Spring Visa Rule Changes: Part Two

Before we tackle part two or our blog series on the 891 page April 2022 Visa Core Rules document (see part one here), we want to make our intentions clear and talk about the elephant in the room. We’re publishing these blog posts with the hope that they’ll spark important conversations between merchant businesses, their acquirers, and processors. They’re not meant to replace those conversations, but to instead help merchants identify in advance how these changes impact their operations, site content, physical points of sale, and reporting, so they can direct those conversations efficiently.

For part two, we’ve broken out sets of changes in the Core Rules that we think are worth taking the time to dig into:

• Digital Authentication Framework (DAF) changes and liability shifts
• Other secure code and EMV-related changes
• Rules for issuers to ensure at least 99% of refunds are approved
• Canadian merchant requirement changes related to surcharge settlement
• Miscellaneous changes for specific merchant types or locations

Digital Authentication Framework Changes and Liability Shifts

In the October 2021 Core Rules, Visa announced a new liability shift based on issuer and merchant compliance with the Digital Authentication Framework (DAF) that would become effective in some regions on April 23, 2022. DAF is one component of a suite of changes that seek to standardize authentication methods and make card-not-present transactions (also known as card-absent transactions in the Core Rules) just as secure as chip, dip, or tap transactions. The liability shift occurs when the transaction is considered fully authenticated and authorized, and the participant is in line with the DAF performance requirements (and not excluded from eligibility because of MCC type or fraud warning programs). 

The April 2022 Core Rules don’t provide the full context of DAF. Instead, they provide updates to the program and outline the countries in which merchants and issuers aren’t yet eligible. At this time, merchants in Bangladesh, India, Japan, and Nepal, and issuers in the US, Bangladesh, India, Japan, and Nepal (with the addition of issuers and merchants in Japan in April 2023) can’t participate in DAF. The Core Rules also provide references to and descriptions of related Visa Programs that have their own guides, but these guides are not included in the Core Rules. 

If your merchant category code (MCC) is any of these, these liability shifts for invalid dispute rules unfortunately don’t apply to you:

• 7995 (Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting, and Wagers at Race Tracks)
• 5967 (Direct Marketing – Inbound Teleservices Merchant) 
• 6051 (Non-Financial Institutions – Foreign Currency, Non-Fiat Currency [for example: Cryptocurrency], Money Orders [not Money Transfer], Travelers Cheques, and Debt Repayment) 
• 6540 (Non-Financial Institutions: Stored Value Card Purchase/Load) 
• 4829 (Wire Transfer Money Orders) 
• 7801 (Government Licensed On-Line Casinos [On-Line Gambling]) 
• 7802 (Government-Licensed Horse/Dog Racing) 

If your MCC is not one of the ones listed above, and you process card-absent transactions and support 3D Secure or EMV 3DS, you may want to review the table in section 11.7.5.1 carefully to ensure this is part of your chargeback dispute process. To achieve liability shift now, you’ll need to have access to your authorization request and response data, and identify the card product type (some card products offer some additional protection from invalid disputes). 

We encourage merchants to do four important things related to this change:

1. Ensure you’re ready for 3DS 2.0 or higher come October 2022.
2. Ensure you don’t assume liability shift just because you requested and received a response for 3DS.
3. Review section 11.7 of the Visa Core Rules document and modify your dispute response policies and procedures accordingly.
4. Schedule a meeting to talk with Pagos Solutions about the benefits of a processor-agnostic network tokenization service like Toucan. 

Other Secure Code and EMV-Related Changes

Effective October 15, 2022—with the exception of the countries named above—if you’re not enabled to process ecommerce transactions using 3DS 2.0 and you’re identified by the Visa Fraud Monitoring Program, your merchant account will be subject to the High Risk MCC timeline outlined in section 10.4.5.2 (page 604) of Visa’s rules. Authorizations with 3DS 2.0 or higher will reduce potential for fraud and the potential for chargebacks, but do not guarantee a liability shift. If you’re on a fraud warning program, you can still be subject to chargebacks, also there are some fraud chargebacks where you may still be liable. 

