Credit card import

Migration from one platform to another is about validating data, and preventing churn.

Upodi will import credit cards on behalf of customers when onboarding to Upodi. There are various ways to import credit cards to Upodi, however we do require strict procedures to comply with PCI DSS compliance.

Upodi provides two routes to importing credit card data:

  • Importing credit cards via your payment service provider (PSP) (ex. Stripe).
  • Importing credit cards via raw credit card data.

Import credit cards via PSP

The most desired route is to import card data via your current PSP. If you are using a platform of system which holds raw credit card data, but integrate an PSP, we highly recommend you to export the card data by tokenization to the PSP and provide Upodi with the tokens in return.

By using the Create payment method API of Upodi, you add each payment token to Upodi, and Upodi will validate the validity of this token, one by one. In addition, Upodi will extract required metadata such as masked card details, expiry and brand to allow Upodi to heal and validate payment methods over time.


High volume of pre-authorizations

When adding cards via this route, Upodi will create a authorization on the token and then an immedate void of this authorization without the capture. This is done to ensure the validity of both the token and the card being used. When importing > 10.000 cards, you will experience a high volume of pre-authorizations against your PSP.

Please consult your PSP as per charges, notification and support of this.

Import credit cards via raw credit card data

Upodi does import raw credit card data on behalf of customers. This is a sensitive task, rendering you as a customer compliant to attest your I) origin of the card data set, II) your intent of using the card data set and III) the consent of each card user for you to use the card data.

A raw credit card data set consist of the PIN information (13-16 digits full card bin, expiration date, and cvc data).

Upodi will require an extended addendum to your contract, and we only operate communications of data via the use of PGP.


Importing raw credit cards

Importing raw credit cards are handled as a project of Upodi and dealt with high sensitivity. We will consult you on the best practices.

Please contact helpdesk to discuss this route of import.

Read more about PGP usage here.

What is PCI DSS

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions.

The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc.

PCI DSS Standards of compliance