ChatGPT
Claude
Grok
Perplexity
GeminiIf the cap hits, do your ads pause? The spend cap is a hard limit, so a charge over it is declined, and that is what stops over-spend. A declined charge does not pause your ads from our side. But the ad platform may pause delivery or mark the account past-due on its side, because that behavior is set by Google, Meta, or TikTok, not by us. The fix is simple: set the cap above your planned spend and keep your wallet funded, so the cap only ever fires on fraud or a runaway, never on healthy delivery.
It usually starts with one shared card. A team puts a single card behind Google, Meta, TikTok, and the rest, because that is the fastest way to get campaigns live. Then one ad account gets hacked. The bad actor spends on your card, the owner gets hit with fake ad charges, and the account is locked over the balance. One weak account just drained the card that funds everything.
A runaway test does the same damage from the inside. You find out on day three that a campaign blew through the budget, with no real-time ceiling to stop it. And even when nothing goes wrong, one shared card leaves you guessing at month-end: a statement line reads "Meta $47,832," and you have no fast way to tell which client or which campaign it belongs to.
Putting one capped virtual card behind every ad account fixes all three. This guide covers the one thing everyone asks first, what happens when the cap is hit, then walks through how the cap protects you, the controls you can set, a worked example with real numbers, and how teams run this in practice. For the step-by-step setup, see how to control ad spend with virtual cards.
If the cap is hit, do my ads pause?
The cap is a hard limit, so the charge over it is declined, and that decline is what stops over-spend. Nothing on our side pauses your campaigns. What can happen is on the ad platform's side: when a charge is declined, Google, Meta, or TikTok may pause delivery or flag the account as past-due, because that is how each platform handles a failed payment. So the cap does its job by declining the runaway charge, and the only knock-on effect is the platform's own past-due rule.
A declined over-cap charge can cause the ad platform to pause delivery on its side. That past-due behavior is set by Google, Meta, or TikTok, not by us. Set the cap above your planned spend, with some headroom, and keep your wallet funded so the cap only fires on fraud or a runaway, never on a healthy campaign that is delivering as planned.
Why one shared card is a single point of failure
One card behind every ad account means one card that can take down everything. The risk is not theoretical, it is the same card funding spend that you do not fully control, sitting behind accounts that get targeted.
- A hacked account can drain it. When an ad account is compromised, the bad actor spends on your card. Owners get hit with fake ad charges and locked out over the balance, and the same card was funding every other account too.
- A runaway test burns the week. You find out on day three that a campaign blew through the budget, with no real-time ceiling to stop it before the money is gone.
- You cannot tell whose spend is whose. One statement line reads "Meta $47,832." Which client, which campaign? Teams burn hours every month untangling it.
A virtual card here is funded from your prepaid wallet balance, not a credit line, so there is no credit check and no personal bank link. You load the budget into your wallet, then issue capped cards against it. That funding model is what makes one card per account practical at any volume.
How a hard cap protects every account
The protection comes from the cap being a hard limit, checked at the moment of the charge. Each ad account gets its own virtual Visa card with its own ceiling, and a charge over that ceiling is declined before it can post.
The point is containment. Because each card carries its own hard cap, the worst case is bounded by one card's remaining room. A hacked Meta account cannot touch the budget sitting behind your Google card, and a runaway TikTok test cannot spill into a client's account on a different card.
What you can set on every ad-spend card
Each card carries the cap plus a set of locks you choose before the first charge. The cap is the hard limit; the locks add friction where the network and your card program support them.
| Control | What you set | Why it matters for ad spend |
|---|---|---|
| Spend cap | Monthly or total ceiling | A hard limit. Charges over the cap are declined, so a hack or runaway cannot drain you. |
| One card per account | A named card per ad account | Every charge maps to one account, client, and platform. Attribution is built in. |
| Category lock | Advertising categories, where supported | Blocks off-purpose charges and makes a leaked card less useful to a fraudster. |
| Merchant lock | The single ad platform, where supported | A card scoped to Google Ads will not pay an unknown merchant. |
| Geo and time | Region or active hours, where supported | Adds friction to out-of-region or odd-hour fraud on a compromised account. |
| Cancel or reissue | Kill one card, issue a fresh one | Replace only the affected card. Leftover funds return to your wallet. |
Spend caps are a hard limit. Category, merchant, geo, and time locks work based on supported controls and may not block every transaction, because merchants are sometimes mis-coded on the network. Treat the locks as a strong filter, not a guarantee, and treat the cap as the ceiling that always holds. Set the cap above your planned spend and keep the wallet funded, so the cap only ever fires on fraud or a runaway, not on healthy delivery.
