We are providing important information from the Payment Brands regarding changes to operating rules, fees, compliance requirements and other industry updates that may impact your processing account. You’ll see recent and upcoming changes.
Sign Up For Payment Brand Alerts
We’ll continue to send you regular, ongoing reminders of upcoming changes. You may also subscribe below to be alerted any time new or updated information is published here.
Thank you for subscribing to Payment Brand Alerts. You will be notified of our next page update.
On April 15, 2023, Visa will no longer support value B in the Authorization Characteristics Indicator (ACI) field for token-based e-commerce transactions. Visa will reject submissions with this value.
Please visit our Developer Center for the complete specifications on ACI values.
Published February 15, 2023
On April 14, 2023, Visa will introduce their simplified Address Verification Service (AVS) result codes and retire codes that are not included on the following list.
Table – Visa Simplified Address Verification Result Codes
|
Value |
Description |
|
A |
AVS street address only (partial match) |
|
N |
AVS non-match |
|
R |
AVS indeterminate outcome (retry) |
|
U |
AVS unable to verify |
|
Y |
AVS full match |
|
Z |
AVS postal/zip code only (partial match) |
Published February 15, 2023
On January 1, 2023, the Republic of Croatia will adopt the euro as their official currency as they become the 20th member of the eurozone. The Croatian National Bank will set the fixed exchange rate of 7.53450 HRK to 1 EUR. All financial institutions in Croatia will start conducting payments and transactions in the euro.
For more information, please reach out to your J.P. Morgan relationship manager or client service representative.
Published December 12, 2022
Starting January 1, 2023, transactions going through the Jeanie network will be rerouted to NYCE. This will avoid declines as the network is retired.
Similarly, AFFN and CULIANCE network transactions have already been rerouted to the Fiserv network.
Published December 12, 2022
Mastercard has introduced Autofill Virtual Cards with the Mastercard Digital Enablement Service (MDES) to enhance the cardholder checkout experience. This functionality, which will increase security by reducing the impact of account data compromise events and allow for additional security measures, is currently in pilot for select credit card issuers, and will be available to all by the end of the first quarter of 2023.
Prior to this enhancement, cardholders could choose to have their account and expiration date stored for use on a merchant checkout page. Now, Autofill Virtual Cards will work by replacing a cardholder’s Primary Account Number (PAN) and Card Validation Code 2 (CVC2) with a Virtual Card as a token and Dynamic Token Validation Code (DTVC). The DTVC is then collected and used in the same manner as the 3-digit CVC2 found on the back of a physical card when cardholders transact via:
|
• Web browsers |
|
• Browser extensions |
|
• Applications (Apps) |
|
• Wallets |
Autofill Virtual Cards are already available, and you may start receiving and storing information gathered from them. This includes card numbers, which upon consent, may be used for customer-initiated and merchant-initiated e-commerce transactions in accordance with existing Mastercard rules, standards, and best practices, including:
|
• Don’t assume that the card number used in a browser guest-checkout transaction is the cardholder’s Primary Account Number (PAN); instead, leverage the Payment Account Reference (PAR), available in the authorization response, to associate all transactions related to an underlying cardholder account |
|
• Don’t store a card security code after authorization has been submitted |
Please assess if you are prepared to accept tokens for purchases. Stand by for opt-out instructions if you do not wish to accept tokens at this time.
Published December 12, 2022
On October 1, 2022, we stopped support for the existing Sierra Leone currency code SLL/694. All transactions including disputes, refunds, exceptions, and chargebacks using SLL/694 will be rejected.
Published November 3, 2022
Update: Visa is updating their dispute rules below (see I and IV).
Visa will update their dispute rules and language to improve the effectiveness and efficiency of the dispute process. The updates outlined below are effective for the pre-arbitration attempts processed in the following dispute-related areas on or after April 15, 2023:
I. Dispute Remedy for Dispute Condition 10.4: Other Fraud – Card-Not-Present Environment
You may remedy this dispute by providing all of the following as evidence:
|
• The same payment credential was used in two previous transactions that the issuer did not report as fraudulent activity to Visa and these transactions were processed 120–365 calendar days1 before the dispute processing date. |
|
|
• The device ID, device fingerprint or IP address and one or more of the following in both of the undisputed transactions are the same as the disputed transaction as applicable2 |
|
|
|
◦ Customer account/login ID |
|
|
◦ Delivery address |
|
|
◦ Device ID/device fingerprint |
|
|
◦ IP address |
Any combination of the credentials listed above can be provided if at least one of the two credentials is the device ID, device fingerprint or IP address. For example, the undisputed and disputed transactions have the same device ID and delivery address, the same IP address and login ID, or the same device fingerprint and IP address. If proper evidence is provided, the card issuer will not be allowed to continue the dispute.
Visa will no longer require evidence that merchandise or services were provided to support the compelling evidence in pre-arbitration.
