Product Overview
Full capabilities matrix, OCT and AFT deep-dives, eligibility, status check, balance check, and card tokenization
Capabilities Matrix
| Capability | VISA Direct | MasterCard Send 2.0 | Description |
|---|---|---|---|
| OCT — Push Funds to Card | ✅ | ✅ | Credit funds to a debit/credit/prepaid card in real-time |
| AFT — Pull Funds from Card | ✅ | ❌ | Debit funds from a card (requires 3DS authentication) |
| Eligibility Check | ✅ | ✅ | Verify if a card can receive/send funds before transacting |
| Transaction Status Check | ✅ | ✅ | Query network for final status of a submitted transaction |
| Transaction Reversal | ✅ (AFT only) | ❌ | Reverse a pull transaction within the reversal window |
| Cross-Border Transfers | ✅ | ✅ | Multi-currency international transfers |
| Card Tokenization | ✅ | ✅ | PCI-compliant tokenization to avoid raw PAN handling |
| Message Level Encryption | ✅ (V2 APIs) | ✅ (JWE) | Handled transparently by the platform |
Unified API
The platform exposes unified API endpoints that automatically route to the appropriate network (Visa or Mastercard) based on the card BIN or explicit networkType parameter. Partners do not need to call different endpoints for different networks.
OCT (Push to Card)
What is OCT?
An Original Credit Transaction (OCT) pushes funds from the acquirer (sponsor bank / partner) to a recipient's card account. The recipient sees the credit on their card statement. Primary use cases:
- Disbursements (payroll, insurance, lending)
- P2P transfers
- Credit card bill payments
- Cross-border remittances
- Merchant refunds
Business Application IDs
Each OCT must carry a Business Application ID (BAI) that identifies the use case to the network. This determines applicable rules, limits, and fee programs.
| Code | Name | When to Use |
|---|---|---|
AA | Account to Account | Default — generic credit to card. Internal transfers at the same institution. |
CP | Card Bill Payment | Paying a credit card bill. Recipient is the credit card being paid. |
PP | Person to Person | P2P money transfer between individuals. |
FD | Funds Disbursement | Corporate/institutional disbursement — payroll, insurance, marketplace payouts. |
MD | Merchant Disbursement | Merchant-initiated disbursement — refunds, loyalty cashback. |
TU | Top Up | Loading/reloading a prepaid card or PPI. |
GD | Government Disbursement | Government-to-citizen transfers — subsidies, tax refunds. |
LO | Loan/Cashback | Loan disbursement directly to a borrower's card. |
MP | Merchant Payment | mVisa face-to-face QR merchant payment. |
CO | Cash Out | mVisa agent cash-out. |
CI | Cash In | mVisa agent cash-in. |
Choosing the Right BAI
| Scenario | Recommended BAI | Network | Notes |
|---|---|---|---|
| Company paying employee salary to their debit card | FD | Visa / Mastercard | Funds Disbursement |
| Customer paying their credit card bill | CP | Visa | Card Bill Payment — specific to credit card bill pay |
| Individual sending money to a friend's card | PP | Visa / Mastercard | Person to Person |
| Insurance company paying claim to policyholder | FD | Visa / Mastercard | Funds Disbursement |
| E-commerce marketplace paying seller | MD | Visa / Mastercard | Merchant Disbursement |
| Government paying subsidy to citizen | GD | Visa | Government Disbursement |
| Loading a prepaid wallet/card | TU | Visa | Top Up — for prepaid instruments |
| NBFC disbursing loan amount to borrower's card | LO | Visa | Loan Disbursement |
| Cross-border remittance to family member | PP or FD | Visa / Mastercard | P2P or Funds Disbursement depending on originator type |
| QR code payment at merchant | MP | Visa (mVisa) | Merchant Payment |
OCT Transaction Flow
Cross-Border OCT
For cross-border use cases, the platform supports:
- Multi-currency: Transaction currency set based on the recipient's country code via
CurrencyCodemapping. - Visa FX Rates: Visa performs currency conversion using their published exchange rates.
- Sender/Recipient Information: Additional sender details (address, country, state, postal code) required for cross-border compliance.
AFT (Pull from Card)
What is AFT?
An Account Funding Transaction (AFT) pulls (debits) funds from a sender's card account. Used when a partner needs to fund an account (PPI, wallet, bank account) using the customer's card.
3DS Required
AFT always requires 3D Secure (3DS) authentication because the cardholder must authorize the debit from their card. The CAVV (Cardholder Authentication Verification Value) obtained from 3DS must be passed in the AFT request. Only supported on VISA Direct.
