From VisionPlus to CaaS API Calls: What Makes a Real Card Issuing System Complex?

I. Opening: Observations from an Industry Veteran

When I joined First Data in 2015, I had the opportunity to work deeply with VisionPlus, a card issuing system that processes hundreds of millions of cards globally. That experience fundamentally reshaped my understanding of card issuing—I thought I knew payments well, but the complexity and sophistication of VisionPlus far exceeded my expectations.

Today, when I see Web3 entrepreneurs calling a few CaaS APIs, building a frontend interface, and believing they have a "card issuing system," I know a fundamental gap in understanding needs to be addressed.

This isn't about technical superiority—it's about a sense of responsibility from 30+ years of deep industry involvement. I've seen too many talented teams burn through millions of dollars and over a year of time before having to start over, simply because they underestimated the complexity of card-issuing systems.

Today, I want to share, from the perspective of an industry veteran, what truly makes card issuing systems complex.

More importantly, I want to address a fatal misconception: "We're only issuing tens of thousands of cards, so we don't need such a complex system."

This mindset is the root cause of failure for 90% of Web3 card-issuing projects.

II. A Brief History of VisionPlus: What Is a Real Card Issuing System?

Before discussing CaaS and modern card issuing technology, let's first understand VisionPlus—possibly the world's most widely deployed card issuing system.

The Evolution of VisionPlus

• 1996 - Paysys International develops VisionPlus

• 2001 - First Data acquires Paysys

• 2019 - First Data acquired by Fiserv, VisionPlus continues to evolve

• Present - Serves hundreds of banks globally, with over 600 million cards issued to date

This isn't just a "system"—it's a platform ecosystem. Through nearly 30 years of continuous evolution, VisionPlus has become the infrastructure of the card issuing industry.

What Exactly Is VisionPlus?

Many people think VisionPlus is just software, but in reality, it's a complete card business operating system:

• ✓ Supports all card types: Credit, debit, prepaid, commercial cards

• ✓ Supports all major brands: Visa, Mastercard, AmEx, JCB, private label

• ✓ Covers complete lifecycle: Application → Issuance → Authorization → Clearing → Settlement → Disputes → Closure

• ✓ 15+ deeply integrated core modules

• ✓ Nightly batch processing updates all accounts

• ✓ Millisecond-level real-time authorization decisions

• ✓ Complete regulatory reporting framework

Key Understanding

VisionPlus wasn't designed for "issuing cards"—it was designed for operating a sustainable card-issuing business.

This is the fundamental difference.

Issuing cards is just the first step. The real challenges are:

• How do you manage the daily operations of millions of accounts?

• How do you process authorization, clearing, and settlement for millions of transactions daily?

• How do you handle thousands of disputes and chargebacks?

• How do you generate accurate statements and regulatory reports?

• How do you provide excellent customer experience while maintaining compliance?

These are the real problems VisionPlus solves.

III. Core Module Comparison: VisionPlus vs CaaS vs Self-Built Frontend

Let's use a detailed comparison table to see the fundamental differences between the three types of "card issuing systems."

Functional Module Comparison Table

Coverage Summary

• VisionPlus: 15 integrated modules = 100% coverage

• CaaS Platform: ~3 core functions = ~20% coverage

• Self-Built Frontend: UI layer = ~5% coverage

What Does This Table Tell Us?

This comparison reveals a harsh truth:

VisionPlus Provides a Complete "Card Business Operating System."

• 15 deeply integrated modules

• Covers the complete lifecycle from application to closure

• Each module is an independent complex subsystem

• All modules are deeply integrated through real-time data sharing

CaaS Provides "Authorization APIs."

• Core functionality is authorization only

• May cover 15-20% of VisionPlus capabilities

• The other 80% of functions depend on upstream "black boxes"

• You cannot control or optimize these functions

Self-Built Frontend Provides "User Interface"

• Just a UI layer that calls APIs

• Represents approximately 5% of a complete system

• Contains no business logic

• All complexity is "hidden"

Key Insight

What most Web3 entrepreneurs see as a "card issuing system" is actually only:

But they think they have the whole picture.

This is the root of the problem.

