» A guide to understanding

Modern Card Issuing

» Modern card issuing guide

Some of the most innovative disruptors in

the world needed more than traditional issuer
processors could offer.

Legacy infrastructure was purpose-built and could

not easily be adapted to new use cases.

Traditional issuer processors Innovators

TSYS Instacart
1983 2012
N26
Uber 2013
2009
Afterpay
2014
1970 1980 1990 2000 2010 2020

i2c DoorDash
1987 2013

FIS Square
1971 2009
Marcus
2019

They needed an issuer processor that let them

customize cards and control authorizations in
real time ... so they turned to modern card issuing.

2
» Modern card issuing guide

Table of contents

Intro to modern card issuing. . . . . . . . . . . . . . . . . . . . . . . . 4–12

PART 1

What is modern card issuing? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5–6

APIs: at the top of today’s payment agenda. . . . . . . . . . . . . . . . . . . 7–8
Five characteristics of modern card issuing APIs. . . . . . . . . . . . . . . . . 9
Checklist for a comprehensive API platform . . . . . . . . . . . . . . . . . . . 10
The role of APIs in next-generation payments . . . . . . . . . . . . . . . . 11–12

Capitalizing on payments data. . . . . . . . . . . . . . . . . . . . . 13–19

PART 2

An open, developer-friendly payment flow. . . . . . . . . . . . . . . . . . . . . . 14

The possibilities of an open payment flow . . . . . . . . . . . . . . . . . . . 15–16
Keeping up with rapidly evolving technology. . . . . . . . . . . . . . . . . . . . 17
Fighting fraud with payments data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Card programs with global scale. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Modern card issuing vs. legacy platforms. . . . . . . . 20–30

PART 3

Fast and simple to build . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21–23

Flexible. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24–25
Trusted. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26–27
Globally scalable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28–29
Closing thoughts and sources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

3
» Modern card issuing guide

Part 1 | Introduction
Modern card issuing solutions:
fast to implement and get to market;
flexible and customizable;
and globally scalable

4
 » Modern card issuing guide

Part 1 | Introduction

Across industries, many of today’s most

innovative business models have one thing
in common: Their payment solutions are
built on modern payment infrastructure.
What is
For many business and technical leaders, modern card
issuing?
this comes as a surprise.

Legacy payments infrastructure has moved

money reliably and within certain accepted Modern card issuing is secure card issuing
and processing delivered via an open API
constraints for decades, but it has rarely
platform that enables card issuers to create
served as a differentiator.
customized payment card products that
leverage just-in-time funding features,
» Legacy payment infrastructure authorizing their end-users’ transactions
was the status quo up until around in real-time. Integrated with major global
the mid-2010s when a group of and local card networks, modern card

fast-growing startups decided to issuing allows companies to build payment

solutions to their exact specifications and
raise the bar for payment solutions.
launch them globally.

The business models of these These solutions are often distinguished

startups — including Uber, Square, by fast implementation and time to

Instacart, Afterpay, DoorDash, N26, and market; flexibility and customization;

and scalability, resilience, and security to
Marcus — required highly configurable
execute on a global vision.
payment cards and a simple way to
manage payment programs. They turned
to modern card issuing, a new way of
issuing cards and processing transactions.

• PART 1 PART 2 PART 3 5

 » Modern card issuing guide

Facets of modern card issuing

A. Fast implementation and While legacy processors were a viable solution

time to market for traditional card payments, more innovative

card use cases often require active participation
in the payment flow.
Legacy card issuer processors often offer
a one-size-fits-all product.
For example, on-demand delivery companies
typically validate the merchant and exact
Any customizations are typically done through
transaction amount in real time before authorizing
consulting services to retrofit and completely
a payment. Similarly, point-of-sale lenders are
redesign the product anew. This would not only
able to provide near-instant financing at checkout
lead to long development cycles, but the resulting
by dynamically validating the merchant and
solution would only be suited to meet present-day
transaction amount, while also evaluating the
needs. Any future improvements might require a
creditworthiness of the borrower. In other use
full redesign or reimplementation, slowing down an
cases, card spend can map to different customer
innovator’s speed to market.
loyalty levels that are updated dynamically based
on a customer’s buying patterns or social sharing.
Industry disruptors want to be first to market, and

C.
need one-of-a-kind payment solutions that are
ready to meet the changing needs of consumers Scalability
and businesses around the world.
The architecture of legacy platforms tends
This means quick iterations and rapid prototyping to limit their customers’ ability to scale.
that require an API-led approach where developers
can take complete ownership over their product Although many could boast of global operations,
design and payment experience from start to finish, their global reach tended to result from the
accelerating time to market and every step acquisition of many local processors. To launch in a
in between. new region, customers often had to re-implement
their payment solutions. This could result in

B.
costly and time-consuming professional service
Flexibility and
engagements for integration and development for
customization
each new market.

