Secured Credit Card (Beta)

NOTE - This product is currently in Beta at Productfy. The information in this guide is subject to change. If you are interested in launching in Secured Credit Cards, please talk to your Productfy representative first.

Overview

Use Productfy’s APIs and services to launch a fully branded secured credit card ("credit builder") program for your customers. A secured credit card requires customers to make a deposit of funds as collateral, then enables them to spend with a credit card up to the collateral amount. Each monthly cycle requires the customer to transfer funds to pay their bill, or pull the money out of their collateral account, which would decrease their credit limit. Credit card spending and payments gets reported to credit bureaus monthly to improve credit scores.

Manage your card program

Card design and card carrier

Work with your Productfy representative to provide the following as part of your implementation:

Card plastic design that meets specifications
Card carrier design that meets specifications
Return address printed on your card envelope

Limits and controls

Below are Productfy’s risk controls for secured credit cards:

Control	Limit
Max Credit Card Limit	Customizable up to $20,000
Min Collateral Deposit	$25.00
Card Expiration	3 years
Max Active Cards per User	1 card
Max Transactions per Day per User	25

Card shipping times and options

The standard delivery time frame of cards is 5-7 business days using the United States Postal Service (USPS). We offer the ability for cards to be expedited for an added fee.

Business Day 1	Business Day 2	Business Day 3
Card embossing file sent to card production facility at 11:30 AM Pacific Time.	Cards are produced and prepared for shipment. Regardless of shipment type passed in the embossing file, the cards are readied for shipping on the following day.	Cards are picked up by the appropriate carrier to be shipped.

Customer support

Customer support phone numbers are required to be shown on the back of cards. Productfy can set up a toll-free number on your behalf and work with you to establish and approve procedures for handling customer support.

Disputes and chargebacks

Productfy will handle dispute intake and all of the chargeback processing with card networks. Hours of support are 7:00 am - 7:00 pm Pacific Standard Time. In cases where provisional credit must be granted to cardholder accounts, or when disputes are won or lost with merchants, Productfy will automatically debit or credit customer accounts as needed.

Credit Bureau Reporting

Productfy will report all credit card payment data to the 3 credit bureaus on a monthly basis.

Compliance

Please see our Compliance Guide for more information on compliance considerations for your Secured Credit Card program.

Military Lending Act support

The Military Lending Act dictates that a credit cardholder's active military status must be tracked as they may be eligible for certain protections. We provide an automated service that checks the military status of any credit card applicant.

When the Create Secured Credit Card Account API is called, we will automatically verify if the customer is in the military and update the mlaQualified field in the system. This field is also visible in the Client Portal.

Prerequisites

Before your customers can order secured credit cards and spend with them, the following functions must be implemented:

Create Person - A person must be created on the Productfy system
KYC - All users opening accounts must pass Productfy’s KYC process
Underwriting - All users opening secured credit card accounts must pass Productfy’s underwriting process
Collateral Account and Credit Card Account - credit cards are linked to Credit Card Accounts and Collateral Accounts which must be opened before issuing a virtual or physical credit card to the user
Account Linking - In order to link a 3rd party bank account to then use for ACH transfers, account linking services must be used.
ACH - In order to get money into a virtual collateral account so that it can collateralized the secured credit card limit, ACH must be implemented.

Step 1 - Create credit account product

A one-time setup task is needed to create credit account products for any credit program you offer to customers. A credit account product comprises a group of settings under which you can open credit and collateral accounts for your users. A single secured credit card account product contains the settings and configurations for both the credit account and the collateral account.

Configure the following fields when you create a credit account product, work with Productfy support to ensure these are set correctly:

Credit Card Account Product Name - A reference name for your product set at the card processor. For example: “ABC secured credit card”.
Description - An internal reference for your product set on the Productfy system. The description can be the same as your Card Product name.
Limits - While the credit card limit is dynamic and dependent on the balance of the collateral account, you can specify the maximum and minimum credit limit you would like to offer your customers
Fees - Contains configuration on the credit card account fees including the following fees: Annual Fee, Late Payment Fee, Returned Payment Fee

Step 2 - Create credit card product

A one-time setup task is needed to create card products for any physical or virtual card program you offer to customers. A card product comprises a group of settings under which you can issue individual cards. You must create one card product for each physical or virtual secured credit card product you offer.