When they discover they need to handle disputes, generate statements, manage collections, and respond to regulatory audits, they realize that the "hidden" 80-95% of functionality is actually the core of the card issuing business.

The cost of retrofitting >> The cost of doing it right from the start

IV. Capital One's Data: The Real Cost of Modern Card Issuing Systems

Theory is fine, but let's look at real data. Let's examine the actual investment of a modern top-tier card issuer.

Capital One's Card Issuing System Scale (Based on Public Data)

1. Business Scale

• 3rd largest credit card issuer in the US (2024 data; became #1 after Discover acquisition)

• Credit card loan balance: Over $107 billion (2018 data)

• Active cardholders: Tens of millions

• Daily transaction volume: Tens of millions of transactions

2. Technical Personnel Scale

• Total engineering workforce: 11,000+ engineers (2023 public data)

• Organizational structure: Operating across 2,000+ agile teams

• Card issuing related: Conservative estimate of 3,000-5,000 engineers directly or indirectly supporting card issuing systems

• Annual training: Approximately 200 new engineers trained annually through CODA program

3. Annual Technology Investment

Cloud Migration (2010-2020)

• 10 years of sustained investment

• Became the first major US bank to fully migrate to cloud in 2020

• Closed all owned data centers

Discover Integration (2024-2025)

• Transaction value: $35.3 billion (announcement) / $51.8 billion (actual closing)

• Technology integration cost: Over $2.8 billion

• CEO acknowledged: "We'll be back in the data center world for several years"

Ongoing R&D

• Hired Chief Scientist from the Amazon Alexa team in 2023

• Built an internal Tech College training system

• Continuous investment in AI and machine learning capabilities

Key Data Comparison

Capital One Card Issuing System:

├─ Engineers: 3,000-5,000 people

├─ Annual investment: Hundreds of millions of dollars

└─ Development time: 10+ years of continuous iteration

Typical CaaS Provider:

├─ Engineers: 50-200 people

├─ Annual investment: Tens of millions of dollars

└─ Product scope: Authorization API focus

Typical Web3 Card Project:

├─ Engineers: 3-10 people

├─ Annual investment: $100K-500K

└─ "3-month launch" promise

What Does This Tell Us?

Even an industry giant like Capital One, to build and maintain a reliable card issuing system, requires:

• Thousands of engineers with sustained investment

• Hundreds of millions of dollars in annual budget

• 10+ years of continuous iteration

This isn't a question of technical capability.

Capital One's engineering team is world-class. They use the most modern tech stack (cloud-native, microservices, Kubernetes). They have unlimited resources and a budget.

Yet they still need 11,000 engineers.

Why?

Because this is determined by the inherent complexity of the card issuing business, independent of tech stack and team capability.

V. Debunking Fatal Misconceptions: Why Issuing 1 Card and Issuing 1 Million Cards Require the Same System

This is the most critical section of this article. I want to address the two most common misconceptions among Web3 entrepreneurs systematically.

Misconception 1: "We Don't Need That Many People or That Much Investment"

Typical Web3 Entrepreneur Mindset

"Capital One needs 11,000 engineers? That's because they have legacy baggage!

We'll use a modern tech stack:

• Go / Rust

• Microservices architecture

• Kubernetes

• Serverless

• Cloud-native

10 top engineers, 3 months, we can build the same system."

The Harsh Reality

Capital One's 11,000 engineers are not "maintaining legacy systems."

In fact, Capital One completed its full cloud migration in 2020, closing all owned data centers. Their tech stack is more modern than most Web3 startups.

So what are these 11,000 engineers doing?

A. Business Logic Complexity (Completely Independent of Tech Stack)

Let's look at a specific example: A $100 authorization request.

Authorization request received: User swipes card at Starbucks for $100

↓

System must complete all the following checks within 50-100 milliseconds:

1. Card status validation (20+ possible states)

- Active? Suspended? Expired? Stolen? Lost?

- Temporarily frozen? Permanently blocked?

