Visa Merchant Business News Digest

Your source for the top merchant-focused stories. Interested in learning more about a product, service or rule mentioned? Contact your Visa rep or acquirer.

Highlighted stories

Visa Secure EMV 3DS SDK Encryption Key/Certificate Update

Regions: US, Canada, AP, CEMEA, EU, LAC
April 2024

The current EMV 3DS SDK encryption key certificate will expire on August 22, 2024. This will be a multi-step process starting March 1, 2024, and all EMV 3DS SDKs must update their encryption key certificate by August 21, 2024.

Merchants can start integration as soon as their SDK provider has updated their encryption key certificate. Merchants must work with their SDK provider to integrate the updates into their merchant app to avoid service disruption. Merchants must push the updated app to devices, publish a new version of the app and advise end consumers / device holders to update the merchant app on their device(s) before the expiration date.

To avoid service interruption, all Visa Secure 3DS endpoints must abide by the August 21, 2024 update timeline. Please reach out to your EMV 3DS SDK provider with any additional questions.

Authorization Response Code Update, Alignment and Reminders

Regions: US, Canada, AP, CEMEA, EU, LAC
April 2024

Effective 13 April 2024, Visa will re-classify three existing decline response codes, realign response code 14 and introduce a new response code.

  • Three response codes are moving from Category 4—Generic Response Codes to Category 2—Issuer Cannot Approve At This Time. For both Category 4 and Category 2 response codes, 15 retries in 30 days are permitted so there is no merchant/acquirer authorization retry impact.
  • In response to merchant and acquirer requests for clarification, Response Code 14 will be removed from Category 3 excess reattempts. It will still be treated as a Category 1—Issuer Will Never Approve decline code and will remain in the Data Quality Program. As a Category 1, merchants must not reattempt an authorization request after a decline.
  • A new response code, Z5 (valid account but amount not supported) is being introduced as a Category 2 decline code.

The updates are intended to improve authorization processing, minimize invalid authorization reattempts, and optimize the consumer experience through greater transaction approvals.

Merchants should work with their acquirers and acquirer processors to ensure they receive the information needed to understand if authorization reattempts are prohibited, or if issues need to be corrected before an authorization reattempt is made.

Recent news

Authorization Framework Will Be Updated To Simplify Authorization Processing Time Frames: Information for U.S. Acquirers

Regions: US
February 2024

Effective 13 April 2024, Visa will make changes to its authorization framework to modernize the existing structure for authorization validity and clearing time frames. The existing structures will be simplified and optimized by:

  • Combining authorization validity and clearing and creating a new, single authorization-to-clearing time frame
  • Creating a new set of standard time frames
  • Introducing a new field in VisaNet that will populate an expected clearing date of an authorization. This date will be populated by VisaNet prior to sending it to the issuer, and will be returned to the acquirer in the authorization response.
  • Outside the US, a merchant will be able to select a longer clearing period for card-not-present, cardholder-initiated transactions

To see the new maximum time frames for different transaction types, please refer to the article below. To support the changes to authorization and clearing time frames, Visa will align dispute rules and update Visa Resolve Online.

Read article: Authorization Framework Will Be Updated To Simplify Authorization Processing Time Frames: Information for U.S. Acquirers

Restrictions on Standing Instruction MITs Will Be Delayed to July 2025

Regions: US, Canada, AP, CEMEA, EU, LAC
February 2024

Visa is delaying plans to restrict standing instruction merchant-initiated transactions (MITs) initiated by tokens to credential-on-file (COF) tokens only. Standing Instruction MITs initiated with Device Tokens provisioned after 30 July 2025 will be declined. Any standing instructions for MITs requested after this date must utilize Card on File tokens. Because COF tokens are delinked from the cardholder device, standing instruction MITs are not disrupted when consumers upgrade their device. However, standing instruction MITs that were initiated with Device Tokens provisioned on or before July 30, 2025 will continue to be honored. Merchants are advised to work with their payment providers or wallet providers to initiate the process toward supporting merchant COF tokens. Please note that Visa uses the device token provisioning date (and not the transaction date) to determine which transactions to restrict post the MIT device token sunset.