Physical Card Products

Configure the following fields when you create a physical card product:

Card Product Name - A reference name for your product set at the card processor. For example: “ABC Physical secured credit card”.
Description - An internal reference for your product set on the Productfy system. The description can be the same as your Card Product name.
Card Package ID - Contains identifiers card production uses to assign the correct card plastic design and card carrier to your cards. Work with Productfy support to ensure this is set correctly.

Virtual Card Products

Configure the following fields when you create a physical card product:

Card Product Name - An reference name for your product (ex. “ABC Physical secured credit card”) set at the card processor.
Description - An internal reference for your product set on the Productfy system (can be the same as your Card Product name)

Step 3 - Account application process

There are 3 aspects to the Secured Credit Card application process you need to handle:

Presenting disclosures and tracking when they are accepted
Tracking when the credit card application process begins (so that incomplete credit applications can be tracked)
Gathering the necessary underwriting information

Present disclosures

Productfy's compliance team will provide you with the necessary disclosures that customers need to accept. You will need to call our Save Disclosures API with information on each disclosure accepted so that Productfy can maintain records of each customer accepting the disclosures. Refer to our compliance guide here for information on how to use this API.

Track credit application start

Regulations require you to notify customers if their credit application was denied due to it being incomplete. Call the Initiate Credit Application API below when the application starts (likely when the customer accepts disclosures). This will save the date/time in Productfy, which we will use to trigger an Incomplete Application webhook to you if 7 days have gone by and the customer has not gotten a secured credit card account. You can use the webhook to trigger your own email notification to the customer notifying them of the application denial.

Gather underwriting information

Productfy's standard underwriting process requires that customer's self-report whether they have an active bankruptcy or not. Your UI will need to present users with the question "Do you have an active bankruptcy proceeding?". The answer should be submitted in the bankruptcy field of the Initiate Credit Application API. When the Create Secured Credit Card Account API is called in the next step, it will deny an account to anyone who has the bankruptcy field set to true.

Step 4 - Open account and card

Use these APIs to open a secured credit card (and its corresponding accounts) for a user who has passed through KYC.

Secured credit cards are linked to Credit Card Accounts and Virtual Collateral Accounts on Productfy. Virtual Collateral Accounts are where a customer’s collateral funds are held to secure their line of credit. Credit Card Accounts are where a customer’s outstanding balances are tracked.

Use the Create Secured Credit Card Account API first to create the credit card account. This API will automatically create the Virtual Collateral Account. Use the Virtual Collateral Account's virtualCollateralAccountId in subsequent API calls to fund the account via ACH. Additionally, this API will automatically verify if the customer is in the military and update the mlaQualified field in the system, to comply with Military Lending Act requirements.

Note - Virtual Collateral Accounts must be funded via ACH to have money on them to extend a credit limit to the user before they can start transacting and making purchases with their secured credit card. See our ACH Implementation Guide for details on how to use ACH Money Movement.

Then, use the Issue Credit Card API to order the card that is associated with the Credit Card Account.

Note - Virtual Collateral Accounts must be funded via ACH to have money on them to extend a credit limit to the user before they can start transacting and making purchases with their secured credit card. See the ACH implementation guide for details on how to use ACH Money Movement.

Step 5 - Fund the Virtual Collateral Account

To have the customer fund the Virtual Collateral Account for the first time, follow the two steps below. NOTE - If you want to pre-fund a customer's account, please review this with your Productfy representative.

Customers must link a third party bank account where the money will be coming from. See the Account Linking guide for more information on how this can be done.
Once an account is linked, you can use the Initiate ACH Transfer API to move money from the linked account to the Virtual Collateral Account. For more information on ACH see our ACH Implementation Guide.

Step 6 - Expose virtual card details

Virtual Cards are digital representations of cards that expose the necessary information to make payments with: the full card number, CVV code and expiration date. You can choose to use this optional feature in addition to or in place of physical plastic cards.

For PCI compliant applications

If your application is PCI compliant, you can use the Payment Card Sensitive Data API to retrieve this information and display it in your app.

For Non-PCI compliance applications

If your application isn't PCI compliant, you can display virtual cards through the Javascript library below. This injects a set of configurable iframes into your HTML showing the cardholder’s card data. The iframes enable you to display a virtual card without handling sensitive card data on your servers. Instead, our card processor Marqeta hosts the data on secure, compliant servers. Here is a sample of what it looks like (Note - you can customize the style and HTML to suit your needs):

virtual card image-new.png

Obtain Virtual Card Access Token

Call the Get Virtual Card Access Token API to retrieve your Virtual Card access token from our card processor. This token is only valid for 5 minutes, and a new token must be requested again upon expiration.