One drawback of legacy processors is that

Modern card issuing provides an easier path
they typically do not allow innovators to fully
to market with a “build once and grow” model.
participate in the payment flow.
DoorDash, for example, launched in the U.S. with
Marqeta, expanded to Canada, and most recently
Card processing using a legacy solution meant
to Australia. The company was able to implement
determining a set of pre-defined payment
the same payment solution across multiple
processing rules, such as a fixed list of accepted
geographies successfully.
merchants, with no ability to verify and modify
these rules against real-time data.

• PART 1 PART 2 PART 3 6

 » Modern card issuing guide

APIs: at the top of today’s

payment agenda
Financial services application programming The financial and non-financial institutions that
interfaces (APIs) have come of age as both use open payment APIs think differently about
neobanks and century-old institutions respond their payment strategies. They are adopting
to consumer demand for fully integrated and more granular functionality in place of traditional
personalized services. monolithic, silo-based payment systems, where
individual tasks, such as the transaction clearing,
While internal APIs enable banks to seamlessly reversals, refunds, and voids flowed through an
share information between disparate systems, opaque, closed process. This allows for the creation
external or open APIs are emerging as the vital of new payment experiences, fast and more
enabler underpinning new payments services. accessible financial services, and embedded and
invisible payments.

Future:
Open, public APIs
The evolution of
payment APIs
Present:
Internal and partner APIs

Past:
Monolith solutions with
bolted-on APIs

• PART 1 PART 2 PART 3 7

 » Modern card issuing guide

Opening up the opportunities Integration of payment data with

within a broader ecosystem other data points

With modern card issuing, each API calls a service Additionally, APIs enable integration of payment
and externalizes the response to other systems, data with other data points. The reality is that much
opening up opportunities for innovation and of the valuable information about the consumer or
collaboration within a broader services ecosystem. the business context of payments sits outside of the
actual transaction. Combining this information with
In this way, modern card issuing APIs become the transaction data can create powerful outcomes.
building blocks of full and customized workflows.
For example, one API can create a card, while For example, the digital identity of the cardholder
another requests authorization for a payment on (including biometric information) can be a strong
the card, and a third API enriches the transaction input into the card processing workflow, validating
data with additional metadata adding context to the the payment not only by exact amount and location
transaction, such as order ID or customer location, of spend, but also by the real identity of the
and so on. cardholder.

APIs

• PART 1 PART 2 PART 3 8

 » Modern card issuing guide

5 characteristics of modern
card issuing APIs

1. Granular
Well-defined APIs break down ISO 8583 messages
— the international standard for exchanging
card transaction information — into granular
components for third-party integration and
construction of customized end-to-end payment
flows. Having more fine-grained services will
establish a better handshake between systems
vs. a one-size-fits-all approach.

2. Comprehensive 4. Aexperience
self-service

Modern card issuing covers a breadth of services.

There are card issuing APIs, funding APIs, security Developers can easily try out ideas for new card
APIs, transaction processing APIs, integration APIs, products without entering into lengthy contract
data APIs, real-time webhooks, etc. (See next page negotiations. They can customize, test, and issue
for details.) cards in a private sandbox that is accompanied by
clearly written, in-depth documentation, software

3. Designed for
development kits (SDKs), and simulation tools to
guide them through the process.

differentiation
Fully programmable, modern card issuing APIs 5. Designed for
support complex decision-making by adding new performance
inputs to a payment processing flow. One example
is a business lending application that proactively Payment APIs must be always available with
took steps to increase a customer’s credit line by guaranteed rapid response times. This requires
offering financing flex for big ticket items as their elasticity to be built in, in order to meet operational
business expanded. Customers could be notified requirements and support unpredictable volumes.
when a purchase exceeded their credit limit and
could choose to use the flex option or not.

• PART 1 PART 2 PART 3 9

 » Modern card issuing guide

Checklist for a comprehensive

API platform

Card-issuing APIs
Create, update, order, or retrieve information about cards.

Funding APIs
Define funding sources, move funds into an account, auto-reload,
check balances, and create account hierarchies.

Security APIs
Authenticate the identity of a requester.

Transaction-processing APIs
Set spend controls, currencies, fees, cashback amounts, etc.

