{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://ucp.dev/2026-04-08/schemas/shopping/types/card_credential.json", "title": "Card Credential", "description": "A card credential containing sensitive payment card details including raw Primary Account Numbers (PANs). This credential type MUST NOT be used for checkout, only with payment handlers that tokenize or encrypt credentials. CRITICAL: Both parties handling CardCredential (sender and receiver) MUST be PCI DSS compliant. Transmission MUST use HTTPS/TLS with strong cipher suites.", "allOf": [ { "$ref": "https://ucp.dev/2026-04-08/schemas/shopping/types/payment_credential.json" }, { "type": "object", "required": [ "type", "card_number_type" ], "properties": { "type": { "const": "card", "description": "The credential type identifier for card credentials." }, "card_number_type": { "type": "string", "enum": [ "fpan", "network_token", "dpan" ], "description": "The type of card number. Network tokens are preferred with fallback to FPAN. See PCI Scope for more details." }, "number": { "type": "string", "description": "Card number.", "examples": [ "4242424242424242" ] }, "expiry_month": { "type": "integer", "description": "The month of the card's expiration date (1-12)." }, "expiry_year": { "type": "integer", "description": "The year of the card's expiration date." }, "name": { "type": "string", "description": "Cardholder name.", "examples": [ "Jane Doe" ] }, "cvc": { "type": "string", "maxLength": 4, "description": "Card CVC number.", "examples": [ "223" ] }, "cryptogram": { "type": "string", "description": "Cryptogram provided with network tokens.", "examples": [ "gXc5UCLnM6ckD7pjM1TdPA==" ] }, "eci_value": { "type": "string", "description": "Electronic Commerce Indicator / Security Level Indicator provided with network tokens.", "examples": [ "07" ] } } } ] }