Embed Virtual Card Library into HTML

Boilerplate

Use the following sample code to get started

Boilerplate code

<!doctype html>
<html>
  <head>
    <meta charset="utf-8">
    <title>Marqeta.js Tutorial</title>
  </head>
  <body>
    <div>
      <!-- div elements for displaying and copying PAN, expiration date, and CVV -->
      <div id="card">
        <div id="mq-card-pan"></div>
        <div id="mq-card-exp"></div>
        <div id="mq-card-cvv"></div>
      </div>
      <div style="margin-top: 10px">
        <button id="copy-pan-container" style="position: relative">Copy card number</button>
        <button id="copy-exp-container" style="position: relative">Copy expiration date</button>
        <button id="copy-cvv-container" style="position: relative">Copy CVV</button>
      </div>
    </div>

    <!-- This library URL is for QA. For production,
         use https://widgets.marqeta.com/marqetajs/1.1.0/marqeta.min.js -->
    <script
      src="https://widgets-sandbox.marqeta.com/marqetajs/1.1.0/marqeta.min.js"
      type="text/javascript"></script>
    <script>
    var systemFonts = '-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"';
    marqeta.bootstrap({
      clientAccessToken: '**CLIENT ACCESS TOKEN',
      showPan: {
        cardPan: {
          domId: 'mq-card-pan',
          format: true,
          styles: {
            span: {
              background: 'transparent',
              color: 'white',
              'font-family': systemFonts,
              'font-size': '28px',
              'letter-spacing': '0px',
              'font-weight': 'normal'
            },
            'span:hover': {
              background: 'transparent',
              color: 'white',
              'font-family': systemFonts,
              'font-size': '28px',
              'letter-spacing': '0px',
              'font-weight': 'normal'
            }
          }
        },
        cardExp: {
          domId: 'mq-card-exp',
          format: true,
          styles: {
            span: {
              background: 'transparent',
              color: 'white',
              'font-family': systemFonts,
              'font-size': '18px',
              'letter-spacing': '0px',
              'font-weight': 'normal'
            },
            'span:hover': {
              background: 'transparent',
              color: 'white',
              'font-family': systemFonts,
              'font-size': '18px',
              'letter-spacing': '0px',
              'font-weight': 'normal'
            }
          }
        },
        cardCvv: {
          domId: "mq-card-cvv",
          styles: {
            span: {
              background: 'transparent',
              color: 'white',
              'font-family': systemFonts,
              'font-size': '18px'
            },
            'span:hover': {
              background: 'transparent',
              color: 'white',
              'font-family': systemFonts,
              'font-size': '18px'
            }
          }
        },
        // These relate to the copy buttons, but are optional
        copyCardPan: {
          domId: 'copy-pan-container',
          mode: 'transparent',
          onCopySuccess: () => alert("Copied PAN!"),
          onCopyFailure: error => {
            console.error(error);
          }
        },
        copyCardExp: {
          domId: 'copy-exp-container',
          mode: 'transparent',
          onCopySuccess: () => alert("Copied expiration date!"),
          onCopyFailure: error => {
            console.error(error);
          }
        },
        copyCardCvv: {
          domId: 'copy-cvv-container',
          mode: 'transparent',
          onCopySuccess: () => alert("Copied CVV2!"),
          onCopyFailure: error => {
            console.error(error);
          }
        }
      },
      // Specify callback functions
      callbackEvents: {
        onSuccess: () => {
          console.log("Success!");
        },
        onFailure: error => {
          console.error(error);
        }
      }
    });
    </script>
    <style>
      #card {
        position: relative; background-color: black; border-radius: 10px; width: 430px; height: 253px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
      }
      #card iframe {
        height: 36px;
      }
      #card #mq-card-pan {
        position: absolute; top: 100px; left: 20px;
      }
      #card #mq-card-exp {
        position: absolute; bottom: 20px; left: 20px; height: 36px;
      }
      #card #mq-card-exp::before {
        content: 'Expiration Date'; text-transform: uppercase; font-size: 10px; color: white; display: block;
      }
      #card #mq-card-cvv {
        position: absolute; bottom: 20px; left: 150px; height: 36px;
      }
      #card #mq-card-cvv::before {
        content: 'CVV'; font-size: 10px; color: white; display: block;
      }
    </style>
  </body>
</html>

Insert Client Access Token

In the boilerplate, locate **CLIENT ACCESS TOKEN** and replace it with the value from Step 1.

Update Library URL

In the boilerplate, locate the following, and modify the URL if you are in Production.

