/
15 minute read
September 15, 2023

Program Controls in the Dashboard

The Control Center in Program Controls allows you to manage dashboard options and users, including:

Commando mode

Enable and disable Commando Modes and view Commando Mode control set details.

User profiles

Manage Marqeta Dashboard users by controlling access, viewing and editing user information, adding users, and defining roles.

Audit logs

View audit logs for customer and business records.

ACH management

Enable ACH direct deposit.

PIN reveal

Display cardholder forgotten PINs to them via mobile application.

3D secure

Enable and configure 3D Secure options.

Card products

Create, edit, and view card products.

Commando Mode

If your system cannot respond to a Gateway JIT Funding request, the Marqeta platform can use Commando Mode to make authorization decisions on your behalf based on defined business rules. The Marqeta platform stores any unsent webhooks for later transmission, so that card states and account balances on your system correspond with activity that occurred while Commando Mode was in effect.

Viewing Commando Mode controls

To view current Commando Mode controls:

  • Go to Program Controls > Control center > Commando mode. The current commando mode configurations and their status are displayed.

    Control center

    Is this helpful?

    Yes
    No

Enabling or disabling a Commando Mode control

To enable or disable a Commando Mode control:

  • Go to Program Controls > Control center > Commando mode.

  • Select the toggle button in the Status column for the Commando Mode control to change.

  • In the popup window, enter a reason and select Enable or Disable.

Viewing Commando Mode control information

To view Commando Mode control information:

  • Go to Program Controls > Control center > Commando mode. The enabled by, enable channel, and enable reason are displayed at the top.

  • To enable or disable the current control, select the toggle button, enter a reason in the popup, and select Enable or Disable.

    Commando mode

    Is this helpful?

    Yes
    No
  • Select Details, Control, or Transition History tab to view that information. The information for each tab is described below.

Commando mode control information

Field Description

Last Enabled By

The user who most recently enabled the Commando Mode control set.

Last Enabled Reason

The reason that the Commando Mode control set was last enabled.

Last Enabled Channel

The mechanism that most recently changed the Commando Mode control set’s state: API or SYSTEM

Details

This tab shows details for Protected Funding Sources and Real Time Stand In Info.

Protected funding sources

Field Description

Name

The name of the funding program.

Url

The URL of the gateway endpoint hosted in your environment, to which POST messages are submitted by Marqeta.

Token

The unique identifier of the funding source.

Timeout

Total timeout in milliseconds for gateway processing.

Account

Funding source account.

Created

A timestamp of when this Commando Mode was created in the Marqeta API.

Last Modified

A timestamp of when this Commando Mode was last updated in the Marqeta API.

Real time stand in info

Field Description

Enabled

If true, Commando Mode is automatically enabled by events defined in the real_time_standin_criteria object; if false, Auto Commando Mode is not enabled.

Include Connection Errors

If true, a non-timeout connection error automatically enables Commando Mode when real_time_standin_criteria.enabled is also true.

Include Response Errors

If true, a gateway response slower than 3000 milliseconds automatically enables Commando Mode when real_time_standin_criteria.enabled is also true.

Include Application Errors

If true, an application error (any non-connection, non-timeout error) automatically enables Commando Mode when real_time_standin_criteria.enabled is also true.

Controls

This tab provides information on the velocity control set defined for this Commando Mode control.

Velocity controls

Field Description

Token

The unique identifier of the velocity control set.

Name

The name of the funding program.

Usage Limit

Maximum number of times (between 0 and 100) a card can be used within the time period defined by the velocity_window field.

Approvals Only

If true, only approved transactions are subject to control.

Include Purchases

Indicates whether purchases are subject to control.

Include Withdrawals

Indicates whether ATM withdrawals are subject to control.

Include Transfers

Indicates whether transfers are subject to control.

Include Cashback

Indicates whether cashbacks from a point of sale are subject to control.

Currency Code

The three-digit ISO 4217 currency code: USD or CAD.

Amount Limit

The maximum monetary sum that can be cleared within the time period defined by the Velocity Window field.

Velocity Window

Defines the time period to which the amount_limit and usage_limit fields apply:

  • DAY – one day; days begin at 00:00:00.

  • WEEK – one week; weeks begin Mondays at 00:00:00.

  • MONTH – one month; months begin on the first day of month at 00:00:00.

  • LIFETIME – forever; time period never expires.

  • TRANSACTION – a single transaction.

If set to DAY, WEEK, or MONTH, the velocity control takes effect retroactively from the beginning of the specified period. The amount and usage data already collected within the first period is counted toward the limits.

Active

Indicates whether the program gateway funding source is active.

