Skip to content
Create account
 or
Sign in
The Stripe Docs logo
/
Create account
Sign in
Overview
Products
Issuing cards
Manage money

Virtual cards with Issuing

Learn about virtual cards created with Issuing.

Copy page

You can retrieve or display virtual card details through the Dashboard, the API, or by using Issuing Elements. PCI-DSS rules protect cardholder data, and not all methods of card information retrieval are PCI-DSS compliant.

Create virtual cards

You can create virtual cards using the Dashboard or the Cardholders API. For details about how to create a cardholder, create a card, and activate a card, see Create virtual cards.

After you create a virtual card, it’s generated immediately and is available for use.

Display virtual card details to cardholders

You can use Issuing Elements to display virtual card details to your cardholders without this information passing through your servers. This method is fully PCI-DSS compliant, and we recommend it for most Issuing users. Stripe offers Issuing Elements as a part of Stripe.js.

Retrieve virtual card details

For PCI-DSS compliance, we recommend limiting retrieval of virtual card information to the Dashboard or Issuing Elements. If you use the API to retrieve card information, or if you export virtual card information from the Dashboard, store it in a password manager or otherwise encrypt it.

You can retrieve both the full unredacted card number and CVC from the API. For security reasons, you can only use these fields with virtual cards in live mode, and we omit them unless you explicitly request them with the expand property. You can only retrieve these fields for physical cards in test environments. Additionally, you can only access them through the Retrieve a card endpoint.

Command Line
curl -G https://api.stripe.com/v1/issuing/cards \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -d "expand[]"=number \
  -d "expand[]"=cvc

Details about PCI-DSS

If you’re generating virtual cards for your own use, you’re not required to attain PCI-DSS compliance for Issuing activity. If you’re generating virtual cards for use by your users, you might be considered a Service Provider under PCI-DSS rules. Service Providers must be PCI-DSS compliant.

If you accept payments through Stripe, read more about your PCI-DSS obligations. These obligations are in addition to requirements noted above.

Digital wallet support

Digital wallets support Stripe-issued virtual cards. A cardholder can add a representation of your virtual card to their digital wallet for Apple Pay, Google Pay, or Samsung Pay. Because of market variations, the lead times for digital wallets vary depending on region and might require partnering with Stripe. See Stripe Support for more details.

Cost per virtual card

Virtual cards are 0.10 USD each in the US, 0.10 GBP in the UK and 0,10 EUR in the EU.

Was this page helpful?
YesNo
Need help? Contact Support.
Join our early access program.
Check out our changelog.
Questions? Contact Sales.
LLM? Read llms.txt.
Powered by Markdoc