The Visa Merchant Business News Digest provides a summary of recent Visa Business News publications that highlight key merchant-related publications. Updated monthly.
June 10, 2020
Beyond the Acquirer: Additional Visa Acceptance Entities
The Visa acceptance ecosystem covers all commerce types, including the face-to-face, unattended, mobile and e-commerce environments; it helps to increase electronic payment acceptance for sellers, allowing a variety of ways to connect to Visa either directly, through an acquirer or via a third-party.
PDF 476 KB
May 1, 2020
Processing Split-Shipment Card-Absent Transactions
To foster growth in the card-absent environment and help merchants meet their evolving business needs, Visa continues to provide strategic merchant solutions that support greater processing efficiencies.
PDF 684 KB
April 1, 2020
Visa Authorization and Reversal Processing Guide
The best practices in this document allow merchants to maximize the financial benefits of this authorization processing capability, while creating the best experience for the customer.
PDF 610 KB
March 1, 2020
5 Important Visa Rules That Every Merchant Should Know
This flyer informs merchants about key card acceptance procedures that will help them avoid being out of compliance with Visa rules.
PDF 601 KB
-
Feb 1, 2020
The Visa Payment Facilitator Model
The Payment Facilitator model has a positive impact on all key stakeholders in the payment processing system. Below are examples of benefits afforded to each participant.
PDF 437 KB
Feb 1, 2020
Visa Advance Payment Transactions Pay Now and Get Later
Customers enjoy the increased options--the opportunity to shop and order anytime and anywhere (in-store, ecommerce, telephone, mobile web, or mobile app) and to select how they receive the merchandise (pick-up or delivery).
PDF 501 KB
Feb 1, 2020
Optimize Your Cross-Border Ecommerce Payment Acceptance - Best Practices for Ensuring Proper Disclosures and improving the Customer Experience
Visa International ecommerce rules, foreign currency transactions, and cross-border payment disclosures and processing.
PDF 773 KB
Dec 1, 2019
Authorization Reversals – The Importance of Providing the Correct Information
This flyer explains the importance of reversing authorizations properly and provides the required fields used in the reversal process.
PDF 324 KB
September 27, 2019
Best Practices: Improve the Customer Return Process
Starting in October 2018, merchants who meet specific volume thresholds for purchase returns on Visa accounts will be required to process a purchase return authorization for each return. All other merchants are required to process purchase return authorizations beginning in April 2019.
PDF 389 KB
September 1, 2019
Visa Trial Subscription Update
Visa is updating its rules related to transactions at merchants that offer free trials or introductory offers as part of an ongoing subscription service.
PDF 462 KB
September 1, 2019
Providing the Proper Location of Your Merchant Business
This flyer provides clarification of the rules which detail how a merchant should identify the proper location for all transactions processed through the Visa system. Providing the proper information helps prevent unnecessary cardholder disputes and reduces additional risk to the Visa system.
PDF 462 KB
September 1, 2019
New Visa Brand Mark and Card Design Features
This guide illustrates the new Visa Brand Mark on Visa cards and new card design features.
PDF 257 KB
June 1, 2019
Visa Payment Acceptance Best Practices for U.S. Retail Petroleum Merchants
The best ways to process card transactions and manage the risks posed by card payments in the fuel segment.
PDF 2.5 MB
February 07, 2018
Clarifications on Stored Credentials and MIT Framework Mandates
As the payment system has evolved, instances in which a transaction is initiated with a stored credential based on a cardholder’s consent for future use have increased to significant levels. To help merchants and acquirers understand the Stored Credential and Merchant Initiated Transaction framework, Visa is summarizing the requirements and implications through this supplemental document. Please refer to October 2016 VisaNet Business Enhancement Global Technical Letter and Implementation Guide for full details.
PDF 218 KB
May 10, 2017
Improving Authorization Management for Transactions with Stored Credentials
For merchants, acquirers, payment facilitators, and staged digital wallet operators that process stored credential transactions, and for all issuers. The information provided in this guide allows all stakeholders to comply with the mandatory requirements and take advantage of the benefits of the Stored Credential Transaction framework.
