Stripe Issue Cards: Complete Guide to Card Issuing APIs

Introduction: Programmatic Payment Cards for Modern Business

Stripe's card issuing capabilities enable businesses to create, manage, and distribute payment cards programmatically. This powerful API transforms how organizations handle employee expenses, vendor payments, and customer spending programs. By issuing cards through Stripe, companies gain granular control over spending, real-time visibility into transactions, and seamless integration with existing financial infrastructure. The platform supports both virtual cards--digital-first cards with no physical form--and physical cards that can be shipped to cardholders. This comprehensive guide explores the technical implementation of Stripe's card issuing API, covering everything from basic card creation to advanced spending controls and best practices for production deployments.

The card issuing API integrates directly with Stripe's broader payment infrastructure, allowing cards to be used wherever Visa or Mastercard is accepted. This means businesses can leverage existing payment networks while maintaining complete programmatic control over card issuance and management. Whether you're building an expense management solution, a marketplace with vendor payments, or a consumer spending platform, Stripe's issuing capabilities provide the foundation for sophisticated payment card programs. For handling the authorization and capture flow of card transactions, our guide on Stripe Payment Intents provides complementary coverage of the transaction lifecycle.

Understanding Stripe's Card Issuing Architecture

Core Components of the Issuing System

Stripe's card issuing system comprises several interconnected components that work together to enable programmatic card management. At the center of this architecture is the Issuing Card resource, which represents an individual payment card with its unique attributes, spending controls, and lifecycle state. Each card is linked to a Cardholder entity, which can represent either an individual person or a business entity authorized to use the card. The cardholder resource stores essential information including identity verification details, spending limits, and authorization rules.

The Physical Card and Virtual Card resources work together to provide flexible issuance options. Virtual cards are created instantly and can be used for online or digital wallet transactions immediately after creation. Physical cards are manufactured and shipped to cardholders, with the system tracking production status, shipping details, and delivery confirmation. Both card types share common characteristics such as card numbers, expiration dates, and security codes, but differ in their physical manifestation and use cases.

Spending controls form another critical component, allowing businesses to define precise rules for how issued cards can be used. These controls include spending limits (both single-transaction and aggregate), merchant category restrictions, geographic limitations, and velocity controls that prevent rapid successive transactions. The API provides granular control at the card level, enabling different spending rules for different cardholders or use cases within the same organization.

How Card Issuing Integrates with Stripe Connect

For platforms and marketplaces, Stripe's card issuing integrates seamlessly with Stripe Connect, enabling you to issue cards to your connected accounts. This integration is particularly powerful for platforms that need to provide spending capabilities to their users while maintaining control and visibility. When issuing cards through Connect, the platform serves as the controlling entity while the connected account acts as the cardholder, creating a clear separation of responsibilities and liabilities.

The integration supports both standard and Express connected accounts, with each account type offering different levels of control and autonomy. Platforms can choose to retain full control over card issuance and management, or delegate certain capabilities to their connected accounts. Webhooks keep all parties informed of card events, from creation to authorization to dispute, ensuring every stakeholder has accurate, real-time information about card activity.

This architecture enables sophisticated use cases such as marketplace vendor payments, where platforms can issue cards to vendors that draw from the platform's Stripe balance but provide detailed transaction records. Similarly, expense management platforms can issue cards to their end users while maintaining visibility into all spending across their customer base. Understanding how issued card transactions settle through Stripe Charges is essential for building complete financial workflows.

Creating and Managing Cards via API

Cardholder Creation and Verification

Before issuing any cards, you must create and verify cardholders through Stripe's API. The cardholder resource stores the identity information required for regulatory compliance, including the cardholder's name, email address, and billing address. For individual cardholders, you must also collect and verify their date of birth and the last four digits of their Social Security Number or equivalent national identification. Business cardholders require company details and information about authorized representatives.

The verification process is built into the cardholder creation flow, with Stripe performing necessary compliance checks automatically. This includes sanctions screening, identity verification, and PEP (Politically Exposed Person) checks. The API returns the verification status, allowing you to make informed decisions about which cardholders to approve for card issuance. Failed verifications include detailed reasons, enabling you to communicate specific issues to affected cardholders or request additional documentation.

