When most finance teams issue corporate cards, the setup is simple: set a credit limit, hand out the cards, and hope people spend sensibly. Receipts come in later, expenses get reconciled, and you catch policy breaches after the fact.
For many companies, that’s just the way it’s always been. But this approach is reactive, and doesn’t provide true control.
The truth is, modern corporate cards come with far more control than most companies use. They’re not surveillance controls, either, they’re the kind that protect both the business and the employee from costly mistakes before they happen.
The default setup (and why it's not enough)
In most companies, finance picks a card provider, sets a company-wide credit limit or assigns basic limits per cardholder, and that's it. Employees get their cards, and spending begins. You review expenses afterward, flag anything unusual, and move on.
This approach treats corporate cards as a convenience tool, not a control mechanism. And for a while, that's fine. But when someone books a last-minute flight at three times the usual price, or an intern accidentally uses their company card at a bar, or a subscription renews on a card nobody remembers issuing, finance teams start to lose control.
The problem isn't the people. It's that the controls that could have prevented these situations were never configured in the first place.
Merchant category controls
Every transaction runs through a Merchant Category Code (MCC) — a four-digit code that identifies what type of business processed the payment. Hotels are 7011. Airlines are 4511. Bars and nightclubs are 5813.
Corporate cards can be restricted to specific merchant categories. You can allow hotel and airline spend but block gambling, cash withdrawals, or entertainment venues. You can permit restaurant charges but cap them below a certain threshold. These restrictions apply at the point of sale so the transaction just declines if it doesn't fit the rules.
Most companies never touch these settings. The controls exist, but finance teams either don't know they're available or assume they're too complicated to configure. In reality, setting MCC restrictions takes minutes and immediately removes a category of risk.
When a card physically can't be used at certain merchant types, employees don't have to second-guess whether something's in policy. The card just works where it should and doesn't work where it shouldn't.
Per-cardholder spending limits
A junior employee who travels twice a year has very different spending needs than a senior exec who's on the road every week. Yet many companies issue cards with uniform limits that are either too restrictive for frequent travellers or too permissive for occasional users.
Modern card programs let you set individual limits per cardholder. These aren't just credit limits; they can include daily, weekly, or monthly transaction caps. You can also set per-transaction maximums, so a card might be approved for purchases up to £500 but require additional authorization for anything above that.
This kind of granularity means you're not managing by exception — you're managing by design. The controls protect both the company and the cardholder, because nobody's put in the position of either being blocked from legitimate spend or having more access than they need.
Virtual cards: the underused control for specific purposes
A virtual card is a temporary card number issued for a specific purpose — a SaaS subscription, a one-off supplier payment, or a particular trip. It has a set spending limit and an expiry date. Once the transaction is complete or the card expires, the number is no longer valid.
This is especially useful for recurring software subscriptions. Instead of putting them on a physical card that gets handed from person to person as people leave the company, you issue a virtual card tied to that subscription. If you need to cancel, you just deactivate the card. No chasing down the accounting team to figure out which card is being charged.
Virtual cards also work well for project-based spend. If you're running a one-off event or a specific client project, you can issue a card with a fixed budget for that purpose. Once the project wraps, the card expires..
The reason virtual cards are underused isn't complexity, it's awareness. Most companies simply don't know this functionality exists on their card program.
Real-time transaction alerts: not just for fraud
When a transaction happens, you can get an instant notification — both to the cardholder and to finance. This isn't just useful for catching fraud. It's a live feed of what's being spent and where.
Real-time alerts are particularly helpful for policy reminders. If someone spends in a category that requires a receipt or justification, the alert prompts them to upload it immediately rather than weeks later when they've forgotten the details.
For finance teams, real-time alerts provide visibility without having to constantly check dashboards. You're not policing transactions, you're just aware of them as they happen. And in cases where something does look unusual, you can flag it in the moment rather than discovering it during month-end reconciliation.
Pre-approval workflows for large transactions
Some card programs allow you to set a pre-approval threshold. Anything under the limit goes through automatically. Anything above it triggers an approval request before the transaction is authorised.
This isn't necessary for every business, but it's useful when you want tighter controls on high-value spend. It's particularly effective for industries with strict budget oversight or for companies managing spend across multiple entities where large, unplanned expenses create issues downstream.
The key is that the approval happens before the money moves, not after. That's the difference between a control and an audit.
Why most companies don't use these card controls
If the controls exist, why aren't more businesses using them?
There are three main reasons: configuration overhead, lack of awareness, and legacy systems.
In many set-ups, configuration overhead is a real pain point. Setting MCC restrictions, per-cardholder limits, and alert rules takes time upfront. And if your card provider's admin interface is clunky, it's easy to decide it's not worth the effort.
Lack of awareness is probably the bigger issue. Many finance teams genuinely don't know these features are available. They signed up for cards years ago, got the basics working, and never revisited the configuration. The controls are sitting there, unused, because nobody told them to look.
And then there are legacy card programs that simply don't offer these features. If your card provider can't do merchant restrictions or virtual cards, you can't use controls that don't exist. That's a sign it might be time to evaluate whether your card program is keeping up with what modern tools can do.
Getting the most from your card program
If you're not using merchant category restrictions, per-cardholder limits, or virtual cards, you're leaving control tools on the table. With the right corporate card program the setup takes a few hours and the ongoing benefit is continuous.
And once configured, these controls run automatically. You're not policing people but designing a system where the right spend happens easily and the wrong spend just doesn't go through.
That's what control should feel like. Not a restriction on what employees can do, but a protective mechanism that keeps spending under control and your employees on the right side of the rules.
Control spend, without being controlling
Perk’s corporate cards come with granular controls built in including merchant category restrictions, virtual cards for specific purposes, real-time transaction alerts, and per-cardholder spending limits. All of it integrates with your expense policy, so the rules you set in Perk apply automatically to card spend.
There’s no manual configuration, no separate admin panels, just intelligent controls that protect your company without slowing your people down.
:format(webp))
:format(webp))
:format(webp))
:format(webp))