# Overview The Business Control platform by Verestro enables digital card issuing and expense management for modern companies. By adapting to the changing needs of the current small, medium companies and big corporations and business customers digital, Business Controls enables companies to create and deliver instantly a temporary business Mastercard card to employee, simplify invoice collections and settlements of expenses. If you are a bank or fintech you can offer a new product for your business customers and increase revenues. The platform consists of web portal and mobile application or SDK. The simplest white label solution can be delivered in 3 months from start of the project. ### Purpose and scope This product guide provides a high-level overview of Business Control. This document covers the following topics: • description of possible configurations, • granting access, • description of main processes as: login, reset password, cards import, redemption of card, • additional and optional functionalities. ### Terminology This section explains a number of key terms used in this document.
**Name** | **Description** |
Operator/portal user | The user working using web portal. |
End-user/mobile user | A corporate employee who received a card and uses a mobile app. |
Payment history | It’s possible that transaction history will be stored on Verestro wallet server for infinite time (this setting can be specified during onboarding with Mastercard). If these options are enabled, MPA can retrieve transaction history for given card and payment instrument ID. Transactions are returned in corresponding parts for better user experience. Particular transaction may appear on the list with delay – depending on integrated external components. |
Session token | Access to the system by a application user is secured using a session token to uniquely associate the session with the user. It is required to perform any action. |
sFPANs (Subordinate Funding Pan) | Valid card numbers supplied by the Issuer. All payment messages will be delivered to the Issuer with this card number in Data Element 02. |
Funding Card Alias | A name given to the ultimate funding account to which payments will flow. This name is assigned by the Issuer and should be recognisable to the Corporate who owns the account. E.g. “JoeCorp HR USDollar”. |
CSV | Comma Separated Values. |
Digital Tokens | This is the surrogate card number that is inserted into the NFC chip in the Mobile phone. For tap payments, this is the number shared with the Point of sale device. On all message flows; it is mapped by Mastercard to its parent sFPAN. The Issuer will then map the sFPAN to the Funding Account. |
Virtual Card | This is the optional card number for eCommerce payments - number entered at the eCommerce checkout page. On all message flows; it is mapped by Mastercard to its parent sFPAN. The Issuer will then map the sFPAN to the Funding Account. |
Approval | In the context of Business Control, this is the assignment of a specific card for a certain period of time to a defined user. |
Reapproval | By reapproval is meant the process of changing the data of a specific card assignment. Limits or date range can be changed. |
Mobile reapproval | The process of changing a specific assignment initiated by the end user - which means through the use of a mobile application. |
Group limit | This limit determines the maximum amount with which anyone in the group can assign a card to a user and the maximum amount on a card that can be accepted in a given group if an assignment confirmation request comes in from a group with a lower limit. |
**Functionality** | **Description** | **Default time on beta environment** | **Default time on production environment** |
Operator session time. | Session after successful login to the panel. | 60 minutes | 15 minutes |
Session reminder popup. | Time after which a popup appears asking to extend or end the session. | 55 minutes | 10 minutes |
Mobile session time. | Session after successful login to the beta mobile application. | 15 minutes | 15 minutes |
SMS lock time. | Determines the time after sms count will be erased and sms resend will be available. | 24h | 24h |
Reset password OTP. | Validity of OTP during password reset process. | 900s | 900s |
**Functionality** | **Description** | **Default start time** |
Expiring outdated approvals. | The time when cards whose assignment has expired are removed from enduser. | Every full hour |
Generating transaction reports. | Time when mechanism of generating reports for pending reports is starting. | Every 15th minute |
**Functionality** | **Description** |
Mobile password length. | 8-250 chars. |
Portal password length. | 8-30 chars. |
Password (both mobile & portal) requirements . | upper-case letter, lower-case letter, special character and digit. |
**Functionality** | **Administrator** | **Manager** | **User** |
Add new corporate operator (administrator, manager, user). | Yes | X | X |
Create new group. | Yes | Yes | X |
View all groups. | Yes | Yes | X |
View own group and groups below. | Yes | Yes | Yes |
View group details, view groups members, reset password group members. | Yes | Yes | Yes |
View, lock/unlock, remove from the EndUser, assigned cards from own and group below. | Yes | Yes | Yes |
