Visa Merchant Business News Digest

Guidelines for Proper Use of Visa Tables for Routing and Processing

Regions: US, AP, Canada, CEMEA, LAC, Europe
29 Sept 2022

Given the continued growth of players within the payments ecosystem and changes in the use of numeric assets such as Bank Identification Numbers and account ranges, Visa is reminding its acquirer partners that it is essential to use only Visa-supplied data to route and process transactions correctly.

Reminder: EMV® 3DS Program Requirements for Supporting Visa Data Only Transactions

Regions: US, Canada
29 Sept 2022

In EMV® 3-D Secure (3DS) 2.2, a Data Only transaction was introduced to make it easier for merchants and issuers to exchange data without a cardholder challenge. The Visa Data Only program uses the existing EMV 3DS infrastructure to facilitate this exchange of data, intended to help boost approval rates and lower fraud rates. Visa is reminding clients and partners of the requirements for supporting Visa Data Only (also referred to as Information Only) transactions. Complying with these requirements helps to provide cardholders with a frictionless online purchasing experience. For more information on requirements, merchants should contact their acquirers.

Final Reminder: Visa Will Discontinue Support for 3DS 1.0.2

Regions: US, AP, Canada, CEMEA, LAC, Europe
29 Sept 2022

Visa will discontinue support for 3-D Secure (3DS) 1.0.2 on 15 October 2022. In preparation for the 3DS 1.0.2 sunset, Visa is reminding acquirers, merchants and issuers to migrate to EMV® 3DS.

Read the article Final reminder: Visa will discontinue support for 3DS 1.0.2

Restrictions on Standing Instruction MITs Will Be Delayed to February 2024

Regions: US, AP, Canada, CEMEA, LAC, Europe
22 Sept 2022

Visa is delaying plans to restrict standing instruction merchant-initiated transactions (MITs) to credential-on-file tokens only.

Read article about Restrictions on Standing Instruction MITs Will Be Delayed to February 2024

Visa Direct: Velocity Limits and Maximum Transaction Amounts Will Be Increased

Regions: AP, Canada, CEMEA, Europe, LAC 
15 Sept 2022

Changes will be made to VisaNet to increase default domestic and cross-border maximum transaction amounts. Visa will also increase the velocity limits for account funding transactions, push-to-card and push-to-account original credit transactions.

Regional Expansion of Personal Data Protection and Privacy Rules and Data Framework for Visa Services

Regions: AP, Canada, CEMEA, Europe, LAC 
8 Sept 2022

The Visa Rules have been updated to expand rules relating to personal data protection and privacy to the AP, Canada, CEMEA and LAC regions. The Data Framework for Visa Services, a Visa Supplemental Requirements document, has also been expanded to the above regions. The changes are effective 15 October 2022.

Read article about Regional Expansion of Personal Data Protection and Privacy Rules

Reminder: U.S. Fleet Program Updates and Timeline

Regions: US
1 Sept 2022

Visa is reminding stakeholders of previously communicated requirements for the implementation of mandatory changes related to Visa’s Fleet 2.0 initiative, including merchant category code fleet requirements and Visa Fleet 2.0 program timelines. Visa is also clarifying requirements for 0120 confirmation advice messages for Fleet cards. The Implementation deadline for merchants to support Visa Fleet 2.0 changes is October 2023. For more information, merchants should contact their acquirers.

Merchants that accept a Visa Fleet Card must support Visa Fleet 2.0 changes (October 2023) and must provide enhanced data for Visa Fleet Card transactions classified under the following MCCs:

• MCC 4468—Marinas, Marine Service, and Supplies
• MCC 5499—Miscellaneous Food Stores—Convenience Stores and Specialty Markets
• MCC 5541—Service Stations (With or without Ancillary Services)
• MCC 5542—Automated Fuel Dispensers
• MCC 5983—Fuel Dealers—Fuel Oil, Wood, Coal, and Liquefied Petroleum

Guidance on Crypto Ramp Providers and Best Practices for Mitigating Crypto-Related Fraud

Regions: US, Canada, AP, CEMEA, LAC, Europe
25 August 2022

Crypto exchanges and digital wallets enable consumers to purchase cryptocurrencies using a Visa credential (on-ramp). Some exchanges and wallets also enable payouts to a Visa credential (off-ramp). To promote the integrity and security of the payments ecosystem, Visa has published guidance on crypto ramp providers and best practices for mitigating crypto-related fraud.

