Card Payment 101: A Guide to P-card, Virtual, and Other Card Types
Feeling overwhelmed by the number of checks you’re writing in payables every month?
Want to start making more invoice payments by card but are too confused by the many ways to pay?
Not sure which way is the safest and most secure way to pay an invoice?
Well, much like the ubiquitous TV infomercial tagline, have we got the solution for you!
This Card Payment 101 Guide guide will teach you how to differentiate between a p-card and a T&E card, plus walk you through the nuances of virtual and single-use cards. You’ll quickly be on your way to a much more efficient payables process.
Note: What you might call a p-card, we might call a ghost card or even a virtual card. As card products have evolved over the years, the terminology to distinguish them has become blurred. It’s these vagaries that prompted us to compile this list. This list and the definitions will continue to change, as technology (i.e., accessibility to APIs from the card networks) has greatly influenced—and will continue to shape—card payment concepts and terms.
This article is meant to serve as a starting point for a conversation about payments.
A quick primer
Let’s take a step back—way back to the year 1950. That’s when the first recognizable credit card appeared on the market. Diners Club (acquired by Discover Financial Services in 2008) was the first card to offer universal acceptance at participating restaurants. This universality made it the go-to choice for corporate T&E charges.
Fast forward a few years to 1958, that’s when American Express entered the market to compete with Diners. That same year, Visa (then BankAmericard) entered the market as well. Mastercard (then Master Charge) would join the fray by 1966, giving enterprises everywhere even more choice in funding executives’ travel.
Barring the occasional name change and corporate acquisition, you may not think a lot has happened with cards since then. Much of the real innovation, however, has happened behind the scenes.
P-card (aka procurement card, corporate card, or ghost card)
Specifics vary from organization to organization, but a p-card (also referred to as a ghost card or corporate card by some) is typically used for department-specific purchases. Employees may have their own physical card (similar to a T&E card), or a department head may be responsible for the card. A p-card may also exist virtually, as just an abstract card number.
In either case, the p-card is associated with one master credit card. This means that multiple p-cards, each with a unique 16-digit number, can be created from one master account.
Since all transactions are automatically reported (recall they're all derivatives from one master card), managers gain full visibility into every purchase made. Compare this to an employee's expense card that requires he or she submit a card statement along with receipts for reimbursement.
A T&E (travel and expense) card is a physical card an employee uses to make purchases.
Typically, purchases made on a T&E card are categorized differently than department purchases. Commonly charged items on a T&E card include: personal and client meals, hotel rooms, along with airfare and other incidental expenses.
Note, however, that T&E fraud is a concern for organizations. One recent figure pegs the median instance of expense fraud at $26,000. Aside from implementing strict usage guidelines, managers can also limit T&E transactions to specific MCC (merchant control code) types, allowing cards to only be used for travel or restaurants but not retail stores.
Recently, the card paradigm has been pushed to include invoice payment within AP. Virtual, single-use, and on-demand cards are intangible concepts. The additional security measures built in into cards (e.g., single-use, virtual card numbers, MCC-qualified, etc.), aid with fraud prevention and increased internal controls.
A virtual card can be likened to a p-card in that there’s an original master credit card. Unlike a p-card, virtual cards exist—well, virtually. A virtual card only exists in its 16-digit form and it can be created with a click of a mouse. This means that a virtual card can be created for individual employees—or even recipients such as vendors or suppliers, as is typically the case in accounts payable.
Implementing virtual card numbers on a per-supplier basis makes verifying and reconciling account charges easy. Conversely, this also reduces fraud. By discontinuing (or shutting off) a virtual card number for unused suppliers, that virtual card number can no longer be used for any charge.
Single-use cards take the concept of the virtual card to its logical conclusion—creating a card number that can only be used once. Once processed, the single-use card is deactivated. That same card number can never be used again.
The criteria for a card’s single-use functionality can be specified at any level. Typically, however, this is set at a dollar amount but could be set at MCC level as well (that could be useful for departments with hard limits on air travel). Single-use card numbers provide the highest level of security to accounts payable for supplier payments.
On-demand card and the future
Imagine: instead of confirming and verifying every transaction, a department could create a set of rules that would only let specific transactions flow through. Those rules could be based on a dollar amount, merchant—or supplier—name, MCC, or any combination thereof. What if a card number could be generated on the fly only if all those rules are met?
That’s the promise of the on-demand card, or tokenized transactions.
On-demand cards combine the benefits of p-cards, virtual cards, and single-use cards—abstraction and security—and elevates it to the next frontier, an ultra-secure “card number” that exists for only a brief moment in time that’s validated against scores of criteria the account holder specifies.
And that’s just one use case for what fintechs have been able to achieve by utilizing Mastercard’s Incontrol APIs. Other’s include the ability to identify authentic users from potential fraudsters (NuDetect), the ability to manage how, when, and where cards get used (Spend Controls), and yes, a service to tokenize card numbers for increased payment security (MDES).
In this sense, fintechs have become the streaming service to TV’s rabbit-ear antenna. What’s in store for the future of card payments? Be sure to stay tuned.