PDF 1.7 MB
April 07, 2017
Pay Acceptance for US Quick-Service Restaurants
The information contained in the Visa Payment Acceptance Best Practices for U.S. Quick-Service Restaurants guide is geared toward the actions and decisions most pertinent to quick-service restaurants and operators in the U.S. It also includes best practices and on-the-job support tools for managers and employees.
PDF 4.6 MB
April 06, 2017
Visa Partial Authorization Service – Improve the Customer Experience and Increase Sales
Visa provides a Partial Authorization service that provides an alternative to declining a transaction when the card’s available balance is not sufficient to approve a transaction in full. This flyer provides information about the benefits realized, how to use the service, and answers to frequently asked questions.
PDF 206 KB
March 29, 2017
Third Party Risk Program Initiatives
Webinar deck highlights tools and resources that are available to clients and merchants to mitigate risks when selecting a service provider partner. Additional highlights include Third Party Agent Risk Program initiatives, including unregistered agent campaigns and multiple tool enhancements.
PDF 1.1 MB
February 01, 2017
Card Acceptance Guidelines for Visa Merchants
Download this comprehensive manual for all businesses that accept Visa transactions in the card-present and/or card-absent environment. This guide provides the latest information and best practices to help merchants process Visa transactions, understand Visa products and rules and protect cardholder data while minimizing the risk of loss from fraud.
PDF 5.9 MB
Sep 21, 2015
Airline Industry Ancillary Transaction Data Standard - Improved Recognition for Airline Transactions
This flyer describes options to help airline merchants provide additional information when posting ancillary transactions, such as baggage fees and on-board meals.
PDF 855 KB
Aug 18, 2015
Guaranteed Reservations for Merchants - Making It Easier to Do Business with Visa
This flyer identifies the merchant types that are now eligible to process guaranteed reservations and provides the rules that must be followed by reservation merchants.
PDF 891 KB
Mar 21, 2019
Visa Merchant Dispute Resolution Best Practices
This document is designed to help merchants properly handle transactions that have been charged back to their business by their acquiring bank. Here you will find best practices targeted to the needs of both card-present and card-absent merchants.
PDF 576 KB
April 9, 2018
Online Dispute Guide for Merchants
Smaller merchants often ask for help with responding to transaction disputes. Visa developed an online guide for merchants to assist these smaller merchants with their disputes.
April 9, 2018
Dispute Management Guidelines for Visa Merchants
Managing disputes, copy requests, and dispute conditions
PDF 2.1 MB
-
March 1, 2018
Merchant Frequently Asked Questions
The Merchant Frequently Asked Questions provides merchants with frequently asked questions regarding Visa Claims Resolution.
PDF 308 KB
October 1, 2017
Visa Claims Resolution (VCR) - Efficient Dispute Processing for Merchants
Visa Claims Resolution, a new global initiative will replace Visa’s existing dispute resolution process. VCR will simplify dispute processing by migrating from a litigation-based approach to a liability-assignment-based approach. This flyer describes the new process, consolidation of reason codes, and merchant benefits.
PDF 2.1 MB
September 25, 2020
Visa Security Alert (PSI): New Malware Samples Identified in Point-Of-Sale Compromises
In May and June 2020, respectively, Visa Payment Fraud Disruption (PFD) analyzed malware samples recovered from the independent compromises of two North American merchants. The recent attacks exemplify threat actors’ continued interest in targeting merchant POS systems to harvest card present payment account data. PFD is providing the analysis of these malware variants and the corresponding indicators of compromise (IOCs) to assist in the identification, prevention, and mitigation of attacks using the malware.
PDF 451 KB
September 15, 2020
Website Security for Ecommerce Merchants
With the recent Magento 1 'end-of-life' support, merchants with online stores deployed on Magento 1 will lose all access to new features, functionality updates, bug fixes, and support from Adobe/Magento. Most importantly, any future vulnerabilities will no longer be addressed with new security patches from the company, leaving the unsupported versions of Magento exposed to security or data compromise incidents.
However, Magento is not the only targeted website platform and so the purpose of this guide is to provide ecommerce merchants with recommendations to keep their websites secure in order to avoid a security or data compromise incident.
