Before we tackle part two or our blog series on the 891 page April 2022 Visa Core Rules document (see part one here), we want to make our intentions clear and talk about the elephant in the room. We’re publishing these blog posts with the hope that they’ll spark important conversations between merchant businesses, their acquirers, and processors. They’re not meant to replace those conversations, but to instead help merchants identify in advance how these changes impact their operations, site content, physical points of sale, and reporting, so they can direct those conversations efficiently.
For part two, we’ve broken out sets of changes in the Core Rules that we think are worth taking the time to dig into:
In the October 2021 Core Rules, Visa announced a new liability shift based on issuer and merchant compliance with the Digital Authentication Framework (DAF) that would become effective in some regions on April 23, 2022. DAF is one component of a suite of changes that seek to standardize authentication methods and make card-not-present transactions (also known as card-absent transactions in the Core Rules) just as secure as chip, dip, or tap transactions. The liability shift occurs when the transaction is considered fully authenticated and authorized, and the participant is in line with the DAF performance requirements (and not excluded from eligibility because of MCC type or fraud warning programs).
The April 2022 Core Rules don’t provide the full context of DAF. Instead, they provide updates to the program and outline the countries in which merchants and issuers aren’t yet eligible. At this time, merchants in Bangladesh, India, Japan, and Nepal, and issuers in the US, Bangladesh, India, Japan, and Nepal (with the addition of issuers and merchants in Japan in April 2023) can’t participate in DAF. The Core Rules also provide references to and descriptions of related Visa Programs that have their own guides, but these guides are not included in the Core Rules.
If your merchant category code (MCC) is any of these, these liability shifts for invalid dispute rules unfortunately don’t apply to you:
If your MCC is not one of the ones listed above, and you process card-absent transactions and support 3D Secure or EMV 3DS, you may want to review the table in section 11.7.5.1 carefully to ensure this is part of your chargeback dispute process. To achieve liability shift now, you’ll need to have access to your authorization request and response data, and identify the card product type (some card products offer some additional protection from invalid disputes).
We encourage merchants to do four important things related to this change:
Effective October 15, 2022—with the exception of the countries named above—if you’re not enabled to process ecommerce transactions using 3DS 2.0 and you’re identified by the Visa Fraud Monitoring Program, your merchant account will be subject to the High Risk MCC timeline outlined in section 10.4.5.2 (page 604) of Visa’s rules. Authorizations with 3DS 2.0 or higher will reduce potential for fraud and the potential for chargebacks, but do not guarantee a liability shift. If you’re on a fraud warning program, you can still be subject to chargebacks, also there are some fraud chargebacks where you may still be liable.
Somewhat related, there are some upcoming changes in July 2022 for those acquirers who haven’t completed testing their physical POS devices to ensure they’re compatible with the Chip Interoperability compliance standards. These new standards essentially ensure that a merchant’s POS will support contactless payments, including mobile payment acceptance and chip-read transactions, and that all relevant data is correctly transmitted for use in processing.
Effective October 15, 2022, Visa will require issuers to maintain a minimum approval rate for credit transactions of 99% (optional for non-reloadable prepaid card issuers). To understand how this impacts you, just imagine if even 1% of your refunds were declined; how would this scenario play out for your customers, your customer operations, and your finance, tax, and accounting teams?
This new change controls the volumes of potential declines, but merchants still need to ensure they are prepared to respond to a declined refund or a chargeback on a refund. Since April 2020, Visa has required merchants to obtain approval codes on refunds, yet many merchants don’t obtain these approval codes in real time; this shortcoming often results in avoidable operational costs due to inefficiency and a poor customer experience. This will be a topic of an upcoming blog, so be sure to follow Pagos Solutions on LinkedIn to receive alerts of all new blog posts.
Visa has announced 21 different rules changes that apply to merchants in the Canada Region who apply credit card surcharges on Visa cards or card products. Although the changes are not effective until October 6, 2022, you’ll need to start preparing now if you want to start applying these surcharges. Specifically, the changes require you to provide clear explanations of the surcharges, including:
You’ll also need to make changes to your operational and potentially technical processes to ensure:
An issuer may file for compliance for the surcharge amount if the merchant has not followed the rules. If you are a merchant and receive a compliance chargeback for one of these complaints, you should carefully examine the rules, and your operations and technology because a single event can lead to multiple losses. The member does not have to suffer a loss and could begin monitoring for the observed violation.
The following changes are worth noting for specific types of merchants or businesses in specific locations:
Our final blog post in this series will be about one more interesting change to Visa’s rules: an update to section 10.3.1.4. regarding changes to data privacy. Keep an eye on the Pagos Blog for this final post or follow Pagos Solutions on LinkedIn for new post announcements!
We’ve provided the content in this blog post solely to inform and educate. Pagos doesn’t provide legal advice and this content shouldn’t be taken as such. You’re strongly encouraged to consult with your payments partners and legal teams before implementing any changes based on the content in this post.