Visa is reminding clients of configuration requirements for POS terminals to successfully accept new card products. Failure to configure terminals according to Visa requirements can cause rejection of cards and a poor customer experience.
Read article about POS terminals must be correctly configured
Given the continued growth of players within the payments ecosystem and changes in the use of numeric assets such as Bank Identification Numbers (BINs) and account ranges, it is more important than ever to ensure our partners are using Visa-supplied data to route and process transactions correctly.
Effective 17 October 2020, Visa will create a new designation for consumer third party bill pay service providers with the introduction of the Consumer Bill Payment Service.
Visa is extending the option to require signature capture and validation for all merchants, globally. In 2018, Visa announced that the capture and validation of a cardholder’s signature would be optional for all EMV®-enabled merchants. In light of the COVID-19 pandemic, effective 14 May 2020, Visa is extending the same policy change to all merchants, even if they have not deployed EMV chip capabilities, to reduce the need for customers to interact physically with POS terminals.
In support of the unique environment that COVID-19 has created, Visa previously announced that it was imposing a control period, which was to expire on 4 May 2020. Visa has extended the control period to 2 June 2020.
The COVID-19 pandemic has impacted the world in ways nobody could have predicted. Because of the unprecedented circumstances created by COVID-19, Visa will further delay implementation dates and impact of certain previously announced U.S. interchange and fee changes to April 2021.
We are also capping dispute fees incurred as a direct result of COVID-19 pandemic, to help our clients as they work to resolve cardholder disputes and provide refunds for impacted services.
Lastly, we are further delaying the EMV® liability shift for U.S. domestic automated fuel dispenser transactions to April 2021.
We believe these actions are the right thing to do and the most prudent approach to ensuring the long-term stability of the payments ecosystem.
Visa has revised the sunset date for acceptance of Static Data Authentication contactless payments in the mass transit environment to 18 October 2020. Following the sunset of these rules, Visa will require all new contactless-only transit terminals to support only fast dynamic data authentication.
Visa is providing additional information on best practices to manage dispute processing as a result of the COVID-19 outbreak.
Read article about managing disputes through Covid-19 government prohibition
Visa is providing additional information on best practices to manage dispute processing as a result of the COVID-19 outbreak. We will continue to share updates and additional information, as available.
Visa is making miscellaneous revisions to dispute rules for clarity and consistency and removing obsolete or duplicate rules.
Effective 17 October 2021, fraud liability protection for merchants submitting transactions using Visa Secure with 3-D Secure (3DS) 1.0.2 will no longer apply.
Visa will introduce the Visa Rent Payment Program, which allows qualifying property owners, or their qualified third party agents that process the payments, to assess a capped fee to cardholders.
Visa is providing additional information on dispute processing as a result of the COVID-19 outbreak. We will continue to share updates and additional information, as available.
Visa is providing an update on planned changes to acceptance and disclosure policies for transactions at merchants that offer free trials or discounted introductory promotions as part of an ongoing subscription service.
Read article about Covid-19 update-policy for subscription merchants
For card-present transactions with merchants physically located in the Republic of Ireland, Visa will require acquirers to capture the merchant’s Eircode (postal code) and include it in the authorization request message. Additionally, acquirers must provide Eircode updates to the Acquirer Merchant Master File.
Visa is reminding merchants about available options that are strongly recommended to reduce the need for cardholders to interact physically with POS terminals.
Read article about merchant options for reducing cardholder interaction during COVID-19
Visa is providing additional information on programs, best practices and frequently-asked questions about managing and responding to disputes as a result of the COVID-19 outbreak.
As we continue to navigate the evolving impact of the COVID-19 pandemic, it is critical that the payment system remains stable and secure. Visa recognizes that all of our businesses are facing significant operational challenges, with the majority of our workforces operating remotely. Given the situation, Visa is taking a number of operational measures to ensure the stability, security, reliability and resiliency of our network.
Read article about Visa’s operational business response to COVID-19
The Visa Rules will be updated to expand contactless-only device acceptance globally, as well as to additional merchant segments.
To align with the upcoming revised Payment Services Directive provisions and country requests for updated limits, a number of changes to the Visa Easy Payment Service program are being made in Europe.
Effective 30 June 2020, Visa will discontinue 3-D Secure 1.0.2 Production Integration Testing.