Assign cards. | Yes | Yes | Yes |
View approvals history from own group or group below. | Yes | Yes | Yes |
View awaiting card assignment from group below. | Yes | Yes | Yes |
Accept/decline approval from group below. | Yes | Yes | Yes |
Edit existing approval from own group. | Yes | Yes | Yes |
View all assigned cards and approvals. | Yes | Yes | X |
View assigned cards and approvals for own group and groups below. | Yes | Yes | Yes |
**Process** | **Topic** | **Details** | **Comment** |
Invitation to the system | Set password to administration panel | Hello! You are receiving this e-mail because an account was created for you, and you need to set a new password. <button to set password> Regards, <corporation> | Standard email sent when portal operator added new operator. |
Login process | Login code | Hello! Your login code: <code> Regards, <corporation> | Standard AP email sent when portal operator entered correct email and password. |
Reset password | Reset password to administration panel | Hello! You are receiving this mail because someone initialized password reset for your account. If it was not you, you can ignore this mail. <button to reset password> Regards, <corporation> | Standard Admin Panel email sent when portal operator uses "reset password" button on login page. In Business Control also send when portal operator uses "reset password" action on staff member row. |
**Process** | **E-mail name** | **Topic** | **Details** | **Comment** |
Approval | **BC\_OPERATOR\_PENDING\_APPROVAL** | Request approval | Hello! There is a pending request for a card with a limit greater than allowed in requestor's administration panel group. Please log in for more detailed information. Regards, <corporation> | Email sent to higher group operator when someone from group below wants to assign card with the limit exceeded group limit. |
Approval | **BC\_OPERATOR\_APPROVAL\_ACCEPTED** | Approval accepted | Hello! Your request to send card to <email> has been approved. You can check the details in the Administration panel. Regards, <corporation> | Email sent to requestor when someone from group higher (who is able to accept this kind of limit) accepted the approval. |
Approval | **BC\_OPERATOR\_APPROVAL\_CANCELLED** | Approval cancelled | Hello! Your request to send card to <email> has been cancelled. You can check the details in the Administration panel. Regards, <corporation> | Email sent to requestor when someone from group cancelled the approval. |
Approval | **BC\_OPERATOR\_APPROVAL\_REJECTED** | Approval rejected | Hello! Your request to send card to <email> has been rejected. You can check the details in the Administration panel. Regards, <corporation> | Email sent to requestor when someone from group higher (who is able to accept this kind of limit) rejected the approval. |
Approval | **BC\_OPERATOR\_APPROVAL\_CARD\_CHANGED** | Approval card changed | Hello! Card changed on your request to send card to <email>. You can check the details in the Administration panel.” Regards, <corporation> | Sent in the rare case when card have to be changed to meet the requirements (original card has expiration date earlier than approval end date). |
Mobile reapproval | **BC\_OPERATOR\_PENDING\_MOBILE\_APPROVAL** | Request to change limits from mobile | Hello! There is a pending request to change card limits from mobile application for a card <last4digits>. Please log in for more detailed information. Regards, <corporation> | Email sent to requestor when mobile end-user sent request for changing the limit. |
**Process** | **E-mail name** | **Topic** | **Details** | **Comment** |
Card received | **BC\_USER\_PENDING\_CARD** | A payment card has been assigned to you. | Hello! To se the card, you must have the <corporation> Wallet application installed and an account created. Using this code in the application, you can assign the card to your account - <activationCode>. After this action you will be able to use all features of the application and make payments. Regards, <corporation> | Email sent to end-user every time when new card has been assigned. |
Card adding | **BC\_USER\_NEW\_CARD** | A new card has been added to your account. | Hello! You are receiving this mail because a card provided by <corporation> has been added to you account. Through the <corporation>Wallet application you can monitor your available balance and completed transaction on an ongoing basis. Regards, <corporation> | Email sent to end-user when card has been properly added to the account. |
Card expiring | **BC\_USER\_CARD\_EXPIRING** | The temporary card issued to you by <corporation> is no longer valid. | Hello! The temporary card issued to you by <corporation> is no longer available for use. The card <last4digits> has been removed from your account. You do not need to take any action, this email is for awareness only. Regards, <corporation> | Email sent to end-user when assigned card is no longer valid (cancelled, locked, removed or just expired). |
Card locked | **BC\_USER\_CARD\_LOCKED** | Your card has been locked. | Your card <last4digits> issued by <corporation> has been blocked. Regards, <corporation> | Email sent to end-user when assigned card is locked. |
