Visa Merchant Business News Digest

Merchant Best Practices available on Visa.com

The Visa Merchant Business News Digest is an online publication, providing a summary of recent Visa Business News articles. We know how important it is for you to have the pertinent information quickly and clearly, and our mission is to make that as simple as possible. The digest provides highlights of key merchant-related publications, but is not intended to be a complete list. As always, please work with your acquirer for further information on released publications and applicable announcements.

Visa Rules Will Be Updated to Streamline Cardholder and Merchant Interaction at the Point of Sale

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
27 SEP 2018

Recently announced acceptance policy changes, evolving and innovative new products, and changing risk parameters have created an opportunity to streamline Visa's requirements for merchants to identify and verify cardholders at the point of interaction in face-to-face environments. These updates will remove outdated requirements and practices, reduce friction and clarify a merchant's responsibility for verifying cardholders at the point of interaction.

Original Credit Transaction Terminology in Visa Direct Rules Updated 

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
20 SEP 2018

Visa Direct-related rules and terminology have been updated to bring consistency and alignment with the nomenclature changes introduced in December 2017 in the Visa Direct Original Credit Transaction Global Implementation Guide. p>

Increase in Payment Facilitator Annual Transaction Volume Limit for India 

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
20 SEP 2018

The maximum annual transaction volume limit for payment facilitator / acquirer direct merchant agreement will be increased from USD 100,000 to USD 1 million in India.

Europe Contactless Terminal Implementation Guidelines Updated to Support Compliance with SCA Requirements Under the PSD2

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
13 SEP 2018

All acquirers and merchants in the Europe region are encouraged to follow the contactless terminal implementation guidelines, which have been updated to facilitate compliance with the European Banking Authority (EBA)’s strong customer authentication (SCA) requirements, based on the revised Payments Service Directive (PSD2) provisions.

Verified by Visa Endpoints Must Support Failover Processing 

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
6 SEP 2018

Visa will be updating all Verified by Visa server environments to better support redundancy.

PCI PIN Security Requirements Updated 

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
6 SEP 2018

The Payment Card Industry Security Standards Council (PCI SSC) has published version 3.0 of the PCI PIN security requirements. 

PCI SSC Publishes New Guidance for Small Merchants

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
6 SEP 2018

Visa encourages clients and small merchants to review the simplified guidance documents on protecting payment card data published by the Payment Card Industry Security Standards Council (PCI SSC).

3DS 2.0 Service for Processing Secure E-commerce Transactions Available and Updated Activation Dates

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
30 AUG 2018

Visa 3-D Secure (3DS) 2.0 service is now available for clients and merchants to enhance the security of e-commerce transactions. In addition, updated regional activation dates that define when fraud liability extends to issuers that do not participate in 3DS 2.0 are now available.

Update on Authorization Changes to Support PSD2 Strong Customer Authentication

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
16 AUG 2018

Effective with the January 2019 VisaNet Business Enhancements release, Visa will implement new fields to support strong customer authentication requirements within the upcoming Payments Service Directive 2/Regulatory Technical Standards (PSD2/RTS) regulations. Additionally, Visa will implement a new response code.

Visa Token Service Will Expand for Adyen

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
16 AUG 2018

Visa will introduce a new credential-on-file use case with Adyen to accelerate the deployment of Visa tokens to e-commerce merchants.

Visa Account Funding Transaction Processing Guide Updated

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
9 AUG 2018

Visa has updated the Visa Account Funding Transaction (AFT) Processing Guide. Clients and their partners that originate or receive AFTs should review the updated guide for information on how to best support these transactions.

Visa Token Service Will Expand for Use Case with Cherri Tech, Inc.

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
9 AUG 2018

Visa will introduce a new merchant credential-on-file use case with payment service provider Cherri Tech, Inc. to accelerate the deployment of Visa tokens to e-commerce merchants.

Test Encryption Keys in VCMS Must Be Provided by Visa

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
9 AUG 2018

Effective April 2019, clients and processors must use Visa-provided test encryption keys for testing in the VisaNet Certification Management Service (VCMS). Clients and processors must upgrade their VisaNet Test System –VisaNet Integrated Payment, host security modules and test host systems to support the Visa-provided test encryption keys.

