Read summarized version with:
ChatGPT Claude Grok Perplexity Gemini

To manage IT spending with virtual cards, create one dedicated virtual card per tool or subscription, cap each card at the expected billing amount, and cancel the card the moment a seat is removed or a tool is discontinued. This approach gives every line in the IT budget its own spend limit, its own transaction history, and a zero-effort cancellation path when a subscription is no longer needed.

Most IT budgets have a ghost problem. Somewhere on the shared company card, there is a line for a project management tool the team stopped using eight months ago. There is another line for a developer seat that belongs to someone who left the company last quarter. Nobody cancelled anything because cancelling requires knowing the tool exists, and the only place that information lives is buried in a statement with forty other merchant names.

The problem is not negligence. It is structure. A single shared card gives every tool access to the same funding source with no boundaries between them. When a developer leaves, their Figma seat, their IDE license, and their cloud sandbox can all keep billing indefinitely. The card never stops them because the card has no visibility into who is using what.

Personal card reimbursement solves one part of the problem while creating another. When developers pay for tools on personal cards and submit expense reports, the company loses real-time visibility into the tool stack. Reports arrive in batches. By the time IT reviews them, two or three billing cycles have already cleared. Virtual cards fix this at the infrastructure level. Each tool gets its own card with its own cap. When the seat goes away, the card goes with it.

Why the shared IT card creates invisible spend

A shared company card works until the team grows past the point where one person can recognize every charge. At five people, the office manager knows every merchant. At twenty people, the statement is forty lines long and half of them require a Slack thread to trace back to a purpose.

The deeper failure is offboarding. When a developer leaves, the standard process covers revoking system access, collecting equipment, and closing accounts. Subscription cancellation rarely appears on that checklist as a discrete step. The developer's GitHub seat, cloud storage allocation, and API access credentials get deactivated at the vendor level. The recurring billing tied to those seats continues uninterrupted, because the card does not know the seat is gone.

According to the Consumer Financial Protection Bureau, recurring automatic payments continue until explicitly cancelled by the account holder. The payment network has no mechanism to infer that the underlying service is no longer needed. The card keeps authorizing because nothing at the card level tells it to stop.

The result is what IT teams call zombie subscriptions: charges that clear every month for tools nobody is actively using, services that were cancelled at the vendor level but never at the billing level, and trials that converted to paid plans when someone forgot to act before the trial window closed. A 20-person startup can easily accumulate $300 to $500 per month in zombie subscriptions without any individual charge being large enough to trigger a manual review.

Virtual cards for IT spend: how the controls work

A virtual card issued through a wallet-funded card program gives IT leads four controls that a shared physical card cannot provide. Each control targets a specific failure mode in the current approach.

IT Spend Controls per tool, per card
1
Per-tool spend cap
Limits the maximum charge each tool can post. A trial card capped at $75 declines the full paid-plan charge if the trial converts unexpectedly.
2
Merchant lock
Where your card program supports it, restricts the card to a single vendor. A card locked to GitHub declines any charge originating from a different merchant.
3
Tool-named cards
Names like “GitHub Teams - Monthly” replace generic labels. Every card is self-documenting. No reconciliation pass needed to read the IT stack.
4
Card cancellation
Cancel the card when a seat is removed. The next billing attempt from the vendor is declined. A charge already authorized before the cancellation may still settle. No vendor portal visit required to stop future charges at the card level.
5
Per-card transaction log
Each card carries its own statement. A tool-by-tool spend breakdown is available without exporting or sorting the main account statement.
6
Wallet-funded balance
Cards draw from a company wallet balance. No credit check, no personal bank link. Spending is bounded by what has been loaded into the wallet.
Map the tool stack Issue one card per tool Set cap and lock Cancel when the seat goes

The Visa network supports virtual card issuance for business spending controls, including the ability to restrict cards by spending limit. Merchant-level locking depends on your specific card program. Check your program documentation to confirm which controls are active on your account before relying on them as hard stops.

How to set up virtual IT spend cards: step by step

  1. Map the full tool stack before issuing any cards. Pull the last three months of company card statements and list every recurring SaaS charge, cloud service, and developer tool. Include annual subscriptions that may not have billed recently. This list becomes the source of truth for card issuance and surfaces subscriptions you may have forgotten.
  2. Create one virtual card per tool or subscription. Issue each card from your company wallet balance. Cards are funded from the wallet, not linked to a personal bank account or subject to a credit check. Name each card after the specific tool: “AWS Production Account”, “Figma - Design Team”, “GitHub Teams - Monthly”. The name is the first control.
  3. Set a per-tool spend cap at 1.1x the expected monthly billing. A 10 percent buffer above the known charge amount covers minor billing fluctuations without opening the card to unexpected overages. For annual tools, cap to the annual billing amount and flag the renewal date in your IT asset tracker. For cloud services with variable usage, set the cap to the expected monthly range, not the theoretical maximum.
  4. Apply merchant locks where your card program supports them. A card locked to a specific vendor declines charges from any other merchant. This is a probabilistic control that depends on how merchants transmit category and identifier data at the network level. Where supported, it adds a second layer of protection on top of the spend cap.
  5. Update each vendor billing portal with the new card number. Replace the existing shared card number with the tool-specific virtual card number in each vendor's payment settings. Confirm the first billing cycle clears successfully before decommissioning the old card. Do not close the old card until all tools have migrated.
  6. Run a quarterly card audit. Every open virtual card should map to an active tool with at least one charge in the past 90 days. Cards with no recent activity are candidates for cancellation. Cards with charges that exceed the expected amount need a billing review before the next cycle.

