Skip to main content
There are five policy types, in two families: restrictions that block transactions by what or where, and limits that cap by how much or how often. Every policy carries a type, a scope, a name, and a config whose shape depends on the type. All amounts are in USD.

Restrictions

Restrictions block a transaction based on the single transaction in front of them. They hold no running state.

Merchant restriction

type: MERCHANT_RESTRICTION. Blocks transactions whose merchant matches the criteria. The match works on one dimension at a time: Block a set of merchant categories (here, gambling and dating):
Block transactions in specific countries:
The merchant MCC and country are visible on every transaction under merchant, so you can confirm what a given transaction would match against.
For a full list of Merchant Category Codes, see page 24 of the Visa Merchant Data Standards Manual.

Channel restriction

type: CHANNEL_RESTRICTION. Blocks transactions on the listed channels. A transaction is blocked if its channel is in the list. Disable ATM withdrawals on a card:

Limits

Limits cap value. The per-transaction cap looks only at the current transaction; the spend and count limits track usage over a calendar window.

Transaction amount limit

type: TRANSACTION_AMOUNT_LIMIT. Rejects any single transaction above maxAmount. Has no window.

Spend limit

type: SPEND_LIMIT. Caps cumulative spend over a calendar window at maxAmount. A transaction is rejected if it would push spend in the current window past the cap.

Transaction count limit

type: AUTHORIZATION_COUNT_LIMIT. Caps the number of transactions over a calendar window at maxCount.

Windows

Spend and count limits track usage over a calendar window. The window is fixed when the policy is created; to change the period, create a new policy. Windows are calendar-based in UTC. A daily limit resets at 00:00 UTC, not on a rolling 24-hour basis. When a window rolls over, usage starts fresh automatically.

How usage is counted

Spend and count limits track usage as transactions are authorized. Usage mostly only goes up, but a few later events adjust it.
  • Approved transactions add to usage: a spend limit by the authorized amount, a count limit by one.
  • Declined transactions never count.
  • Reversals release usage. When the network reverses an authorization before it settles, a full reversal frees both the amount and the transaction from the window. A partial reversal frees only the reversed amount, and the transaction still counts toward a count limit because it did occur.
  • Expired or voided authorizations that never settle are released the same way as a full reversal.
  • Refunds do not restore usage. A refund is a separate credit that can arrive days or weeks later, so it does not add headroom back to the window. Spending $1,000 and later receiving a $1,000 refund still leaves only the original headroom for that window.
Usage reflects the amount authorized. If a transaction later settles for more than was authorized (a restaurant tip or a fuel pump hold, for example), the limit was already evaluated at authorization and the difference is not re-checked.

Common use cases

Each policy type maps to real controls you can ship. The examples below are grouped by who the control serves: the cardholder configuring their own card, and the program enforcing rules across cardholders. Every payload is a complete POST /policies body.

Cardholder-driven controls

Controls a cardholder sets on their own card, usually exposed through your app. These attach at the CARD scope.

Program-driven controls

Rules you enforce across the program or per cardholder, independent of what the cardholder sets. Restrictions can attach at the PROJECT scope to cover every card; spend and count limits attach per cardholder (USER) or per card (CARD). For capping one slice of spend on its own (such as ATM cash), see restricting a limit to certain transactions.

Next

  • Scopes: where each of these attaches and how overlapping policies resolve.