A default Velocity Limit could be override by Velocity Limit Overrides

The Velocity Limit Override can be done for a specific period using the attributes activationStartTime and activationEndTime

A Velocity Limit Override could change following attributes of the Velocity Limit

• maximumAmount : Allowed maximum cumulated authorization amount
• maximumAmountCheck : Switch indicating whether the cumulated authorization amount of the time period is compared to a maximum or not
• maximumCount : Allowed maximum number of authorizations in the time period
• maximumCountCheck : Switch indicating whether the number of authorizations in the time period is compared to a maximum or not

In our solution each Authorization Restriction Override is identified by an velocityLimitOverrideReference

It is possible to use this reference in order to 

• Retrieve velocity limit override using the API GET /issuers/{issuerId}/accounts/{accountReference}/velocity-limits/{velocityLimitReference}/velocity-limit-overrides/{velocityLimitOverrideReference}
• Update velocity limit override using the API PUT /issuers/{issuerId}/accounts/{accountReference}/velocity-limits/{velocityLimitReference}/velocity-limit-overrides/{velocityLimitOverrideReference}
• Delete velocity limit override using the API DELETE /issuers/{issuerId}/accounts/{accountReference}/velocity-limits/{velocityLimitReference}/velocity-limit-overrides/{velocityLimitOverrideReference}

All the Velocity Limit Overrides which are applied on a Velocity Limit can be retrieved by the API that List velocity limit overrides for velocity limit GET /issuers/{issuerId}/accounts/{accountReference}/velocity-limits/{velocityLimitsReference}/velocity-limits-overrides/

The purpose of a Velocity Limit is to limit a transaction in terms of amount and frequency, e.g. it might be allowed to withdraw 2,500€ per day on POS terminals in Europe

These rules are implemented with an initial customer specific Product setup and are set per default set as blocked or unblocked

The standard Velocity Limits are permanent and can be changed by creating some Velocity Limit Overrides

The standard Velocity Limits for Card Control are

• Cash (ATM, branch, POS)
• eCommerce
• POS
• NFC

Each standard Velocity Limits are set with 

• a minimum amount and a flag, if this amount should be checked
• a maximum amount and a flag, if this amount should be checked
• a maximum counter and a flag, if this amount should be checked

A default velocity limit can further be combined with a country or a region, e.g.

• ATM daily limit in Italy
• ATM daily limit in the European Economic Area (w/o Italy)
• ATM daily limit worldwide (w/o the EEA)

When an account is created, the default Velocity Limits defined on Product level are applied

In order to List velocity limits for account, the API GET /issuers/{issuerId}/accounts/{accountReference}/velocity-limits should be used by providing the issuerId of the Issuer and accountReference identifying the Account

In our solution each Velocity Limit is identified by an velocityLimitReference and it's possible to Retrieve velocity limit using GET /issuers/{issuerId}/accounts/{accountReference}/velocity-limits/{velocityLimitReference} API

A default Authorization Restriction could be overwritten by Authorization Restriction Override.

The Authorization Restriction Override can also be done for a specific period using the attributes activationStartTime and activationEndTime

In order to Create authorization restriction override, the API POST /issuers/{issuerId}/accounts/{accountReference}/authorization-restrictions/{authorizationRestrictionReference}/authorization-restriction-overrides should be used. The overrides is created based on an existing Authorization Restriction which authorizationRestrictionReference needs to be provided.

To block or unblock transactions – in other words to switch on/off a restriction – the attribute conditionCheck is taken into account.

In our solution each Authorization Restriction Override is identified by an authorizationRestrictionOverrideReference

It is possible to use this reference in order to 

• Retrieve authorization restriction override using the API GET /issuers/{issuerId}/accounts/{accountReference}/authorization-restrictions/{authorizationRestrictionReference}/authorization-restriction-overrides/{authorizationRestrictionOverrideReference}
• Update authorization restriction override using the API PUT /issuers/{issuerId}/accounts/{accountReference}/authorization-restrictions/{authorizationRestrictionReference}/authorization-restriction-overrides/{authorizationRestrictionOverrideReference} 
• Delete authorization restriction override using the API DELETE /issuers/{issuerId}/accounts/{accountReference}/authorization-restrictions/{authorizationRestrictionReference}/authorization-restriction-overrides/{authorizationRestrictionOverrideReference}

All the Authorization Restriction Overrides which are applied on an Authorization Restriction can be retrieved by the API that List authorization restriction overrides for authorization restriction GET /issuers/{issuerId}/accounts/{accountReference}/authorization-restrictions/{authorizationRestrictionReference}/authorization-restriction-overrides/

Blocking countries

Card Control allows to block/unblock a single country or a list of countries.