Visa Direct OCT Global Implementation Guide Updated

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
2 AUG 2018

Visa has updated the Visa Direct Original Credit Transaction (OCT) – Global Implementation Guide. Clients and their partners that originate or receive Visa Direct original credit transactions (OCTs) should review the updated guide for information on how to enable and support services such as money transfers, funds disbursements, prepaid loads and credit card bill payments.

Ensuring Network Integrity—Reminder to Focus on Data Quality

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
26 JUL 2018

Visa is reminding all clients to review their system setup and transaction coding to ensure compliance with Visa rules.

Europe Contactless Magnetic-Stripe Data Transactions Will Be Blocked By V.I.P. System

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
26 JUL 2018

For all Europe region-issued card payment devices, the VisaNet Integrated Payment (V.I.P.) System will block all contactless magnetic-stripe data transactions. This will affect all Europe region issuers, acquirers and merchants worldwide.

PCI Software-based PIN Entry on COTS Device Standard and Programme Published

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
26 JUL 2018

The Payment Card Industry Security Standards Council (PCI SSC) has published a standard for protecting PIN-based transactions on commercial off-the-shelf (COTS) devices. Merchants accepting PIN-based transactions via COTS devices must use or transition to a PCI-validated software-based PIN entry on COTS solution by 31 July 2019.

Support for Key Exchange in Key Block Format

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
19 JUL 2018

All organisations that exchange keys with Visa should plan to transition from variant format encryption to key block format encryption. The ability to perform key exchanges with Visa in variant format will not be supported by Visa after June 2021.

Visa Token Service Will Expand for CyberSource

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
19 JUL 2018

Visa will introduce a new credential-on-file use case with CyberSource to accelerate the deployment of Visa tokens to e-commerce merchants.

Updated PCI SSC Guidance on SSL and Early TLS

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
21 JUN 2018

The Payment Card Industry Security Standards Council (PCI SSC) has updated the information supplements to provide guidance to merchants and service providers using Secure Sockets Layer/early Transport Layer Security for card-present POS point of interaction terminal connections after 30 June 2018, as well as the impact on Approved Scan Vendor scans in such cases.

Updates to Visa PIN Security Website Include Europe Integration

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
21 JUN 2018

The Visa PIN security website has been updated to provide news about the PIN Security Programme and includes important information about the Europe PIN Security Programme integration.

Visa Sensory Branding Introduced

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
21 JUN 2018

Visa Sensory Branding elements consisting of the Visa brand animation, the Visa brand sound and the Visa brand haptic are now available for use in client applications. Visa Sensory Branding elements can be downloaded as a software development kit for iOS, Android and web through the Visa Developer Platform.

Visa Merchant Data Standards Manual Updated

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
7 JUN 2018

The Visa Merchant Data Standards Manual has been updated to provide more clarity related to merchant category code definitions for transactions involving non-fiat currency and money transfer merchants. The document remains publicly available at visa.com to make it easily accessible to all clients, merchants, agents and processors.

Signature Requirement Will Become Optional for EMV-enabled Merchants Everywhere

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
31 MAY 2018

Visa is making the requirement to capture and validate a signature optional for all EMV-enabled merchants across all Visa regions. Visa is also removing the requirement to keep transaction receipts, and is prohibiting issuers from initiating retrieval requests for transactions at all EMV-enabled merchants. These changes were previously announced for the US, Canada and LAC regions, and now reflect a global policy.

Authorisation Changes to Support Strong Customer Authentication

REGIONS: Europe
31 MAY 2018

Visa will implement new fields to support strong customer authentication requirements within the upcoming Payments Service Directive 2 / Regulatory Technical Standards regulations. Additionally, Visa will implement a new response code.

The new Payments Service Directive 2 / Regulatory Technical Standards rules take effect in September 2019. The new rules stipulate that strong customer authentication be performed on all transactions, with limited exceptions. Visa will implement changes to support these new requirements.

New Member Agent Registration Tool Introduced in Europe

REGIONS: Europe
24 MAY 2018

Changes to the member agent registration process in Europe will simplify and unify member agent registration across all regions.

As part of the ongoing integration process, Visa is introducing the Program Request Management tool for member agent registration in Europe. This will replace the manual member agent registration forms.

New Pilot to Open Card Acceptance at Electric Vehicle Charging Stations

REGIONS: Europe
24 MAY 2018

Visa will introduce a pilot programme to address card acceptance at electric vehicle charging stations in Europe.