Read article about 3-D secure 1.0.2 product integration testing
Effective immediately, Visa Easy Payment Services limits will be increased in Poland.
Effective 17 October 2020, Visa will implement higher authorization limits for automated fuel dispenser transactions acquired by U.S. fuel merchants.
Download article about U.S. automated fuel dispenser authorization limits
Visa will offer one hologram option for placement on physical cards effective 1 January 2021. Card vendors and issuers may continue to use any hologram stock on hand until it is depleted.
Visa has updated its PIN Entry Device sunset and replacement mandates for expired POS PIN entry and ATM devices and introduced new sunset dates for expired Host Security Modules.
Download article about updates to sunset dates for expired PIN
Visa has updated the list of Bank Identification Numbers (BINs) designated as Visa Fleet BINs for the U.S. market. Fleet merchants and acquirers need to update their list of BINs to better identify Visa Fleet products.
Visa is providing further clarification on changes to acceptance and disclosure policies for transactions at merchants that offer free trials or discounted introductory promotions as part of an ongoing subscription service.
Download article about reminder and clarification: updated policy for subscription merchants
Visa will be upgrading the Open File Delivery platform to enforce stronger 2048-bit key encryption in production, effective 30 April 2020. Clients must ensure that their systems are updated to support these new requirements.
Visa is reminding acquirers and their merchants of the upcoming global requirement for sending purchase return authorization messages and providing best practices.
Download article about requirements and best practices for purchase return
Issuers must use Cardholder Authentication Verification Value (CAVV) usage 3, version 7 for EMV® 3-D Secure (3DS) transactions.
Visa has updated its Numerics Initiative resources to reflect the most current information related to client migration to the new eight-digit Bank Identification Number (BIN) industry standard. These critical enhancements are intended to assist clients in their analysis and development of necessary operations and systems changes to adhere to this new numerics standard.
Visa is modifying its policies around sharing of Bank Identification Number (BIN) attribute data and clarifying how, when and with whom this information may be shared.
Visa Easy Payment Service limits will be increased in Belgium, the Philippines and Poland. Floor limits will be removed in the Philippines.
Visa is globalizing its Chip Vendor Enabled Service, extending the ability for Visa-accredited third party service providers to offer Level 3 testing services to clients in any region around the world.
Download article about chip vendor enabled service availability
Visa Secure now supports EMV® 3-D Secure (3DS) 2.2.0. Additionally, the Visa EMV 3DS Testing Suite is available for Visa Secure solution providers to ensure that their software complies with this new specification.
Download article about Visa Secure supports latest version of EMV
Visa is aligning processing requirements for automated fuel dispenser (AFD) confirmation and completion advice messages.
Visa will make changes to the processing of chip transactions for participants in the Visa Chip Authenticate service.
Download article about processing updates for Visa Chip Authenticate Service Participants
Visa’s dispute management application, Visa Resolve Online, has been enhanced to support pre-dispute processing. While the Visa Claims Resolution initiative improved the dispute process, Visa continues to look for ways to improve and optimize dispute processing.
The recent Visa acquisition of Verifi has created opportunities to provide best-in-class dispute resolution tools that include Visa Resolve Online (VROL), a suite of Visa risk and fraud management solutions, Verifi’s Order Insight and Cardholder Dispute Resolution Network. These tools foster collaboration between buyers and sellers with intelligent data-driven services. With the addition of Verifi, Visa will extend its dispute resolution capabilities to support a broad range of payments brands and partners across the ecosystem.
Effective immediately, the Visa Rules have been revised to expand the definition of third party agent to be more inclusive for the types of organizations that may provide payment-related services to Visa clients.
Effective immediately, Visa has updated the rules related to purchase return authorization messages. Credit authorization transactions are now optional for mass transit merchants globally.
Download article about optional refund authorization transactions
Visa has updated the Visa Direct Original Credit Transaction (OCT)—Global Implementation Guide. Clients and their partners that originate or receive Visa Direct original credit transactions (OCTs) should review the updated guide for information on how to enable and support services such as money transfers, funds disbursements, prepaid loads and credit card bill payments.
Visa is launching a new API-based installment solution that enables participating issuers and merchants to provide shoppers the ability to choose to pay in installments. Separately, Visa is also expanding acceptance policies for installments on Visa cards, even if the installment provider is neither the card issuer nor the seller of the goods or services. Lastly, existing debt repayment, stored credential and prepayment transaction requirements will be streamlined.
