# InControlRule Spend Controls source: https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md An InControlRule spend control rule can include each of the following elements: | Control | Description | |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------| | [transactionLimit-control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#transaction-limit-control) | Number of transactions | | [Geography-control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#geographic-location-control) | Countries | | [velocity-control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#velocity-control-attributes) | Velocities | | [validityPeriod-control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#validityperiod-control-attributes) | Validity Period | | [amountRange-control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#amountrange-control-attributes) | Amount Ranges | | [acceptorIdControl](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#acceptorid-control) | Card Acceptor IDs | | [ageingVelocity-control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#ageingvelocity-control-attributes) | Ageing Velocities | | [curfew-control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#curfew-control-attributes) | Curfews | | [MCC-control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#merchantcategorycodes-control) | Card Acceptor Business Codes | | [timeOfDay-control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#timeofday-control-attributes) | Time Of Day | | [MerchantNameControl](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#merchantname-control) | List of merchant names | | [TransactionEnvironmentControl](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#transactionenvironment-control) | Environment where the transaction takes place | | [DataElementControl](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#dataelement-control) | Data Element (DE) codes | | [MerchantAmountControl](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#merchantamount-control) | List of merchant currency codes | The valid values for inControl rule actions are `APPROVE` and `DECLINE`. ## Transaction limit control {#transaction-limit-control} The transactionLimits control limits a transaction authorization to a maximum amount. The transaction limit will be in the real card's billing currency. ### transactionLimit-control Attributes {#transactionlimit-control-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |---------------|--------------|----------|------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `amount` | Y | Numeric | --- | The limit that will apply to each transaction. | | `Negate` | Y | boolean | * `true` * `false` (default) | When set to `true`, the logic of the control is reversed. For example, if transactionLimit is set to 1000 and `Negate` is `false`, all authorization requests up to 1000 will be approved. If `Negate` is set to `true`, only authorization requests of more than 1000 will be approved. | ## Geographic location control {#geographic-location-control} The Geography-control sets a control for locations where a card is used. The location used in the Geography-control is determined by the merchant location where the authorization takes place. The country codes set for the control are compared to the merchant location. ### Geography-control Attributes {#geography-control-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |----------------|--------------|----------|------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `countryCodes` | Y | String | --- | Country codes. | | `Negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. For example, if geography-control is set to Ireland and `Negate` is `false`, only transactions within Ireland will be approved. If `Negate` is `true`, all transactions from Ireland will be declined, and transactions outside of Ireland will be approved. | ## Velocities control {#velocities-control} The velocity-control can limit the frequency, and the cumulative amount of authorizations performed on the card account within a specified time period. The velocity-control checks that either the number of authorizations, the cumulative totals, or both are within the limits set for the specified time period. Note: The *CumulativeLimit* is the total amount that authorizations can accumulate to during the time period. The *frequency* is the number of times the card can be authorized during the time period. For more details, see [period values](https://developer.mastercard.com/business-payment-controls/documentation/codes-and-formats/index.md#spend-control-period-values) for controls.