PDF 707 KB
August 27, 2020
Visa Security Alert (PSI): 'Baka' JavaScript Skimmer Identified
In February 2020, Visa Payment Fraud Disruption (PFD), using the eCommerce Threat Disruption (eTD) capability, identified a previously unknown ecommerce skimmer, and named the skimmer 'Baka.' PFD identified this unique skimmer on several merchant websites across multiple global regions using Visa’s eTD capability, which analyzes and detects threats targeting eCommerce merchants.
PDF 897 KB
August 20, 2020
Visa Security Alert (PSI): Pandemic Unemployment Assistance Fraud Remains Prolific
Pandemic unemployment assistance (PUA) fraud is a significant consequence of the ongoing COVID-19 pandemic and remains prolific as the pandemic persists. Visa Payment Fraud Disruption (PFD) previously identified the use of mobile payment applications to facilitate PUA fraud. Throughout July 2020, PUA fraud continued, and PFD identified new tactics used by threat actors to conduct this fraud.
PDF 177 KB
July 23, 2020
Visa Security Alert (PSI): New Malware Samples Identified in Point-of-Sale Compromise
Visa Payment Fraud Disruption (PFD) analyzed malware samples recovered from the compromise of a North American merchant. The malware variants were identified as Alina POS, Dexter POS, and TinyLoader. These malware variants were deployed on the merchant network in an effort to harvest track 1 and track 2 magstripe payment card data from the merchant’s point-of-sale (POS) environment. However, the targeted merchant had EMV® Chip enabled point-of-sale terminals. The implementation of secure acceptance technology, such as EMV® Chip, significantly reduced the usability of the payment account data by threat actors as the available data only included personal account number (PAN), integrated circuit card verification value (iCVV) and expiration date. PFD is providing the indicators of compromise for merchant network security purposes.
PDF 247 KB
April 8, 2020
Acquirer Advisory - Magento 1 Support to End After June 2020
Visa is committed to enhancing both the security and quality of payment services available in both card-present and card-not-present environments. This fact sheet provides useful information related to the upcoming end of life for all Magento 1 websites.
PDF 795 KB
-
December 11, 2019
Visa Security Alert (PSI): Cybercrime Groups Targeting Fuel Dispenser Merchants
In summer 2019, Visa Payment Fraud Disruption (PFD) identified three unique attacks targeting merchant point-of-sale (POS) systems that were likely carried out by sophisticated cybercrime groups. PFD recently reported on the observed increase of POS attacks against fuel dispenser merchants, and it is likely these merchants are an increasingly attractive target for cybercrime groups. Track 1 and track 2 payment card data was at risk in the merchant’s POS environments due to the lack of secure acceptance technology, (e.g. EMV® Chip, Point-to-Point Encryption, Tokenization, etc.) and non-compliance with PCI DSS. The activity detailed in this alert highlights continued targeting of POS systems, as well as targeted interest in compromising fuel dispenser merchants to obtain track data.
PDF 243 KB
November 13, 2019
Visa Security Alert (PSI): Attacks Targeting Point-Of-Sale at Fuel Dispenser Merchants
In August and September 2019, Visa Payment Fraud Disruption (PFD) investigated two separate breaches at North American fuel dispenser merchants. The attacks involved the use of point-of-sale (POS) malware to harvest payment card data from fuel dispenser merchant POS systems. It is important to note that this attack vector differs significantly from skimming at fuel pumps, as the targeting of POS systems requires the threat actors to access the merchant’s internal network.
PDF 132 KB
November 4, 2019
Visa Security Alert (PSI): New JavaScript Skimmer 'Pipka' Targeting eCommerce Merchants Identified
In September 2019, Visa Payment Fraud Disruption’s (PFD) eCommerce Threat Disruption (eTD) program identified a new JavaScript skimmer that targets payment data entered into payment forms of eCommerce merchant websites. PFD is naming the skimmer Pipka, due to the skimmer’s configured exfiltration point at the time of analysis (as shown below in the Pipka C2s). Pipka was identified on a North American merchant website that was previously infected with the JavaScript skimmer Inter, and PFD has since identified at least sixteen additional merchant websites compromised with Pipka.
PDF 288 KB
October 23, 2019
Webinar: Compromise Event Reporting and Response
Visa hosted a webinar to review requirements, procedures and timelines for reporting and responding to a suspected or confirmed account data compromise event. In addition, the webinar will explore compromise trends and fraud schemes and the suite of Visa security capabilities designed to prevent and disrupt payment fraud.