PCI DSS Version 3.2.1 Published

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
17 MAY 2018

Visa will only accept Payment Card Industry Data Security Standard (PCI DSS) validations that comply with version 3.2.1.

Fraud Reporting System Enhancements

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
26 APR 2018

The Fraud Reporting System has been enhanced with operational and functional changes as part of the April 2018 VisaNet Business Enhancements release. The changes are centred on incorporating new fraud types that reflect a changing fraud landscape and updating programme rules around the fraud reporting process.

Sunsetting of Static Data Authentication Rules for Mass Transit

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
12 APR 2018

Visa will sunset rules for issuance of transit-only Static Data Authentication (SDA) cards, as well as acceptance of SDA contactless payments in the mass transit environment. Following the sunset of these rules, Visa will require all new contactless cards and contactless-only terminals to support only fast dynamic data authentication.

Merchant Plug-in Validations for 3DS 1.0.2 Visa Token Service Transactions

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
5 APR 2018

Effective immediately, for 3-D Secure 1.0.2 Visa Token Service transactions only, merchant plug-ins should not match the last four digits of the PAN received in the authentication response message with the value supplied in the initial verification enrolment request message. Other validation options are provided for these transactions.

Changes to the PIN Security Programme in Europe

REGIONS: Europe
5 APR 2018

Changes to the PIN Security Programme in the Europe region will simplify and unify PIN security validation across all regions.

Visa Direct: New Transaction Limit for Funds Disbursement OCTs

REGIONS: Europe
8 MAR 2018

A new transaction limit for funds disbursement original credit transactions (OCTs) will change from EUR 80,000 to USD 50,000 (or the submitted currency equivalent). This change will take effect when acquirers in Europe migrate to the global VisaNet BASE II clearing system, which is expected by 9 March 2018

Purchase Return Requirements Will Be Updated in the Visa Rules

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
8 MAR 2018

Effective 13 April 2019, the Visa Rules will be updated to clarify merchant requirements for processing purchase returns. Visa recently announced new requirements to support the authorisation of credit transactions for purchase returns / refunds. In response to client feedback, Visa is further clarifying requirements for processing refunds.

Payment Facilitator Requirements Will Be Updated

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
8 MAR 2018

Effective 13 October 2018 requirements for Europe payment facilitators will be aligned with global requirements to provide a more comprehensive risk practice. Existing European rules for payment facilitators requiring customer service to be provided in the language in which the services are offered will be expanded globally. Additionally, in cases where a cardholder can access the payment facilitator’s website directly, the payment facilitator will be required to clearly display customer service contact information.

Acceptance Rules Update and Simplification

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
8 MAR 2018

Effective 14 April 2018, Visa is streamlining the Visa Rules by removing retired requirements, eliminating redundancies and simplifying language. Most of the changes will have no operational impact and have no action required.  

Visa Direct: New Single Message OCT Origination Requirements for Acquirers, PSPs and Merchant Originators in Europe

REGIONS: Europe
15 FEB 2018

To develop opportunities in real-time push payments in Europe, Visa will mandate single message origination (0200 messages) for all original credit transactions (OCTs) processed through Visa and sunset all batch-only submissions of OCTs (TC06 messages).

New PCI SSC Guidance on Connected-to Service Providers Published

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
8 FEB 2018

Visa encourages all organisations to review the new guidance document published by the Payment Card Industry Security Standards Council and share it with customers, as appropriate.

Chargeback Rights for CVV2 Mismatch Transactions Will Be Removed for All Regions

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
1 FEB 2018

Effective 14 April 2018, issuer fraud-chargeback rights for card-absent transactions that are approved with a Card Verification Value 2 mismatch response will be removed for all transactions in all regions.

Visa Removing Requirement to Use payWave Brand on Cards, Terminals

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
25 JAN 2018

Visa is moving away from the Visa payWave brand name for Visa’s contactless solution.

In keeping with Visa’s ongoing efforts to provide greater flexibility for clients, Visa is removing the requirement to use Visa payWave branding on cards and on merchant terminals effective 1 February 2018. This change applies to AP and LAC only – payWave is currently optional on cards and terminals in all other regions.

Visa will no longer approve new card designs or merchant / terminal signage using the payWave brand as of 1 November 2018. Visa will not require existing cards or terminal signage to be replaced as a result of this brand change.

