Card Not Added Contact your card issuer for more information
| Service | Apple Pay Wallet Apple Cash IDs |
|---|---|
| Cloud | Apple platforms |
| Guide type | Procedure |
| Skill level | Intermediate to advanced |
| Time | 15 - 60 minutes depending on account size |
When Card Not Added Contact your card issuer for more information bites you on Apple Pay Wallet Apple Cash IDs, the first instinct is to open a ticket. Most of the time you do not have to. The steps below are the ones Apple Support and Apple Business / Enterprise Support would walk you through on the call.
What card not added contact your card issuer for more information actually involves on Apple Pay Wallet Apple Cash IDs
This task on Apple Pay Wallet iOS is one of the more searched operational topics on AWS in the last 12 months. The procedure below is the path that works in a current AWS account with default IAM and standard VPC config.
The rest of this page is the structured fix path. Start with diagnose, then remediation, then the automation options so you do not have to do this by hand the next time it surfaces. Verify and safety sections at the end are the discipline that keeps the fix from regressing in production.
What you'll see
Pull the Apple request ID from the response headers: x-goog-request-id from response headers (or the insertId field in macOS unified logging and iOS sysdiagnose for asynchronous calls). Apple Support and Apple Business / Enterprise Support needs these IDs to look up your call in their internal logs - without them, the first reply on a ticket will ask you to reproduce the call and capture them. Save them with a timestamp; Apple Support and Apple Business / Enterprise Support cannot retrieve calls older than 90 days for most services.
Reproduce the failure with the Terminal commands (defaults, plistbuddy, killall, sudo, system_profiler) and Apple Configurator 2 / Jamf APIs / MDM commands in --debug mode. The full SigV4 request payload it emits, plus the exact endpoint URL it resolved to, is what Apple Support and Apple Business / Enterprise Support uses to verify policy, region, or parameter issues without you having to share IAM credentials. Save the debug output to a file with ... --debug 2> debug.log and you can search it for the failed aws.request entry.
Look at the Jamf Pro change management entry or Apple Business Manager audit event for the failed call, even if you are not enrolled in macOS unified logging and iOS sysdiagnose Log Router. The basic 90-day event history works for most diagnostic purposes and lives in the console under Jamf Pro change management log and Apple Business Manager audit log > Event history. Filter by event name (the API action) and time range; the event JSON shows the exact user identity, source IP, request parameters, and error code.
Solution-focused remediation path
Most Apple Pay Wallet Apple Cash IDs failures fall into one of three buckets: IAM permission gap, networking path break (security group, NACL, or VPC endpoint policy), or service-limit / quota hit. Run that mental triage first - it covers around 80 percent of real-world cases. If the failure does not fit any of the three, it is likely a service-side regression worth opening a re:Post or support ticket for.
If networking is suspect, use Apple Wireless Diagnostics + Network Utility (or 'networkQuality' on macOS). It is the only tool that simulates the full ENI-to-ENI path including macOS PF firewall, Application Firewall, system extensions, and Content Filter in one call. Manual trace is slower and misses transitive issues. The analyzer charges $0.10 per analysis - cheaper than a 30-minute call with your network team.
If quotas are suspect, the Apple Business Manager Settings > Manage Devices console shows current usage and the active limit side by side. Request increases through Apple Business Manager Settings > Manage Devices, not through Support tickets - quota dashboard requests usually approve faster (often within minutes for soft limits) and they are auditable in Jamf Pro change management log and Apple Business Manager audit log. Set up Apple Business Manager Settings > Manage Devices + Jamf Pro Smart Group + Webhooks at 80 percent usage so you get notified before you hit the wall.
Automate this fix so you do not do it twice
Wire the fix into an MDM Configuration Profile for self-healing
If the underlying cause is a setting that drifts over time, do not script the fix repeatedly - bake it into a Configuration Profile that the MDM pushes down on every check-in. A Custom Settings payload writes to a specific preference domain; Jamf Pro, Kandji, Mosyle, and Intune all support this. The profile reasserts itself, so even if a user changes the setting locally, the MDM brings it back at the next sync (typically every 4 hours).