PDF 2.3 MB
August 6, 2019
Visa Security Alert (PSI): eCommerce JavaScript Skimming Campaign Targeting Service Providers
In April 2019, there have been at least eight eCommerce service providers who had been targeted with JavaScript skimming attacks. Visa Payment Fraud Disruption (PFD) found the same malware and the same infrastructure for data exfiltration used across these eight cases. In July 2019, researchers reported that these service provider attacks were much more significant than initially believed and affected over 17,000 domains that integrated code from the service providers targeted in April. The attacks were reportedly successful due to an automated process whereby the attackers scanned for misconfigured write permissions in a widely-used content delivery network (CDN).
PDF 213 KB
June 25, 2019
Visa Security Alert (PSI): Alina Point-of-Sale (POS) Malware Classifications
In June 2019, Visa’s Payment Fraud Disruption (PFD) analyzed a malware sample from the recent compromise of a North American hospitality merchant and identified the malware as a variant of the Alina Point-of-Sale (POS) malware family. Alina dates back to at least 2013, and is one of many malware strains that possesses a Random Access Memory (RAM) scraper, which is specifically designed to steal payment account information from the memory, or RAM, of the targeted system. Given the upload and compile dates, and recently observed operations leveraging Alina, PFD assesses Alina POS is in active use and remains a popular malware variant for POS targeting.
Also see Indicators of Compromise.
PDF 261 KB
Feb 25, 2019
Visa Security Alert (PSI): FIN6 Cybercrime Group Expands Threat to eCommerce Merchants
Based on Visa Payment Fraud Disruption’s (PFD) analysis of eCommerce compromises throughout 2018, FIN6’s focus on the CNP environment has only amplified, suggesting that the cybercrime group has fully incorporated targeting CNP environments into their criminal methodology.
PDF 429 KB
January 29, 2019
Visa Security Alert (PSI): Same “PwnPOS” File Identified in Multiple Point-of-Sale Breaches in North America
Visa’s Payment Fraud Disruption (PFD) team was the first to link the exact same PwnPOS malware file hash across seven recent point-of-sale breaches reported since March 2018 in North America. It was also found that each of the PwnPOS malware files recovered from the 2018 breaches were the same across all compromises, rendering PwnPOS an easily identifiable malware family.
Also see Indicators of Compromise.
PDF 166 KB
November 15, 2018
Webinar: Review Payment Card Industry (PCI) Data Security Essentials (DSE) for Small Merchants
Visa hosted a webinar to review Payment Card Industry Data Security Essentials (PCI DSE) material to help acquirers and merchants understand how it may apply to them.
PDF 1.9 MB
September 20, 2018
Payment Card Industry Data Security Standard (PCI DSS) Validation Best Practice Review
Visa hosted a webinar on September 20, 2018 to cover a brief introduction to Security Standards Council (PCI SSC) and PCI DSS, as well as a discussion on best practice to review PCI DSS validation documents, including samples and examples of PCI DSS documents.
PDF 1.3 MB
September 13, 2018
Visa Security Alert: Purchase Return Fraud
Visa is aware of recent incidents in the U.S. in which criminals are committing fraud through processing fraudulent purchase return transactions. The fraud scheme involves cloned POS devices and funds are cashed out at ATMs after the purchase returns have been posted to the cards. The purpose of this Visa Security Alert is to provide clients with an understanding of the threat landscape and best practices for securing the environment.
PDF 392 KB
September 5, 2018
Webinar: Threats from Website Add-ons and Ecommerce Trends
Visa hosted a webinar covering the threats from website add-ons and e-commerce breach trends. The webinar reviewed the common attack vectors and methods, malware injection techniques and overall e-commerce security trends and best practices.
PDF 2 MB
August 23, 2018
Webinar: Monetization of Financial Attacks
Visa hosted a webinar focusing on ATM cash out trends and issuer preventive measures. The session reviewed ATM cash out fraud and how the attacks are carried out. This is to provide an understanding of how to protect and defend against these schemes, as well as how Visa can help.