The future state is focused on contactless payments with Visa, and the guiding language at point-of-sale for consumers is “tap to pay here” to facilitate the transaction.

New Indicator Requirement For Deferred Authorisations

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
18 JAN 2018

Visa is implementing new requirements for card present transactions when merchants defer transaction authorisations.

When their POS authorisation systems are offline and cannot process card-present transactions, merchants often complete the transaction with the cardholder and defer the authorisation until their POS authorisation systems are back online. Currently there is no requirement for merchants to identify a deferred authorisation. In some instances, this can cause confusion for issuers.

To improve authorisation processing, effective October 2018 optional and April 2019 mandatory, Visa is implementing new rules pertaining to deferred authorisation indication and processing timeframes.

Recommendations for Upcoming E-commerce Regulation in Turkey

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
11 JAN 2018

1. This article originally ran in the 25 May 2017 (summary below) edition of the Visa Business News. It is being republished, as the effective date of 31 December 2017 has been postponed to 31 January 2018. Please use this version of the article going forward.

Updates to Mobile Point-of-Sale Testing and Implementation Process

REGIONS: Europe
11 JAN 2018

The mobile point-of-sale validation process and requirements in Europe have been updated in order to reflect market changes and client feedback. The process has been simplified to further reduce go-to-market time for new solutions.

Sales Tax Rebate Processing Requirements

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
21 DEC 2017

A rule to clarify the requirement that merchants process sales tax rebates as original credit transactions will take effect 13 April 2019. 

Many governments allow tax-free shopping for foreign travellers. Merchants, acquirers and solution providers collaborate to offer sales tax / value-added tax (VAT) recovery to foreign travellers when they leave the country with purchased goods. To ensure this practice is conducted according to the Visa Rules, Visa is mandating that merchants:

  • Use original credit transactions (OCTs) for sales tax disbursements
  • Follow dynamic currency conversion (DCC) rules if the rebate amount is converted from a merchant’s local currency to a cardholder’s billing currency

Visa is clarifying the existing merchant processing rules to ensure acquirers and service providers that offer sales tax recovery service can place the funds on the cards.

Use of Acquirer Device Validation Toolkit Version 6.1.1 Extended

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
21 DEC 2017

Visa is providing clients additional time to transition to Acquirer Device Validation Toolkit Version (ADVT) 7.0 from ADVT Version 6.1.1.   

In September 2017, Visa announced the release of a new version of the Acquirer Device Validation Toolkit (ADVT) – ADVT Version 7.0 – and informed users that they had until 31 January 2018 to upgrade from the previous version of the toolkit – ADVT Version 6.1.1. Due to delays in certifying third-party test tools, Visa is allowing clients to use ADVT Version 6.1.1 until 31 May 2018. 

Effective from 1 June 2018, use of ADVT Version 6.1.1 will not be permitted. Instead, users will be required to obtain a copy of ADVT Version 7.0, either through a third-party test tool provider or via the Visa Mobile Card Personalisation App/Utility Card.

Brand Standards Created for Blind Notch Cards

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
7 DEC 2017

Visa has created standards to support the non-standard blind notch card shape for visually impaired cardholders

Effective immediately, issuers may develop and issue the non-standard blind notch card shape for visually impaired cardholders. Visa has created standards in support of these non-standard card shapes that allow for a cut-out notch to assist cardholders in determining the direction in which the card is to be inserted into a payment terminal at the point of sale. 

Connection and Encryption Policies for Verified by Visa Transactions

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
16 NOV 2017

To increase security for Verified by Visa (VbV) transactions, Visa is requiring TLS version 1.2 to connect to all VBV hardware. Clients may need to make changes to their VbV infrastructure to meet the new security requirements.

In the 4 February 2016 edition of the Visa Business News, Visa announced support of the Payment Card Industry Security Standards Council (PCI SSC) bulletin on migrating from Secure Sockets Layer (SSL) and early versions of Transport Layer Security (TLS) on all Verified by Visa (VbV) endpoints. Version 3.2 of the PCI Data Security Standard (DSS) was released in April 2016 and now requires all endpoints stop the use of SSL and early versions of TLS.

To ensure Visa meets its compliance commitments for PCI, Visa is requiring that all VbV merchant server plug-in and access control server providers that connect to VbV production infrastructure, including the Visa directory server and the authentication history server, meet the following requirements by the specified date:

  • Effective 28 January 2018, Visa will disable the use of TLS version 1.0, 1.1 and 3DES cipher and require that secure connections to all VbV production hardware use TLS version 1.2 encryption.