Read article about Guidance on Crypto Ramp Providers

What to do if compromised document revised

Regions: US, Canada, AP, CEMEA, LAC
25 August 2022

Visa’s What To Do If Compromised document has been updated to more clearly define required procedures and timelines for reporting and responding to a suspected or confirmed Compromise Event. The latest version also incorporates new information pertaining to payment ecosystem attacks and fraud schemes.

Read article about What To Do If Compromised

Secure Member Connection Usage Will Be Required for All Visa DEX and EAS Endpoint Connections

Regions: US, Canada, AP, CEMEA, LAC, Europe
18 August 2022

To ensure that channel encryption and enhanced authentication features are implemented, effective 1 January 2024 Visa will require use of the Secure Member Connection service for all Direct Exchange (DEX) and Extended Access Server (EAS) endpoint connections.

Numerics Initiative: Timing for BIN Prefix Sharing

Regions: US, Canada, AP, CEMEA, LAC, Europe
18 August 2022

Following the adoption of the eight-digit Bank Identification Number (BIN) standard, Visa is reminding clients about potential future impacts to the ecosystem, including timing for BIN prefix sharing.

Read article about Numerics Initiative: Timing for BIN Prefix Sharing

Transaction Data Requirements for Stand-Alone Tipping

Regions: US, Canada, AP, CEMEA, LAC, Europe
18 August 2022

Visa payments provide a seamless, transparent and safe alternative to cash traditionally used for tips paid directly to employees. To promote transparency and cardholder recognition, Visa is clarifying the transaction data requirements for these stand-alone tipping transactions.

Read article about Transaction Data Requirements for Stand-Alone Tipping

Reminder: Visa Will Discontinue Support of 3-D Secure 1.0.2

Regions: US, Canada, AP, CEMEA, LAC, Europe
11 August 2022

Visa will discontinue support for 3-D Secure (3DS) 1.0.2 on 15 October 2022. In preparation for the 3-D Secure 1.0.2 sunset, Visa is reminding acquirers, merchants and issuers to migrate to EMV® 3DS.

Read article about Visa Will Discontinue Support of 3-D Secure 1.0.2

Visa Direct: New Standardized List of Purpose of Payment Codes Now Available

Regions: US, AP, Canada, CEMEA, LAC, Europe

28 July 2022

Visa is providing a new standardized list of Purpose of Payment codes for acquirers, acquirer processors and merchants sending original credit transactions and account funding transactions to Argentina, Bangladesh, Egypt and India.

Reminder: Visa Direct OCT Sender Data Requirements for Cross-Border Transactions

Regions: US, AP, Canada, CEMEA, LAC, Europe

14 July 2022

Visa is reminding clients that for cross-border original credit transactions (OCTs), the sender data fields must be populated with sender name, address, city and country data in a valid format.

Visa Secure Non-Payment Authentication Rule Update

Regions: US, AP, Canada, CEMEA, LAC, Europe

30 June 2022

Visa will update the Visa Rules for Visa Non-Payment Authentication (NPA) transactions, which will require issuers to provide an electronic commerce indicator of 05 and the Cardholder Authentication Verification Value for fully authenticated NPA requests.

Read article about updates to NPA

Dispute Rule Updates: Evolution of Compelling Evidence

Regions: US, AP, Canada, CEMEA, LAC, Europe

16 June 2022

Visa will update dispute rules and language to provide additional standardization of data to improve the effectiveness and efficiency of dispute processing.