PDF 2 MB
July 19, 2018
Visa Security Alert (PSI): Fraudsters Targeting Call Center Chat and Non-Voice Channels (Chatbots)
A growing industry trend to deploy online chat and non-voice channel services within call centers and merchant online environments may introduce potential risks to the users of these services. Visa Payment Systems Intelligence (PSI) identified increasing instances of criminals targeting these online services to obtain payment data. The purpose of the attached Visa Security Alert is to provide clients with an understanding of the threat landscape and best practices for securing this environment.
PDF 222 KB
May 24, 2018
Machine Learning in the Payments Industry
Visa hosted a webinar providing an overview of machine learning—specifically, how machine learning is applied in the payment industry, decision making with machine learning, threats from machine learning based attacks, and managing and monitoring of machine learning.
PDF 969 KB
April 18, 2018
Webinar: New PCI SSC Data Security Resources for Small Merchants
Visa hosted a webinar to highlight new data security resources available to small merchants through the Payment Card Industry Security Standards Council (PCI SSC). The webinar reviewed recent updates to the Qualified Integrator and Reseller Program and other educational resources designed to help small merchants better understand how to protect their acceptance environment and the Visa payment system.
PDF 798 KB
January 10, 2018
Security Bulletin (PSI Alert): Protect Against eCommerce Malware
eCommerce malware infections are a continued contributor to global fraud in the Card-Not-Present space. To help merchants combat fraud resulting from these global and persistent attacks, Visa is providing guidance and best practices for merchants to help secure their online stores.
PDF 127 KB
November 14, 2017
Visa Security Alert (PSI Alert): Cybercriminals Leveraging Dynamic Data Exchange (DDE) Protocol
Visa has become aware of the rise in phishing campaigns throughout the payments ecosystem. The primary cybercriminal exploitation method begins with a phishing e-mail and relies on the Dynamic Data Exchange (DDE) protocol for infection instead of malicious macros or an exploit kit. Visa is providing this alert to ensure awareness of the cyber threats actively exploiting this Microsoft Windows feature.
PDF 625 KB
November 14, 2017
Webinar: Monthly Client Data Security Communication
Visa hosted a webinar for clients to present an overview of Visa's new monthly client data security communication. To assist clients in managing their sponsored merchant and third party agent compliance with Visa’s data security validation requirements, effective November 2017, Visa will provide clients with a monthly report listing all merchants and third party agents due to revalidate compliance against the Payment Card Industry Data Security Standard and/or PCI PIN Security Requirements.
PDF 977 KB
November 1, 2017
Webinar (PSI Alert): Emerging Threat: Card-Not-Present Breaches
As counterfeit fraud becomes more challenging for fraudsters globally, they have shifted their focus to the card-not-present channel. Cybercriminals are targeting e-commerce transactions to exploit common vulnerabilities and compromise static payment data. In particular, the e-commerce space has seen developments in malware, modified source codes and database triggers.
PDF 1.1 MB
September 19, 2017
Webinar Deck: 2017 Visa security symposium recap
Visa hosted a webinar to discuss the topics and key take-aways from the 2017 Visa Security Symposium. This webinar highlighted the importance of securing a connected world. In today’s digital age, proper checks on data security and risk management are essential to defending the payments ecosystem.
PDF 1.7 MB
August 01, 2017
Visa Bulletin: Play It Safe This Summer
Do you know who handles your data? Working with the right partners is crucial to protecting the cardholder environment. Ensuring that players prioritize security can help you score a security home run this summer.
PDF 789 KB
July 20, 2017
Visa Bulletin: Data Compromise Reporting Requirements
Visa has observed an increase in network intrusions involving service providers, re-breaches of merchant payment environments and skimming incidents involving Point of Sale (POS) device overlays. Visa is issuing this alert to make Members and entities aware of their obligations to investigate and immediately report all data compromise events.
PDF 263 KB
May 31, 2017
Webinar: Risk Management Trends in the Global Payments Ecosystem
Visa hosted a webinar providing an overview of the trends in the global payment system – from protection to authentication. This webinar highlights the effects more players and digitization have on the payments ecosystem and what that might mean for data security, fraud management and cyber intelligence in the future.
PDF 1.5 MB
May 4, 2017
PSI Alert: Detecting and Mitigating Persistent Javascript eCommerce Malware
In February 2017, analysts identified a new technique used with JavaScript-based eCommerce malware that enables the malware to re-infect the website automatically upon incomplete removal. Visa is providing this report in order to alert eCommerce merchants to this malware technique, and to provide detection and mitigation methods if this malware is discovered.