Ongoing cardholder management includes the ability to update information as circumstances change, archive cardholders who no longer need cards, and retrieve detailed histories of all cards and transactions associated with a particular cardholder. These management capabilities ensure that your card program remains accurate and compliant as your organization evolves.

Card Creation Workflow

Creating a card through Stripe's API is a straightforward process that begins with specifying the cardholder, currency, and type (virtual or physical). For virtual cards, the response includes the card details immediately, including the card number, expiration date, and CVV. These details should be transmitted securely to the cardholder, as Stripe does not store the full CVV after initial creation. Physical cards require additional parameters including card design preferences and shipping address, with the response providing tracking information once the card enters production.

The API supports extensive customization of card attributes, including spending controls that can be defined at creation time or modified subsequently. You can set individual transaction limits, daily spending caps, monthly limits, and restrictions on merchant categories or specific merchants. These controls provide the granular spending governance that makes card issuing valuable for business applications.

Card creation also supports attaching custom metadata, allowing you to store application-specific information directly on the card resource. This metadata can include department codes, cost center references, employee IDs, or any other identifiers that your application requires. The metadata is included in all API responses and webhook events related to the card, ensuring consistent access to this information throughout the card lifecycle.

Virtual Cards: Digital-First Payment Solutions

Understanding Virtual Card Characteristics

Virtual cards represent a paradigm shift in payment card technology, offering all the functionality of traditional payment cards without the physical form factor. These digital-first cards exist only in electronic form, with card details stored securely in digital wallets or payment applications. The absence of a physical card eliminates manufacturing and shipping delays, enabling instant card creation and immediate usability for online purchases, subscription payments, and digital wallet transactions.

From a technical perspective, virtual cards function identically to physical cards at the point of sale. They carry the same Visa or Mastercard network designations, participate in the same authorization and settlement networks, and are subject to the same security protocols. This compatibility ensures that virtual cards can be used wherever traditional cards are accepted, whether at e-commerce checkout pages, in mobile payment applications, or for recurring billing arrangements.

The security characteristics of virtual cards can actually exceed those of physical cards. Because virtual cards exist only in digital form, they cannot be lost or stolen in the traditional sense. Many virtual card implementations support dynamic card numbers that change periodically or after each use, providing additional protection against carding attacks. Some implementations even allow virtual cards to be locked or destroyed instantly through API calls, providing rapid response capabilities in case of suspected fraud.

Business Use Cases for Virtual Cards

Virtual cards excel in scenarios requiring rapid issuance, dynamic spending controls, or enhanced security for digital transactions. Expense management platforms leverage virtual cards to provide employees with immediate spending capabilities, eliminating the delays associated with physical card distribution. Employees can receive virtual card details via their mobile application and begin making approved purchases within minutes of card assignment.

Procurement and B2B payments represent another compelling use case, where virtual cards can be issued for specific purchases with precisely controlled spending limits. A company issuing a virtual card for a supplier payment can set the amount exactly to the invoice value, restrict the card to that specific merchant, and set an expiration date shortly after the expected payment date. This precision dramatically reduces the risk of unauthorized or duplicate payments while maintaining the convenience and reconciliation benefits of card-based payments.

Subscription management and SaaS procurement benefit from virtual cards' ability to control recurring charges. Organizations can issue virtual cards for software subscriptions, set monthly spending limits that match the subscription cost, and immediately revoke the card if the subscription is cancelled or renewed at an unexpected price. This control prevents unexpected charges and simplifies the process of transitioning between subscription services. For organizations managing recurring billing at scale, integrating card issuing with Stripe Billing creates powerful subscription management workflows.

Implementation Considerations for Virtual Cards

When implementing virtual card solutions, several technical considerations warrant attention. Card detail delivery represents the first challenge, as virtual card numbers must be transmitted securely to cardholders while remaining easily accessible when needed. Mobile applications provide the most secure and convenient delivery mechanism, with encrypted storage and biometric authentication protecting card details. Web-based delivery through secure portals offers similar protection but may be less convenient for mobile-first users.