Read article about the update to dispute rules

Merchant Name and Descriptor Field: Reminders and Clarification

Regions: US, AP, Canada, CEMEA, LAC, Europe

16 June 2022

Visa is providing reminders and clarification with regard to accurately and consistently populating the Merchant Name / Descriptor field.

Read article about populating merchant fields

Integration Gateway Certificates Will Be Renewed

Regions: US, AP, Canada, CEMEA, LAC, Europe

16 June 2022

Leaf Certificates deployed on the Visa integration gateway will be renewed before their expiration. Clients must ensure their systems still function properly after Visa renews these certificates.

Read article about information gateway certificates renewal

Reminder: Visa Will Discontinue Support for 3DS 1.0.2

Regions: US, AP, Canada, CEMEA, LAC, Europe

2 June 2022

Visa will discontinue support for 3-D Secure (3DS) 1.0.2 on 15 October 2022. In preparation for the 3DS 1.0.2 sunset, Visa is reminding acquirers, merchants and issuers to migrate to EMV^® 3DS.

Read article about Visa discontinuing support for 3DS 1.0.2

PCI DSS Version 4.0 Published

Regions: US, AP, Canada, CEMEA, LAC, Europe

12 May 2022

The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 has been published. Visa will continue to accept PCI DSS version 3.2.1 validations dated 31 March 2024 or prior.

Read article about PCI DSS Version 4.0

E-Commerce Transactions with Fully Authenticated Tokens Will Be Classified as ECI 05 in Canada and the U.S.

Regions: Canada, US

12 May 2022

Visa is planning changes for transactions processed on or after 15 April 2023 in Canada and the U.S. Cardholder-initiated card-not-present transactions using fully authenticated tokens will be classified with electronic commerce indicator (ECI) 05, subject to meeting performance standards. In addition, dispute rights for Dispute Condition 10.4: Other Fraud—Card-Absent Environment on these transactions will be removed.

Read article about E-commerce transactions with fully authenticated tokens

Google Chrome and Android Will Implement Tokens for Autofill

Regions: US

12 May 2022

As announced in the 12 May 2022 edition of the Visa Business News, Google will be the first partner to use Visa Token Service to enhance the Chrome browser, as well as Android, Autofill features with e-commerce enabler tokens. Visa and Google employee testing is expected to begin 21 June 2022, which may result in some very limited traffic. The gradual pilot rollout for Chrome and Android users in the U.S. is planned to begin in August 2022, with full U.S. rollout anticipated by November 2022. No other countries are announced at this time.

Currently, Google Chrome (across all operating systems), as well as Android, offer the capability to autofill primary account number (PAN) credentials on behalf of the cardholder, reducing the need for manually key-entered credentials at checkout. As announced in the 27 January 2022 edition of the Visa Business News, Visa Token Service (VTS) has enabled the ability for web browsers to replace PAN credentials with Visa network tokens for improved security and reduced friction in checkout experiences.

With Visa network tokens being utilized via Google Autofill, merchants, issuers, and cardholders can further experience the benefits that network tokens bring to the ecosystem—including higher authorization rates, lower fraud rates and better cardholder experiences. These tokenized Autofill credentials will work within existing merchant card entry forms that already support the use of Google Chrome Autofill today, meaning no additional integration with Google or VTS is required of merchants to process payments with these tokens. Merchants / acquirers can submit the token data in the same manner as they submit PAN-based transaction data. A three-digit dynamic token verification value (DTVV) cryptogram will be auto-filled in place of Card Verification Value 2 (CVV2). Merchants may store (with consumer consent) auto-filled tokens for future credential-on-file (COF) transactions. Merchants can contact their acquirer or Visa representative to learn more.

