Mastering Virtual Card Issuance in 5 Steps

▶ Watch the 60-second version on YouTube

Virtual Cards: The New Age of Payments

Virtual card issuance is revolutionizing how businesses handle payments, providing enhanced security and control. By integrating with APIs like Stripe Issuing, Lithic, and Marqeta, you can quickly spin up virtual card programs tailored to your business needs. Here's how to master virtual card issuance in five concise steps.

Step 1: Setting Up Your Stripe Issuing Account

Before diving into the API calls, ensure you have a Stripe account with Issuing enabled. Navigate to the Stripe Dashboard, and find the Issuing section to manage your program.

Creating an Issuing Card

The first step in issuing a virtual card is creating a card object. You’ll need to specify the cardholder and any spending controls. Here’s a sample API call to create a virtual card:

import stripe

# Initialize Stripe with your secret key
stripe.api_key = 'your_secret_key'

# Create a cardholder first
cardholder = stripe.Issuing.Cardholder.create(
    name="Jane Doe",
    email="jane.doe@example.com",
    type="individual",
    billing={"address": {"line1": "123 Main St", "city": "San Francisco", "state": "CA", "postal_code": "94105", "country": "US"}},
)

# Now create a virtual card
card = stripe.Issuing.Card.create(
    cardholder=cardholder.id,
    currency="usd",
    type="virtual",
    spending_controls={
        "allowed_categories": ["business_services"],
        "blocked_categories": ["gambling"],
        "spending_limits": [{
            "amount": 10000,
            "interval": "monthly",
        }],
    },
)

print(f"Created virtual card: {card.id}")

Step 2: Implementing Spending Controls

Spending controls are crucial in managing how virtual cards are used. In the example above, we set spending limits and allowed categories. You can modify these controls dynamically to respond to business needs. Remember that controls apply at the card level, which allows for flexibility.

Non-Obvious Gotcha

One common pitfall developers encounter is misunderstanding the "allowed_categories" and "blocked_categories" parameters. These are not mutually exclusive; you can have overlapping categories but the card will behave according to the strictest rule. For example, if you allow "business_services" but block "travel," and a merchant is categorized as both, the transaction will be blocked. Always validate the merchant category codes (MCC) for potential overlaps.

Step 3: Monitoring Transactions

Once your virtual card is active, monitoring transactions becomes critical. Stripe provides webhooks to notify your application of events such as successful transactions or chargebacks. Setting up webhooks will allow your application to react in real-time.

# Sample curl command to set up webhooks
curl https://api.stripe.com/v1/webhook_endpoints \
  -u sk_test_your_secret_key: \
  -d url=https://yourdomain.com/webhook \
  -d enabled_events[]=issuing.transaction.created \
  -d enabled_events[]=issuing.transaction.updated

Step 4: Integrating with Other APIs

To enhance your virtual card solutions, consider integrating with other platforms like Lithic or Marqeta. For instance, if you want to leverage advanced features like instant card issuance or additional fraud detection, these platforms offer rich APIs. Here’s how you can issue a virtual card using Lithic:

import requests

# Lithic API endpoint to create a virtual card
url = "https://api.lithic.com/v1/cards"
headers = {
    "Authorization": "Bearer your_lithic_api_key",
    "Content-Type": "application/json",
}

data = {
    "type": "virtual",
    "cardholder": {
        "name": "Jane Doe",
        "email": "jane.doe@example.com"
    },
    "spending_controls": {
        "allowed_categories": ["business_services"],
        "spending_limits": [{
            "amount": 10000,
            "interval": "monthly",
        }],
    }
}

response = requests.post(url, json=data, headers=headers)
print(response.json())

Step 5: Tokenization for Enhanced Security

Payment tokenization is essential for securing transactions. Using the Visa Token Service, you can tokenize the card details before processing payments. This not only enhances security but can also help reduce PCI compliance burdens.

Tokenizing Payments

To tokenize a card using the Visa Token Service, you’ll need to follow their specific API documentation. Here’s a generic example of how to initiate a tokenization request:

tokenization_response = requests.post("https://api.visa.com/tokenization/v1/tokenize", json={
    "accountNumber": "4111111111111111",
    "expirationDate": "12/25",
    "securityCode": "123"
}, headers={
    "Authorization": "Bearer your_visa_api_key"
})

print(tokenization_response.json())

Wrapping Up

Virtual card issuance opens up a myriad of opportunities for businesses to manage spending effectively while enhancing security. By leveraging APIs like Stripe Issuing, Lithic, and Marqeta, along with thoughtful integration of spending controls and tokenization, you can create a robust payment solution that meets your business requirements. Keep an eye on the nuances, especially with categories and spending limits, to ensure smooth operations.