Digital wallet integration enables virtual cards to participate in Apple Pay, Google Pay, and similar platforms, extending their usability to in-store NFC transactions. This integration requires additional configuration and may involve provisioning processes specific to each wallet platform. The benefits, however, include access to the large and growing segment of consumers who prefer digital wallet payments over traditional card entry.

Security monitoring for virtual cards should account for their digital-native characteristics. While virtual cards cannot be physically stolen, their card numbers remain vulnerable to the same data breaches and fraud attempts that affect physical cards. Implementing robust fraud detection, setting conservative spending limits, and maintaining active monitoring of transaction patterns helps protect against unauthorized use.

Stripe Prepaid Cards: Controlled Spending Instruments

Prepaid Card Fundamentals

Stripe's prepaid card functionality enables organizations to issue cards funded by pre-loaded monetary values rather than traditional credit or debit arrangements. Prepaid cards provide a controlled spending mechanism where the available balance is limited to funds that have been loaded onto the card, eliminating the risk of overspending and simplifying expense budgeting. This model is particularly valuable for organizations seeking to implement controlled spending programs without the complexity of credit underwriting.

The prepaid model aligns spending power directly with available funds, making it ideal for scenarios such as per-diem allowances, project budgets, or employee benefits that should not exceed predetermined amounts. When the loaded balance is exhausted, transactions are declined, preventing unauthorized overspending. This built-in limit serves as both a financial control and a simplification of the reconciliation process, as every transaction is necessarily covered by pre-loaded funds.

Prepaid cards through Stripe can be loaded programmatically using the API, enabling automated funding based on business logic. A time and expense system might load daily per-diems each morning, while a project management tool could load project budgets when new projects are initiated. This programmability transforms prepaid cards from static instruments into dynamic spending tools that respond to business events and workflows.

Loading and Managing Card Balances

Balance management for prepaid cards centers on the funding mechanism and tracking of available funds. Stripe's API provides endpoints for retrieving card balances, loading funds onto cards, and transferring remaining balances back to the organization when cards are no longer needed or when project budgets are completed. These operations can be performed manually through the dashboard or automated through API integrations.

The loading process debits funds from the organization's Stripe balance and credits them to the specified card, making the funds immediately available for transaction authorization. This near-instantaneous loading enables real-time funding scenarios where card balances can be adjusted based on changing business needs. The API supports loading multiple currencies onto cards, accommodating international spending scenarios and reducing the complexity of multi-currency expense management.

Balance tracking maintains accurate records of available funds, loaded amounts, and transaction history. Each transaction reduces the available balance, while authorizations that don't result in captures may temporarily hold funds until the final transaction amount is determined. The API provides balance snapshots and transaction histories that support reconciliation processes and regulatory compliance requirements.

Compliance Considerations for Prepaid Cards

Prepaid card programs are subject to regulatory frameworks that vary by jurisdiction and card type. In the United States, prepaid cards are regulated under the CARD Act and associated regulations, with specific requirements for fee disclosure, balance protection, and error resolution. European prepaid cards fall under PSD2 and national implementations, with additional requirements for strong customer authentication and transaction monitoring.

Stripe handles many compliance requirements automatically, including required disclosures and consumer protection provisions. However, implementing parties remain responsible for ensuring their specific use cases comply with applicable regulations. This includes maintaining appropriate records, providing required notices to cardholders, and implementing any additional controls mandated by regulatory frameworks.

Program design should account for compliance requirements from the outset, as retroactively adding controls to meet regulatory requirements can be significantly more complex than building compliant processes initially. Working with legal and compliance experts familiar with prepaid card regulations helps ensure that programs meet all applicable requirements while delivering the intended business value.

Best Practices for Card Issuing Integration

Security Considerations

Security in card issuing implementations encompasses multiple dimensions, from API credential management to card data handling to fraud prevention. API keys should be stored securely, never committed to version control, and rotated regularly. Use restricted keys with minimum necessary permissions for card issuing operations, and implement proper access controls to limit which systems and users can create or modify cards.

Card data handling must comply with PCI DSS requirements, which are simplified when using Stripe's hosted card details. Avoid storing full card numbers whenever possible, using Stripe's tokenization or relying on card IDs for subsequent operations. When card details must be transmitted, use secure channels and encrypt sensitive data in transit and at rest.