The user needs to overwrite the existing default Authorization Restriction and use the conditionCheck attribute in combination with the conditionParameters attribute the country codes of the countries to be blocked.

For example, for an Authorization Restriction Override created with "conditionCheck":true, "conditionParameters":["004","008", "012"], authorizations from the countries Afghanistan (004), Albania (008) and Algeria (012) are declined.

Geo blocking

Geo Blocking is a functionality that allows the user to control for each Account whether a transaction from a region should be approved and processed or not.

The definition of the regions are part of customer Product setup and by default the following are setup :

• Europe
• North America
• South America
• Africa
• Asia
• Oceania
• Antarctica 
• European Economic Area

The user needs to override the existing default Authorization Restriction associated to one region and use the conditionCheck attribute in order to switch on/off the usage of the card in this region.

Blocking MCC

Merchant Category Code (MCC) Blocking is a functionality that allows to block a single MCC or a list of MCC.

The user needs to override the existing default Authorization Restriction and use the conditionCheck attribute in combination with the conditionParameters attribute the country codes of the countries to be blocked.

For example, for an Authorization Restriction Override created with "conditionCheck":true, "conditionParameters":["7995","7996"], authorizations from the following MCC are declined.

• 7995 Betting (including Lottery Tickets, Casino Gaming Chips, Off - track Betting and Wagers)
• 7996 Amusement Parks, Carnivals, Circuses, Fortune Tellers

The purpose of an Authorization Restriction is to allow or refuse a transaction on an Account based on given rules.

These rules are implemented with an initial customer specific Product setup and are set per default set as blocked or unblocked

The standard Authorization Restrictions are permanent and can be changed by creating some Authorization Restriction Overrides.

The standard Authorization Restrictions for Card Control are to block or unblock of :

• Channels like
  • ATM / cash
  • Card present (POS)
  • Card not present (eCommerce, telephone)
  • Card not present recurring
  • Contactless online (NFC online)
  • Magstripe
• Single country, a list of single countries
• Regions (Geo Blocking)
• Merchant category codes (MCC Blocking)

When an account is created, the default Authorization Restrictions defined on Product level are applied

In order to List authorization restrictions for account, the API GET /issuers/{issuerId}/accounts/{accountReference}/authorization-restrictions should be used by providing the issuerId of the Issuer and accountReference identifying the Account

Each Authorization Restriction is identified by an authorizationRestrictionReference and it's possible to Retrieve authorization restriction using GET /issuers/{issuerId}/accounts/{accountReference}/authorization-restrictions/{authorizationRestrictionReference} API

A temporary credit limit, that extends or reduces the Account credit limit could be defined for credit accounts. In this case, the value of the temporary limit overrides the default credit limit for a selected time range.

In our solution each Temporary Credit Limit is identified by a unique temporaryCreditLimitReference

A temporary credit limit can be:

• created using the Create a temporary credit limit API : POST /issuers/{issuerId}/accounts/{accountReference}/temporary-credit-limits
• deleted using the Create a temporary credit limit API : DELETE /issuers/{issuerId}/accounts/{accountReference}/temporary-credit-limits/{temporaryCreditLimitReference}

The time period of two defined Temporary Credit Limit cannot overlap.

For each account it is possible to list temporary limits using the following API : GET /issuers/{issuerId}/accounts/{accountReference}/temporary-credit-limits

An authorization business case can refer to one or several consecutive Authorizations (for example, a reservation in a hotel with a subsequent confirmation or a purchase with a subsequent cancellation).

In our solution each Authorization Business Case is identified by its unique businessCaseId

The issuer can Retrieve an Authorization Business Case details using the GET /issuers/{issuerId}/accounts/{accountReference}/authorization-business-cases/{businessCaseId} API, by providing the issuerId of the Issuer, the accountReference identifying the Account and the businessCaseId identifying the Authorization Business Case.