Home / Guides/ Control Authorizations

Configure Spend Rules

Spend Rules

AuthControlsImage.svg

Spend Rules can be created against specific data on an authorization. You can create Spend Rules that base decisions on merchant category codes, country code of the merchant's acquirer, amount for a currency, card verification value (CVV) result, address verification result (AVS), and merchant identifiers.

It's easiest to create a spend rule from the Dashboard. Each Spend Rule dimension also has its own mutation in the API.

Merchant Category

Merchant category codes (MCC) can be used to restrict and block spending at certain merchants. For example, you can block your payment cards from being used to buy airline tickets or only allow your payment cards to be used to purchase fuel.

Our API Reference lists all of the value merchant categories you can block. We rely on data sent to us by the card networks and acquirers in order to determine which category a merchant belongs.

Merchant Country

Merchant Country Spend Rules can be used to restrict and block payments based on the merchant’s geographical location. For example, you can block all payments to merchants located in a specific country that your business may have deemed as high risk.

You can find a list of countries that can be blocked or allowed in the API Reference. In case a blocking rule is set up for the specific location, the payment would be auto declined.

Card Verification Value (CVV)

Card Verification Value (CVV) control can be set to require users to enter their Payment Card’s associated CVV at the point of checkout. CVV checks help verify that the card is in the intended account holder’s possession, and thereby reduce the risk of fraudulent transactions.

You can configure this Spend Rule to block authorizations, based on the CVV response code. For example, you could set a rule to decline all Authorizations to an online merchant in case of a CVV mismatch.

Street Address

Street Address Spend Rules can be set to require Account Holders to enter their Payment Card’s associated address at the point of checkout to run an Address Validation (AVS). This is typically configured for card-not-present transactions, where an Account Holder is physically unable to present a card, increasing the risk associated with the transaction.

You can configure this Spend Rule to block Authorizations based on the AVS response code. For example, you could set a Spend Rule to decline Authorizations at online merchants in case of an address mismatch to control for potential fraudulent behavior.

Amount

Spend Rules on Amount can be set by configuring the maximum currency amount an Account Holder can successfully be authorized against in a single transaction. For example, in the case of setting a spend amount of $100 on a corporate expenditure, an Account Holder would be authorized to make purchases up to a $100 per transaction (i.e. an Authorization would be declined for a $110 but can make two $55 payments).

Merchant Identifier (MID)

When processing transactions, merchants optionally supply an identifier, often called the "MID". The merchant identifier field provided in Highnote’s API accepts input of either a merchant identifier or card acceptor identifier.

Highnote’s Spend Rules allow you to block transactions for specific Merchant Identifiers (MIDs). For example, you can restrict payment cards from being used at a particular online retailer.

Point of Service Category

Point of Service Category Spend Rules can be used to allow or restrict purchases at certain types of payment terminals, such as ATMs or gas station fuel dispensers. For example, you can create a rule for your Account Holders to only approve authorizations at AUTOMATED_FUEL_DISPENSER or AUTOMATED_TELLER_MACHINE point of services.

Authorization Count

Count spend rules set a maximum number of transactions an account holder can authorize within a given timeframe. Count rules must be attached to a velocity control.

For example, you may want to limit your account holders’ spend to 3 transactions in a foreign country within a week. To enforce this policy, you will need to create a count rule for 3 authorizations, a merchant country rule for the allowed countries, and attach these two spend rules to a velocity control with a weekly velocityRuleWindow.

Note: To create a velocity control, you will need a cumulativeRule defining the variable that will be summed under the velocity controls defined timeframe or rule window. Count and amount are both cumulative rules.

Attach to a Card Product

Once you have created a Spend Rule, you can attach the rule to a Card Product. Attaching to a Card Product means that all Payment Cards that have been issued to the Card Product will start using the Spend Rule on future authorizations.

Additionally, you can attach a specific version of the Spend Rule to a Card Product or use the LATEST keyword to always use the most recent version. Using a specific version allows you to make changes to a Spend Rule without affecting current authorizations.

Attach to a Payment Card

Once you have created a Spend Rule, you can attach the Rule to a Payment Card. Attaching to a specific Payment Card means that the spend rule is only evaluated for that particular Card.

Additionally, you can attach a specific version of the Spend Rule to a Payment Card or use the LATEST keyword to always use the most recent version. Using a specific version allows you to make changes to a Spend Rule without affecting current authorizations.

View Spend Rule Results

You can query the transaction ID to view the results of the authorization decision, which will provide information on any spend rules which may have declined the authorization.

Update a Merchant Category Rule

Over time you may need to update the logic of a particular Spend Rule. You can make adjustments by using an update mutation and reattach the new version to any card products, or payment cards that use the rule.

Update Authorization Count Rule

Once created, you can update a count spend rule from the Dashboard or the API.

Note: When you update a spend rule that is associated with a Velocity Control, the cache will reset.

Provide Feedback

Was this content helpful?