Integration APIs
Integrate cards into digital wallets, mobile apps, or web applications
such as ordering systems, or integrate new cases with card
networks’ dispute APIs.

Data APIs
Gain visibility into the card program and pull global data in bulk
or in aggregate.

Real-time webhooks
Real-time notifications on card events such as authorization status,
transaction completion, chargeback status, and more.

• PART 1 PART 2 PART 3 10

 » Modern card issuing guide

The role of APIs in next-generation

payments

Digital wallets
Today, cardholders expect fast, secure, and Secure surrogate data, called a token, can
safe payment methods at every place they be push-provisioned into digital wallets or
shop, whether in-store, in-app, or online. securely stored online with merchants for
This is accomplished with tokenization APIs. recurring and one-click payments. Updates
happen without cardholder involvement.
With flexible APIs, card issuers can instantly
and securely request a token, replacing Cards that are lost or stolen can be replaced
sensitive card information such as a without any effort by the cardholder, and
personal account number (PAN). cards that reach their expiration date can be
extended without any cardholder action.

“31 million Americans tapped a

Visa contactless card or digital
wallet in March 2020, up from
25 million in November. The U.S.
now has the most contactless cards “Now, as consumers increasingly
of any market globally at 175 million, seek ways to get in and out of stores
with nine of the top ten U.S. issuers quickly without touching payment
actively rolling out new contactless terminals, Mastercard data reveals
cards to customers.” 1 more than 40 percent growth in
contactless transactions globally
Visa, April 2020 in the first quarter of 2020.” 2

Mastercard, April 2020

• PART 1 PART 2 PART 3 11

 » Modern card issuing guide

Invisible payments

As seamless payments become more Modern card issuing can securely power
common, the line between purchasing these kinds of invisible payments using APIs.
and paying continues to blur. We see
this most notably with Internet of Things Secure payments can be accomplished with
(IoT) payments. One example is Amazon a handful of API calls: one API call could
Go, a chain of convenience stores that authenticate the shopper with biometric
allow shoppers to “grab and go” without a information while another would prompt the
checkout experience. Currently, automotive card program to issue a virtual card for the
industry leaders are also exploring how purchase amount. A third API call could seek
connected cars and payment apps can authorization based on the merchant ID and
be used to create in-car payments. Soon the geolocation of the cardholder through
we may pay for gasoline and drive-thru the modern card issuing platform.
purchases without reaching for our wallets.

The global market for

connected cars is expected
to grow 270% by 2022,
forecasting more than
125M cars with embedded
connectivity by 2022.3

• PART 1 PART 2 PART 3 12

» Modern card issuing guide

Part 2 | C
 apitalizing on
payment data
ISO 8583 messages define up to 192
data elements including everything from
a cardholder’s account number to the
transaction amount, date and time,
and currency type.

13
 » Modern card issuing guide

Part 2 | Capitalizing on
payments data

Card networks worldwide rely on It currently defines up to 192 data elements

authorization protocols that are aligned with including everything from a cardholder’s
the international financial card transactions account number to the transaction amount,
standard, known as ISO 8583. Governed the date and time, and the currency.
by the International Organization for Traditionally, these data elements were not
Standardization, ISO 8583 specifies the easily accessible to card program providers.
structure, format, and content of messages. The messages themselves were difficult for
developers to read, parse, and work with.

An open, developer-friendly payment flow results in a better UX

A modern card issuing platform simplifies authorization flow by allowing them to append
ISO 8583 messages by converting them into the custom metadata to ISO messages.
developer-friendly JSON format and pushing the
JSON files to other system endpoints. The platform The classic example of this involves appending an
also replaces card network alphanumeric and order ID to the authorization approval message. This
character codes with more digestible labels. metadata comes in handy later while reconciling
transactions with order management systems.
Values such as 05, 07, 90, and 91, typically found in
Visa field 22, become CHIP, CHIP_CONTACTLESS, Another benefit of opening up the payment flow
and MAG_STRIPE, MAG_STRIPE_CONTACTLESS is the ability to do transaction matching. Matching
respectively. Leveraging JSON accelerates coding, authorization messages at the time of the sale to
speeds new card product development, and events that are processed by the networks after
creates easier integration with modern applications. each transaction — such as clearing records,
As a result, a wider pool of developers becomes reversals, refunds, voids, etc. — allow a business to
available to create advanced payment solutions. release holds on cardholder funds with confidence
and to provide better customer experiences.
Additionally, modern card issuing enables
card program providers to participate in the

