Today we’re launching Authorization Rules (Auth Rules) to give Lithic API users another tool to manage transactions on their cards. These card controls let you allow or block transactions from specific countries and merchant types, as well as enable ZIP code checks on transactions.

We launched Authorization Stream Access (ASA) last year to give customers rich, real-time payment data on card transactions. It's now one of the most widely used features in our Enterprise offering because it allows you to decision based on customized logic.

Many users have since requested additional flexibility to set authorization logic on their cards and accounts. Starting today, you can do that with the beta version of Auth Rules, and you don’t have to worry about building the infrastructure required to be in the authorization stream. It can be used as a standalone feature, or in conjunction with ASA.

This beta version is available to everyone in our sandbox and to a select group of clients in production. Please reach out to your Lithic rep to request access.

Control card spending with Authorization Rules

With Authorization Rules, you can create, update, and apply simple rules on card transactions to control where a card is used.

These restrictions can be applied in three ways:

  1. Allow or block transactions on certain merchant category codes (MCCs)
  2. Allow or block transactions in certain countries
  3. Allow or block transactions based on Address Verification Service (AVS) checks

They can also be applied at various levels:

  • All card transactions under a given program
  • All card transactions under a given account
  • All card transactions on a given card

How Authorization Rules work

Client uses Auth Rules standalone without ASA

  1. Network sends ISO-8583 message to Lithic
  2. Lithic checks transaction data against applied Auth Rules, in addition to standard decision inputs (e.g., transaction amount, static card limits, etc.)
  3. Lithic sends ISO-8583 response to the network

Client uses Auth Rules in conjunction with ASA

  1. Network sends ISO-8583 to Lithic
  2. Lithic checks transaction data against applied AuthRules, in addition to standard decision inputs (e.g., transaction amount, static card limits, etc.)
  3. If a transaction passes Auth Rule checks, Lithic sends an ASA request to the client. If it does not pass, a decline message will be sent back to the network
  4. Client responds with an approval decision
  5. Lithic sends ISO-8583 response to the network

Start building

You can learn more about Authorization Rules in our docs. If you would like to access to the beta, please reach out to your Lithic representative.

We love hearing about all the ways customers use our card-issuing solutions and apply features to new use cases. If you have any feedback or suggestions, please send us a note at product-feedback@lithic.com.

We are excited to see how you leverage these new, lightweight rules in your product!

Want to issue smart payment cards? Start building in our sandbox today.

*Note: the use of restrictions beyond the terms included in your cardholder agreement with end-users may require additional steps to ensure compliance with card network policies.