Download article about launch of Visa installment payment capabilities
Visa is reminding clients that Visa Smart Debit / Credit and quick Visa Smart Debit / Credit transactions must successfully pass cryptogram verification during testing. Additionally, Visa is providing updates about Level 3 testing in the U.S.
Visa has updated the Account Funding Transaction (AFT): Processing Guide (English only). Clients and their partners that originate or receive AFTs should review the updated guide for information on how to best support these transactions.
Visa is reminding clients of the brand standards for contactless point-of-sale terminals.
Download article about brand standards for contactless point-of-sale terminals
Effective 18 April 2020, the Visa Rules will be updated to ensure issuers, acquirers and their sponsored merchants control first party fraud. First party fraud is a concern for all parties in the payment system. This occurs when a cardholder seeks reimbursement or a credit for legitimately purchased goods and services, resulting in potential disputes and creating additional costs for all participants.
Visa has released Revision 2.3B of the Contactless Device Evaluation Toolkit.
Download article about new revision of contactless device evaluation toolkit
Visa has simplified the registration process for the International Airline Program, expanded program registration requirements to domestic airlines and updated the Visa International Airline Program Guide.
Download article about simplified international airline program
Visa is reminding acquirers, their merchants and issuers that they must correctly process zero-amount account verification messages.
Download article about account verification message processing reminders
Visa has clarified its acceptance policies to support updated Visa Product Brand Standards that offer greater flexibility in card design. To ensure an optimal cardholder experience, acquirers and merchants should be aware of Visa’s new card design options.
Effective immediately, Visa has modified standards to allow increased flexibility when issuers are designing Visa cards. Key changes include fewer required card elements and broader options for placement and color of the Visa Brand Mark.
To support these updated card design options, the Visa Rules have been updated to clarify cardholder verification requirements for cards without signature panels. For transactions with cards that do not have a signature panel, merchants do not have to validate a cardholder’s signature.¹ Additionally, issuers will not be permitted to raise a request for copy (RFC) for a transaction receipt. This applies regardless of whether the merchant has deployed an EMV®-capable terminal.²
¹ Visa cards issued in the U.S. will continue to contain a signature panel, but merchants may be presented with Visa cards issued from outside the U.S., which may not contain a signature panel.
² Merchants with non-EMV capable terminals (i) must continue to capture and validate a cardholder signature and (ii) remain subject to RFCs for transactions on all other cards above the applicable Visa Easy Payment Service (VEPS) limit, if no PIN is obtained.
Visa has published a new version of the U.S. Visa Contactless Transit Terminal Testing document to Visa Online. The document contains a new back office process that is required for mass transit merchants and processors / acquirers in the U.S. when testing a terminal accepting contactless payments at a transit gate. In addition, new U.S. test card images are available.
Issuers are reminded that they are prohibited from using the estimated, non-final pre-authorization amounts for Visa and Interlink automated fuel dispenser (AFD) transactions in any cardholder communications, including fraud alerts. Issuers may communicate either no transaction amount or the final AFD transaction amount, which can be obtained by receiving the enhanced AFD and real-time clearing acquirer confirmation messages.
Visa is allowing merchants in the U.S. to provide additional types of compelling evidence for card-present U.S. domestic key entered transactions processed at non-chip terminals.
Visa will require clients that connect to Visa Direct APIs to support Message Level Encryption.
The Visa Merchant Data Standards Manual has been updated to provide additional details and clarifications on some merchant category code descriptions. The document remains publicly available at visa.com to make it easily accessible to all clients, merchants, agents and processors.
Visa’s What To Do If Compromised document has been updated to more clearly define required procedures and timelines for reporting and responding to a suspected or confirmed account data compromise. This latest version incorporates new investigation fees and non-compliance assessment information. Fees are entirely avoidable if entities cooperate with applicable investigations in a timely fashion.
To meet Payment Card Industry Security Standards Council (PCI SSC) compliance commitments and maintain the highest standards of system security, Visa will be upgrading the Open File Delivery (OFD) platform to utilize stronger cipher suites, while concurrently decommissioning older and less secure cipher suites effective 30 November 2019. Clients must ensure that their systems are updated to support new requirements in order to successfully connect to the OFD platform once these changes are in effect.