### velocity-control attributes {#velocity-control-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |--------------------|-----------------------------------------------|----------------------------------------------------------------|----------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `maxTrans` | N/A | Numeric | Either `CumulativeLimit` or `MaxTrans` is needed, minimum: 1 maximum: 999999999. | `MaxTrans` is the number of authorizations that can occur on the card. Can be used with or separately from `CumulativeLimit`. Setting this value to 0 allows unlimited transaction amounts. The `CumulativeLimit` and `maxTrans` can be different. | | `cumulativeLimit` | N/A | Numeric | Either `CumulativeLimit` or `MaxTrans` is needed, minimum: 1 maximum: 999999999. | Cumulative amount limit on transactions within the period. Setting this value to 0 allows unlimited transaction amounts. An available balance is not calculated in this case. Can be used with or separately from `MaxTrans`. The `CumulativeLimit` and `MaxTrans` can be different. | | `period` | Y | Time Period | MinLength: 5 MaxLength: 10. | Valid values are *DAILY* , *WEEKLY* , *QUARTERLY* , *CONTINUOUS* , *MONTHLY* , and *YEARLY* . The period to which the authorizations apply. Limits will be reset when the period expires. Period types must be unique in a purchase request. See [period values](https://developer.mastercard.com/business-payment-controls/documentation/codes-and-formats/index.md#spend-control-period-values) for controls. | | `availableBalance` | N | Numeric | Request: Not applicable. | The cumulative spend available for the velocity control for the specified period. | | `currencyType` | N | Alpha | --- | If the value is not specified, the default is *BASE* . The currency type sets authorization controls in the currency of the merchant (*MERCHANT* ) or the billing currency of the real card (*BASE* ). The Merchant Amount control requires a transaction to be in the Merchant Currency. *BASE* : Sets all authorization controls in the billing currency of the real card. *MERCHANT*: Sets the Merchant Amount control. | | `currencyCode` | Required when currencyType is set to MERCHANT | ISO three-digit currency code. | --- | If `currencyType` on a control is set to *BASE* , the `currencyCode` is ignored. If currencyType on a control is set to *MERCHANT* , the `currencyCode` must be set. | | `endDate` | N | ISO Date Time with Offset format `yyyy-MM-dd'T'HH:mm:ss.SSXXX` | --- | End date for the period. It is only present in a response when a period has an `endDate`. It is forbidden in a request. | | `Negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. | ## Validity periods control {#validity-periods-control} The validityPeriods control limits authorization activity to a defined period. ### validityPeriod-control attributes {#validityperiod-control-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |----------------------|--------------|-----------------------------------------------------------------|-------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `from` | Y | ISO Date Time with Offset format `yyyy-MM-dd'T'HH:mm:ss.SSXXX`. | Validated against the current date. | The start date from which the control is valid. Validity period begins on this date at time 00:00:00. | | `to` | Y | ISO Date Time with Offset format `yyyy-MM-dd'T'HH:mm:ss.SSXXX`. | Validated against the current date. | The end date of the control's validity. Validity period ends on this date at time 23:59:59.999. | | `StrictPreAuthCheck` | boolean | * `true` * `false` (default) | | Set to `true` and a PreAuth occurs: Business Payment Controls will decline the transaction. Set to `false` and a PreAuth occurs: Business Payment Controls will accept the transaction and treats it as PreAuth. | | `Negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. If `false`, authorizations are valid during the period. If `true`, authorizations are valid outside the period. | ## Amount ranges control {#amount-ranges-control} The amountRanges control will only approve a transaction if the requested amount is equal or greater than the `minAmount`, and less than or equal to `maxAmount`. This control checks amounts exactly, it does not use any tolerance settings. Use the amount range control in combination with the [velocities control](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#velocities-control) to create rules that allow only a single transaction in the specified amount range. ### amountRange-control attributes {#amountrange-control-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |----------------|-------------------------------------------------|----------|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `minAmount` | Y | Numeric | --- | Minimum allowed amount (inclusive). Minimum: 0 Maximum: 999999999 | | `maxAmount` | Y | --- | --- | Maximum allowed amount (inclusive). Minimum: 0 Maximum: 999999999 | | `currencyType` | Y | Alpha | `Base`, `Merchant` | If `currencyType` is not set, the default currency type is the billing currency. *BASE* sets the currency type on purchase requests to the billing currency. *MERCHANT* sets the currency type on purchase requests to the merchant currency. | | `currencyCode` | Required when currencyType is set to *MERCHANT* | Numeric | ISO currency code | ISO currency three-digit code, Conditional on `currencyType`. If `currencyType` on a control is set to *BASE* , `currencyCode` is ignored. If `currencyType` on a control is set to *MERCHANT* , a `currencyCode` must be set. | | `Negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. For example, if setting the Amount Range as 100-500, and `Negate` is false, only transactions within this range are approved. If `Negate` is true, transactions within this range are declined and transactions outside of this range are approved. | ## acceptorID control {#acceptorid-control} The acceptorID control provides the ability to limit authorizations to particular card acceptors. **acceptor-Control attributes** | Attribute | Required | Type | Validation | Comment | |--------------|----------|---------|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `acceptorId` | Y | string | ---------------- | Merchant ID | | `acquirerId` | Y | string | ---------------- | Acquirer ID | | `negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. If `true`, payments for the listed acceptorID or acquirerIDs are not authorized. If `false`, payments for the listed acceptorID or acquirerIDs are authorized. | ## Ageing velocities control {#ageing-velocities-control} The ageingVelocity-control sets a credit line with the `cumulativeLimit` attribute. This control tracks the current remaining available credit and approves a transaction only if the requested amount is less than or equal to the remaining available credit. When this control is created, the available credit is set to the value of the cumulative limit. ### ageingVelocity-control attributes {#ageingvelocity-control-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |-------------------------|--------------|---------------|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `authorizationHoldDays` | Y | Numeric | --- | Number of authorization hold days on the virtual account before the control drops the hold. Resets after midnight on the hold expiry date in the time zone specified for the control. For example, an authorization processed on January 1st at 11:00 a.m. CST on a virtual card with the control set in UTC and a hold of two days resets at 00:00:01 UTC on January 4th. * `authorizationHoldDays` of 0 means that authorizations age off at midnight at the end of the day when they happened. * `authorizationHoldDays` of 1 means that they age off at midnight at the end of the next day. | | `cumulativeLimit` | Y | Numeric | True, False | Cumulative amount limit on transactions within the period. Setting this value to 0 allows unlimited transaction amounts. An available balance is not calculated in this case. | | `timeZone` | Y | Alpha numeric | --- | For a list of all supported time zones, deprecations, and DST, see [time zone values](https://developer.mastercard.com/business-payment-controls/documentation/codes-and-formats/index.md#validityperiod-control-attributes). | | `availableCredit` | N | --- | --- | Available credit balance. minimum: 0 maximum: 999999999. | | `CurrencyType` | N | Alpha | --- | In requests, if `currencyType` is set to *B* , `currencyCode` is not required and is ignored if provided. If `currencyType` is set to *M* , `currencyCode` is required. In responses, `currencyCode` is returned if the `currencyType` is set to *M*. | | `CurrencyCode` | N/A | Numeric | --- | Three-digit code. If `currencyType` on a control is set to *B* , the `currencyCode` is ignored. If `currencyType` on a control is set to *M* , the `currencyCode` is required in requests and returned in responses. | | `negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. | ## Curfew control {#curfew-control} The curfew-Control allows you to limit authorization activity on a card to a certain time period during set days. You can also set the time zone for this control. ### curfew-control attributes {#curfew-control-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |---------------|--------------|----------|------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `daysOfWeek` | Y | Numeric | --- | Valid values are *SUNDAY* , *MONDAY* , *TUESDAY* , *WEDNESDAY* , *THURSDAY* , *FRIDAY* , and *SATURDAY*. | | `fromTime` | Y | string | HH:MM | The start time from which authorizations will be allowed. | | `toTime` | Y | string | HH:MM | The end time at which authorizations will be disallowed. | | `timeZone` | N | string | --- | Time zone. | | `negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. For example, if setting a curfew-control of 9:00am to 5:00pm and `negate` is `false`, only transactions within this time period will be approved. If `negate` is `true`, transactions within this time period will be declined and only transactions outside this time period will be approved. | ## Time of day control {#time-of-day-control} The timeOfDay-control provides the ability to limit authorization activity to defined time periods for each day. You can also set the time zone for this control. ### timeOfDay-control attributes {#timeofday-control-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |---------------|--------------|----------|------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `times` | Y | array | Minimum: 1 Maximum: 7 | See [timeOfDay](https://developer.mastercard.com/business-payment-controls/documentation/use-cases/spend-controls/incontrol-spend-controls/index.md#timeofday-entry-attributes) entry attributes. | | `timeZone` | Y | Numeric | Alpha | Time zone of `fromTime` and `toTime`. The default is GMT. The time zone registered for the RCN is ignored. For a list of all supported time zones, deprecations, and DST, see [time zone values](https://developer.mastercard.com/business-payment-controls/documentation/codes-and-formats/index.md#date-and-time-formats). | | `negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. For