Shared card vs. personal reimbursement vs. virtual card

The IT spend problem Shared company card Personal card + reimbursement Virtual card per tool
Zombie subscriptions after an employee leaves Keep billing until someone notices the statement They cancel their card; the subscription is lost track of Cancel the per-tool card; next billing is declined
Which tools cost what this month? Sort one statement by merchant name Collect expense reports from 8 people Each tool card is its own statement line
Cloud trial converts to paid plan unexpectedly Full charge clears; you find out later Employee submits the full charge for reimbursement Cap on the trial card declines the full paid-plan charge

Worked example: IT spend audit at Cloverfield Labs

Worked example
20-person product startup: full tool stack audit with virtual cards

Setup

  • IT lead: Yuki Tanaka, Cloverfield Labs (20-person product startup)
  • Tool stack mapped: 12 active SaaS subscriptions, 4 cloud services, 3 developer tools
  • Card structure: one virtual card per tool, each named and capped at 1.1x the expected monthly billing
  • Example card: “GitHub Teams - Monthly” with a $220 cap covering the expected $200 monthly charge
  • Before a senior engineer’s last day, Yuki cancels the virtual card tied to his Figma seat
  • During the audit, Yuki finds two cards set up last year for a discontinued prototype tool that are still open. She cancels both.

What clears

  • Cleared $200 GitHub Teams monthly charge, within the $220 cap on the “GitHub Teams - Monthly” card
  • Cleared $45 Figma billing for the 3 remaining seats after the departed engineer’s per-seat card is cancelled

What gets declined

  • Declined A $600 charge when a cloud trial converts to a paid plan. The trial card cap was set at $75. The full paid-plan charge exceeds the cap and is declined. Yuki reviews the tool and decides whether to upgrade before retrying the charge.

At the end

After the audit, Yuki has eliminated 3 zombie subscriptions worth $280 per month. The remaining 16 cards show exactly what the IT stack costs, broken out by tool, ready for the next budget planning session. The offboarding checklist now includes a one-line step: cancel the virtual card for each tool the departing employee held a seat on.

For business expense documentation, the IRS requires that ordinary and necessary business expenses be supported by records showing the amount, date, business purpose, and payee. Per-tool virtual cards with named transaction histories make this documentation straightforward. Each card’s statement is a clean record of what was paid, when, and to which vendor. This is general information only and does not constitute tax advice. Confirm the documentation approach with your CPA or tax advisor.

Three things to get right before you start

Do not put cloud infrastructure and developer tools on the same card. AWS, Azure, and GCP spend can spike without warning when a build runs long or a new environment is spun up. Give each cloud account its own card with a cap tied to the expected monthly usage, not the theoretical maximum.

Do not set caps at the annual contract amount for monthly-billed tools. A monthly tool capped at the annual total means one billing cycle could charge the full year. Cap to the expected monthly amount and review annually.

Do not wait until offboarding to audit the tool stack. Run a quick card audit each quarter: every open virtual card should map to an active tool with a current user. Cards with no recent activity are candidates for cancellation.

The CFPB recommends reviewing recurring payment authorizations regularly to identify charges that are no longer needed. A quarterly virtual card audit applies this practice at the company level, covering every tool in the stack in one structured pass rather than reviewing individual charges reactively.

People also ask

Can I lock a virtual card to one SaaS vendor like GitHub or Figma?

Where your card program supports merchant controls, yes. You can lock a card to a specific merchant, so a charge from any other vendor is declined. This keeps the GitHub card on GitHub and the Figma card on Figma. Check your specific card program’s documentation to confirm whether merchant-level locking is available, as this feature varies by issuer and card program.

What happens to a subscription when I cancel the virtual card?

The next billing attempt is declined. This effectively stops the recurring charge at the card level. The vendor may still consider your account active, so also cancel in the vendor’s billing portal if you want to end the subscription relationship entirely. Note that a charge already authorized before the cancellation may still settle.

How do I handle tools that bill annually?

Set the cap to the annual billing amount and flag the renewal date in your IT asset tracker. A few days before renewal, review whether the tool is still in use before the charge posts. For tools with uncertain billing dates, cap slightly above the expected amount and review the card around the expected renewal window.

Can I use this to audit our current tool stack?

Yes. Create one card per known tool, map existing subscriptions to the cards, and let one billing cycle run. Any tool you forgot to map will either fail to charge (if the old shared card was cancelled) or show up on your audit as a charge with no matching card. The process itself surfaces zombie subscriptions you did not know were still active.

Does each developer need their own card?

For individual seat-based tools (one person, one login), one card per seat gives you the cleanest attribution. When that person leaves, you cancel their card and the seat billing stops. For team-wide tools billed at the organization level, one card per tool is usually enough. Match the card structure to how the vendor invoices you.

Can I issue IT spend cards in bulk for a full tool audit rollout?

Yes. Issue cards in bulk from a spreadsheet or through the API. A 20-tool audit does not mean creating cards one at a time. Bulk issuance lets you set up the full card structure in one pass and then update each vendor’s billing portal with the new card numbers over the following days.

What does it cost to issue a virtual IT spend card?

Issuing the card costs nothing. You fund spending from your company wallet balance. Cards are wallet-funded and do not require a credit check or personal bank link. See the wallet terms for balance and fee details specific to your account.