# In Control for Commercial Payments
source: https://developer.mastercard.com/iccp/documentation/index.md

In Control for Commercial Payments (ICCP) streamlines business transactions using configurable spending controls and enhanced data.

## Overview {#overview}

ICCP allows you to create and manage virtual card numbers (VCNs) that offer a flexible, simple, and secure way to pay, while capturing the data you need to reconcile payments later.

#### Unique card number for every transaction {#unique-card-number-for-every-transaction}

A new account number is generated for each transaction and used only once, which gives each purchase its own unique identifier

#### Set transaction level controls {#set-transaction-level-controls}

Transaction-level authorization lets you define how, where, and when cards are used

#### Get enhanced data {#get-enhanced-data}

Information important to each individual payment is included in each transaction

#### Automated reconciliation {#automated-reconciliation}

VCN data is available for reconciliation reporting

#### Workflow control {#workflow-control}

Approval routing for transactions follows the existing approval process - can also be used as a key tool to reinvent your requisition-to-pay process

### Requesting a Virtual Card Number {#requesting-a-virtual-card-number}

To create a VCN using ICCP you submit a purchase request. The purchase request captures important details about the request, including real card details, supplier details,
and the controls that constrain the card usage.

### Adding Invoice Details {#adding-invoice-details}

ICCP allows you to attach invoice details to a purchase request. For each virtual card, you can include up to 5000 invoice details. The invoice details are included in the email that is sent to the supplier.

### Requesting Reports {#requesting-reports}

You can generate reports of the authorization and clearing activities that occur on a VCN and use these reports to reconcile payments and find discrepancies.

## How It Works {#how-it-works}

### Initial Setup {#initial-setup}

To use the ICCP API to issue and manage virtual cards, you must be one of the following:

* An issuer of Mastercard commercial credit cards
* A corporate customer of such an issuer
* A payment agent acting on behalf of the issuer or its corporate customers

When you enroll for ICCP, you set up real card numbers that will be used to fund the virtual cards that you create and templates that will determine their characteristics.
You also set up details for the suppliers that you will pay using VCNs.
You can then use the ICCP API to create and report on VCNs, and you can make payments with those VCNs as you would with any credit card in a 'card not present' transaction.

### Using the ICCP API {#using-the-iccp-api}

The sequence diagram shows how the client interacts with the ICCP API to create a VCN, deliver it to the supplier and obtain a report on the VCN usage.  

For simplicity, the issuer and acquirer involvement are not shown. Their participation is the same as in a standard card transaction.
Diagram green-path

In more detail, the flow is as follows:

1. Using the ICCP API, create a VCN by submitting a purchase request, specifying the real card that funds the VCN, the controls to apply, and the supplier to be paid.
2. ICCP responds with the details of the VCN.
3. ICCP passes the details of the VCN to the Mastercard network so that it will be recognised when presented for payment.
4. Use the API to add details of the invoices that you will be paying with this VCN.
5. ICCP responds to confirm that the details have been updated.
6. ICCP optionally sends the VCN and invoice details to the supplier via secure email. You may alternatively provide the VCN details to the supplier via other means.
7. The supplier uses the VCN details to request payment via its acquiring bank. The supplier never sees the details of the real card that funds the transaction.
8. Mastercard processes the payment authorization request by:

* Checking that the payment is within the bounds of the controls that you set (and declining the transaction if the controls are breached)
* Adding the real card details to the authorization request and sending the authorization request to the card issuer for approval
* Once the issuer responds, removing the real card details and sending the issuer response to the acquirer, who passes it back to the supplier

9. ICCP obtains the payment authorization details from the Mastercard network in order to report on transaction details.
10. Using the ICCP API, request a VCN authorizations report for the VCN that you used to make the payment.
11. ICCP responds with a report of the authorization transactions for the VCN. Once the transaction clears, you can obtain a report of cleared transactions in the same manner.

Note: Payment Card Industry Data Security Standards (PCI DSS) may apply for ICCP integrations. PCI Compliance Standards can be found [here](https://www.pcisecuritystandards.org/pci_security/).

## Next Steps {#next-steps}

Refer to the [Use Cases](https://developer.mastercard.com/iccp/documentation/03_use-cases/index.md) and [API Reference](https://developer.mastercard.com/iccp/documentation/05_api_reference/index.md) to learn more about the ICCP API.