<!-- This library URL is for QA. For production,
     use https://widgets.marqeta.com/marqetajs/1.1.0/marqeta.min.js -->
<script
  src="https://widgets-sandbox.marqeta.com/marqetajs/1.1.0/marqeta.min.js"
  type="text/javascript"></script>

Customize Look & Feel Of The Virtual Card

CSS for the account numbers

In the boilerplate, you will notice styles fields in the bootstrap configuration. We have included within the boilerplate all the possible attributes that can be customized. (See reference for customizable attributes: Using Marqeta.js, "The showPan.cardPan and showPan.cardExp objects".)

Copy buttons

In the boilerplate, you will find the following snippets. These enable the user to copy the card numbers into their clipboard, but these are optional. Modify the onCopy handlers to suit your needs.

<div id="copy-pan-container">
  <button>Copy card number</button>
</div>
<div id="copy-exp-container">
  <button>Copy expiration date</button>
</div>
<div id="copy-cvv-container">
  <button>Copy CVV</button>
</div>

copyCardPan: {
  domId: 'copy-pan-container',
  mode: 'transparent',
  onCopySuccess: () => alert("Copied PAN!"),
  onCopyFailure: error => {
    console.error(error);
  }
},
copyCardExp: {
  domId: 'copy-exp-container',
  mode: 'transparent',
  onCopySuccess: () => alert("Copied expiration date!"),
  onCopyFailure: error => {
    console.error(error);
  }
},
copyCardExp: {
  domId: 'copy-cvv-container',
  mode: 'transparent',
  onCopySuccess: () => alert("Copied CVV2!"),
  onCopyFailure: error => {
    console.error(error);
  }
}

Step 7 - Activate card

Cards are mailed out in Inactive status, and virtual cards are inactive by default. Once customers receive the card they must authenticate to your app to activate the card. It is recommended that you require users to validate certain pieces of private information before activating the card.

Note: PINs do not need to be set on credit cards

Step 8 - Make transactions

In non-production environments, Productfy offers a number of APIs to simulate different kinds of card transactions.

Authorization

For a signature based card transaction, an authorization is the initial transaction message that holds funds for the amount of the transaction.

Clearing

For a signature transaction that has been authorized, the clearing message finalizes or settles the transaction with the final transaction amount.

Advice

An advice message will update the amount of an authorization. Commonly used in gas pump scenarios where $100 may be initially authorized, then an advice message is sent for the actual amount of gas pumped.

Refund

A refund occurs when a cardholder requests that the merchant return money from a previous transaction after the clearing process has completed.

Reversal

A reversal occurs when a merchant cancels a transaction after the authorization succeeds but before the clearing process occurs. NOTE - When a reversal transaction is applied, we set both the initial and the reversal transactions to AUDITING display mode, which effectively hides it from view.

Step 9 - Receive webhooks

Webhook events are triggered for card transactions (including declined transactions). This can be valuable for updating your own systems or triggering notifications to your users. Note the decline reason codes in these webhooks are defined by our processor here. Subscribe to the Card Transaction webhook in your subtenant portal. See documentation on this webhook here.

Step 10 - Send incomplete application notifications

Credit card regulations require sending notifications when credit card applications are denied due to being incomplete. We will trigger the Incomplete Credit Application Webhook to you when a credit card application is started (based on the Initiate Credit Application API and no card is issued for 7 days. You will need to trigger an email to customers based on this webhook that lets them know their application has been denied. Work with your Productfy representative for the approved text of this message.

Step 11 - Display transactions

You can display transactions on Virtual Accounts by using our general-purpose Finsight Profile API. Use the PaymentCardTransaction object within the PaymentCard array within the FinancialAccount array. Common fields to display are:

Transaction Date
Merchant
Merchant Category Code
Amount
Rolling Balance

Step 12 - Display Statements

Banking regulations require you to show statements to customers for both their virtual collateral account and secured credit card account. Productfy automatically generates and stores fully compliant PDF statements and triggers a statement webhook when each statement is available for you to send a notification to your customers. Use the API below to retrieve statement data associated with an account, including the URL to access each individual PDF statement. You must specify the accountId. The logic for statement generation is as follows:

If customers enroll between the 2nd and 15th of the month, they get the statement cycle on the 1st of the month
If customers enroll between the 16th and 1st of the month, they get the statement cycle on the 15th of the month

Step 13 - Make Payments

You can use this API to allow your users to pay off their credit card balance from an external linked account or a Virtual Account on Productfy.