example, if setting the control as GMT timeZone and `Negate` is `false`, only transactions in the GMT timeZone will be approved. If `Negate` is `true`, all transactions within the GMT timeZone will be declined and transactions for all other timeZones will be approved. | ### timeOfDay entry attributes {#timeofday-entry-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |---------------|--------------|----------|----------------|----------------------------------------------------------------------------------------------------------| | `Days` | Y | Alpha | | Valid values are *SUNDAY* , *MONDAY* , *TUESDAY* , *WEDNESDAY* , *THURSDAY* , *FRIDAY* , and *SATURDAY*. | | `fromTime` | Y | Alpha | HH:MM | The start time of the control. | | `toTime` | Y | Alpha | HH:MM | The end time of the control. | ## merchantCategoryCodes control {#merchantcategorycodes-control} The Merchant Category Codes (MCC) control can control the Merchant category codes for which a card is used. For full details on how the codes populate, refer to the *Quick Reference Booklet for MCC codes* on Mastercard Connectâ„¢. ### merchantCategoryCodes attributes {#merchantcategorycodes-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |---------------|--------------|----------|----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `MCCS` | Y | array | List of Merchant Category Codes. | | | `negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. If `true`, payments for the listed MCCs are not authorized. If `false`, payments for the listed MCCs are authorized. | ## MerchantName control {#merchantname-control} The merchant name control allows you to limit authorizations to particular merchants by using the merchant's name. ### MerchantNameControl attributes {#merchantnamecontrol-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |-----------------|--------------|----------|------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `merchantNames` | Y | array | Y | The card acceptor name as defined in field DE43 of the authorisation message. | | `negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. If `true`, payments for the listed merchant names are not authorized. If `false`, payments for the listed merchant names are authorized. | ## TransactionEnvironment control {#transactionenvironment-control} The transaction environment control allows you to limit authorizations to particular environments. ### TransactionEnvironmentControl attributes {#transactionenvironmentcontrol-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |--------------------|--------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `environmentCodes` | Y | -ATM (Automated Teller Machine) -ECOM (eCommerce) -MOTO (Mail Order Telephone Order where neither card nor cardholder are present) -PAYPASS (Contactless payment application) -POS (Transaction where cardholder and card both present within a retail environment) -PWCB (Purchase with Cash Back) | Y | List of environment codes. | | `negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. If `true`, payments for the listed environments are not authorized. If `false`, payments for the listed environments are authorized. | ## DataElement control {#dataelement-control} The data element control is used to evaluate certain data elements which provide information about the characteristics of card transactions. ### DataElementControl attributes {#dataelementcontrol-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |---------------|--------------|---------------------------------------------------------------|------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `DataElement` | Y | PROCESSING_CODE PAN_ENTRY_CODE POS_TERM_CAPABILITY_INDICATOR. | Y | Is used to evaluate certain data elements which provide information about the characteristics of card transactions. | | `values` | Y | array | Y | For processing codes, refer to the Mastercard Data Element Specification Document. For PROCESSING_CODE refer to field 3.1. For PAN_ENTRY_MODE refer to field 22.1. For POS_TERM_CAPABILITY_INDICATOR refer to field 61.11. | | `negate` | Y | boolean | * `true` * `false` (default) | When set to `true` the logic of the control is reversed. If `true`, payments for the data elements are not authorized. If `false`, payments for the data elements are authorized. | ## MerchantAmount control {#merchantamount-control} The merchant amount control allows you to limit authorizations for particular currencies at the value set. ### MerchantAmountControl attributes {#merchantamountcontrol-attributes} | **Attribute** | **Required** | **Type** | **Validation** | **Comment** | |----------------|--------------|----------|------------------------------------|---------------------------------------------------------------------------------------------------| | `negate` | Y | boolean | * `true` * `false` (default) | If negation is applied. | | `value` | Y | Numeric | minimum: 0 maximum: 99999999999999 | The limit will apply per transaction for the currency code specified. | | `currencyCode` | Y | Numeric | ISO currency code | Mastercard supports the International Organization for Standardization (ISO) 4217 currency codes. |