Home / Guides/ Control Authorizations
Spend Rules can be established to apply to particular data within an authorization. These rules can be configured to make decisions based on factors such as merchant category codes (MCC), the country code of the merchant's acquirer, currency amount, card verification value (CVV) outcome, address verification result (AVS), and merchant identifiers.
You can either create Spend Rules from the Dashboard or using the Highnote API. Each Spend Rule variation also has its own mutation in the API.
Creating Spend Rules based on Merchant Category Codes (MCC) can limit and prevent expenditures at specific merchants. For instance, you have the option to block use of your payment cards for acquiring airline tickets, or alternatively, exclusively permit card usage for fuel acquisitions.
You can find a comprehensive list of merchant categories that you can create Spend Rules for in our API Reference. We use information provided by Card Networks and acquirers to establish merchant categories.
Use the following mutation to create a Merchant Category Spend Rule:
Merchant Country Spend Rules can be used to restrict and block payments based on the merchant’s geographical location. For example, you can block all payments to merchants located in a specific country that your business may have deemed as high risk.
You can find a list of countries that can be blocked or allowed in our API Reference. If a blocking rule is set up for a specific location, payments at this location would also be auto declined.
Use the following mutation to create a Merchant Country Spend Rule:
Card Verification Value (CVV) control can be set to require users to enter their Payment Card’s associated CVV at the point of checkout. CVV checks help verify that the card is in the intended account holder’s possession, and reduces the risk of fraudulent transactions.
You can configure this Spend Rule to block authorizations based on the CVV response code. For example, you could set a rule to decline all Authorizations to an online merchant in case of a CVV mismatch.
Use the following mutation to create a Card Verification Value Spend Rule:
Street Address Spend Rules can be set to require Account Holders to enter their Payment Card’s associated address at the point of checkout for Address Validation (AVS). This is typically configured for card-not-present transactions, where an Account Holder is physically unable to present a card, increasing the risk associated with the transaction.
You can configure this Spend Rule to block Authorizations based on the AVS response code. For example, you could set a Spend Rule to decline Authorizations at online merchants in case of an address mismatch to control for potential fraudulent behavior.
Use the following mutation to create a Street Address Spend Rule:
You can use Spend Rules for Amount to set limits on the maximum amount an Account Holder can spend in a single transaction. For example, if you set a limit of $100 for business expenses, the person can buy things up to $100 each time. This means a $110 purchase would be declined, but they could make two separate $55 purchases.
Use the following mutation to create Amount Spend Rules:
When processing transactions, merchants sometimes supply an identifier, often called the Merchant Identifier (MID). The Merchant Identifier field provided in Highnote’s API accepts input of either a merchant identifier or card acceptor identifier.
Highnote’s Spend Rules allow you to block transactions for specific Merchant Identifiers (MIDs). For example, you can restrict payment cards from being used at a particular online retailer.
Use the following mutation to create a Merchant Identifier (MID) Spend Rule:
Point of Service Category Spend Rules can be used to allow or restrict purchases at certain types of payment terminals, such as ATMs or gas station fuel dispensers. For example, you can create a rule for your Account Holders to only approve authorizations at AUTOMATED_FUEL_DISPENSER
or AUTOMATED_TELLER_MACHINE
point of services.
Use the following mutation create Point of Service Category Spend Rules:
To create a Velocity Control, you will need a cumulativeRule
defining the variable that will be summed under the Velocity Controls defined timeframe or rule window. Count and amount are both cumulative rules.
Authorization Count Spend Rules set a maximum number of transactions an account holder can authorize within a given timeframe. Authorization Count rules must be attached to a Velocity Control.
For example, you may want to limit your account holders’ spend to 3 transactions in a foreign country within a week. To enforce this policy, you will need to create a count rule for 3 authorizations, a merchant country rule for the allowed countries, and attach these two spend rules to a velocity control with a weekly velocityRuleWindow
.
Use the following mutation to create an Authorization Count Spend Rule:
Once you have created a Spend Rule, you can attach the rule to a Card Product. Attaching to a Card Product means that all Payment Cards that have been issued to the Card Product will start using the Spend Rule on future authorizations.
Additionally, you can attach a specific version
of the Spend Rule to a Card Product or use the LATEST
keyword to always use the most recent version. Using a specific version
allows you to make changes to a Spend Rule without affecting current authorizations.
Use the following mutation to create a Card Product Spend Rule:
Once you have created a Spend Rule, you can attach the Rule to a Payment Card. Attaching to a specific Payment Card means that the spend rule is only evaluated for that particular Card.
Additionally, you can attach a specific version
of the Spend Rule to a Payment Card or use the LATEST
keyword to always use the most recent version. Using a specific version
allows you to make changes to a Spend Rule without affecting current authorizations.
Use the following mutation to create a Payment Card Spend Rule:
Over time you may need to update the logic of a particular Spend Rule. You can detach a Spend Rule from a Card Product using the following mutation:
You can detach a Spend Rule from a Payment Card using the following mutation:
You can query transaction IDs to view the results of an authorization decision, which will provide information on any spend rules which may have declined the authorization.
Use the following query to view Spend Rule results:
Over time you may need to update the logic of a particular Spend Rule. You can make adjustments by using an update mutation and reattach the new version to any card products, or payment cards that use the rule.
Use the following mutation to update a Merchant Category Spend Rule:
When you update a spend rule that is associated with a Velocity Control, the cache will reset.
Once created, you can update a count spend rule from the Dashboard or the API. Use the following mutation to update an Authorization Count Spend Rule: