Visa Merchant Business News Digest

Reminder: Visa Secure Acquirers Must Support EMV 3DS 2.2.0

Regions: US, Canada, AP, CEMEA, EU, LAC
May 2024

Visa is reminding all acquirers that their merchants should send authentication transactions on the highest protocol supported by the issuer. Acquirers whose merchants are not sending authentications on the highest protocol supported by the issuer account ranges are not adhering to the Visa Secure program requirements. If the highest protocol version is EMV 3DS 2.2.0, merchants must send EMV 3DS 2.2.0 authentications. The highest-protocol version supported by the issuer can be determined using the Preparation Request (PReq) / Preparation Response (PRes) message flow.

Additionally, Visa will discontinue support for EMV 3DS 2.1.0 on September 25, 2024. After this date, Visa Secure will no longer process EMV 3DS 2.1.0 transactions.

Reminder: Consumer Bill Payment Service Expansion and Requirements

Regions: US, Canada, AP, CEMEA, EU, LAC (excluding Argentina)
April 2024

The Consumer Bill Payment Service program will be expanded effective 13 April 2024 to make Merchant Category Code (MCC) 8111—Legal Services and Attorneys eligible globally.

Visa is also reminding acquirers that Consumer Bill Payment Service (CBPS) providers that are misusing merchant category codes (MCCs), not properly submitting the CBPS indicator or submitting ineligible MCCs are not adhering to Visa Rules. Acquirers with third party bill payment providers utilizing the CBPS program without proper registration are also not adhering to Visa Rules.

CBPS is an optional service that can improve the bill payment experience for cardholders by allowing them to make card payments for bills via third party bill payment providers. CBPS is available to third party consumer bill payment providers that accept payments for various types of bills including rent, education, utilities and more.

For information regarding participation requirements and how to register for CBPS, contact your Visa representative.

Visa Secure EMV 3DS SDK Encryption Key/Certificate Update

Regions: US, Canada, AP, CEMEA, EU, LAC
April 2024

The current EMV 3DS SDK encryption key certificate will expire on August 22, 2024. This will be a multi-step process starting March 1, 2024, and all EMV 3DS SDKs must update their encryption key certificate by August 21, 2024.

Merchants can start integration as soon as their SDK provider has updated their encryption key certificate. Merchants must work with their SDK provider to integrate the updates into their merchant app to avoid service disruption. Merchants must push the updated app to devices, publish a new version of the app and advise end consumers / device holders to update the merchant app on their device(s) before the expiration date.

To avoid service interruption, all Visa Secure 3DS endpoints must abide by the August 21, 2024 update timeline. Please reach out to your EMV 3DS SDK provider with any additional questions.

Authorization Response Code Update, Alignment and Reminders

Regions: US, Canada, AP, CEMEA, EU, LAC
April 2024

Effective 13 April 2024, Visa will re-classify three existing decline response codes, realign response code 14 and introduce a new response code.

• Three response codes are moving from Category 4—Generic Response Codes to Category 2—Issuer Cannot Approve At This Time. For both Category 4 and Category 2 response codes, 15 retries in 30 days are permitted so there is no merchant/acquirer authorization retry impact. The response codes moving are:
  • Response Code 39 (no credit account)
  • Response Code 52 (no checking account)
  • Response Code 53 (no savings account)
• In response to merchant and acquirer requests for clarification, Response Code 14 will be removed from Category 3 excess reattempts. It will still be treated as a Category 1—Issuer Will Never Approve decline code and will remain in the Data Quality Program. As a Category 1, merchants must not reattempt an authorization request after a decline.
• A new response code, Z5 (valid account but amount not supported) is being introduced as a Category 2 decline code.

The updates are intended to improve authorization processing, minimize invalid authorization reattempts, and optimize the consumer experience through greater transaction approvals.

Merchants should work with their acquirers and acquirer processors to ensure they receive the information needed to understand if authorization reattempts are prohibited, or if issues need to be corrected before an authorization reattempt is made.

Visa Platform Connect Merchant Processing Impacts: April 2024 VisaNet Business Enhancements Release

Regions: US, Canada, AP, CEMEA, EU, LAC
March 2024

Effective 12 April 2024, Visa rolled out authorization and capture processing enhancements in Visa Platform Connect related to mandates announced in the April 2024 Global Technical Letter. Merchants must follow the instructions in the Visa Platform Connect: April 2024 Business Enhancement Release Mandates Awareness document on the Visa Platform Connect Announcements page (not available for agents) at Visa Online to identify the scope of the development needed to remain in compliance with the requirements of Visa and non-Visa networks.

Authorization Framework Will Be Updated To Simplify Authorization Processing Time Frames: Information for U.S. Acquirers

Regions: US
February 2024

Effective 13 April 2024, Visa will make changes to its authorization framework to modernize the existing structure for authorization validity and clearing time frames. The existing structures will be simplified and optimized by:

• Combining authorization validity and clearing and creating a new, single authorization-to-clearing time frame
• Creating a new set of standard time frames
• Introducing a new field in VisaNet that will populate an expected clearing date of an authorization. This date will be populated by VisaNet prior to sending it to the issuer, and will be returned to the acquirer in the authorization response.
• Outside the US, a merchant will be able to select a longer clearing period for card-not-present, cardholder-initiated transactions

To see the new maximum time frames for different transaction types, please refer to the article below. To support the changes to authorization and clearing time frames, Visa will align dispute rules and update Visa Resolve Online.

Read article: Authorization Framework Will Be Updated To Simplify Authorization Processing Time Frames: Information for U.S. Acquirers

Restrictions on Standing Instruction MITs Will Be Delayed to July 2025

Regions: US, Canada, AP, CEMEA, EU, LAC
February 2024

Visa is delaying plans to restrict standing instruction merchant-initiated transactions (MITs) initiated by tokens to credential-on-file (COF) tokens only. Standing Instruction MITs initiated with Device Tokens provisioned after 30 July 2025 will be declined. Any standing instructions for MITs requested after this date must utilize Card on File tokens. Because COF tokens are delinked from the cardholder device, standing instruction MITs are not disrupted when consumers upgrade their device. However, standing instruction MITs that were initiated with Device Tokens provisioned on or before July 30, 2025 will continue to be honored. Merchants are advised to work with their payment providers or wallet providers to initiate the process toward supporting merchant COF tokens. Please note that Visa uses the device token provisioning date (and not the transaction date) to determine which transactions to restrict post the MIT device token sunset.

Frequently Asked Questions for Compelling Evidence 3.0 (CE3.0)

Regions: US, Canada, AP, CEMEA, EU, LAC
February 2024

The latest dispute-related hot topics include dispute guidance, reminders, and announcements. Since rolling out CE3.0 in April 2023, several questions have been raised by merchants looking to utilize the remedy rule. A full list of FAQs and additional information about the remedy rule can be found here: CE3.0 Hot Topics – January 2024

Data-Driven Insights for the Travel Industry Available in Global Travel Intentions Study

Regions: US, Canada, AP, CEMEA, EU, LAC
January 2024

The 2023 edition of Visa’s Global Travel Intentions Study is now available for clients to learn about international travelers’ needs and the pain points of payments while traveling. Visa’s proprietary report provides deep dives into emerging trends, segments, and habits for both outbound natives and inbound tourists, across 36 markets and aggregated by regions. Get a first look at travel as it’s evolving from the COVID pandemic, growing importance of sustainability, and Gen Z’s takeoff. For more than a decade, Visa has fielded its Global Travel Intentions Study every 2-3 years. It delivers an unparalleled view of the travel and payment landscape.

Clients that are interested in learning more about the study, obtaining a free copy of the infographics for their market(s) or purchasing the full report(s) should contact their Visa representative for more information.

NEW VIDEO Available: An Introduction to Visa's Account Name Inquiry service

Regions: US, Canada, AP, CEMEA, EU, LAC
December 2023

A new 9-minute video is now available on YouTube. Learn more about where Visa's name checking capability can be increasingly used, how it works and how it helps to reduce exposure to fraud and scams. Ensuring that a customer has shared their genuine name means more online accountability, better traceability and helps to reduce anonymity in the online world.