Auth controls

This table describes the authorization controls defined for this Commando Mode control set.

Field Description

Token

The unique identifier of the auth controls.

Name

The name of the auth controls.

Start Time

The starting time for the auth controls.

End Time

The ending time for the auth controls.

Active

Indicates whether the auth controls are active.

Transition history

This tab provides details for each of the transitions for this Commando Mode control set.

Field Description

Enabled

Indicates the current status of the Command Mode control set.

Reason

The reason the current state of the Commando Mode control set was changed.

Channel

The mechanism that changed the Commando Mode control set’s state: API or SYSTEM

Username

Identifies the user who changed the Commando Mode control set’s state.

Token

The unique identifier of the Commando Mode transition.

Type

The type of transition: enabled or disabled.

Commando Mode Token

The unique identifier of the Commando Mode control set.

Created

The date and time that the transition was created.

Name

The name of the transition.

User profiles

User Profiles allows you to manage access to the Marqeta Dashboard. You can:

  • View user information.

  • Add users and edit user information.

  • Define user roles.

  • Enable and disable users.

  • Impersonate users.

User profile management

Is this helpful?

Yes
No

View user information

To view user information, go to Control center > User profiles. The Users tab lists current users along with the following information:

Column Description

Email

The user’s email address. An invitation to join is sent to this address.

Status

The user’s status: Active or Disabled.

First Name

The user’s first name.

Last Name

The user’s last name.

Org Name

The user’s organization.

Org Type

The type of organization, such as Customer, Bank, or Card Network.

Programs

Programs whose information the user can view.

Role

The user’s role: Viewer or Admin.

Departments

The user’s department within in the organization.

Supplements

Supplemental level of data control for the user, if any: Detail or PII.

Date Created

The date when the user was added.

Date Updated

The most recent date when the user’s information was updated.

Filtering by column

To filter rows by column, enter the sequence of letters you want to filter on in the text box at the top of the column. As you type, the matching rows are filtered dynamically.

Adding users

To add a user:

  • In the Users tab, select Add user.

  • In the popup window, enter the user’s information. For Role, choose a one of the roles, as described in Roles below. For Department, choose one or more described in Departments below.

  • Select Add user. The user receives an email invitation to join.

Note
By default, access to personally identifiable information (PII) is denied. Access can only be granted with accordance to your company and the issuing bank’s privacy and information security policies.

If a user needs access to PII, submit a request to analytics@marqeta.com providing user information along with a brief but complete explanation of why PII access is needed. For example, "Customer service rep needs PII access to resolve customer KYC issues." Users should be granted the lowest level of access required to fulfill their job responsibilities. If you have any questions, contact your Marqeta representative or send your question to analytics@marqeta.com.

Resending an invitation

To resend an invitation:

  • Go to Program Controls > Control center > User profiles, and select the row for the user.

  • In the User profile management pane, select Resend Invite.

Editing a user’s information

To edit a user’s information:

  • Go to Program Controls > Control center > User profiles, and select the row for the user.

  • In the User profile pane, update any of the user’s basic information, or add and remove programs, departments, roles, and supplements as necessary.

  • Select Save.

Enabling and disabling users

To enable or disable a user:

  • Go to Program Controls > Control center > User profiles, and select the row for the user.

  • In the User profile pane, select the Edit icon in the upper-right corner.

  • Select the Status toggle control to change the user’s status and then select Save.

Impersonating a user

If you have the Admin or Support role, you can impersonate some users, as described in Roles below.

To impersonate another user:

  • In Program Controls > Control center > User profiles, select the row for the user.

  • In the User profile pane, select View as <user_name>. The Dashboard as seen by the selected user is displayed, where you can act as that user.

  • When you have finished, select End at the bottom.

Roles

Roles define the privileges that are available to dashboard users. Users can be assigned the following roles:

Column Description

Admin

Can create and modify Viewer and Support accounts with the same domain names as their own, revoke their credentials, impersonate users that they have provisioned, and view reports.

Support

Can view reports and impersonate other users with the Viewer privilege in the same program as their own.

Viewer

Can only view reports.

Departments

The Departments reflect the organization for a typical business. You can assign one or more departments to a user. The following departments are available:

Column Description

Analytics

(Read only) Works with data to interpret patterns and trends to improve business decision-making, reduce fraud, and provide deeper business insights.

Business Development

(Read only) Creates long-term value by interpreting markets, customers, and business relationships.

Compliance

(Read only) Ensures that the organization complies with applicable laws and regulations, helping preserve the organization’s integrity and reputation.

Compliance – Processor Only

An external role for users responsible for managing transaction disputes at Powered By customers.