AFT Processing Guide, OCT Global Implementation Guide and Push to Account Program Guide Updated

Regions: US, AP, Canada, CEMEA, LAC, Europe

5 May 2022

Visa has updated the Account Funding Transaction (AFT) Processing Guide, the Visa Direct Original Credit Transaction (OCT)—Global Implementation Guide and the Visa Direct Payouts—Push to Account Program Guide. Clients and their partners that originate or receive AFTs, Visa Direct OCTs and/or push to account transactions should review the updated guides for information on how to best support these transactions.

DCC Compliance Program Reminders and DCC-Enabled Merchant / ATM Registration Requirements

Regions: US, AP, Canada, CEMEA, LAC, Europe

5 May 2022

Acquirers registered in the Dynamic Currency Conversion (DCC) Compliance Program for POS and/or ATM must register their DCC-enabled merchants for the period ending 31 July 2022 by 15 August 2022, and must update the ATM Locator quarterly with their DCC-enabled ATMs. Acquirers must advise Visa by 30 September 2022 if they wish to deregister as an acquirer from the DCC Compliance Program in fiscal year 2023. Visa is also reminding clients about the audit component of the DCC Compliance Program and the requirement for paper-based DCC solutions to be sunset by 15 October 2022.

Read article about the DCC Compliance Program

Visa Token Service Will Enable Web Browser Auto-Fill with Tokens

Regions: US, Canada

19 Apr 2022

Visa Token Service (VTS) is enabling web browsers with the ability to enhance their browser auto-fill solutions with Visa payment tokens, per the 27 January 2022 VBN announcement. Web browsers will have the capability to replace primary account numbers (PAN) with e-commerce enabler tokens, which will provide browsers the ability to auto-fill cardholders’ tokenized credentials, including the token, token expiration date and three-digit dynamic token verification values (DTVV), at merchant card entry forms. Each individual web browser will determine the user experience and how it educates its users about the solution. While Visa is enabling this capability for browsers in April 2022, no browser has announced its intent to provide a tokenized auto-fill solution. Visa will provide at least 30 days notice before a browser implements this capability.

Currently, browsers offer the capability to auto-fill PAN credentials on behalf of the cardholder, with the aim to reduce key-entered credentials at guest checkout. Visa Token Service (VTS) will enable the ability to replace the browser auto-filled PAN credentials with Visa payment tokens for better security and reduced friction in the guest checkout experience. By enabling Visa payment tokens to be used in a browser’s auto-fill solution, merchants, issuers and cardholders can further realize the benefits that network tokens bring to the ecosystem—namely higher authorization rates, lower fraud rates and better cardholder experiences. Merchants that would prefer not to receive tokens via browser auto-fill can contact their acquirer to opt out.

These tokenized auto-fill credentials will work within existing merchant card entry forms that already support the use of browser auto-fill solutions today, meaning no effort will be required from merchants to process these tokens for payment. Merchants can contact their acquirer or Visa representative to learn more.

New Visa Sensory Branding Requirements

Regions: US, AP, Canada, CEMEA, LAC, Europe

31 Mar 2022

Visa is introducing new requirements for the use of sensory branding in certain Visa events.

Read article about new Visa sensory branding

Visa Platform Connect: Merchant Processing Impacts of April 2022 VisaNet Business Enhancements Release Activation

Regions: US, AP, Canada, CEMEA, LAC, Europe

31 Mar 2022

In compliance with the April 2022 VisaNet Business Enhancements release, Cybersource will roll out mandated changes in Visa Platform Connect. Visa has published a document outlining the mandated processing impacts for merchants.

Read article about Visa platform connect

Global Distribution Systems and International Airline Program Acquirers Must Stop Initiating Airline Transactions with Russia Merchant Locations

Regions: US, AP, Canada, CEMEA, LAC, Europe

24 Mar 2022

Visa’s suspension of Russian operations also includes International Airline Program transactions and authorization requests initiated by a Global Distribution System with a Russia merchant location. By Friday, 8 April 2022 at 12:01 a.m. Moscow time, at the latest, acquirers must not submit IAP transactions with Russia as the merchant location, and GDSs must not seek authorizations with Russia as the merchant location.