Reminder: U.S. Fleet Program Compliance Timeline for Merchants

Region: US
9 November 2023

Visa is reminding stakeholders of the upcoming merchant requirements for implementation of mandatory changes related to Visa’s Fleet 2.0 initiative. As outlined and required in the Visa Rules (ID#: 0027524), a merchant that accepts a Visa Fleet Card must provide enhanced data for Visa Fleet Card transactions classified under the following merchant category codes (MCCs):

• MCC 4468—Marinas, Marine Service, and Supplies
• MCC 5499—Miscellaneous Food Stores—Convenience Stores and Specialty Markets
• MCC 5541—Service Stations (With or without Ancillary Services)
• MCC 5542—Automated Fuel Dispensers
• MCC 5983—Fuel Dealers—Fuel Oil, Wood, Coal, and Liquefied Petroleum
• Note: MCC 5552—Electric Vehicle Charging is currently excluded. Requirements will be announced separately.

Acquirers and fuel merchants participating in the Visa Fleet program were originally required to have implemented Visa Fleet 2.0 changes effective with the April 2022 VisaNet Business Enhancements release. As a result of the pressures and challenges in the marketplace due to competing requirements and the impact of COVID-19 on the availability of resources, Visa announced that it would provide waivers for merchants with committed delivery times until October 2023, and that no further grace period should be expected after October 2023 for merchants that do not support Fleet 2.0 processing at the point of sale. From November 2023, Visa will assess the readiness of merchants and move forward with compliance actions where applicable.

Introduction of Monitoring Rule for Dispute Condition 10.4: Other Fraud—Card-Absent Environment Remedy

Regions: US, Canada, AP, CEMEA, EU, LAC
13 September 2023

Effective 14 October 2023, the Visa Rules will be updated to include the Visa Fraud Dispute Monitoring Program to monitor merchant-provided qualification data submitted as a remedy for Dispute Condition 10.4: Other Fraud—Card-Absent Environment.

• Read Article: Introduction of Monitoring Rule for Dispute Condition 10.4 Other Fraud – Card-Absent Environment Remedy

Webinar – Compelling Evidence 3.0 In Action presented by Verifi

Regions: US, Canada
7 September 2023

Compelling Evidence 3.0 was launched in April 2023 and since then both pre-dispute and pre-arbitration have seen strong adoption, providing deflection and representment benefits to merchants globally. On Wednesday, September 20th at 9AM PT, Visa will hold a Compelling Evidence 3.0 webinar presented by Verifi. The webinar will share the results these benefits have realized and provide an update from clients live on Systematic Dispute Deflection. In addition to sharing beta results for CE3.0, Verifi will also share aggregated deflection statistics and discuss the future of Order Insight^®.  Register for the Compelling Evidence 3.0 webinar.

Network Tokens Webinar: Helping to Bridge the Gap Between Security and Performance

Regions: US, Canada
6 September 2023

Did you know 40% of consumers have said they won’t return to a merchant if they receive a false decline?^* Balancing fraud management and the customer experience can be difficult, but it’s pivotal to delivering the secure and seamless digital experience that your customers expect. Network tokens can help you find the right combination of fighting fraud and meeting customer expectations. Join Visa experts as we take you through the ins and outs of network tokenization – what it is, how it can benefit your customers, and how you can implement it. Register for the Network Tokens webinar. 

^*Source: State of Consumer Attitudes on Ecommerce, Fraud & CX 2021, ClearSale

Anti-Enumeration and Account Testing Best Practices for Merchants

Regions: US, Canada, AP, CEMEA, EU, LAC
10 August 2023

An updated version of the Anti-Enumeration and Account Testing Best Practices Guide for Merchants is now available. The merchant best practice guide provides updated guidance on how to protect the ecosystem from attacks such as enumeration and account testing and is intended to help merchants more effectively defend against these attacks. Visa is reminding clients that it is critical to maintain appropriate controls to block such fraud attacks as part of their obligation to safeguard payment account information and payments system participants.

Updates to Acceptance Device Policies and Offline Plaintext PIN Requirements at UCATs

Regions: US, Canada, AP, CEMEA, EU, LAC
4 August 2023

Offline plaintext PIN support requirements for Unattended Cardholder Activated Terminals (UCATs) will be sunset. As a result, effective 1 Jan 2024, new UCAT devices must not support offline plaintext PIN and effective 1 Jan 2025, all UCAT devices must not support offline plaintext PIN. Merchants that operate UCATs that support offline plaintext PIN will need to work with their device vendor to de-activate support of offline plaintext PIN.