Somewhat related, there are some upcoming changes in July 2022 for those acquirers who haven’t completed testing their physical POS devices to ensure they’re compatible with the Chip Interoperability compliance standards. These new standards essentially ensure that a merchant’s POS will support contactless payments, including mobile payment acceptance and chip-read transactions, and that all relevant data is correctly transmitted for use in processing. 

Rules for Issuers to Ensure at Least 99% of Refunds are Approved

Effective October 15, 2022, Visa will require issuers to maintain a minimum approval rate for credit transactions of 99% (optional for non-reloadable prepaid card issuers). To understand how this impacts you, just imagine if even 1% of your refunds were declined; how would this scenario play out for your customers, your customer operations, and your finance, tax, and accounting teams? 

This new change controls the volumes of potential declines, but merchants still need to ensure they are prepared to respond to a declined refund or a chargeback on a refund. Since April 2020, Visa has required merchants to obtain approval codes on refunds, yet many merchants don’t obtain these approval codes in real time; this shortcoming often results in avoidable operational costs due to inefficiency and a poor customer experience. This will be a topic of an upcoming blog, so be sure to follow Pagos Solutions on LinkedIn to receive alerts of all new blog posts.

Canadian Merchant Requirement Changes Related to Surcharge Settlement

Visa has announced 21 different rules changes that apply to merchants in the Canada Region who apply credit card surcharges on Visa cards or card products. Although the changes are not effective until October 6, 2022, you’ll need to start preparing now if you want to start applying these surcharges. Specifically, the changes require you to provide clear explanations of the surcharges, including:

• Notifications to your acquirer
• Notifications to cardholders as they enter your physical business and where they present their cards for payment (or point-of-transaction) 
• Written acknowledgement that you’re applying the charge—not Visa—and that it’s not higher than the merchant discount 
• Separate line items on transaction receipts for these fees, listed separately from other fees 

You’ll also need to make changes to your operational and potentially technical processes to ensure:

• The surcharge isn’t higher than PayPal or American Express, or more than 1% plus Visa’s average Interchange for transactions in Canada
• You only apply the surcharge to the final transaction amount (after discounts/rebates)
• When you refund a transaction, the surcharge is also refunded
• You don’t apply the surcharge to quasi-cash or purchase of travelers checks 
• You apply dynamic currency conversion amounts to the surcharge 

An issuer may file for compliance for the surcharge amount if the merchant has not followed the rules. If you are a merchant and receive a compliance chargeback for one of these complaints, you should carefully examine the rules, and your operations and technology because a single event can lead to multiple losses. The member does not have to suffer a loss and could begin monitoring for the observed violation. 

Miscellaneous Changes for Specific Merchant Types or Locations

The following changes are worth noting for specific types of merchants or businesses in specific locations:

• Merchants in Azerbaijan, Austria, Turkey, and Columbia should be aware of increases in the maximum amount allowed for Visa Easy Payment Service (VEPS) transactions effective October 15, 2022. The VEPS rules specified by merchant countries—mostly in the Latin America and Caribbean  (LAC) region—also had increases permitted effective April 23, 2022. Changes can be found in the tables beginning on page 442 of the Visa Core Rules. 
• If you’re a merchant who supports person-to-person payments and you haven’t noticed any changes in your customer experience after January 22, 2022, then your acquirer probably made all the required changes to rule #0030907 found in section 7.4.1.3, including preparing you to modify and keep your customers informed about the payment status of reversals of rejected Account Funding Transactions (AFT). 
• In the US Region, there are changes that apply to issuers and merchants who use Automated Fuel Dispensers (AFD). If you have a customer who recently fueled up, and within 2 hours attempted to purchase from you and was declined, it might be helpful to be aware of this increase in the authorization amount and the general hold time allowed to AFD merchants. 

Stay Tuned For More Changes 

Our final blog post in this series will be about one more interesting change to Visa’s rules: an update to section 10.3.1.4. regarding changes to data privacy. Keep an eye on the Pagos Blog for this final post or follow Pagos Solutions on LinkedIn for new post announcements!

We’ve provided the content in this blog post solely to inform and educate. Pagos doesn’t provide legal advice and this content shouldn’t be taken as such. You’re strongly encouraged to consult with your payments partners and legal teams before implementing any changes based on the content in this post.