PART 1 • PART 2 PART 3 14

 » Modern card issuing guide

The possibilities of an open

payment flow
On-demand delivery companies were among the Authorization requests from people, organizations,
first to realize the opportunities created by an open apps, and devices can be integrated into payment
payment flow. By leveraging modern card issuing workflows. For example, an AP automation platform
APIs, they were able to streamline their payment can be set up to send a recurring payment to
solutions to respond to ISO 8583 data elements certain suppliers. Once the payment authorization
as transactions occurred. This allows them to request comes through, the system can check if
authorize payments in real time and to dynamically supplier shipments have been received by checking
apply big data insights and artificial intelligence to a field. If the status of that field says "received"
payment decisioning. payments to suppliers can be released.

Implementing real-time authorization controls Futuristic scenarios such as refrigerators that

reduces the risk that a transaction that did not restock themselves or IoT devices that pay for
meet a card program’s criteria will be mistakenly their own bandwidth are also enabled by an open
approved by a third-party processor. This not only payment flow.
helps minimize fraud, it enables business models
based on smarter, more sophisticated payment
solutions.

Examples of open payment flow

Enables DoorDash Enables Ramp’s

to only approve and expense cards to
fund transactions limit a card to a
that match the single transaction
exact merchant ID type, or to a
and total amount specific merchant
of the order to help or charge amount
prevent fraudulent to help prevent
activities unauthorized
charges

PART 1 • PART 2 PART 3 15

 » Modern card issuing guide

Ensuring payment security

Since 2004, payment card security has been In contrast, legacy providers pass on primary
governed by the Payment Card Industry Data account numbers to their card program providers,
Security Standard (PCI DSS). Entities of any size that requiring them to invest in PCI DSS compliance.
store, process, or transmit card information must
comply with the technical requirements laid out in In addition to PCI DSS, modern card issuing
the standard, although levels of compliance vary. platforms often maintain compliance with PCI
PCI DSS level 1 is the highest and most stringent 3DS and complete SOC 1 and SOC 2 compliance
of the PCI DSS levels, and is required for those certifications, as well as bank-grade encryption for
that process more than 6 million card transactions personally identifiable information (PII), payment
annually. Level 2, 3, and 4 are requirements set for card industry (PCI), and personal identification
those that process fewer transactions annually. number (PIN) for data in transit and data at rest.

To help their customers reduce their PCI scope,

modern card issuing platforms provide security PCI DSS sets the operational
widgets that let card program providers securely and technical requirements
display sensitive card data in an application or on
for organizations processing
a web page using an iframe.
payment transactions
Using these widgets, program admins can activate
LEVEL 1 6M + transactions/year
cards, and cardholders can set their personal
identification numbers (PINs). During these
LEVEL 2 1–6M transactions/year
operations, sensitive card data does not leave the
environment of the modern card issuing platform.
LEVEL 3 20K–1M transactions/year

LEVEL 4 < 20K transactions/year

Modern card issuing platforms

provide security widgets that
enable card program providers
to reduce the scope of any
required PCI DSS compliance.

PART 1 • PART 2 PART 3 16

17
 » Modern card issuing guide

From chip cards to biometrics: keep

up with rapidly evolving technology
After reaching a peak of 7.2 cents per $100 in The card network then routes the request to the
volume in 2016, payment card fraud has steadily access control server on the card issuer domain.
declined. It is expected to reach 6.8 cents per $100 Modern card issuing platforms give card program
in volume in 2020 and to continue to fall for at least providers the choice to automate decisioning
the next seven years. 4
by applying preconfigured rules or to delegate
decisioning to internal risk systems via an API.
The reduction in fraud may be driven by new
technologies. In-store purchases, also known Whether decisioning is automated or delegated,
as “card present” transactions, are increasingly card program providers can decide whether to
protected by EMV chips, which generate a unique request one-time passwords or leverage biometric
code for each transaction that can be used only information. They can also dynamically set the
once. And online transactions, known as “card not threshold for when additional verification is needed
present,” are benefiting from 3D Secure, a protocol depending on factors such as the amount of a
for requesting additional verification information. purchase or whether it is recurring.

» When a cardholder checks out in The upside of 3D Secure is more secure

an online store, the merchant transactions. The downside of 3D Secure is
domain can request 3D Secure. additional integration. However, the amount of
integration can be minimized when card programs

This request sends a message to the card network are built on a modern card issuing platform.

domain, along with data about the transaction.