PDF 520 KB
March 1, 2017
PSI Alert: Flokibot Malware
Multiple information security firms have reported on the emerging threat of a new malware variant identified as “Flokibot.” While Flokibot attacks have focused on the LAC region to date, this malware may represent a broader threat to the payments ecosystem. Visa is publishing this alert in order to provide clients and stakeholders with technical information, including background on the malware, indicators of compromise and suggested mitigation activities to protect the payments ecosystem.
PDF 488 KB
February 21, 2017
Visa Publication: Racing to Security
It is always a great opportunity to set goals and make plans to achieve them. While motivation is at an all-time high, consider taking the following actions to help secure the payments ecosystem at the merchant level.
PDF 426 KB
June 2019
Visa Payment Acceptance Best Practices for U.S. Retail Petroleum Merchants
The best ways to process card transactions and manage the risks posed by card payments in the fuel segment.
PDF 2.5 MB
April 1, 2019
Costco Members Tap Into Checkout
Tapping to pay is quickly becoming the standard way to pay at checkouts around the world. Driven by a continued focus on improving their member experience, Costco, a global retail leader, implemented contactless technology at the point-of-sale across more than 525 warehouses in the U.S. This case study provides an overview of their decision to make the transition to contactless, key steps they took and the impact they have seen as a result of implementation.
PDF 1.2 MB
September 20, 2018
PCI DSS Validation Best Practice Review
Visa hosted a webinar on September 20, 2018 to cover a brief introduction to PCI SSC and PCI DSS, as well as a discussion on best practice to review PCI DSS validation documents, including samples and examples of PCI DSS documents.
PDF 1.3 MB
-
August 1, 2018
EMV News - Quick Chip or Contactless Chip Frequently Asked Questions
Read about items of interest when deploying Quick Chip for EMV and Contactless as well as Streamlining Contactless Level 3 Chip Certifications.
PDF 523 KB
July 27, 2018
U.S. Automated Fuel Dispenser EMV Liability Shift Delayed
Visa has been working with merchants, acquirers, and fuel-industry providers to support migration to the more secure EMV technology. The EMV liability shift is designed to better protect all parties. With the new rules, the party that is the cause of a chip transaction not occurring, either the issuer or acquirer, will be held financially responsible for any resulting card-present counterfeit fraud losses. However, due to challenges with EMV Automated Fuel Dispensers (AFD) solution readiness, Visa is delaying the U.S. domestic AFD EMV liability shift date to 1 October 2020.
PDF 354 KB
July 6, 2018
Counterfeit Fraud Mitigation Best Practices - Point-of-Sale Merchants Who are Not EMV Chip Enabled
Four best practices that merchants can implement to help reduce counterfeit fraud for point-of-sale transactions.
PDF 929 KB
June 25, 2018
Chip Payment Acceptance for Restaurant Merchants - Understanding Tip and Gratuity Options
This flyer provides information about chip acceptance at restaurants and the options available for adding tips to the final transaction amount.
PDF 586K
May 18, 2018
Counterfeit Fraud Mitigation Best Practices for Service Station Transactions - Fuel Merchants Who Are Not EMV Chip Enabled
This flyer provides best practices to help reduce counterfeit fraud for service station transactions where merchants are not yet accepting chip cards.
PDF 447 KB
May 18, 2018
Counterfeit Fraud Mitigation Tools for Automated Fuel Dispenser Transactions
This document describes 3 tools that can be used to help reduce counterfeit fraud on AFD transaction.
PDF 1015 KB
April 14, 2018
Signature Requirement Will Become Optional For EMV-Enabled Merchants in U.S. and Canada
New options for merchants in the U.S. & Canada From 14 April 2018, EMV-enabled merchants in the U.S. and Canada have the option to stop capturing signatures as a method of cardholder verification. Those same merchants will also no longer be required to retain and store transaction receipts.
PDF 192 KB
September 1, 2017
Automated Fuel Dispenser EMV Implementation
Fuel dispenser chip card acceptance is the more secure way to accept Visa cards at your fuel dispensers, and the best way to avoid liability for counterfeit fraud. The sooner it is done the better for a number of reasons.
PDF 71 KB