Compliance – Program Managed

An external role for users responsible for managing transaction disputes at Managed By customers.

Customer Service

Responsible for assisting users with a range of issues that may include suspending accounts, updating billing information, initiating user disputes. Assists customers in making effective use of company products.

Customer Success

(Read only) Proactively ensures that customers successfully and efficiently use the company’s products.

Engineering

(Developer) Researches, designs, and implements the technical development of financial products.

Finance — Other

Manages company finances, including financial planning, auditing, accounting, and produces financial statements.

Finance — Settlement

Ensures that funds transferred between the merchant’s and the card user’s bank are successfully concluded. Additionally, the Settlement team reconciles the daily drawdowns from card networks to internal data to ensure appropriate funds movement and identifies exceptions in internal transactional data.

General

(Read only) Business activities that do not fall within a specific business department.

Human Resources

(Read only) Responsible for employee well-being, including payroll, benefits, hiring, firing, and staying up to date with tax laws.

Legal

(Read only) Provides legal advice on business issues, drafting commercial agreements, ensuring the company complies with applicable laws and regulations, and prepares required legal documents.

Marketing

(Read only) Researches markets and potential customers, promotes the company business, and drives sales of company products and services.

Operations

Manages the strategic and day-to-day production of products and the delivery of services.

Product Management

(Read only) Manages a product through all stages of the product lifecycle, including the people and processes required to produce the product or service.

Program Management

(Read only) Manages several projects with the intention of coordinating diverse efforts and improving the company’s performance.

QA

(Developer) Tests company products and services in order to prevent errors and defects.

Sales

(Read only) Sells company products by building relationships with customers, matching them with the company’s products and services, and providing a direct link between the company’s product or service and its customers.

Audit logs

As information is modified on the Marqeta platform, such as server names, user names, actions are performed, and data updated, these changes are captured and logged to Marqeta’s central logging service. Audit Logs provides a view of these logs to help you trace the details of these actions.

To view audit logs, go to Program Controls > Control center > Audit logs. Audit log records are listed, and include the following information:

Column Description

id

Automatically assigned unique ID for the action.

User Name

The user performing the action.

App Name

The application that logged the action, such as the Marqeta Dashboard or GraphQL.

Record id

The record id associated with the call, if any.

Record Operation

The name of the query or mutation (in the case of GraphQL) or rails action (index, show, create, update, or destroy).

Record Type

The primary business object operated on, such as user or business.

Program

The program shortcode.

Created Time

The time that the action was created.

Remote ip Address

The remote IP address where the action was generated.

User Role

The list of roles for the user performing the action.

Http Status Code

The status code returned by the action.

Http Params

The parameters associated with the request, such as {"first_name":"test","last_name":"test"}.

Event Type

The type of event, such as http_request or graphql_request.

App Server Name

The application server that generated the action.

Http Path

The HTTP path, such as /changepassword or /businesses/search.

Http Method

The http method, such as PUT or POST.

Old Value

The value before the action.

New Value

The value after the action.

Notes

Notes related to the action, if any.

Extra Info

Additional information about the action, if any.

ACH management

Use ACH management to enable direct deposit for an account. To enable direct deposit:

  • Go to Program Controls > Control center > ACH management.

  • Enter the Routing number and Account number prefix.

  • Select Enable.

PIN Reveal

Using PIN Reveal you can display a cardholder’s forgotten PIN to them via your mobile application. With PIN Reveal, the online PIN is less likely to fall out of sync with the PIN stored on the chip because cardholders can reveal their existing PIN instead of resetting it to a new value.

Revealing a cardholder’s PIN requires compliance with PCI DSS data security requirements. If you are not PCI certified, use Marqeta’s Javascript library (marqeta.js) to reveal card details to the cardholder and copy these values to the clipboard for later use. You can also view the cardholder’s PIN.

Enabling PIN reveal

You must first request that Marqeta enable this feature for your program, then explicitly provision PIN Reveal for the program.

To provision PIN reveal:

  • After Marqeta has enabled PIN Reveal for your program, go to Control center > PIN reveal.

  • Move the Provision PIN Reveal toggle to the right to activate.

  • Select Save settings. Once PIN reveal is provisioned, you must explicitly opt-in before the feature becomes active.

Opt in Status shows the current status for the program. Possible values are Disabled, Pending program approval, or Program approved.

Viewing PIN Reveal history

PIN Reveal displays the three most recent events in the upper-right. To view a complete PIN Reveal history for the current program, select View full history.