Mobile biometrics
are expected
to authenticate
U.S. $2 trillion in
in-store and remote
transactions in 2023.5

PART 1 • PART 2 PART 3 17

 » Modern card issuing guide

Fighting fraud with payments data

The nature of payment fraud is changing as a verified merchant can limit the opportunity
fraudsters adapt to new regulations and new fraud- for fraud to occur.
fighting technologies like EMV chip cards and 3D
Secure. At the same time, card program providers In addition to locking down a transaction, ISO 8583
face an ever-present trade-off between effective data, such as cardholder location and merchant
fraud-fighting tactics and the need for a smooth location; and authentication variables, such as
customer experience. whether a card is present or a pin or signature is
used, can all be matched to known fraud patterns
Modern card issuing helps customers meet and used to create a fraud score.
these challenges with a data-driven approach.
Authorizing transactions and funding cards in real ISO 8583 data can also be mined during
time based on a verified purchase amount and post-transaction analysis to identify new patterns
or update existing ones.

Secure advanced card

programs with multi-layered
card protection

Configurations
such as “chip and
PIN” or “chip and
Card holder
signature” where the
authentication
cardholder’s identity
using advanced
is verified by their
3D Secure for online Real-time
signature or by a PIN
transactions and authorization
EMV chip and PIN based on verified
for in-store amounts, merchant, Real-time
time, day, location, fraud scores
and various other to flag unauthorized
spend controls charges and Rich data insights
fraudulent for post-transaction
transactions analysis of fraud
patterns

•PART
PART1 1 • PART 2 PART 3 18
 » Modern card issuing guide

Card programs with global scale

A modern card issuing platform is a single, global schemes eliminates the need to integrate with each
platform grown organically. This allows for a build- one of these networks individually. Unaffiliated
once, deploy-anywhere approach and does not networks that are supporting prepaid and debit
require card program providers to re-implement cards through the Durbin Amendment can also be
processing rules within each region. In contrast, unified on a single platform.
platforms that have expanded through acquisitions
require separate integration with each acquired The characteristics of modern card issuing
processor, incrementally adding complexity to platforms are particularly suited to large tech
program implementation and extending go-to- companies that already operate on a global scale.
market timelines. As companies like Google and Facebook move
deeper into payments via mobile wallets, credit
The ability to use a single modern card issuing cards, checking accounts, and cryptocurrency
platform across multiple card networks — such as they are increasingly partnering with modern card
Visa, Mastercard, Discover, ATM, and local debit issuing platforms.

With over 2.7 billion monthly active users, Facebook is the

biggest social network worldwide.6 A Facebook payment
card would dwarf Bank of America’s 54.6 million cards
in circulation.7

Advanced technology is shifting consumer behavior, making modern

card issuing platforms more relevant than ever

As connected devices become increasingly in the car, and from smartwatches. As of today
common in our daily lives, IoT manufacturers 31 million people have used smart speakers to shop
are also looking at modern card issuing platforms for groceries, order takeout, or even call a plumber.8
that can enable consumers to pay from a variety We are also expecting to see 125 million connected
of locations. cars shipped globally by 2022.9

These locations include: at home (from smart

speakers such as Amazon Alexa and Google Home),

PART 1 • PART 2 PART 3 19

» Modern card issuing guide

Part 3 | A
 dvantages of
modern card
issuing
1. Fast and simple to build
2. Flexible
3. Trusted
4. Globally scalable

20
 » Modern card issuing guide

1 » Fast and
simple to build
With a private sandbox, self-service sign-up, and open
APIs, a modern card issuing platform gives you the ability
to move quickly. Instead of passing on each new card
configuration to your card issuer, you are the builder and
can control your time to market and speed of change
across the following domains:

Launching a card program Meeting regulatory compliance

Start with your private developer sandbox where Use PCI-compliant widgets that enable you to
you can build, test, and launch cards quickly. instantly display your card in mobile apps and
Gain full control and flexibility in customizing your enable PIN activation without having to go through
card experiences without involving your card PCI certification.
issuing vendor.
Growing your card program
Managing the lifecycle of your
card program Leverage APIs that work universally across all
regions. For example, add new cardholders and
Use APIs that enable you to cover the entire run them through a Know Your Customer (KYC)
card-issuing spectrum once your card program verification process or order new card inventory
is up and running. For example, use APIs to set in bulk.
or update exempted merchants; resolve ongoing
disputes; manage damaged, lost, or stolen cards;
or change countries of operation.

