/
10 minute read
June 30, 2022

Building Your Powered By Marqeta Card Program

With Powered By Marqeta (PxM) card program configuration, Marqeta assists with certain configuration elements, then enables you to use the platform independently.

This page summarizes the processes and requirements for hosting a Powered By Marqeta program.

Launching a PxM program

With Powered By Marqeta configuration, you and Marqeta share responsibilities throughout the lifetime of your card program. The table below lists the primary tasks related to launching a Powered By card program.

What You Are Responsible For What Marqeta Is Responsible For
  • Defining Bank Identification Number (BIN) configuration with the card network/scheme

  • Approving and managing the program with the card network/scheme

  • Approving and managing the program with the issuing bank

  • Ensuring program compliance with regional regulations

  • Ensuring program compliance with bank and card network mandates

  • Configuring the customer processing environment

  • Configuring funding methodology

  • Configuring webhooks

  • Issuing and fulfilling cards

  • Managing Know Your Customer (KYC)

  • Managing card inventory and fulfillment providers

  • Managing tokenization with the card network

  • Engaging with the digital wallet providers

  • Reconciling with the card network

  • Monitoring transactions (fraud, anti-money laundering, etc.)

  • Managing disputes

  • Providing access to Marqeta APIs to ensure core functionality for integration

  • Processing card network/scheme events (authorization, clearing, etc.)

  • Processing real-time authorization requests from the network and responding within allotted time to secure successful transactions

  • Processing network clearing events daily and distributing events to webhooks in order to complete ledger events and aid reconciliation

  • Providing Tier II technical support

  • Sending daily card network reporting files to the issuing bank

  • Sending crucial webhooks information to keep your system synced with Marqeta

  • Providing JIT requests to process customer responses into network-specific approval

  • Queuing and transmitting daily card orders to the card vendor

  • Providing Commando Mode solutions when customer JIT fails to improve authorization rates

  • Hosting and configuring a Three-Domain Secure (3DS) authentication platform to secure ecommerce transactions

  • Hosting and configuring a tokenization solution to manage tokens and digital wallet payments

  • Providing access to Marqeta Dashboard to complete core customer service functionalities for cardholders

  • Providing fraud monitoring rules and solutions to enhance risk management

During your integration with Marqeta, you or a third party need(s) to stand-up and build infrastructure to process notifications and interactions with the Marqeta API. The minimum requirements for an integration with Marqeta are outlined below.

  • A webhook endpoint that receives and parses all events and responds with a 200 response within five seconds of acknowledging an event receipt. Data sent to the endpoint supports direct reconciliation and ledger management.

  • A SSH File Transfer Protocol (SFTP) server that Marqeta’s SSH key can access, which allows Marqeta to place an encrypted settlement file on the server. You must provide a GNU Privacy Guard (GPG) key to complete reconciliation. Settlement files are sent to the server on a daily basis.

  • A platform that manages your card program through Marqeta’s APIs, such as card products, velocity controls, and Commando Mode (if applicable).

  • If your program includes Just-in-Time (JIT) Funding, a gateway endpoint that receives Gateway JIT requests and provides responses that approve or decline authorizations within a three-second time window.

Sales process

Your contact with Sales begins with the Marqeta Sales Development representative who inquires about your use case to determine if there is a fit with the Marqeta platform.

Sales Process Step 1 — Sales engagement

You will be introduced to a Business Development representative who will start a pricing and feasibility assessment.

Sales Process Step 2 — Sales engineering consultation

Engaging with a Sales Engineer provides a solid starting point for integrating with the Marqeta platform.

The level of detail your Sales Engineer goes into here depends on the nature and complexity of the card program you are developing. Typical outcomes include:

  • Understanding and scoping your card program to provide you with an overview of how Marqeta’s products and capabilities can best serve you.

  • Being your development team’s initial point of contact for all technology and product questions.

This is a great opportunity to benefit from Marqeta’s in-depth expertise and established best practices while getting started.

A final agreed-upon card program configuration is documented in a Statement of Work in Sales Process Step 3 as you move through the onboarding process.