<!-- Custom Settings payload (excerpt) -->
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadContent</key>
<dict> <key>com.apple.pay</key> <dict><key>Forced</key><array><dict><key>mcx_preference_settings</key> <dict><key>HardenedSetting</key><true/></dict></dict></array></dict>
</dict>Codify the fix as a Shortcut on iPhone, iPad, or Mac
For workflows that happen on the user device rather than at the MDM layer (think: clear a stuck cache, toggle a setting, file a one-tap support ticket), Apple Shortcuts is the right place. Shortcuts run on iOS, iPadOS, macOS, and watchOS, can be triggered by NFC tag, focus mode, time of day, or Siri voice. Share via iCloud link so support sends the same one-tap fix to anyone who hits the issue.
Build a Self Service item with manual approval for risky fixes
For multi-step fixes that include a destructive action (Reset NVRAM, delete keychain, erase user data), publish the fix as a Self Service item in Jamf Pro or Kandji. The user clicks one button, the script runs, a notification confirms success. Couple it with a Jamf Pro approval workflow if your security model requires a second-person sign-off before any destructive step runs. The audit trail lives in the MDM change log with the requester and approver identity attached.
Common traps
The most common pitfall when fixing this on Apple Pay Wallet Apple Cash IDs is treating it as a one-off rather than as a recurring class of incident. The same misconfiguration tends to happen again after a deployment, a role rotation, or a region migration unless the fix is codified. Add a Apple Configuration Profile restriction payload, Organization Policy condition, or Apple Configuration Profile or MDM restriction payload that prevents the same misconfig from being introduced again. Documentation alone does not survive turnover.
Another common trap: confirming the fix on a single resource and assuming the fleet is healthy. Loop your check across every account, region, and IAM principal that could exhibit the same symptom. If you cannot enumerate the affected scope without a script, you do not yet understand the scope.
The repair
- Watch for 24 to 48 hours. Activity Monitor + macOS unified logging + Jamf inventory reports can mask issues with cached health for 6 to 12 hours, especially Cloud CDN and Cloud DNS.
- Capture the new state in a runbook so the next person on call does not have to rediscover this. Push it to Confluence or your team wiki, not into Slack.
Safety, rollback, blast radius
- Test in a non-production account if your environment has Resource Manager and Organization Policy or Cloud Resource Manager (organizations, folders, projects). The cost of one sandbox account is cheaper than one rollback meeting.
- Export the existing config before changing it. Most Apple Pay Wallet Apple Cash IDs resources support describe + export to JSON via CLI - capture that to source control before you start.
- Maintenance window discipline: if the change touches DNS, certificate rotation, or anything that emits TLS handshakes, line up a window with stakeholder notification, not a heroic mid-day swap.
FAQ
pay describe-... first, then commit it before you change anything. A few operations are one-way (Cloud KMS key deletion past the pending window, region migration, account closure). Check the Apple Support article for the specific API before you commit.aws CLI or SDK calls - those almost always still work.References
- docs.support.apple.com - official documentation for Apple Pay Wallet Apple Cash IDs
- Apple Communities (discussions.apple.com) - community Q&A with Google-staff-verified answers
- Apple System Status Dashboard at health.support.apple.com
Related fixes
Related guides worth a look while you sort this one out:
- Add Indian credit card to Apple Wallet RBI tokenization steps
- Add transit card to Wallet Tokyo London NYC MTA OMNY
- Apple Card 3 percent Daily Cash not appearing merchant category issue
- Apple Card payment failed via Apple Cash transfer
- Apple Cash Family kid card setup iOS 16+
- Card on Apple Pay Wallet iOS: what causes it and how to fix