Transaction And Authorization Limits and Fraud Liability Will Be Updated for Automated Fuel Dispenser Transactions

Regions: US

24 Mar 2022

Visa is updating the transaction amount limit for automated fuel dispenser (AFD) transactions in the Custom Payment Service program, and revising the authorization limits and lost / stolen fraud liability rules for EMV^®-enabled AFDs. These modifications are being made to reflect changes in the fuel market and improved security at EMV^®-enabled AFDs.

AFD AVS Zip Code Mandate Removed For U.S. Fuel Merchants in High-Fraud Geographies

Regions: US

10 Mar 2022

Visa is updating the rules to remove the mandate that U.S. fuel merchants in areas identified as high-fraud geographies include Address Verification Service (AVS) ZIP code information in all automated fuel dispenser (AFD) authorization messages. This change is effective 23 April 2022.

Read article about AFD AVS zip code

Managing Disputes Involving Russian Clients: Programs, Best Practices and FAQs to Help Clients

Regions: US, AP, Canada, CEMEA, LAC, Europe

9 Mar 2022

Visa is providing additional information on programs, best practices and frequently asked questions about managing and responding to disputes as a result of the suspension of operations in Russia.

Visa Suspends All Russia Operations

Regions: US, AP, Canada, CEMEA, LAC, Europe

7 Mar 2022

Visa is providing updates specific to impacts on the payments landscape and Visa’s clients stemming from its suspension of its Russia operations.

Please be advised that Visa is suspending operations in Russia. On Thursday, March 10, 2022, at 12:01 a.m. Moscow time (March 9, 2022, 1pm PST), Visa will block all issuing and acquiring associated with all Russian members. While the suspension is effective on March 10, 2022, there will be a wind-down period to allow for processes such as collection of fees and resolution of chargebacks and disputes. The wind-down period may be limited in some cases to comply with applicable laws, including any applicable sanctions.

Visa Suspends All Russia Operations

Regions: US, AP, Canada, CEMEA, LAC, Europe

5 Mar 2022

On March 5, 2022, Visa announced it is suspending its Russia operations. Effective immediately, Visa will work with its clients and partners within Russia to cease all Visa transactions over the coming days. Once complete:

• All transactions initiated with Visa cards issued in Russia will no longer work outside the country.
• Any Visa cards issued by financial institutions outside of Russia will no longer work within the Russian Federation.

Additional information will be provided in the coming days.

Visa Reducing U.S. Consumer Credit Interchange Rates for Small Businesses

Regions: US

3 Mar 2022

Since the start of the pandemic, digital payments have enabled small businesses to continue serving their customers, both in their local communities and around the world. Visa has taken a series of actions to support small businesses, committing to digitally enabling 50 million small businesses globally, launching programs and directing resources to provide the essential digital capabilities needed for recovery.

We are now taking an additional step to help U.S. small businesses compete and grow by lowering key in-store and online consumer credit interchange rates for more than 90% of American businesses by 10%. These changes will take effect April 2022.

Frequently Asked Questions Related to the Impact of Recent Sanctions

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

28 Feb 2022

Visa is providing updates specific to impacts on the payments landscape and Visa’s clients stemming from recent sanctions relating to Russia and Ukraine. As the situation evolves, Visa will continue to provide updates and additions to these Frequently Asked Questions (FAQ).

Sanctioned Entities Suspended From Visa

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

28 Feb 2022

In response to the U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctions, Visa is suspending business with Specially Designated Nationals (SDNs), effective immediately.

Dispute Resolution Guidelines and Frequently Asked Questions Related to Sanctions and Global Incidents

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

27 Feb 2022

This article is designed to help clients handling disputes due to the current events in Russia and Ukraine.

Reminder: 3-D Secure 1.0.2 Quasi-Sunset Processing Requirements

Regions: US, AP, Canada, CEMEA, LAC, Europe

24 Feb 2022

Visa is reminding acquirers and their merchants how to process transactions following the 3-D Secure 1.0.2 quasi-sunset.