AFT Use Cases
| Use Case | Description | 3DS Required |
|---|---|---|
| PPI Loading | PPI issuer pulls funds from customer's debit/credit card to load their prepaid instrument | ✅ |
| Wallet Top-Up | Digital wallet pulls funds from linked card | ✅ |
| Account Funding | Fund a bank/investment account by debiting a card | ✅ |
AFT with 3DS Authentication Flow
Payer-Payee Structure in AFT
AFT uses a nested block structure for clear separation between payer (customer) and payee (partner):
| Block | Role | Contains |
|---|---|---|
payer | Customer whose card is debited | cardNumber, expiryDate, name, email, phone, address |
payee | Partner/PPI receiving funds | cardNumber (account), name |
transaction | Transaction details | amount, currency, externalTransactionId, description |
authentication | 3DS authentication proof | cavv, eci, threeDsToken, method |
Internal Visa API Mapping
The platform automatically maps the nested structure to Visa's flat AFT API:
| Partner Field | Maps To Visa Field |
|---|---|
payer.cardNumber | senderPrimaryAccountNumber |
payer.expiryDate | senderCardExpiryDate |
payer.name | senderName |
payer.address.* | senderAddress, senderCity, etc. |
authentication.cavv | cavv or tavv |
payee.cardNumber | recipientPrimaryAccountNumber |
payee.name | recipientName → cardAcceptor.name |
AFT Configuration Defaults
| Parameter | Value | Source |
|---|---|---|
| MCC | 6540 (default) | visa.aft.pull.mcc config |
| Account Type | 10 | visa.aft.pull.account.type config |
| POS Data Code | 10 | visa.aft.pull.pos.data.code config |
| POS Condition Code | 59 (Electronic Commerce) | visa.aft.pull.pos.condition.code config |
| Reversal Window | 24 hours (default) | the platform reversal window setting config |
Eligibility Check
Purpose
Before initiating any OCT or AFT, it is strongly recommended (and in some cases mandatory) to verify that the destination/source card is eligible for the transaction type on the respective network.
What Eligibility Returns
| Field | Description |
|---|---|
eligible | Boolean — whether the card can participate |
cardType | D (Debit), C (Credit), P (Prepaid) |
issuerName | Name of the card issuing bank |
issuerCountry | Country of the issuer |
currencyCode | Account statement currency |
pushEligible | Whether OCT (push) is allowed |
pullEligible | Whether AFT (pull) is allowed |
moneyTransferPushFundsDomestic | Domestic push funds eligibility |
moneyTransferFastFundsDomestic | Fast Funds availability (< 30 seconds) |
accountFundingTransactionDomParticipant | AFT domestic eligibility (Visa) |
accountFundingTransactionXbParticipant | AFT cross-border eligibility (Visa) |
Eligibility by Network
API: Funds Transfer Attributes Inquiry
Key Parameters: PAN, Acquirer Country Code, Acquiring BIN
Returns pushEligible, pullEligible, additionalDetails with AFT participant flags and money transfer capability flags. Card type returns full strings: DEBIT, CREDIT, PREPAID.
API: Transfer Eligibility
Key Parameters: Recipient Account URI (pan:<number>), Payment Type, Acquiring ICA, Transfer Acceptor ID
Returns fundsAvailability, card type with legacy short codes (D, C, P). paymentType (BAI) is set internally based on business configuration — it is not a direct API request parameter.
Transaction Status Check
Why Status Check is Needed
When a transaction results in a timeout or receives a PENDING status, the partner must query the network to determine the final outcome before taking any action.
Always check on timeout
If the response actionCode is 91, 92, or 96, or shortMessage is RESOURCE_ERROR, you must call the Status Check API. Do not assume success or failure.
Status Check by Network
API: Transaction Query API
Key Lookup Fields: Acquiring BIN, STAN, RRN, Transaction date range
API: Payment Search API
Key Lookup Fields: Payment Reference (transaction ID from original request)
Possible Status Outcomes
| Status | Meaning | Action |
|---|---|---|
APPROVED | Transaction was successful | Credit the recipient (OCT) or confirm debit (AFT) |
DECLINED | Transaction was rejected | Do not process. Return failure to partner. |
PENDING | Transaction is still processing | Retry status check after some time |
Auto-Status Resolution
The platform supports configurable auto-status polling:
- Max fetch limit: Configurable via
max.txn.fetch.from.networkbusiness custom field - Auto-failure timeout: If a transaction remains in PENDING beyond a configurable time limit (
network.fetch.txn.max.failure.time), it is automatically marked as DECLINED
Balance Check (Prefunded Partners)
Prefunding Model
Some partners operate on a prefunded model where they deposit funds into a pool account managed by the sponsor bank. Before authorizing an OCT, the system checks if the partner's pool has sufficient balance.
The balance check is performed by the pool balance checker in the CardPay Core module.
Card Tokenization
Overview
For PCI DSS compliance, the platform provides a card tokenization service that allows partners to:
- Capture card details via a secure widget (React/JS) without exposing raw PAN to partner systems
- Receive a short-lived token representing the card
- Use the token in subsequent API calls (Eligibility Check, OCT, AFT)
Token Characteristics
| Property | Value |
|---|---|
| Token TTL | 15 minutes (default) |
| Usage | Single-use (consumed on first successful transaction) |
| Storage | Encrypted in Redis cache (Auth Service service) |
Token Types
| Value | Meaning |
|---|---|
"01" | M2P-generated card token (PCI DSS tokenized by M2P) |
"02" | Network-generated card token (e.g., Visa VTS / Mastercard MDES) |
"03" | Clear card number — partner is PCI DSS certified |