How To

Sending PAN in reference fields for PIS APIs?

Overview:

The purpose of this page to share informative message with TPPs to make them aware that for PCI DSS compliance reasons, they should use PAN, in a standard format in the free text fields, for legitimate business use cases e.g. credit card payments. Nationwide expects the PAN in the reference fields only for the legitimate business uses cases ex, Credit Card Payment.

Conclusion :  

Please only supply a PAN in the required field when making a payment to a credit card

 Impacted Endpoints :

• POST/domestic-payment-consents
• POST/domestic-payments

Reference fields :

Field 1 :CreditorAccount/SecondaryIdentification
Field 2 :RemittanceInformation/Reference