Barclays
 recommends that you include the
transientTokenResponseOptions.includeCardPrefix
 field in the capture context request and set its value to
false
. Doing so limits the exposure of payment data to only what is necessary for your processing needs.
For more information about PCI DSS, see
Frequently Asked Questions
 on the PCI Security Standards Council site.
RELATED TO THIS PAGE