Clients are reminded to ensure all international transactions are correctly classified, processed and reported in accordance with the Visa Rules. Failure to comply with Visa processing requirements may render them subject to non-compliance assessments.
The Visa Smart Debit / Credit Certificate Authority (CA) has extended the expiration date of the 1984-bit CA key. The expiration date of the 1408-bit CA key has not changed.
Download article about Visa Smart Debit/Credit Certificate authority annual key assessment
Visa is reminding clients about changes to acceptance, disclosure and dispute policies for transactions at merchants that offer free trials or introductory promotions as part of an ongoing subscription service. The new policies will enable greater customer recognition, easier cancellation and clearer dispute rights. A flyer is also available now for distribution directly to merchants.
Download article about updated policy for subscription merchants
Visa is updating the rules to streamline requirements for transaction receipts by removing duplication and outdated / unnecessary data elements. The updates will also provide increased flexibility for transactions where receipts are required to be provided.
Download article about updates to transaction receipt requirements
Effective 25 January 2020, Visa will update the non-compliance assessment schedules for general and willful violations, and introduce a new significant violation schedule.
Visa has compiled several processing requirements and reminders for processing 3-D Secure (3DS) 1.0.2 and EMV® 3DS transactions with Visa Secure.
Download the article about Visa Secure processing requirements and reminders
To align with the upcoming revised Payment Services Directive provisions and country requests for updated limits, a number of changes to the Visa Easy Payment Service program are being made in Europe.
To ensure that U.S. EMV® terminals can properly originate transactions from Canada-issued co-badged credit and debit cards, Visa is requiring acquirers to implement changes to ensure immediate interoperability.
To help move the e-commerce ecosystem to full strong customer authentication (SCA) compliance, Visa is making some important changes to help accelerate deployment of new 3-D Secure (3DS) technology. EMV® 3DS 2.2.0 provides key functionality which underpins the move to biometrics, the ability to take advantage of SCA exemptions and accommodates the delivery of a cryptogram in complex merchant use cases such as travel. All issuers, acquirers and merchants are expected to implement 3DS 2.2.0 by 14 September 2020.
Visa is reminding clients that Visa PIN Security Program participants will be required to use a Payment Card Industry (PCI) Qualified PIN Assessor for all on-site PIN assessments beginning 1 October 2019. All on-site PIN assessments beginning on 1 January 2020 and after must validate to version 3 of the PCI PIN security requirements.
The Visa Chargeback Monitoring Program will be renamed as the Visa Dispute Monitoring Program. Visa is also reminding clients of upcoming changes to fraud and dispute volume thresholds.
Visa is expanding its existing internet gambling blocking service to include online transactions for the new Merchant Category Code (MCC) 9406—Government-Owned Lotteries (Non-U.S. region).
Visa has certified LG Pay as a new token requestor in Visa Token Service.
Download article about LG pay certified as a new token requestor
Visa has implemented policies to support its Smart BIN Management strategy of responsible use of Bank Identification Numbers (BINs). This article reinforces the importance of these policies leading up to the April 2022 effective date for Visa clients to support the new eight-digit BIN standard.
Download article about importance of smart BIN management policies
Effective 18 October 2019, parking, electric vehicle charging and card-absent grocery merchants may use estimated authorization and incremental authorization requests.
Clients should update their systems to account for a new electric-vehicle charging merchant category code (MCC).
Acquirers must submit merchant validation reports to Visa by 31 July 2019.
Visa Analytics Platform is launching globally with new application packages and applications.
To enable greater customer recognition, easier cancellation and clearer dispute rights, Visa is updating its rules related to transactions at merchants that offer free trials or introductory offers as part of an ongoing subscription service.
Visa has policies, rules and requirements in place to regulate subscription and “negative option” merchants dating back to 2011, including express, informed consent from customers after required disclosures and a simple cancellation mechanism.
Upon further review of its existing rules, Visa recognizes that free trials or introductory offers that roll into ongoing subscriptions or recurring charges can lead to problems for cardholders and clients, including multimillion-dollar operational cost increases due to high call center volumes, customer complaints, write-offs and card closures / re-issuances. To address these concerns and help provide clarity for all parties, Visa is updating its acceptance, disclosure and cancellation policies effective 18 April 2020.
