Hidden Superpowers in Payments: Controls Enterprises Didn’t Know They Could Have

By
Berkeley Editorial
/
October 30, 2025
/
Fintech Innovation
,
Industry Updates
,

Many enterprises still think about payment tools just as pipes for moving money. 

You load funds, issue physical or virtual cards, payments happen, and reconciliation follows. But that’s an increasingly inaccurate view. Today, payments are also governance engines with the ability to enforce rules, automate oversight, and embed accountability into every transaction.

In this new paradigm, advanced built-in controls - what we may call hidden superpowers - enable enterprises to automate compliance, reduce misuse and fraud, and even create entirely new business models. Tools like merchant category controls, velocity limits, and just-in-time funding let organizations treat payments as more than just passive conduits. 

In this blog, we’ll walk through each of these control mechanisms, show how they work and explain the benefits they provide, especially in sensitive use cases like relief disbursement and restricted-category spending. And we’ll show how Berkeley’s platform is built to deliver these capabilities securely and with full configurability for non-bank enterprises. 

From Static to Smart: The Rise of Configurable Payments 

In the legacy model, payments are static. A card or account is preloaded in advance with a fixed sum and then spending can begin. If there are any controls, they tend to be after-the-fact, in the form of reconciliation and manual audits, rather than part of the payment execution itself.  

That legacy model is changing fast and is being replaced by programmable payment systems that allow for rules to be enforced at the moment of transaction, not only afterward. This shift enables real-time governance, reducing risk and supporting novel use cases. 

There are three main enablers that make this possible:

  • Merchant Category Code (MCC) Controls: Rule engines check the merchant’s category (i.e. groceries, pharmacy, travel, etc.) at the time of the transaction and approve or decline based on pre-set policies.
  • Velocity Limits: Systems monitor the frequency and volume of transactions (i.e. “no more than 5 transactions per hour” or “max $X per day”), and trigger denials or escalations in real time when thresholds are hit. 
  • Just-in-Time (JIT) Funding: Cards or digital wallets sit at zero balance by default, and when a transaction request arrives and is allowed by pre-set rules or policy, the system draws funds from a central pool to cover the transaction instantly. 

These capabilities allow enterprises to operate with fine-grained control built into the payment flow itself. Let’s explore each one in more detail.

Merchant Category Controls: Spend with Purpose

What are MCC Controls?

Merchant Category Codes, or MCCs, are four-digit codes assigned to every merchant by the acquiring bank that reflect what type of goods or services they offer. When a card transaction is initiated, the merchant’s MCC is sent to the issuer which can then compare it against a policy to determine whether to permit or decline that transaction. 

With MCC controls, enterprises can set rules such as:

  • Only allow spending at certain essential categories like groceries, pharmacies, or utilities.
  • Block disallowed categories like gambling, liquor, or luxury goods.
  • Combine with other controls like per-category limits or time-of-day constraints.

Because these checks happen in real-time at authorization, they act as automatic gatekeepers rather than relying on downstream manual review. 

MCC Controls Use Case Examples

  • Business Spending Management: Issue employee cards that can only be used for defined categories such as travel, meals, or lodging. No need for employees to submit expense claims for disallowed categories as they simply can’t spend there at all.
  • Fraud Prevention: Block high-risk merchant categories by default, especially in more vulnerable or sensitive programs.
  • Personal Finance/Consumer Controls: Enable customers to opt into spending limits by category. For example, a parent can limit a teen’s card to groceries only. 
  • Relief & Social Disbursement: In times of crisis, aid or stimulus funds must be used responsibly, and MCC controls ensure that recipients can only use funds at essential merchants rather than for luxuries or unapproved services.

Impact: Accountability, Simplicity, and Trust

By enforcing category rules at the transaction level, enterprises gain:

  • Greater Accountability: Funds are used as intended, not diverted.
  • Reduced Misuse: No need to rely on after-the-fact audits alone.
  • Strong Brand Trust: Stakeholders can be assured that money is being used properly. 
  • Data-Driven Insights: Because every transaction includes the MCC, enterprises obtain structured, rich data on spend behavior by category, enabling segmentation, trend analysis, and policy refinement. 

In sum, MCC controls turn each permissioned transaction into a mini policy enforcement, embedding governance directly into the payments architecture. 

Velocity Limits: Preventing Misuse Before it Happens 

What are Velocity Limits?

Velocity limits (also called velocity checks) restrict how often or how much spending or transferring can occur during a given time window. These are rules like:

  • No more than 5 transactions per hour (per card/account/IP address).
  • Max total spend of $10,000 in a single day.
  • No more than 3 ATM withdrawals in 24 hours.

These rules are enforced by tracking activity over time and comparing to preset thresholds. When a transaction breaches a threshold, it can be blocked, escalated, or flagged for additional verification.

Velocity controls are a staple of fraud prevention, especially as “card testing” attacks often try many small transactions quickly to determine if a card is active. Velocity rules can catch that behavior early. 