Frequently Asked Questions for Compelling Evidence 3.0 (CE3.0)

Regions: US, Canada, AP, CEMEA, EU, LAC
February 2024

The latest dispute-related hot topics include dispute guidance, reminders, and announcements. Since rolling out CE3.0 in April 2023, several questions have been raised by merchants looking to utilize the remedy rule. A full list of FAQs and additional information about the remedy rule can be found here: CE3.0 Hot Topics – January 2024

Data-Driven Insights for the Travel Industry Available in Global Travel Intentions Study

Regions: US, Canada, AP, CEMEA, EU, LAC
January 2024

The 2023 edition of Visa’s Global Travel Intentions Study is now available for clients to learn about international travelers’ needs and the pain points of payments while traveling. Visa’s proprietary report provides deep dives into emerging trends, segments, and habits for both outbound natives and inbound tourists, across 36 markets and aggregated by regions. Get a first look at travel as it’s evolving from the COVID pandemic, growing importance of sustainability, and Gen Z’s takeoff. For more than a decade, Visa has fielded its Global Travel Intentions Study every 2-3 years. It delivers an unparalleled view of the travel and payment landscape.

Clients that are interested in learning more about the study, obtaining a free copy of the infographics for their market(s) or purchasing the full report(s) should contact their Visa representative for more information.

NEW VIDEO Available: An Introduction to Visa's Account Name Inquiry service

Regions: US, Canada, AP, CEMEA, EU, LAC
December 2023

A new 9-minute video is now available on YouTube. Learn more about where Visa's name checking capability can be increasingly used, how it works and how it helps to reduce exposure to fraud and scams. Ensuring that a customer has shared their genuine name means more online accountability, better traceability and helps to reduce anonymity in the online world.

Reminder: U.S. Fleet Program Compliance Timeline for Merchants

Region: US
9 November 2023

Visa is reminding stakeholders of the upcoming merchant requirements for implementation of mandatory changes related to Visa’s Fleet 2.0 initiative. As outlined and required in the Visa Rules (ID#: 0027524), a merchant that accepts a Visa Fleet Card must provide enhanced data for Visa Fleet Card transactions classified under the following merchant category codes (MCCs):

  • MCC 4468—Marinas, Marine Service, and Supplies
  • MCC 5499—Miscellaneous Food Stores—Convenience Stores and Specialty Markets
  • MCC 5541—Service Stations (With or without Ancillary Services)
  • MCC 5542—Automated Fuel Dispensers
  • MCC 5983—Fuel Dealers—Fuel Oil, Wood, Coal, and Liquefied Petroleum
  • Note: MCC 5552—Electric Vehicle Charging is currently excluded. Requirements will be announced separately.

Acquirers and fuel merchants participating in the Visa Fleet program were originally required to have implemented Visa Fleet 2.0 changes effective with the April 2022 VisaNet Business Enhancements release. As a result of the pressures and challenges in the marketplace due to competing requirements and the impact of COVID-19 on the availability of resources, Visa announced that it would provide waivers for merchants with committed delivery times until October 2023, and that no further grace period should be expected after October 2023 for merchants that do not support Fleet 2.0 processing at the point of sale. From November 2023, Visa will assess the readiness of merchants and move forward with compliance actions where applicable.

Introduction of Monitoring Rule for Dispute Condition 10.4: Other Fraud—Card-Absent Environment Remedy

Regions: US, Canada, AP, CEMEA, EU, LAC
13 September 2023

Effective 14 October 2023, the Visa Rules will be updated to include the Visa Fraud Dispute Monitoring Program to monitor merchant-provided qualification data submitted as a remedy for Dispute Condition 10.4: Other Fraud—Card-Absent Environment.