Sales Process Step 3 — Proposal / SOW

Marqeta generates a proposal or Statement of Work (SOW) that provides clarity and transparency to the engagement. The SOW describes the card program configuration, as well as the responsibilities of both parties, the associated pricing, and the project timeline.

Sales Process Step 4 — Signed contract

Marqeta prepares a Master Service Agreement (MSA) based on the SOW. After you and Marqeta have signed the MSA, the due diligence and integration verification processes begin.

Due diligence

Before you can operate in the payments space with Marqeta, Marqeta must collect information about your business to assess your company’s practices and overall health in a process known as due diligence. The due diligence process gives Marqeta context about your company and your program, including legal documents (e.g., articles of incorporation), financial statements, and policies/procedures (e.g., information security policy). Your Marqeta Delivery representative will elaborate on your due diligence documentation requirements during the onboarding process.

Integration verification

Marqeta drives your integration by gathering key data points about your program that describe how you will leverage the Marqeta platform to build your card program and serve your customers. It’s vital that you review these data points to confirm their accuracy.

Marqeta provides best practices and ways to resolve potential issues so you can configure the Marqeta platform to best solve your business needs.

Integration Verification Step 1 — Technical advisement

As you set up your integration with the Marqeta platform, your Marqeta Delivery representative will provide customized recommendations for your card program.

Integration Verification Step 2 — Private sandbox access

Marqeta provisions your private sandbox environment, provides you with access keys, and adds your system’s IP addresses to the allow list. If you need to use Payment Card Industry (PCI) compliant widgets or the Marqeta.js library, Marqeta provisions them for you at this time.

Integration Verification Step 3 — Onboarding checkpoints

Throughout the early stages of the development process, your Marqeta Delivery representative holds weekly onboarding checkpoint meetings with you and other stakeholders. In addition, you will be invited to a private Slack channel where your questions will be answered by directing you to relevant documentation.

During this time, you should be creating the basic components of your card program. You are responsible for the following common tasks:

  • Creating and configuring card products

  • Creating and managing users

  • Creating and managing cards

  • Creating and managing spend controls at the card product level

  • Creating and managing controls at the user and card level

Integration Verification Step 4 — Simulating transactions

Marqeta expects you to be able to simulate core transaction endpoints within the simulation suite and provide evidence that you can appropriately approve and decline transactions through Just-in-Time (JIT) Funding.

For more information, see Users, Cards, and Simulating Transactions.

Integration Verification Step 5 — Just-in-Time (JIT) Funding review
Note
A JIT Funding review is only required for card programs that include JIT funding.

After you successfully pass your first card program review, you are ready to start migrating your code to your production environment.

Integration Verification Step 6 — Go live

Marqeta has provided you with production credentials to transition your card program configuration to a live environment.

As referenced in the signed contract, your card program configuration is now considered to be in "go live" state.

Integration Verification Step 7 — Live testing

Your Marqeta Delivery representative will assist you with performing User Acceptance Testing in your live environment, focusing on authorizing and clearing transactions. Once both parties are adequately satisfied, your card program configuration will be ready for launch.

Security verification

For all Marqeta customers, security is viewed as an ongoing relationship rather than a one-time check. As part of the integration verification, Marqeta’s Security Team scans your environment to confirm a secure connection and to highlight any risks that need to be resolved. You supply the Marqeta Security Team with production IP addresses. The Marqeta Security Team performs a security scan of your environment within two business days.

  • If the scan is successful, your production IP addresses are added to the Marqeta firewall.

  • If vulnerabilities are discovered, Marqeta will provide you with corrective measures and guidance on the specific changes you need to make to secure your environment. Contact Marqeta to repeat the security scan after applying these measures.

Launch

Your card program is live, and you are ready for launch. In preparation for launch, customers typically opt for testing with a friend or family member, or with limited beta, as they start to see real cardholders use the system. After a successful beta period, customers ramp to their wider target market. Once you are in production, you can look to scale and extend your offerings with risk control and 3D Secure.

Join our developer newsletter