A worked example with real numbers
Here is how the cap contains a real incident. The numbers below show exactly what happens when one account is compromised mid-month and the rest keep running.
The setup
Marlow Group is a six-person performance agency running paid media for three clients. Performance lead James Carter funds the wallet with $22,000 for the month and issues four cards, one per ad account.
The cards
- Meta / Brightleaf Coffee, Meta Ads, $7,000 cap, locked to advertising category and US geo
- Google / Brightleaf Coffee, Google Ads, $6,000 cap, merchant lock to Google Ads
- TikTok / Pace Athletic, TikTok Ads, $5,000 cap, advertising category lock
- Meta / Northvale Dental, Meta Ads, $3,500 cap, US geo and active hours
What happens mid-month
- Contained The caps total $21,500, leaving $500 of wallet headroom. The Brightleaf Meta account is compromised and a bad actor tries to push a $4,200 charge.
- Declined That card has $2,800 of room left, so the $4,200 charge is declined. Exposure is held to one card's remaining room, not the full $22,000.
- Recovered James cancels that card, its unspent balance returns to the wallet, and he issues a replacement. The other three clients' campaigns never blink.
At month-end
Every statement line already maps to one client, because each card is named for its platform and account. Reconciliation is a sort, not an investigation.
How to reconcile and export ad spend
Reconciliation is built in because each card maps to one platform, client, or campaign. Instead of decoding a single statement line that lumps every account together, you read spend the way you already think about it, by account.
Live receipts and the dashboard let you match charges as they post and export them when you close the month. Total spend is grouped by card, so a client report or an internal review is already sorted. There is no end-of-month untangling, because the structure that does the work, one named card per account, is the same structure you set up on day one.
How teams put a card behind every account
The model scales the same way whether you run two accounts or twenty. Here are three common ways teams set it up.
- In-house growth on Google and Meta. Two cards, one per platform, each capped at the planned budget plus about 15% headroom so healthy spend never trips the cap. A runaway Performance Max test gets caught the same afternoon on the dashboard.
- Small agency, bulk issue. Upload an Excel sheet of 20 ad accounts and issue 20 named, capped cards at once, or use the API. Each client's spend is walled off, and a flagged account means swapping one card, not a fire drill.
- DTC brand testing new channels. Issue a low-cap card per new channel like LinkedIn or Amazon Ads, so an experiment cannot overrun. When the test ends, cancel the card and the leftover funds go back to the wallet.
The same wallet funds your other spend too, so you are not running a separate system per category. See virtual cards for agencies for client billing, virtual cards for SaaS subscriptions for recurring tools, or how to control ad spend with virtual cards for the full setup walkthrough.
People also ask
If the card hits its limit, do my ads pause?
The cap is a hard limit. Once it is reached, further platform charges are declined, which is what prevents over-spend. A declined charge can cause the ad platform to pause delivery or mark the account past-due on its side, since that is the platform's rule, not ours. Set the cap above planned spend and keep the wallet funded so the cap only fires on fraud or a runaway.
How does this help if my ad account gets hacked?
It is spend control, not a fraud-protection guarantee. Each card carries a hard cap plus category, merchant, geo, and time locks where supported, so a compromised account can only ever reach that one card's remaining limit, not your whole wallet. Cancel the card and the unspent balance returns to your wallet.
Can I use one card per ad account?
Yes. Issue a separate, named card for each ad account, one at a time or in bulk from Excel or our API. Every charge maps to one account, so attribution and reconciliation are built in.
How do I reconcile and export ad spend?
Each card maps to one platform, client, or campaign. Live receipts and the dashboard let you match charges and export them, so you are not decoding cryptic statement lines at month-end.
Do I need a credit check or to link my bank?
No credit check and no personal bank link. Cards are wallet-funded. You load your Zil Money wallet, then issue capped cards against it.