How Do Velocity Controls Work in Practice?

  1. Set Thresholds: Rules are set in place with limits on numbers of transactions and/or amount of money spent during specific time periods. 
  2. Track Metrics: The system logs the number of transactions and the amount of money spent for specified dimensions (i.e. card, account, IP address, device, etc.). 
  3. Compare in Real-Time: Each incoming transaction is checked against the preset limits.
  4. Trigger Response: If a threshold is exceeded, the system can:
    • Automatically decline the transaction.
    • Request additional verification (i.e. multi-factor authentication).
    • Escalate to a manual review.
    • Temporarily block further attempts.
  5. Refine Over Time: Feedback from false positives or real incidents is used to fine tune the thresholds.

Velocity rules must be tuned carefully. If thresholds are too tight, you risk blocking legitimate users, but if the rules are too loose then fraud can slip through. 

Benefits of Velocity Limits 

  • Fraud Prevention at Scale: Stop many attacks before they cause significant losses.
  • Fair Fund Distribution: Prevent budget draining via sudden large bursts of disbursements all at once.
  • Real-Time Oversight: Protection is embedded into live operations.
  • Customer Protection: Limits help protect users from account compromise or runaway spending.
  • Customization & Flexibility: Rules can be adjusted temporarily (i.e. during travel) or tiered by user profile. 

In short, velocity limits act like limiting gates that stop misuse before it escalates.

Just-in-Time Funding: Real-Time Governance Meets Efficiency

Just-in-Time (JIT) funding is a situation in which cards or accounts live at zero balance until a valid transaction request arrives. When a transaction comes in, the system applies policy logic in real time and, if the transaction is approved, draws funds from a master funding source to load exactly what’s needed to cover the cost.

Unlike traditional prepaid models where funds are preloaded and then left sitting idle, JIT means that funding happens in the critical moment. 

The Impact of JIT Funding

  • Minimized Float & Fraud Exposure: Funds aren’t sitting idle in end-user accounts where they can easily be misused.
  • Smarter Liquidity Management: Enterprises keep capital centralized until it’s needed, simplifying reconciliation processes.
  • Instant Issuance & Disbursement: Cards can be provisioned instantly without any pre-funding delays.
  • Policy Control: The authorization still runs, taking into account any MCC or velocity rules, so every transaction request is vetted before funds move.

Examples and Use Cases of JIT Funding

  • Relief Disbursement: Governments or nonprofit organizations can issue cards on the fly and provide funding at the exact moment it’s needed.
  • Gig Economy: After a job is finished, a payout transaction triggers real-time funding and transfer after verification.
  • Retail Systems: Cards can be issued for rewards or coupons that will only load when actually redeemed. 

With JIT funding, enterprises can deliver real-time disbursement without the risk or overhead of preloaded balances. 

Why These Controls Matter: Beyond Security to Strategy

In addition to defending against misuse, MCC filtering, velocity limits, and JIT funding all become strategic levers. Here’s how:

Public Accountability & Trust

For public-sector payments, grants or aid programs, every dollar must be traceable. MCC controls guarantee that funds land in eligible categories and velocity rules prevent bulk misuse. Combined, they enforce spending discipline transparently.

Compliance by Design 

Regulatory frameworks like AML and KYC often require proactive controls. Embedding them into transaction logic ensures this compliance is automatic rather than an add-on later.

Innovation Enabler

With programmable controls, enterprises can experiment with new products like spend cards for customers, embedded finance products, and reward disbursements with constraints without exposing themselves to lost capital or misuse. 

In addition, the data generated by these controls - spend distributions, velocity anomalies, and compliance alerts - feed into dashboards and feedback loops that let program managers refine rules in response to real-world behavior. 

The Berkeley Advantage: Control Without Complexity 

It’s time for enterprises to stop thinking of payments as passive plumbing and start treating them as programmable infrastructure. With advanced controls in place from day one, you can offer innovative products, manage risk proactively, and deliver greater accountability to all of your stakeholders. 

Berkeley’s architecture is designed with three core principles that enable trusted programmability:

  1. Real-Time Ledgering: Every transaction is recorded instantly with updates to the ledger.
  2. Immutable Audit Trails: Each ledger entry is cryptographically verifiable and tamper-resistant.
  3. Bank-Controlled Fund Segregation: Each client’s funds live in logically separate compartments, eliminating co-mingling and maintaining clear ownership boundaries.

Together, these ensure trust, accountability, and clarity at every layer of execution. 

Want to see how Berkeley’s configurable control framework can power your next payment product? Reach out and we’ll help you turn payments into strategic infrastructure with built-in trust and transparency.

Send, Spend & Receive With One Exceptional Payments Platform

Find out how Berkeley Payment can add value to your business with white-label prepaid or debit card programs and real-time money movement solutions.

Arrange a quick call with our team to see how we can best help your company

Learn More Now
<< Previous Post
No previous post
Next Post>>
No next post