2. Balance/credit limit check

- Current available balance

- Minus all pending authorizations

- Consider authorization expiration times

- Consider priority of different transaction types

3. Velocity checks (transaction rate monitoring)

- Number of transactions in past 1 hour

- Transaction amount in past 24 hours

- Transaction patterns over past 7 days

- Anomalous transaction frequency detection

4. Geographic location verification

- Is this card swipe location reasonable?

- Is time/distance from last transaction suspicious?

- Is this a high-risk area?

5. Merchant category restrictions (MCC verification)

- Is this card allowed at this merchant type?

- Some merchant categories may be restricted

- Some merchant categories have different limits

6. Time restrictions

- Some cards can only be used during business hours

- Some transaction types have time window restrictions

7. Single transaction limit check

- Different MCCs have different limits

- Different countries have different limits

8. Daily limit check

9. Monthly limit check

10. Real-time fraud scoring

- Machine learning model real-time scoring

- Behavioral pattern analysis

- Comparison with historical data

11. AML checks (Anti-Money Laundering)

- Does transaction amount trigger reporting requirements

- Cumulative amount monitoring

12. 3DS verification (if online transaction)

- Does it require additional authentication?

- How to handle authentication results?

13. EMV script delivery (if chip card)

- Need to update card parameters?

- What commands to send?

14. CVV2 verification (if provided)

15. Exchange rate calculation (if cross-border transaction)

- Real-time exchange rate

- Exchange rate markup

- Display amount calculation

16. Interchange fee real-time calculation

- Different MCCs have different rates

- Different card types have different rates

- Promotional rate handling

17. Record complete audit trail

- All decision points

- All data states

- Complete logs required for compliance

18. Real-time risk rule updates

- Rules engine may be updating

- Need to consider rule versions

19. Card network rule compliance

- Visa has 2,000+ pages of rules

- Mastercard has 1,500+ pages

- Updated quarterly

20. Regulatory requirements

- Reg E (debit cards)

- Reg Z (credit cards)

- EFTA, etc.

... and more

Key Insight:

This logic is completely independent of your tech stack!

Whether you use Go or Java, Kubernetes or Lambda, PostgreSQL or MongoDB, these business rules must be implemented.

Moreover, behind each rule are:

• Exception cases

• Edge cases

• Special handling

• Error recovery

• Performance optimization

Can 10 excellent engineers implement all this logic correctly in 3 months?

Perhaps they can implement 80% of the basic logic. But the remaining 20% represents another 80% of the work.

B. Domain Knowledge Accumulation (Cannot Be Rushed)

Technology can solve technical problems, but domain knowledge cannot be rushed.

Example:

A velocity check fails

What should the system do?

Option A: Decline the transaction outright

Option B: Request additional verification (like 3DS)

Option C: Reduce authorization amount

Option D: Send alert but still approve

Option E: Temporarily freeze card

What's the correct answer?

Answer: It depends on

- User's historical behavior patterns

- Current risk score

- Merchant type and reputation

- Transaction amount

- Time and location

- User's credit rating

- Account balance situation

- Recent dispute history

- ...

These judgments require:

• Years of operational data accumulation

• Extensive A/B testing

• Continuous model optimization

• Deep industry insights

This isn't something 10 excellent engineers can master in 3 months.

C. Operations and Maintenance (Majority of Personnel)

Of Capital One's 11,000 engineers:

• Developing new features: 20-30%

• Maintenance and optimization: 30-40%

• Compliance and security: 20-30%

• Operational support: 10-20%

In a real card issuing system, most work isn't "development"—it's "operations":

• Handling exceptional situations

• Responding to regulatory changes

• Optimizing performance and cost

• Fixing bugs and vulnerabilities

• Supporting business requirements

• Training and documentation

• Incident response

• ...

This is the daily reality.

Misconception 2: "We're Only Issuing Tens of Thousands of Cards, We Don't Need Such a Complex System"

This is the most fatal misconception!

Web3 Entrepreneur Logic

Core Counter-Argument

Card volume ≠ System complexity

Let me illustrate with a complete example.