PART 1 PART 2 • PART 3 21

 » Modern card issuing guide

Modern vs. Legacy

Self-service High touch

Modern platforms enable developers and To access a sandbox environment, legacy

product leaders to try, test, and configure platforms require you to go through a sales
cards in their own sandbox environment process. Launching new card configurations
leading to faster time to market. are also more challenging and typically
require submitting new card configurations
via paperwork, which can delay your time to
market.

Flexible APIs to drive Purpose-built APIs

change and adaptability
Purpose-built APIs are typically geared
Modern platforms are designed for digital towards retrieving existing information
builders. They provide actionable APIs to for integration purposes vs. creating new
grow and scale a card program, covering products.
the entire spectrum of card creation
and customization all the way to change Common legacy APIs can retrieve
management. cardholder data, account status, and
transaction history. They can also perform
simple functions such as account transfers,
requests for a new PIN, activating and
deactivating a card, or updating billing.
Changes to your program can involve
custom services, resulting in hefty costs.

Reduced PCI scope Lengthy PCI process

Modern platforms enable you to immediately Legacy platforms usually lack PCI-compliant
display your card in your mobile apps and widgets. To reach PCI compliance you
enable PIN activation without having to go would typically need to go through a lengthy
through PCI certification. certification process.

PART 1 PART 2 • PART 3 22

 » Modern card issuing guide

Modern vs. Legacy

Tokenization and digital Lack of digital access

wallet enablement
This includes instant issuing, tokenization,
Instantly issue virtual cards or provision and provisioning of virtual cards into digital
your cards into digital wallets to extend your wallets for immediate use.
program’s reach. To enable this, modern
card issuing platforms have built integrations Use cases such as enabling on-demand
with digital wallet providers such as Apple delivery workers with contactless payments,
Pay and Google Pay and with global card as well as point-of-sale lending scenarios
networks such as Visa and Mastercard. where the borrower can immediately access
Modern card issuing platforms also provide their loan proceeds via virtual cards in their
encrypted/tokenized virtual card data that digital wallets, depend on these capabilities.
card program providers can easily use to
integrate with digital wallets.

Reduce development Data is not easy to

burden by creating consume
actionable data
Legacy platforms typically do not provide an
Modern card issuing platforms simplify, easy-to-digest JSON key-value pair version of
parse, and standardize ISO 8583 messages, ISO 8583 messages or push this data to their
translating them into key-value pairs customer endpoints to ease the integration.
formatted in JSON. They also replace Therefore, if participating in the payment
numeric codes with natural language labels authorization flow is required, a payment
that are easier for developers to work with. innovator will have to build integrations with
This data is pushed to customer endpoints, the card networks in order to receive and
allowing card program providers to respond to ISO messages. This ultimately
participate in authorization requests. Modern delays time to market and leads to long
card issuing platforms also keep up to date implementation cycles.
with the different implementations of ISO
8583 across the world as they evolve, adding
new fields and codes.

PART 1 PART 2 • PART 3 23

 » Modern card issuing guide

2 » Flexible
Modern card issuing platforms come equipped with their own processing engines. And because they
have parsed and interpreted the ISO 8583 messages, card program providers can participate in your
cards’ authorization and transaction decisions. They also have the ability to use dynamic spend controls to
customize the behavior of cards.

Expense management programs illustrate how flexible you can be with

dynamic spend controls

Imagine an expense management program where not exceed the total $2,000 per diem defined at the
the daily limit for all cards is capped at $2,000. program level.
Within this program, a modern card issuing
platform can define multiple card products, each A project-based card could be defined as a
with its own characteristics and behavior, but all multi-use card with a monthly limit of $3,000.
capped at the spend limit of $2,000 per day. This could be used at certain merchants such as
Staples or Office Depot. Similarly, all cardholders
An executive card could have a $5,000 monthly associated with this card product can spend up to
limit, and all executive team members can each use $3,000 per month, but in total they can not go over
a $5,000 monthly total, but the entire spend could $2,000 per day.

Customizable features of a
modern card platform

Preset controls such as list of

accepted merchants, time,
and date

Dynamic controls such as

geo-location of the cardholder
or real-time price

Real-time data validation and

notifications, programmable
through APIs

PART 1 PART 2 • PART 3 24

 » Modern card issuing guide

Modern vs. Legacy

Dynamic spend controls Fixed spend controls

By opening the payment flow, modern card With legacy processors, spend controls
issuing platforms empower you to validate are always preset and are not dynamically
and authorize your card transactions against validated against live data such as
criteria such as spend amount and the time, geolocation or a customer’s loyalty score. So
date, and frequency of your transactions, even though a card can limit spend to only a
as well as a list of merchants, a specific list of preapproved vendors, this data has to
merchant, countries, and currencies, or even be hard-coded and can not be dynamically
dynamic data such as the geolocation of the retrieved from another system. This creates
cardholder or their risk profile. limitations for many use cases, including
the travel and expense management cards
explained above.

