We think it’s important to be able to set up the parameters of where and how and with whom cardholders can use their cards, using APIs in real-time. That way you can accommodate rapid change and offer an array of configurations at individual card level. Consider looking for a processor that offers dynamic spend and velocity controls, so you can have power over where a cardholder spends – for example, by country or merchant type (no gaming or alcohol, for example). Or how many times, or how much, cardholders can spend on travel or withdraw from an ATM over a pre-defined time period.

You can layer these controls together. The trick is to set controls that are flexible enough to accommodate cardholder behaviour to ensure a good payment experience, while mitigating fraud in line with your business objectives.

Putting some of these card controls in the hand of the customer is also becoming more commonplace. They may wish to pause e-commerce transactions, ATM or contactless, for example.

A notable case is Monzo including a gambling block option as part of their card controls area. The intention being to give those people with gambling problems the option to completely block gambling transactions.
Large financial institutions are also sitting up and taking note of customer demand for more control of their card. Santander, for example, has launched several new in app capabilities. View PIN, report a card lost or stolen and PIN not working functions have all been added to the app.

We think it’s about detecting fraud as it happens rather than ‘reactive identification’ that reviews transactions after they’ve occurred to spot fraudulent activity. Using machine learning and behavioural analytics to predict, prevent and manage fraud and financial crime, the latest solutions cover things ranging from application, card and payment fraud mitigation to merchant monitoring and anti-money laundering. It’s essential all this is up and running before you launch, as day one is when fraudsters will be testing your systems looking for weaknesses to exploit.

Further information on intelligent and real-time authorisation of transactions can be found in this blog.

 
Your card programme can benefit if you can automate certain processes, access near real-time data, and have the ability to add functionality to the authorisation process. So let’s look at the transaction components that can give you real control over an authorisation.

 
Authorising transactions from Visa and Mastercard means working with the ISO 8583 standard messaging format. But integrating this complex messaging standard into your card programme can be a headache for developers and time-consuming. The good news is that some processors will convert ISO 8583 into a much more user-friendly open JSON message format, eliminating the need for your developers to build an integration altogether. This can free up your resources to focus on building a compelling customer proposition.

 
Who controls decisioning? As mentioned, some processors allow you to define your own rules on their platform and notify you of any breaches. So on top of any 3D Secure solution, you may need some kind of algorithm-based fraud engine at the front end of the transaction-authentication process to score each transaction for potential fraud. If you know there’s a high propensity of cards being attacked in certain merchants in a particular country for example, you can change the rules around decisioning to help minimise the risk.

 
Once a transaction has passed dynamic spend and velocity controls and a fraud-decisioning engine, your processor can authorise on your behalf or, if you prefer, involve you directly in the decision using just-in-time (JIT) gateway functionality (Marqeta’s version of external authorisation.) This gives your card programme the ability to approve or decline a transaction using real-time business logic.

As an existing or prospective card programme owner, how do you bring the real-time experience to life? At Marqeta, there are a number of ways we’re helping to support this, including through the use of webhooks and by allowing three seconds for authorisations. Our blog provides more detail here.

 
Ever used the wrong CV2 code making a purchase online? One challenger bank uses their real-time authorization data to help their customers transact by reaching out with in-app notifications. Should you key in the wrong details with a merchant you’ll be told why the transaction was declined and prompted to check your CV2 in the app.

 
Once a transaction decision has been made, it can be useful to update your cardholders. For example, you might want to confirm their purchase (from a fraud mitigation perspective), or tell them why their transaction was declined, or simply help them understand their spending habits. Using real-time information in this way can help you provide the best possible real-time user experience – which we believe to be an essential ingredient in any successful modern card programme. With the increased regulatory requirements from the second Payment Services Directive (PSD2), customers will need to authenticate their transactions much more often so using this real-time information can become more important to provide seamless customer experience.