3D Secure

3D Secure allows you to provide your customers with an added layer of protection against fraudulent online credit and debit card transactions. Supported by most card issuers, 3D Secure requires cardholders to complete an additional verification step with the issuer before a transaction is authorized.

By enabling 3D Secure, you can decrease the number of disputed transactions. 3D Secure boosts customers' confidence and helps you establish greater trust with them. For more information on 3D Secure, see About 3D Secure.

Your customers will verify their transactions using a secure code sent by SMS or email. You can provide a customer support number your customers can call if they have questions or concerns about 3D Secure.

Enabling 3D Secure

Your customers will use a one-time passcode (OTP) to verify their transactions, which requires them to enter a secure code sent by SMS or email.

Home

Is this helpful?

Yes
No

To enable 3D Secure:

  • Go to Program Controls > Control center > 3D secure.

  • Select Enable 3D Secure.

  • Select the messages versions to support for this program. Support for v1.0.2 is required. You can add additional versions to support. Enabling support for versions other than v1.0.2 provides heightened protection against fraudulent transactions, but requires additional integration work to set up. Support of v2.2.0 is for Visa programs only.

  • To provide a customer support number for your customers to call if they have questions or concerns about 3D Secure, enter a complete number including area code.

  • If you want to provide a no-reply email address, enter an unmonitored email address such as noreply@yourdomain.com from the domain your customers typically associate with your brand. If none is provided, noreply@marqeta.com will be used. A verification link will be sent to this address during initial setup.

  • If you would like an issuer logo to appear in the OTP emails your customers receive, select Upload and choose an image file. Supported formats are .png, .jpeg, .tiff, and .bmp. Maximum file dimensions are 47 pixels (height) x 140 pixels (width). Maximum file size is 5 MB.

3D Secure Decision and Result services

Enable this pair of services to allow Marqeta to manage 3DS strong customer authentication (SCA) decisions for your program.

3D Secure Decision service

The 3D Secure Decision Service enables you to configure and implement Marqeta’s 3D Secure decision-making policy instead of developing or hosting your own solution. 3D Secure Decision Service rules determine whether the system applies SCA to an incoming transaction authentication request or exempts it. Enabling this service strikes a balance between your customers' frictionless experience and the risk of fraud.

3D Secure Result service

The 3D Secure Results Service is used to trigger the Marqeta platform to update the result of the cardholder’s SCA challenge. It informs the 3D Secure Decision Service whether or not the strong customer authentication (SCA) has succeeded, which is required to score future transactions by this cardholder more accurately.

To enable 3D Secure Decision and Result services, configure your program attributes by providing a URL and login credentials:

  • Toggle Enable 3D Secure Decision and Result services to the right.

  • For 3D Secure Decision service program attributes, enter the fully qualified domain name (FQDN) of the endpoint where you want event notifications to be sent, for example https://www.yourdomain.com/webhook. The URL cannot exceed 200 characters in length.

  • Enter the username associated with the user authorized to access the endpoint specified in the Endpoint URL field. The username cannot exceed 500 characters in length.

  • Enter a password for the username used to access the endpoint specified by the Endpoint URL field. The password you choose must be between 8 and 500 characters in length.

  • To use the same program attributes for 3D Secure Results service program that you entered for 3D Secure Decision service program, select the Use my 3D Secure Decision service program attributes checkbox. Otherwise, enter the endpoint URL, username, and password.

Advanced authentication service

Enable Advanced authentication services to allow Marqeta to manage 3DS strong customer authentication (SCA) decisions for your program.

  • Toggle Enable Advanced authentication services to the right.

  • Enter the fully qualified domain name (FQDN) of the endpoint where you want event notifications to be sent, for example https://www.yourdomain.com/webhook. The URL cannot exceed 200 characters in length.

  • Enter the username associated with the user authorized to access the endpoint specified in the Endpoint URL field. The username cannot exceed 500 characters in length.

  • Enter a password for the username used to access the endpoint specified by the Endpoint URL field. The password you choose must be between 8 and 500 characters in length.

Card products

Use card products to manage card products that are available to issue from Card Management.

To view or edit card products:

  • Go to Program Controls > Control center > Card products. The list of current products is displayed with the following information.

    Field Description

    Card product name

    The name of the card product.

    Network

    The network associated with the card product.

    Type

    The type of card product: debit, credit, or prepaid.

    Classification

    The classification of the card product: consumer or commercial.

    BIN prefix

    The prefix of the bank identification number (BIN).

    Token

    The card product identifier.

  • To edit a card product, select the row, edit the details, and select Submit for Approval.

To create a new card products:

  • Go to Program Controls > Control center > Card products.

  • Select + Add card product.

Subscribe to our developer newsletter