Read article about reminder: 3-D secure

Support Will End After October 2023 for Interim Transaction Identifier Issued in EEA and UK for PSD2 Regulatory Requirements Relative to MITs

Regions: US, AP, Canada, CEMEA, LAC, Europe

3 Feb 2022

Visa has extended the waivers provided to European Economic Area (EEA) and UK acquirers for the use of an Interim Transaction Identifier. These waivers will now expire effective 31 October 2022. Non-compliance assessments will begin to accrue as of August 2022, and will be applicable for any use of the Interim Transaction Identifier as of 1 November 2022. Effective 31 October 2023, Visa will stop accepting the Interim Transaction Identifier in transaction messages.

Visa Direct: New Visa Rule for Issuers Processing AFT Credit Adjustments

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

27 Jan 2022

Visa is introducing a new account funding transaction (AFT) rule for processing and posting AFT Credit Adjustment advices. The new rule will improve the cardholder experience and reduce merchant complaints that funds are not credited to cardholders in a timely manner.

Final Reminder: Visa Secure Root Certificate Update

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

13 Jan 2022

As Visa has announced previously, the current Visa Secure eCommerce certificate chain will expire effective June 2022. All Visa Secure endpoints must trust the new eCommerce G2 root certificate chain and update / replace end-entity certificates according to the timelines below.

New Original Credit Transaction Data Requirements Will Be Introduced

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

13 Jan 2022

To support the growth of cross-border Visa Direct original credit transactions (OCTs) and to reinforce the security of the payment ecosystem, Visa will introduce several new data fields and requirements for OCTs.

Requirement to Migrate to the Visa Global L3 Test Set Files and Associated Impacts and Benefits

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

6 Jan 2022

Visa will require migration to its EMV^®-compliant Level 3 (L3) Test Set Files for any new L3 testing in all regions, and is communicating associated impacts and benefits.

Introduction of the Visa Network Merchant-Initiated Transaction Service

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

6 Jan 2022

Effective 22 April 2022 for acquirers and 15 July 2022 for issuers, Visa will launch the Network Merchant-Initiated Transaction (MIT) Service to help merchants and acquirers manage the Original Transaction Identifier requirements for processing MITs.

Read article about introduction of the Visa network MIT service

Visa Acquirer Monitoring Program Will Be Updated in April 2022

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

16 Dec 2021

Effective 1 April 2022, Visa will update the Visa Acquirer Monitoring Program in an effort to mitigate enumeration attacks.

Visa Secure Rules Will Be Updated

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

2 Dec 2021

Effective 23 April 2022, the Visa Rules and the Visa Secure Program Guide will be updated to include new authentication requirements for Visa Secure.

Read article about Visa secure rules

Visa Fleet BINs Updated

REGIONS: US

18 Nov 2021

Visa has updated the list of issuing Bank Identification Numbers (BINs) designated as Visa Fleet BINs for the U.S. market. Fleet merchants and acquirers need to update their list of BINs to better identify Visa Fleet products.

Numerics Initiative: Consulting Services Available to Help Clients Prepare for Eight-Digit BIN Adoption

REGIONS: US, Canada

18 Nov 2021

Visa has a number of fee-based consulting services related to the adoption of the eight-digit Bank Identification Number (BIN) industry standard available to assist clients and their partners as they prepare to support the new industry standard.

Reminder: Visa Secure Root Certificate Update

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

11 Nov 2021

As previously announced, the current Visa Secure eCommerce certificate chain will expire effective June 2022. All Visa Secure endpoints must trust the new eCommerce G2 root certificate chain (in addition to the current eCommerce [G1] root certificate chain), and were able to begin that part of the process on 1 July 2021.

Modification to Visa Brand Mark

REGIONS: US, AP, Canada, CEMEA, LAC, Europe

11 Nov 2021

Visa is moving from multiple marks to signal acceptance and Visa payment capability to one mark.