Cards Overview

The 'Cards' section integrated the option for Directors and Account Owners to issue physical and virtual debit cards from the web and apps, as well as manage them in SME and CONSUMER. Also, from the Admin portal users will be able to manage and see card details by clients and users.

High-Level requirements

Admin cards configuration by BaaS and customer
Cards management
- SCA Questions for all cardholders (Modulr only)
- Issue new virtual card
- Issue new physical card
- Activate physical card
- Block virtual or physical card
- Unblock virtual or physical card
- Cancel virtual or physical card
- View PIN from the physical card
- View card details
- View secure card details
- Set card limits when issuing a card
- Modify card limits
- Change card alias
- View cards list
View all card transactions

Prerequisites

What are the conditions a user needs to satisfy in order to use these features?

Prerequisite	Explanation
Have appropriate roles and permissions to issue a new card	This feature is only available to Directors
Have appropriate roles and permissions to modify card limits	This feature is only available to Directors

FAQs

Q: Can a Director issue a new card if the cardholder does not have security questions answered?

A: No, after adding a new team member, the new user must have previously set up credentials and SCA Questions to issue a new card for them.

Q: When must a cardholder set up the security questions?

A: All new users will need to set up credentials and answer the required SCA Questions during the onboarding form that is sent by a Director.

Q: Can a Director issue a new card for themselves?

A: Yes, they can issue a new card for themselves and for other team members.

Q: Can a cardholder modify card limits for themselves?

A: No, only a Director can modify card limits for employees or cardholders.

Q: Who can cancel a card?

A: Directors and cardholders have the ability to cancel a card.

Q: Can a customer in TEST env test the SCA Questions for card payments?

A: No, as security questions are asked during card payments, Modulr will send them randomly and based on the fraud algorithm. SCA Questions are to be answered after inserting the OTP to confirm the payment. As this is handled by Modulr, we do not have the capability to test this functionality in sandbox with mocked cards.

Terms you Need to Know

Word	Description
API Key	This is the code provided by Modulr used to identify and authenticate Toqio as the platform to be used by the customer.
HMAC Secret	This is the cryptographic code that uses a hash function and a secret key that Modulr also provided to authenticate Toqio as the platform to be used by the customer.
Product code	It is the code provided by Modulr to be introduced in the Admin portal which allows a card to function. Product code has to be different by card type (physical or virtual) and by currency (GBP or EUR).
Card reference / Packaging reference	They are the codes provided by Modulr to be introduced in the Admin portal which allows a physical card to function. These codes must be introduced relating to the product code for the correspondent card.
SCA Questions	Strong Customer Authentication (SCA) for cardholders must be done for cards that are supporting 3D Secure, as the GPS issuer processor for Modulr does. This is required to comply with the Second Payment Services Directive (PSD2) on strong customer authentication. Cardholder Authentication (3D Secure). SCA requires a combination of two forms of customer identification at checkout (something the user knows, something the user has, and something the user is). In Modulr's case, it is based on personal questions to be answered by the user and stored by Modulr and may be asked randomly during a card purchase, after introducing OTP on their mobile devices.
Card Token	It is a string of randomly generated numbers to identify a card. It is used by Toqio to retrieve secure card details (PAN+CVV) from Modulr. This token is to be retrieved by Toqio and pushed to the cardholder's device where the call is made. The token will be valid for 60 seconds.