New T&C | **BC\_USER\_PENDING\_TERMS\_AND\_CONDITIONS** | New terms and conditions. | Hello! There are pending Terms and Conditions for acceptance. To keep receiving cards from Issuer, please log in and accept pending Terms and Conditions. Regards, <corporation> | Email sent to end-user when Issuer updated the T&C and an end-user action is required to obtain a new card. This email is send only when a new card is assigned. Even if Issuer changed T&C before and no card has been assigned the email shouldn't be send. |
**Process** | **Topic** | **Details** | **Comment** |
Card redemption | New card. | A card has been assigned to your account. Check the budget details in the app. | Push notification sent to end-user when a new card has been assigned to logged account. |
Mobile approval | Mobile request to change limits reviewed and accepted. | Your request to change card limits has been reviewed and accepted. Details are available on alerts screen within mobile application. | Push notification sent to end-user when a mobile request to change limits has been reviewed to operator from original group and group higher. Basically send when double-check on portal has been made. This case is only possible when the requested limit exceeded the original group limit. |
Mobile approval | Mobile request to change limits rejected. | Your request to change the assigned card limits has been rejected. Details are available on alerts screen within mobile application. | Push notification sent to end-user when a mobile request to change limits has been rejected. |
Mobile approval | Mobile request to change limits accepted. | Your request to change the assigned card limits has been accepted. Details are available on alerts screen within mobile application. | Push notification sent to end-user when a mobile request to change limits has been accepted. |
Transcation | Transaction declined. | Card ending <last4digits>; Purchase of <currency&amount> was attempted at <merchant> and declined per your settings. | Push notification sent to end-user when a transaction has been declined during processing. |
**Case** | **Description** | **Result** |
1 – green path | User from PO Junior group wants to assign card with limit 200 to enduser. | It is possible without additional confirmation. |
2 – yellow path (direct group above) | User from PO Junior group wants to assign card with limit 300 to enduser. It is possible with additional confirmation from higher group (group with Approval limit higher or equal to 300). | Approval goes to PO group after the creation to get the confirmation. |
3 - yellow path (another group above) | User from PO Junior group wants to assign card with limit 600 to enduser. It is possible with additional confirmation from higher group (group with Approval limit higher or equal to 600). | Approval goes to group which could accept the limit (higher the PO group). |
4 – red path (no group to handle) | User from PO Junior group wants to assign card with limit 1600 to enduser. It is possible with additional confirmation from higher group (group with Approval limit higher or equal to 1600). In the group structure there’s no group with possibility to handle this limit. | Card assignment has been declined. |
**Status** | **Description** |
CREATED | When an Approval is created with a limit higher than the group of the person creating it but lower than the group limit above. |
ACCEPTED | When an Approval is created with a lower limit than the creator's group OR accepted by a higher group. **It changes to DELIVERED status after registration is complete and card is redeemed by end-user.** |
CANCELED | When an Approval with status CREATED, ACCEPTED or PREPARED is cancelled by the anyone from creator group. |
REJECTED | When an Approval with status CREATED is rejected by the group above. |
EXPIRED | When an Approval with the status CREATED is not accepted/rejected or status is ACCEPTED but the card has not been redeemed by end-user within the given Approval time (until the end of the ValidTo date). |
PREPARED | When approval has been ACCEPTED, redeemed by the end-user and is waiting for the start of the Approval. |
DELIVERED | When an Approval is accepted and CARD REDEMPTION is created, the process of issuing the card to the end user is triggered. |
FINISHED | When an Approval with status DELIVERED exceeds the end date of assignment. |
REAPPROVED | When a reapproval is created for a given Approval that is in Accepted/Delivered status. |
LOCKED | This is a status of a **card (not an approval)** but we display it on the diagram below to show that Delivered is the only state of a approval on which we have action to lock and unlock card. |
**Status** | **Description** |
Verified/Active | This means that the card has been correctly added to the system and can be used by assigning it to an end user. |
Locked | This status indicates that the card has been manually blocked by the portal operator. There is no automated process in the system that results in the status changing to locked. |
**Status** | **Description** |
Authorized | Transaction has been authorized by the Issuer. |
Declined | Transaction has been declined by the Issuer. |
Cleared | Transaction has been cleared by the Issuer. |
Reversed | Transaction has been reversed by the Issuer. |