Card Issuing Product Spec Template

Use a processor (Marqeta, Lithic, Galileo, Stripe Issuing). Building card issuing infrastructure from scratch requires a direct network membership, PCI-DSS Level 1 certification, and a team of 20+ engineers. Processors abstract the network integration and let you focus on product logic.

Start with virtual cards. They can be issued instantly, cost nothing to produce, and let you validate your authorization logic and user experience without the complexity of card fulfillment and shipping. Add physical cards when user demand justifies the per-card cost.

Under 100ms at P99. Card networks impose strict timeout limits (typically 2-5 seconds end-to-end). Your processor will have its own SLA, but aim for < 100ms to leave room for network latency. If you exceed the timeout, the default action (approve or decline) depends on your processor configuration.

Card networks offer token migration services (Visa Account Updater, Mastercard Automatic Billing Updater). When you issue a replacement card, the old PAN-to-token mapping is updated so recurring merchants can continue charging without the cardholder re-entering card details. Ensure your processor supports this.

For card issuing programs, target a fraud basis points (bps) rate under 10 bps (0.10% of transaction volume). Card networks monitor program fraud rates, and programs exceeding thresholds face fines or program termination. Start conservative with tighter spend rules and loosen based on data.