Additionally, Visa has identified potential solutions to the following pain points around notification, identification and resolution of issues with these transactions:
Subscription Merchant Transaction Policy Updates
The changes are designed to (1) promote an enhanced cardholder experience; (2) enable issuers to clearly identify these transactions; and (3) bring more specificity and clarity to the disputes requirements. With these changes, cardholders will be provided clearer information, enabling them to identify, recognize and take action on subscription transactions, reducing the need for disputes. Specifically, cardholders will benefit from:
The changes apply equally to merchants selling either physical or digital goods and services, if they offer free trials or introductory offers that roll into an ongoing subscription / recurring agreement. There are no new indicators or other changes to these transactions that issuers or acquirers need to cater for.
Download article about Updated Policy for Subscription Merchants
The Payment Card Industry Security Standards Council (PCI SSC) has published an annex to the security standard for protecting PIN-based transactions on commercial off-the-shelf (COTS) devices. The annex defines security requirements for magnetic-stripe transaction acceptance with no PIN in Software-based PIN Entry on COTS (SPoC) solutions. The date for merchants accepting PIN-based transactions via COTS devices to use or transition to a PCI-validated SPoC solution has been extended to 31 December 2019.
In the 26 July 2018 edition of the Visa Business News, Visa announced the publication of the PCI SPoC security standard, which defines global industry security requirements and testing procedures for securing PIN-based transactions on COTS devices.¹ Due to security risks associated with primary account numbers and PINs on unsecure COTS devices, the standard was originally published to explicitly prohibit the acceptance of magnetic-stripe transactions.
Based on industry feedback and the need for continued support of magnetic-stripe transaction acceptance in some markets, PCI has published the Payment Card Industry (PCI) Software-based PIN Entry on COTS Magnetic Stripe Readers Annex, which defines security requirements for accepting magnetic-stripe transactions without PIN in a SPoC solution. The Payment Card Industry (PCI) Software-based PIN Entry on COTS (SPoC) Program Guide has been updated to align with the annex and outlines the elements of SPoC solutions, roles of parties involved in development, solution-testing process and validated solution-listing instructions.
(¹)
Visa SPoC Compliance Deadline
In order to support the transition to PCI-approved SPoC solutions, Visa has extended the deadline that requires all merchants accepting PIN-based transactions via COTS devices to use or transition to a compliant, PCI-validated SPoC solution to 31 December 2019.
The publication of the SPoC standard or the SPoC annex does not change any Visa requirement related to hardware PIN-entry devices. All existing Visa rules and requirements continue to apply, including Visa’s Honor All Cards policy. Visit the PCI SSC website for resources for locating PCI-recognized laboratories and validated SPoC solutions.
The Card Acceptance Guidelines for Visa Merchants is a comprehensive manual for all businesses that accept Visa® transactions in the card-present and/or card-absent environment. The purpose of this guide is to provide merchants and their back-office sales staff with accurate, up-to-date information and best practices to help merchants process Visa transactions, understand Visa products and rules, and protect cardholder data while minimizing the risk of loss and fraud.
Visa published an easy-to-use guide to help smaller merchants navigate the world of transaction disputes. For more information, please see Dispute Management Guidelines for Visa Merchants on Visa.com.
The updated resource defines required procedures in response to an account data compromise.
As merchants in United States enable their payment card acceptance infrastructure for EMV chip technology starting October 1, 2015, counterfeit fraud will increasingly migrate to acceptance segments that have not implemented EMV chip technology, such as automated fuel dispensers (AFDs). This will lead to counterfeit fraud chargeback liability for fuel merchants if AFD EMV chip acceptance enablement is not completed by October 1, 2020.
Visa prepaid and debit cards are popular forms of payment at the register. Visa’s Partial Authorization service provides an alternative to declining a transaction when the card’s available balance is not sufficient to approve a transaction in full. Participating issuers return an authorization response with an approval for a portion of the original amount requested, enabling the remainder of the transaction amount to be paid by other means using split tender functionality.
More webinars and documents containing in-depth information designed to help Visa merchants navigate acceptance, fraud, data security, authorization and more. Download, print and keep them on hand at your business.
This digest consists of summaries only and does not supersede or modify Visa Business News publications. Please contact your Acquirer for further information about any publications. Actual Visa Business News articles are not public materials and should not be treated as public documents, e.g., posting on merchant websites, etc.
The Visa Business News was launched to Europe clients on August 11, 2016. Prior to that, announcements were communicated via Visa Europe Member Letter.