Complete Lifecycle of One Card (Whether You Issue 1 or 1 Million)

1. Application Phase

├─ KYC/AML checks

├─ Credit assessment (if credit card)

├─ Anti-fraud checks

├─ Regulatory compliance verification

├─ Create account

├─ Generate card number (BIN compliant)

└─ EMV parameter setup

2. Issuance Phase

├─ Card production instruction

├─ PIN generation and encryption

├─ Activation flow design

└─ First-use verification

3. Usage Phase (Core)

├─ Real-time authorization (every transaction)

├─ Clearing processing

├─ Settlement processing

├─ Real-time balance updates

├─ Points calculation

└─ Fee deductions

4. Statement Phase

├─ Monthly statement generation

├─ Minimum payment calculation

├─ Interest calculation

├─ Fee summary

└─ Statement delivery and reminders

5. Payment Phase

├─ Receive payments

├─ Payment allocation (principal/interest/fees)

├─ Delinquency determination

└─ Collections process initiation

6. Dispute Phase

├─ Receive dispute claims

├─ Investigation process

├─ Merchant communication

├─ Chargeback processing

└─ Representment (if needed)

7. Maintenance Phase

├─ Card lost/freeze/unfreeze

├─ Information updates

├─ Credit limit adjustments

└─ Card replacement

8. Closure Phase

├─ Balance clearance

├─ Points handling

├─ Account closure

└─ Data archival (regulatory requirement: minimum 7 years)

Key Insight

These 8 phases, the complexity of each phase:

• Independent of card volume

• Only dependent on business logic completeness

Real Scenario Comparison

Scenario A: Issuing Only 1 Test Card

User A swipes a card at Starbucks for $5

↓

System must be able to:

✓ Verify card status (active? suspended? expired?)

✓ Check balance (sufficient for $5?)

✓ Check merchant restrictions (can this card be used at Starbucks?)

✓ Record transaction (complete audit trail)

✓ Prepare clearing data

✓ Complete settlement 7 days later

✓ Generate statement next month

✓ User may dispute within 180 days

✓ All data must be retained for 7+ years

Scenario B: Issued 1 Million Cards

1 million users simultaneously swipe cards at Starbucks for $5

↓

System requires:

✓ Same verification (1 million times)

✓ Same checks (1 million times)

✓ Same recording (1 million times)

✓ Same process (1 million times)

The only difference:

- Requires a distributed architecture for concurrency

- Requires better database design

- Requires more servers

- Requires stricter SLA

But business logic is 100% identical!

Mathematical Formula

System functions needed to issue 1 card

=

System functions needed to issue 1 million cards

Differences are only in:

- Performance (concurrent processing capability)

- Availability (SLA requirements)

- Scalability (architecture design)

But foundational functions must be 100% identical!

Cost Analysis: Simplified vs Complete

Let's use specific numbers to illustrate the real cost of a "simplified system."

Approach A: "Simplified" System (Authorization Only)

Initial Investment:

• Development cost: $100K-200K

• Launch time: 3-6 months

• Team size: 3-5 people

Looks good, but...

6 Months into Operations, You'll Need to Add:

1. Complete Statement System

   • Development cost: $200K

   • Development time: 3 months

   • Reason: Excel can't handle thousands of transactions

2. Dispute Processing System

   • Development cost: $150K

   • Development time: 2 months

   • Reason: Manual processing has high error rate, low efficiency

3. Compliance Reporting System

   • Development cost: $100K

   • Development time: 2 months

   • Reason: Regulatory requirements must be met

4. Collections Management System

   • Development cost: $150K

   • Development time: 2 months

   • Reason: Growing number of delinquent accounts

5. After-Hours Batch Processing

   • Development cost: $200K

   • Development time: 3 months

   • Reason: Nightly settlement and statement generation required

Total Cost of Supplementary Functions:

• ✗ Development cost: $800K

• ✗ Development time: 12 months

• ✗ Opportunity cost: Immeasurable

Not including:

• ✗ Data chaos during operations

• ✗ Customer complaint handling costs

• ✗ Loss of Sponsor Bank trust

• ✗ Potential regulatory penalties

Approach B: Complete System (Doing It Right from the Start)

Initial Investment:

• Leveraging mature system: $500K-1M implementation cost

• Launch time: 9-18 months

• Gain 100% complete functionality

Long-term Advantages:

• ✓ Stable and reliable

• ✓ Sustainably scalable

• ✓ Complete data

• ✓ Compliance assured

• ✓ Professional support

• ✓ Continuous updates

The Math Is Simple:

Approach A total cost = $200K + $800K = $1M+

(Not counting various hidden costs and risks)

Approach B total cost = $500K-1M

Approach B's additional advantages:

✓ Saves 12 months of time (no rework needed)

✓ Lower risk

✓ Better user experience

✓ Easier to gain Sponsor Bank trust

✓ Better scalability

So the Conclusion Is

Correct Understanding

What determines card issuing system complexity?

• ❌ Not card volume

• ❌ Not tech stack choice

• ❌ Not team size

• ✅ Completeness of business requirements

• ✅ Regulatory compliance requirements

• ✅ User experience standards

• ✅ Depth of risk management

Whether You Issue 1 Card or 1 Million Cards:

Scale only affects:

• Performance requirements (QPS)

• Availability requirements (SLA)

• Infrastructure cost

Important Reminder

If your system "can only" handle 50,000 cards, it's not because "small scale allows simplification," but because your system is fundamentally incomplete!

When you scale to 100,000, 500,000, 1 million cards, you'll find that all those "simplified away" functions need to be retrofitted.

The cost of retrofitting >> The cost of doing it right from the start

The system's foundational capabilities must be 100% complete, from the first card!

VI. What Should Web3 Projects Do?

Having debunked the misconceptions, let's discuss viable paths forward.

Three Viable Paths

Path 1: Honestly Use CaaS (Suitable for Most Projects)

Clear Understanding:

• ✓ CaaS provides authorization API and basic functions

• ✓ You get 15-20% of card issuing capability

• ✓ The other 80% is in upstream "black boxes"

• ✓ This isn't a defect—it's a design choice

Suitable Scenarios:

• ✓ Cards are an add-on feature (e.g., physical cards attached to Web3 wallets)

• ✓ Don't need deep customization of card issuing logic

• ✓ Can accept vendor lock-in

• ✓ Focus on user experience rather than card issuing operations

• ✓ Card issuing isn't a core competitive advantage

Cost and Timeline:

• ✓ Initial investment: $100K-500K

• ✓ Monthly cost: $20K-100K

• ✓ Launch time: 3-6 months

Advantages and Risks:

Advantages:

• ✓ Quick launch

• ✓ Low initial investment

• ✓ Low technical barrier

Risks:

• ⚠️ Limited functionality (80% capability upstream)

• ⚠️ Vendor dependency (difficult to switch)

• ⚠️ Incomplete data (affects analysis and optimization)

• ⚠️ Limited scalability (constrained by upstream)

Key Recommendations:

Honestly using CaaS means:

• Accept you're not "running a card issuing business"

• Accept you're just "providing card functionality"

• Don't expect deep customization

• Don't expect complete data

But this is perfectly adequate for many projects!

If your core is a Web3 wallet, DeFi application, or payment gateway, and cards are just a convenience feature, then CaaS is the right choice.

Path 2: Leverage Mature Card Issuing Systems (Suitable for Serious Card Issuing Projects)

Choice:

• ✓ Use mature platforms like VisionPlus (through processor)

• ✓ Or find professional card issuing system service providers

• ✓ Obtain complete card issuing capability, not a simplified version

You Will Get:

• ✓ Complete 15 core modules

• ✓ Proven business logic

• ✓ Professional operational support

• ✓ Continuous system updates

• ✓ Complete data access

• ✓ Deep customization capability

Cost and Timeline:

• ✓ Implementation cost: $500K-2M

• ✓ Annual fees: $500K-5M (depending on scale and customization)

• ✓ Launch time: 9-18 months

Advantages:

• ✓ Complete functionality (100% coverage)

• ✓ Reliable system (proven with hundreds of millions of cards)

• ✓ Professional support (24/7 operations team)

• ✓ Scalability (from 10K to 10M cards)

• ✓ Compliance assurance (built-in regulatory reporting)

• ✓ Continuous evolution (follows industry changes)

Suitable For:

• □ Card issuing is your core business

• □ Need deep customization of card issuing logic

• □ Expected scale > 100K cards

• □ Have sufficient funding and patience

• □ Want to build long-term card issuing capability

This is the correct path for those truly serious about card issuing.