Customization across Limited customization

all aspects of your
card program Legacy card issuers often have only one
printing facility, which limits card design
and branding options, which can mean long
With modern platforms, customization
shipping times depending on the customer’s
can be reflected across the entire card
location. Additionally, they don’t offer
lifecycle including in card art, design, and
built-in 3D Secure authentication, requiring
messaging, as well as card authentication for
you to work with a third-party provider,
both “card present” and “card not present”
which consecutively will result in additional
scenarios. Not all card issuing platforms
integration and vendor management
offer built-in 3D Secure authentication for
responsibilities for you.
“card not present” scenarios. Those that do
enable you to customize your cardholders’
authentication experience by integrating it
with, for example, your biometric app.

PART 1 PART 2 • PART 3 25

 » Modern card issuing guide

3 » Trusted
A modern card issuing platform provides a trusted environment
for payment processing through security, data insights, and
real-time notifications.

Modern vs. Legacy

Security Lack of security widgets

Storing or transporting sensitive card and Although legacy platforms are required by
transaction information requires a PCI- the networks to get certified and annually
compliant cardholder data environment validate PCI DSS compliance, these
(CDE). Becoming PCI compliant is not a platforms usually don’t provide the security
simple undertaking. PCI compliance ranges widgets to minimize PCI scope for their
from level 1 to 4. The certification process card issuers.
takes 6 to 12 months and requires significant
resources. Card program providers who are processing
on these platforms would need to obtain
Using an already-certified modern card PCI DSS certification on their own in
issuing platform removes these barriers. order to exchange card information with
These platforms also provide widgets to help these processors or display sensitive card
you secure, display, and activate cards and information in their applications.
set PINs in your web and mobile applications
without any additional development effort.

PART 1 PART 2 • PART 3 26

 » Modern card issuing guide

Modern vs. Legacy

Data insights  imited and fragmented

L
reporting
A modern card issuing platform provides
insights across the entire card lifecycle in In contrast to the raw data offered by
one unified platform. This includes data modern platforms, legacy solutions typically
about issued cards and their inventory, card provide only out-of-the-box reports, which
usage and cardholder behavior, analysis offer a narrow view of the information and
of all transactions across all locations limit free data exploration and analysis.
and merchants, as well as data about
chargebacks and disputes. Additionally, on a global level, the
information can be fragmented. Instead of
The data is available through exposed APIs unified reporting, data is collected by each
and endpoints as well as through pre-built processor. Card program providers have to
reports and data visualizations. Through the combine reports to get the global view that
use of APIs, a modern card issuing platform is available as a default on a modern card
can expose a larger breadth of raw data issuing platform. Only in this way can card
about its cards to you, so you can build program providers understand spending
your own data visualization, discovery, and patterns across regions and cards and
analysis. You can also use this data to create identify opportunities for growth and risk
your risk and machine learning algorithms to mitigation across geographies.
find growth trends or develop predictive
risk behaviors.

Real-time notifications Lack of immediate

insights
Modern card issuing platforms provide the
ability to trigger alerts based on contextual Legacy platforms are built on dated
data points. With an event-driven design, technology and do not carry modern web
a modern card issuing platform uses push design and development requirements, and
notifications to send real-time updates about therefore do not offer real-time notifications.
your card operations or transaction fraud.
You can use these notifications to take action
or to pass information to your cardholders.

PART 1 PART 2 • PART 3 27

 » Modern card issuing guide

4 » Globally
scalable
When scaling your card program, modern card issuing platforms
ensure that you are able to handle expected and unexpected
increases in usage as well as the steady growth of your
program adoption.

Modern vs. Legacy

Build once, Reimplementation in

deploy anywhere each region

A modern card issuing platform is designed While legacy global issuer processors
for a build-once, deploy-anywhere approach operate at scale, their reach into global
and does not require you to integrate with markets has generally been accomplished
each local card network separately. through acquisitions. Having a global brand
often has meant acquiring several regional
processors.

For businesses looking to grow quickly,

global expansion with a legacy solution may
mean lengthy and expensive reintegration
and reimplementation in each new region.

