Card & account controls
|
|
| ID |
MOD-078 |
| System |
SD08 |
| Repo |
bank-app |
| Build status |
Not started |
| Deployed |
No |
Card and account controls is the self-service panel for customers who need to act on their account immediately — freeze a lost card, tighten a spending limit before a trip, generate a virtual card for a one-off online purchase, or refresh their KYC documents. All actions in this module route to backend enforcement modules (MOD-021 for card controls, MOD-010 for KYC) and take effect in real time without any contact centre involvement.
The card freeze control is the most time-critical feature in the module: a customer who suspects their card is lost or compromised can freeze it in a single tap from the home screen shortcut or from the card detail screen. The freeze is applied to the payment authorisation engine within seconds, blocking all new card-present and card-not-present transactions while leaving existing direct debits unaffected. Unfreeze is equally immediate. A card replacement request flows directly from the freeze confirmation screen.
Spending limits allow the customer to set category-level controls (e.g. gambling blocked, contactless capped at NZD 200 per transaction) and an overall daily limit below the system maximum. Virtual card generation produces a unique 16-digit number usable for online purchases, reducing exposure of the physical card number. The KYC refresh flow guides the customer through re-submitting identity documents and completing a liveness check when a periodic review is due, replacing the legacy model of sending documents by post or visiting a branch.
Module dependencies
Depends on
| Module |
Title |
Required? |
Contract |
Reason |
| MOD-021 |
Payment limit & velocity controller |
Required |
— |
Spending limit and card freeze changes are applied in real time by the payment limit controller. |
| MOD-068 |
Authentication & session management |
Required |
— |
Card and account control changes require an authenticated customer session for security attribution. |
| MOD-104 |
AWS shared infrastructure bootstrap |
Required |
— |
AWS shared infrastructure provisioned by MOD-104 (EventBridge buses, S3, KMS, Kinesis, Cognito) is required before this module can be deployed. |
| MOD-103 |
Neon database platform bootstrap |
Required |
— |
Neon database and schema provisioned by MOD-103 must exist before this module can read or write Postgres. |
Required by
| Module |
Title |
As |
Contract |
| MOD-123 |
ATM network integration |
Hard dependency |
— |
| MOD-124 |
Physical card issuance and bureau integration |
Optional enhancement |
— |
Policies satisfied
| Policy |
Title |
Mode |
How |
| PAY-005 |
Payment Fraud Prevention Policy |
GATE |
Card freeze executed immediately from the app removes a compromised card from the fraud attack surface without delay — no call centre required. |
| CON-001 |
Customer Fairness & Conduct Policy |
AUTO |
Spending limits and card controls are set and visible to the customer in the app — changes take effect in real time with immediate confirmation. |
Capabilities satisfied
| Capability |
Title |
Mode |
How |
| CAP-015 |
Spending limits & card controls |
GATE |
Provides the UI for setting per-category and total spending limits, routing confirmed changes to MOD-021 for real-time enforcement. |
| CAP-016 |
Instant card freeze / unfreeze |
AUTO |
Presents a single-tap freeze and unfreeze control; the instruction is sent to the payment limit controller in real time and confirmed to the customer within seconds. |
| CAP-017 |
Virtual card numbers for online purchases |
AUTO |
Allows the customer to generate a virtual card number for online purchases, with options for single-use or merchant-locked configuration. |
| CAP-066 |
Self-service KYC refresh |
AUTO |
Guides the customer through the KYC refresh flow — document re-upload and liveness check — routing the completed submission to MOD-010 for re-tier assignment. |
Part of SD08 — Customer App & Back Office Platform
Compiled 2026-05-22 from source/entities/modules/MOD-078.yaml