Citibank Charge Card Program: Features & Benefits
Card Security Controls and Restrictions
Citi’s flexible card solutions give Program Administrators many options for controlling card use according to an organization’s business requirements. Citi commercial card program controls include:
|Company level restrictions||Entities should assign a dollar limit and certain Merchant Category Code (MCC) restrictions at the company level.|
|Cardholder level restrictions||Entities should assign various restrictions and credit limits on an individual account basis.|
|Department level restrictions||Entities may group employees and assign them similar spending limits.|
|MCC/SIC restrictions||This is in addition to the State’s standard blocked MCC lists. Entities can assign dollar limits by MCC or SIC categories and can include or exclude groups of MCC or SIC codes in the individual cardholder profile by contacting your designated Client Account Service Manager via phone, e-mail, or fax. Citi can provide entities with additional recommendations and a list of codes that are frequently blocked for travel programs.|
|Dollar limits||Entities should establish monthly spending limits, dollar/currency transaction limits, and account spending limits on an individual account basis.|
|Transaction volume limits||Entities should set daily, weekly and/or monthly transaction volume limits by card.|
|Velocity transaction limits||Entities may set a velocity transaction limit which determines the maximum number of transactions (authorizations) allowable within a defined timeframe (e.g., day, week, month).|
Controlled Access to Program Data
Citi’s online reporting systems allow for hierarchy levels. Within the hierarchy, each entity can include security parameters that will limit Program Administrators’ access to their individual level of hierarchy, or allow access all levels of the hierarchy.
Our online tools can manage user entitlements within a hierarchy structure that allows access to only that hierarchy node or below. We also can manage reporting access at the field level by disallowing fields such as Full Account Number or other personally identifiable information.