Webinar – Compelling Evidence 3.0 In Action presented by Verifi

Regions: US, Canada
7 September 2023

Compelling Evidence 3.0 was launched in April 2023 and since then both pre-dispute and pre-arbitration have seen strong adoption, providing deflection and representment benefits to merchants globally. On Wednesday, September 20th at 9AM PT, Visa will hold a Compelling Evidence 3.0 webinar presented by Verifi. The webinar will share the results these benefits have realized and provide an update from clients live on Systematic Dispute Deflection. In addition to sharing beta results for CE3.0, Verifi will also share aggregated deflection statistics and discuss the future of Order Insight®Register for the Compelling Evidence 3.0 webinar.

Network Tokens Webinar: Helping to Bridge the Gap Between Security and Performance

Regions: US, Canada
6 September 2023

Did you know 40% of consumers have said they won’t return to a merchant if they receive a false decline?* Balancing fraud management and the customer experience can be difficult, but it’s pivotal to delivering the secure and seamless digital experience that your customers expect. Network tokens can help you find the right combination of fighting fraud and meeting customer expectations. Join Visa experts as we take you through the ins and outs of network tokenization – what it is, how it can benefit your customers, and how you can implement it. Register for the Network Tokens webinar. 

*Source: State of Consumer Attitudes on Ecommerce, Fraud & CX 2021, ClearSale

Anti-Enumeration and Account Testing Best Practices for Merchants

Regions: US, Canada, AP, CEMEA, EU, LAC
10 August 2023

An updated version of the Anti-Enumeration and Account Testing Best Practices Guide for Merchants is now available. The merchant best practice guide provides updated guidance on how to protect the ecosystem from attacks such as enumeration and account testing and is intended to help merchants more effectively defend against these attacks. Visa is reminding clients that it is critical to maintain appropriate controls to block such fraud attacks as part of their obligation to safeguard payment account information and payments system participants.

Updates to Acceptance Device Policies and Offline Plaintext PIN Requirements at UCATs

Regions: US, Canada, AP, CEMEA, EU, LAC
4 August 2023

Offline plaintext PIN support requirements for Unattended Cardholder Activated Terminals (UCATs) will be sunset. As a result, effective 1 Jan 2024, new UCAT devices must not support offline plaintext PIN and effective 1 Jan 2025, all UCAT devices must not support offline plaintext PIN. Merchants that operate UCATs that support offline plaintext PIN will need to work with their device vendor to de-activate support of offline plaintext PIN.

Reminder: Merchant Responsibility for IIAS Details in Flexible Spending Account Transactions

Region: US
19 May 2023

Merchants that are certified by the Special Interest Group for IIAS Standards (SIGIS) to accept flexible spending account (FSA) cards are responsible for ensuring that Inventory Information Approval System (IIAS) details are included in the transactions for all supported entry modes.  Acquirers and merchants should be using test scripts provided by Visa to test the various POS entry modes for IIAS/Auto-Substantiation services. 

Any new POS entry mode, such as EMV contact chip or contactless chip, enabled for a merchant is expected to be functional for any Visa card that is set up to use that specific entry mode, including EMV-enabled FSAs. 

As a reminder, SIGIS-certified merchants, or their partners such as a gateway, value-added reseller, POS vendor or other third party , are expected to ensure that any specific services a merchant supports, such as IIAS, should work for all entry modes the merchant is enabled or certified for. By ensuring SIGIS-certified merchants are able to support IIAS for all merchant-supported entry modes, merchants can help reduce declines due to missing IIAS details and improve the cardholder experience.

Webinar – Control the Chaos of First-Party Misuse Leveraging Compelling Evidence 3.0

Regions: US, Canada, AP, CEMEA, EU, LAC
26 Apr 2023

On Thursday, May 18 at 9am PT, Visa will hold a Compelling Evidence 3.0 webinar hosted by Denise Gibbons (Head of Merchant Client Relations, Verifi) and Bibek Das (Product Director, Verifi). The webinar will discuss consumer trends, network-level dispute performance, and new strategies to combat first-party misuse. 