Path 3: Build Your Own System (Only Suitable for Very Few Projects)

Warning: Only Consider If You Meet ALL of the Following Conditions

Prerequisites (Must meet ALL):

• □ Expected scale > 1 million cards

• □ Have unique business requirements that existing systems cannot meet

• □ Willing to invest $5M-20M

• □ Have 18-36 months timeline

• □ Can assemble complete card issuing team:

  • Not just engineers

  • But also risk experts

  • Compliance experts

  • Operations experts

  • Card issuing domain experts

• □ Have long-term strategic commitment

If You Don't Meet ALL the Above Conditions, Don't Try!

Why?

Capital One:

- 10 years

- 11,000 engineers

- Tens of billions of dollars invested

- To build today's system

What makes you think:

- 10 people

- 3 months

- $500K

- Can achieve the same?

Core Recommendations

1. Understand Your Real Needs

Ask yourself three questions:

Question 1: Is card issuing my core business?

• If yes: Consider Path 2 or 3

• If no: Choose Path 1

Question 2: What is my core competitive advantage?

• If it's card issuing operations: Need complete system

• If it's user experience: CaaS is sufficient

Question 3: How much am I prepared to invest?

• $100K-500K: Path 1

• $500K-2M: Path 2

• $5M+: Path 3

2. Respect Professionalism

Card issuing is a highly specialized field

What's needed isn't just technology, but:

• ✓ Deep domain knowledge

• ✓ Rich operational experience

• ✓ Complete compliance capabilities

• ✓ Professional risk management systems

These all require time to accumulate and cannot be rushed

3. Don't Reinvent the Wheel

Systems like VisionPlus are the product of:

• Hundreds of experts

• Decades of experience

• Hundreds of millions of dollars in investment

Standing on the shoulders of giants is smarter than starting from scratch on the ground

Conclusion: Clarity and Pragmatism

The purpose of this article isn't to discourage Web3 entrepreneurs, but to help establish clear understanding.

Card issuing has tremendous value, and Web3 indeed brings new possibilities to card issuing. But the key to success isn't technological innovation—it's deep understanding of business fundamentals and respect for professionalism.

Key Takeaways:

1. VisionPlus Isn't Just a System—It's a Business Operating System

• 15 deeply integrated modules

• Covers the complete lifecycle of card issuing

• 30 years of continuous evolution

2. CaaS Provides 15-20% of Card Issuing Capability

• Primarily authorization API

• The other 80% is in upstream black boxes

• This isn't a defect—it's positioning

3. Issuing 1 Card = Issuing 1 Million Cards (Functional Completeness)

• Business logic complexity is independent of volume

• Scale only affects performance and infrastructure

• The cost of simplification far exceeds imagination

4. Three Viable Paths

• CaaS: Suitable for most projects

• Leverage mature systems: Suitable for serious card issuing projects

• Build your own: Only suitable for very few projects

5. Respect Professionalism

• Card issuing is a highly specialized field

• What's needed isn't just technology

• Stand on the shoulders of giants

Final Advice:

Before deciding how to approach card issuing, ask yourself:

• Do I really need to do card issuing?

• Or do I just need card functionality?

• Where is my core competitive advantage?

Understanding your position clearly and choosing the right path is far more important than blindly pursuing "self-sufficiency."

After all, the key to success isn't what you own, but what value you create.

About the Author

Kevin Piao, Co-founder of ChainTech Payments LLC. Joined Bank of China in 1988, with over 35 years of experience in the payments industry. Previously worked at First Data and was deeply involved in the VisionPlus ecosystem. Recognized leader in cross-border e-commerce payment processing in China and a pioneer of multiple payment innovations. Now focused on providing traditional financial sector expertise to Web3 projects.

All data in this article is from public sources, including but not limited to: Wikipedia, First Data/Fiserv official documentation, Capital One financial reports and official blogs, industry analysis reports, etc.

Personal views, for reference only.