PART 1 PART 2 • PART 3 28

 » Modern card issuing guide

Modern vs. Legacy

Auto-scaling and High-cost

on-demand elasticity capacity planning

Modern platforms provide a single, global Legacy platforms don’t run on modern cloud
cloud infrastructure that automatically infrastructure and as a result scalability
and elastically scales as your traffic and becomes a manual task. As your program
transaction volume grows. New resources grows, there will be times where you need to
are spun up as needed. Redundancy, spin up new resources. A legacy provider will
disaster recovery, and failover are built in. help you identify the needs and statically set
additional computing resources to ensure
optimal utilization and responsiveness.

Resiliency and full Limited service

backup service
Legacy platforms, on the other hand, don’t
Modern platforms not only allow you offer an open payment flow for you to
to design your own system endpoints take part in authorizing your transactions in
to directly participate in the payment real time.
authorization flow, they provide a VIP service
that provides authorization services when Therefore, they don’t need to assume the
your endpoints are unavailable. responsibility for keeping track of your
card states or account balances when your
This service can be implemented based on system fails.
your business rules and ensures business
continuity even if your own infrastructure Legacy platforms diverge any stand-in
suffers under unusually high transaction processing (STIP) to the card networks,
volumes or outages. Additionally, the which, in turn, puts the responsibility back
platform stores any unsent webhooks on you to reconcile your internal transaction
for later transmission, so that card states records during the time of the outage with
and account balances on your system the balance updates that occurred while the
correspond with activity that occurred while card networks STIP service was in effect.
this service was in effect.

PART 1 PART 2 • PART 3 29

 » Modern card issuing guide

Closing thoughts
In the several years since its debut, modern No longer scrappy startups, they relied on modern
card issuing has helped card program providers card issuing platforms to set the agenda for
overcome daunting challenges. The early adopters commerce in their respective industries. Their
of modern card issuing — Uber, Square, Instacart, success is a testament to their vision and execution,
Affirm, DoorDash, and N26 — had to overcome and also to the importance of adopting the right
steep barriers to entry, shifting demographics, technology at the right time for the right reason.
rising customer expectations, and changing
regulations. Innovators in their space, these To follow the example set by their success, others
companies needed a new way of thinking about must learn from their use cases and the underlying
traditional payment services. technology that has enabled their payment
solutions to form custom experiences and new
Since then, these new entrants have grown modes of money movement.
to be leaders in their own right.

Sources: About Marqeta

1. Visa, April 2020
https://usa.visa.com/visa-everywhere/blog/bdp/2020/04/30/ Marqeta is the modern card issuing platform
merchants-and-consumers-1588276426783.html
empowering builders to bring the most innovative
2. MasterCard global consumer study, April 2020
https://www.businesswire.com/news/home/20200429005592/en/ products to the world. Marqeta provides developers
Mastercard-Study-Shows-Consumers-Globally-Make-the-Move-to-
Contactless-Payments-for-Everyday-Purchases-Seeking-Touch-Free-
advanced infrastructure and tools for building highly
Payment-Experiences configurable payment cards.
3. Research and Markets, November 2020
https://www.globenewswire.com/news-release/2020/11/19/2129803/0/
en/Global-Connected-Car-Market-Outlook-2020-Overview-of-how- With its open APIs, the Marqeta platform is
Tech-Companies-are-Helping-Automakers-with-their-Connected-Car-
Strategies.html designed for businesses who want to easily build
4. Nilson Report, Nov 2019 tailored payment solutions to create best-in-class
https://nilsonreport.com/upload/content_promo/The_Nilson_Report_
Issue_1164.pdf experiences and power new modes of money
5. Accenture 2020 trends movement. Marqeta is headquartered in Oakland,
https://www.accenture.com/_acnmedia/Thought-Leadership-Assets/
PDF-2/Accenture-Fjord-Trends-2020-Report.pdf California.
6. J. Clement November 2020
https://www.statista.com/statistics/264810/number-of-monthly-
active-facebook-users-worldwide/#:~:text=With%20over%202.7%20 For more information, visit www.marqeta.com,
billion%20monthly
Twitter and LinkedIn.
7. List of Major Credit Card Companies & Card Networks
[History, Most Popular Cards, and More]
https://upgradedpoints.com/list-of-credit-card-companies

8. eMarketer Industry Insights, Jul 2019

https://www.emarketer.com/content/smart-speaker-shopping-gains-
traction

9. Counterpoint research April 2018

https://www.counterpointresearch.com/125-million-connected-cars-
shipments-2022-5g-cars-2020/

PART 1 PART 2 • PART 3 30