Version 2.1.0 of 3-D Secure 2.0 Specifications Now Available

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
02 NOV 2017

A new 3-D Secure Protocol and Core Functions Specification v2.1.0 can be downloaded from EMVCo’s website.

3-D Secure is a messaging protocol that allows the merchant, card issuer and consumer to exchange data during an e-commerce transaction for consumer authentication purposes.

EMVCo has released 3-D Secure 2.0 Protocol and Core Functions Specification Version 2.1.0 and Bulletin 196. Bulletin 196 provides updates, clarification and errata that are incorporated into the October 2017 version 2.1.0 specification. The new 3-D Secure 2.0 specification and Bulletin 196 are available to the general public from the EMVCo website.

Global Expansion of Debt Repayment on Debit and Prepaid Cards

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
02 NOV 2017

Visa allows debt repayment to occur on debit and prepaid cards in all regions. In addition, debt repayment rules will be refined in Australia, Canada, New Zealand, the U.S. and Europe.

Visa is expanding the use of debit and prepaid cards for debt repayment. The following rules will take effective in 2018.

Effective 14 April 2018: 

  • Cardholders in all regions will be able to repay debt with debit and prepaid cards.
  • The debt repayment rules will be refined in Australia, Canada, New Zealand and U.S.

Effective 13 October 2018, the debt repayment rules will be refined in the Europe region.

Debt Defined

The Visa Rules define debt as money owed by one party (debtor) to another party (creditor), including the obligation to repay money in connection with the following:

  • Loans
  • Credit card balances
  • Funding of the purchase of goods and/or services by a third party

According to the Visa Rules, the following are not treated as debt:

  • Lease payments where ownership of the goods does not automatically pass to the lessee at the end of the lease
  • Installment or delayed payment for the purchase of goods or services under terms provided to the cardholder by the seller of the goods or services

Additional Requirements 

For additional requirements, including changes for existing markets in Canada, Europe and the U.S. regions, as well as in Australia and New Zealand, refer to the October publication of Visa Rules found on Visa.com.

Global Dynamic Currency Conversion Compliance Programme Expands to Europe; International Transactions Guide Updated

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
26 OCT 2017

The Dynamic Currency Conversion Compliance Programme now includes European acquirers. The Visa Rules and the International Transactions Guide have been updated to provide additional information about regulations, best practices and compliance procedures.

Updated Processing Requirements for Business Application Identifier and Other Clarifications for Staged Digital Wallets

REGIONS: Europe
19 OCT 2017

Effective 13 April 2018, acquirers must send the value of “WT” in the business application identifier field in purchase transactions and Account Funding Transactions performed with staged digital wallets.

Delay in Compliance Action for Stored Credential Framework

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
17 OCT 2017

In the 1 September 2016 edition of the Visa Business News, Visa introduced new rules related to credential-on-file transactions, including merchant disclosure requirements and transaction identifier requirements went into effect for merchants and acquirers on 14 October 2017.

However, based on stakeholder feedback, and after assessing market readiness and taking into account the holiday season system freeze, Visa will extend the time to make the necessary system changes until 30 April 2018.

While the rule is still effective as of 14 October 2017, Visa will not take any compliance action or assess non-compliance assessments to non-compliant entities prior to 30 April 2018. Entities that comply with the rule by 30 April 2018 will not be required to submit a waiver request to Visa.

New Android-based Mobile Application Available for Convenient Test Card Creation

REGIONS: US, AP, Canada, CEMEA, LAC, Europe
12 OCT 2017

Visa has released a new Android-based mobile app that combines the ability to personalise chip test cards for various testing toolkits, including the Acquirer Device Validation Toolkit, Visa Contactless Device Evaluation Toolkit, Global Host Test Cards, and other specialised test cards. This new app requires the use of a mobile handset with near-field communication capability, as well as a Visa-supplied VMCP Utility Card.

This digest consists of summaries only and does not supersede or modify Visa Business News publications. Please contact your Acquirer for further information about any publications. Actual Visa Business News articles are not public materials and should not be treated as public documents e.g. posting on merchant website, etc.

The Visa Business News was launched to Europe clients on 11 August 2016. Prior to that, announcements were communicated via Visa Europe Member Letter.