The session will also cover how merchants can leverage the Compelling Evidence (CE) rule change in both the pre-dispute path (deflecting the dispute prior to formal processing) and post-dispute path (providing the qualified CE3.0 data in pre-arbitration) for Visa transactions. A merchant will share details about how they manage their post-purchase experience internally and for their customers. Registration is required; attendees should register here for this event.

PYMNTS Article – Compelling Evidence 3.0 Will Blunt 'Friendly' Fraud

Regions: US, Canada
24 Apr 2023

On April 15, the Compelling Evidence 3.0 (CE 3.0) rule change went into effect, helping to fight friendly fraud in Card-Not-Present transactions. To promote this exciting new development, Visa partnered with on an article discussing the current dispute landscape, how Compelling Evidence 3.0 can help fight friendly fraud, and how the whole payments ecosystem can come together to reduce fraud. The article features an interview with Mike Lemberger, Head of NA Risk, and is an exciting example of how Visa executives promote the CE 3.0 rule change.

Updated Non-Compliance Assessment Schedule for Dynamic Currency Conversion Compliance Program Audits

Regions: US, Canada, AP, CEMEA, EU, LAC
14 Apr 2023

Visa Rules include many requirements to ensure that merchants conduct Dynamic Currency Conversion (DCC) in a transparent manner that does not confuse cardholders. Visa is reminding that merchants may be audited at Visa’s discretion to confirm compliance with the DCC requirements and ensure a good cardholder experience. DCC audits are conducted in all channels, including in-store POS locations, ATM, and at card-absent merchants. These audits determine if transactions are compliant with disclosure, active choice, transaction receipt and other Visa requirements. Merchants should work with their acquirers to ensure that they are meeting compliance requirements.

Visa Compelling Evidence 3.0: Post-Dispute Pre-Arbitration Process Flow Webinar

Regions: US, Canada, LAC
6 April 2023

On April 25th, 2023, Visa will host a webinar detailing the post-dispute Compelling Evidence 3.0 pre-arbitration process for merchants and acquirers. In this webinar, Visa will review the process flow whereby merchants plan to supply qualified data through their acquirer for Compelling Evidence 3.0 packages to combat suspected first-party misuse on Visa 10.4 disputes. Register for Visa CE3.0: Post-Dispute Pre-Arbitration Process Flow.

Reminder: Visa’s Authorization Framework Will Be Expanded To Allow Wider Use of Estimated and Incremental Authorizations

Regions: US, Canada, AP, CEMEA, EU, LAC
6 April 2023

Visa is reminding clients that its authorization framework will be expanded effective 15 April 2023 to allow merchants to use estimated and incremental authorizations for purchases where the final transaction amount is not known up front. Certain transaction types will be excluded, including account funding transactions (including cryptocurrency purchases), advance payment transactions, ATM cash disbursement transactions, installment transactions, manual and quasi-cash transactions and recurring payment transactions. For more information on the expanded authorization framework, merchants should contact their acquirers.

Cardholder name checking through Visa’s new ‘Account Name Inquiry’ service is coming online from October 2023

Regions: US, Canada, AP, CEMEA, EU, LAC
6 April 2023

Verification of a cardholder’s name provides merchants with an additional security check during card onboarding and pre-transaction checks. Performing a name verification in advance of a transaction can help reduce exposure to fraud and scams in subsequent transactions of any kind, in particular in pull and push transactions (AFTs/OCTs) where fraud and scams have been on the rise globally.

If a merchant’s acquirer has enabled Account Name Inquiry, the merchant or originator will be able to perform name checks starting from October 2023, for cards issued in the US, Canada and the UK. Merchant’s wishing to take advantage of the many benefits that name checking can bring should contact their acquirer for guidance on enabling the feature.

Merchant Best Practices and Webinars are available on