- Block bank identification number (BIN) attacks in real time: Detect and block systematic primary account number (PAN) enumeration attempts before a response is returned to the card network.
- Apply velocity-based rules: Configure thresholds for token requestors and devices, and automatically block sources that exceed configurable decline-rate thresholds.
- How RTD fits into the token provisioning flow
- How RTD behaves when it is not operating on full capacity or unavailable
- How to use RTD events to configure risk rules for your program
Prerequisites
RTD for token provisioning requires additional activation steps. To activate it for your program, contact your Marqeta representative. You must also understand the following before using this feature:- Marqeta’s Real-Time Decisioning engine and rule configuration.
- The token provisioning flow for your card network (Visa and/or Mastercard).
How RTD for token provisioning works
RTD is performed before the final decision of a token provisioning request. When a token provisioning is requested, the Token Provisioning service sends aTOKEN_PROVISION_RT event to RTD before returning a response to the card network.
RTD evaluates the request against your program’s configured rules and returns its recommendation.
The Token Provisioning Service incorporates this recommendation into the final response it constructs for the card network.
Token provisioning flow
For Visa and Mastercard provisioning, the Token Provisioning service sends aTOKEN_PROVISION_RT event to RTD for recommendation before finalizing the token provisioning request.
RTD’s recommendation factors into the Token Provisioning service’s final decision — if RTD returns a RISK decision, the token provisioning request is denied.
Token provisioning when RTD is unavailable
RTD for token provisioning does not block a provisioning request if RTD is unavailable. If RTD is unavailable or does not respond within the 100 ms timeout, the Token Provisioning service proceeds as normal and RTD does not affect the provisioning request. Your program does not depend on RTD availability as a mandatory check in the token provisioning flow.How to integrate RTD token provisioning into your workflow
To integrate the RTD token provisioning into your workflow you must write rules and configure decisioning for your program. TheTOKEN_PROVISION_RT event schema defines the fields included in each real-time token provisioning event sent to RTD.
Use this schema for risk rules and configuration.
For the full schema reference, including request and response field definitions, AVS and CVV2 code tables, and Marqeta platform-specific reason codes, see the Token Provision Schema.