Fraud prevention requires a multi-layered approach combining Stripe's built-in protections with application-specific controls. Leverage spending limits, merchant restrictions, and velocity controls to limit exposure from any single card. Implement anomaly detection for unusual spending patterns, geographic inconsistencies, or transaction characteristics that deviate from established norms. Respond quickly to suspected fraud by suspending cards and investigating potential compromises.

Performance Optimization

Card issuing operations should be designed for the performance requirements of your use case. Card creation is typically fast for virtual cards, but consider caching cardholder information to avoid repeated lookups when creating multiple cards. Batch card creation operations when issuing cards in bulk, using the API's support for multiple creations in a single request where available.

For applications requiring real-time card access, ensure your implementation can deliver card details quickly after creation. This may involve optimizing your internal data flows, using webhook handlers to update local systems promptly, and designing card delivery mechanisms that minimize latency between creation and availability.

Transaction processing performance depends on proper handling of authorizations and captures. Authorizations hold funds temporarily and should be captured promptly with the final transaction amount. Implement automatic capture workflows for known transaction types, and establish processes for handling authorization expiration or cancellation.

Monitoring and Observability

Comprehensive monitoring provides visibility into card program health and enables rapid response to issues. Track key metrics including card creation rates, active card counts, authorization volumes, decline rates, and transaction values. Segment metrics by card type, cardholder segment, or other meaningful dimensions to identify patterns and anomalies.

Logging should capture sufficient detail for debugging while protecting sensitive information. Log card IDs (not card numbers), timestamps, amounts, and status indicators. Avoid logging personal information beyond what is necessary for operations, and implement log retention policies that meet your compliance requirements.

Alerting thresholds should be calibrated to your normal operating patterns, with escalation procedures for critical issues. Consider alerts for unusual authorization volumes, elevated decline rates, API error rate spikes, and webhook delivery failures. Establish on-call procedures for responding to alerts, with clear ownership of card issuing system reliability.

Advanced Features and Capabilities

Custom Card Designs and Branding

Physical cards can be customized with custom designs that reflect your organization's brand. Stripe supports white-label card programs with custom card art, embossed names, and specialized packaging. This branding capability reinforces brand identity while maintaining the functionality of standard payment cards. Design specifications and artwork requirements are documented in Stripe's card manufacturing guidelines.

Virtual cards can also incorporate branding elements, though their digital nature changes the presentation approach. Digital wallet passes and card management interfaces can incorporate brand elements, creating a consistent visual experience across all touchpoints. Consider how card designs will appear in different contexts--digital wallets, mobile apps, statements--and ensure branding remains effective across all presentations.

Integration with Expense Management Systems

Card issuing integrates naturally with expense management workflows, where transaction data feeds into expense reporting, categorization, and reimbursement processes. Stripe provides transaction data through API responses and webhooks, enabling automatic expense creation in external systems. The metadata capabilities of card issuing allow you to tag transactions with project codes, cost centers, or other organizational identifiers that flow through to expense reports.

Receipt collection can be triggered by transactions, with webhook events prompting users to upload receipts for specific purchases. This automation reduces manual data entry while ensuring that expenses are properly documented. Some implementations integrate receipt scanning services that extract line-item details from uploaded receipts, further automating the expense reporting process.

Multi-Currency and International Considerations

Stripe's card issuing supports multiple currencies, enabling cards to be denominated in the currency appropriate for the cardholder's location or spending needs. Currency selection affects settlement, FX rates applied to transactions, and reporting formats. Consider how multi-currency capabilities align with your organization's expense management and reporting requirements.

International use introduces additional considerations including currency conversion, cross-border transaction fees, and regulatory compliance in different jurisdictions. Stripe handles many of these complexities automatically, but implementing parties should understand the implications for their specific use cases. Transaction monitoring for international patterns may require different thresholds and rules than domestic-only spending.

When building global card programs, you may also want to explore Stripe Payment Intents for handling authorization and capture workflows across different payment scenarios, and Stripe Charges for understanding how card transactions settle and reconcile with your overall payment infrastructure.

Sources

1. Stripe Issuing Documentation - Official API reference and implementation guide
2. Stripe Card Issuing APIs 101 - Business use cases and implementation overview