II. Compelling Evidence Rules: Evidence of a Link to the Cardholder
You will be required to submit photographic or email evidence if you are attempting to prove a link between the cardholder and the person receiving the merchandise or services, or to prove that the cardholder disputing the transaction is in possession of the merchandise and/or is using the merchandise or services.
Examples of photographic evidence may include:
|
• Photos from the cardholder’s social media showing the cardholder using the merchandise or services |
|
• Snapshots of security footage taken at your location showing the cardholder taking possession of the merchandise |
|
• Photos taken during delivery of goods showing the cardholder receiving the merchandise |
Examples of email evidence may include:
|
• Email correspondence from the cardholder indicating the merchandise was received |
|
• Email from cardholder asking how to put items together, make it work, etc. |
III. Compelling Evidence Rules: Evidence of Prior Undisputed Transactions
Under Dispute Condition 10.4: Fraud – Card-Not-Present Environment, you may supply evidence that three or more of the following elements had been used in a previous undisputed transaction:
|
• Customer account/login ID |
|
• Delivery address |
|
• Device ID/device fingerprint |
|
• Email address |
|
• IP address |
|
• Telephone number |
IV. Use of Compelling Evidence for Airline-Related Transactions
Currently, under Dispute Condition 10.4: Other Fraud—Card-Absent Environment, acquirers (for all regions except Europe) may remedy a dispute by providing evidence that the cardholder’s name was included in the manifest for the departed flight, and that this name matches the cardholder’s name on the purchased itinerary. This remedy will apply to all regions for pre-arbitration attempts processed on or after 15 April 2023. The current language related to compelling evidence for Europe pre-arbitration attempts will be removed.
Please visit the Visa Compelling Evidence FAQs for more information.
1. This does not apply if the other undisputed transactions were original credit transactions.
2. The same date elements must match across both undisputed transaction and the disputed transaction.
Updated January 13, 2023
Published September 27, 2022
Effective November 1, 2022, Visa is introducing new requirements for the use of sensory branding in e-commerce and digital payment experiences which includes the Visa brand animation, the Visa brand sound, and the Visa brand haptic.
Payment experiences in scope for the Visa Sensory Branding requirements include, but are not limited to, those involving e-commerce, transit, Connected Commerce and Internet of Things (IoT) devices, wearables, digital wallets and person-to-person (P2P) apps. Payment experiences involving digital point-of-sale, such as Tap to Phone, are also in scope.
More information can be found in the Visa Digital Brand Requirements, available on visa.com.
Please contact your third-party wallet application provider to integrate the new Visa Sensory Branding requirements into your payment experiences.
Published July 13, 2022
On October 14, 2022, Visa will classify mobile device and application-based e-commerce AFTs containing a payment token and valid token cryptogram – or token authentication verification value (TAVV) – as secure electronic commerce transactions. These AFTs will be assigned the electronic commerce indicator value of 5 (secure electronic commerce transaction).
Published September 27, 2022
On October 14, 2022, Visa will reclassify certain cardholder-initiated transactions, performed using credential-on-file tokens, as secure electronic commerce transactions1 with electronic commerce indicator (ECI) value of 05. Please refer to the following transaction criteria:
|
• Card is issued in Asia Pacific, Europe, Latin America and Caribbean, or Central Europe, Middle East and Africa region |
|
• Token Authentication Verification Value is included in the authorization request and validated by the Visa Token Service |
|
• Token type is credential-on-file |
|
• Token requestor-token service provider is Apple Inc. |
Visa is making this reclassification based on the low levels of fraud observed on these transactions. Visa will monitor these transactions regularly to ensure low fraud rates are maintained. If the low fraud rates are not maintained, Visa will discontinue providing the ECI value of 05 for the transactions following the criteria mentioned above.
1. Cardholder authentication verification value (CAVV) data is not required for the authorization to qualify as a secure electronic commerce transaction.
Published September 27, 2022
On October 14, 2022, Mastercard will introduce a new indicator to specify cardholder-initiated transaction (CIT) or merchant-initiated transaction (MIT) within dual message system and single message system transaction requests, and optional in the clearing messages. Additionally, Mastercard is sub-classifying recurring transactions into subscription-based (fixed amount and frequency) and standing order (variable amount and fixed frequency) transactions.
We encourage you to visit our Developer Center for the complete specifications of CIT and MIT indicators to maximize the benefits of increased approval rates, reduced customer costs with transaction declines and improved real-time decision making.
The changes will not impact merchants that do not process recurring transactions.
Published September 27, 2022
On October 14, 2022, Mastercard will update the Mastercard Authorization Optimizer, which provides assistance when authorization requests are declined. The Mastercard Authorization Optimizer:
|
• Is limited to card-not-present declines |
|
• Excludes mail and telephone order transactions |
|
• Only pertains to transactions processed on the Mastercard network |
Seven new merchant advice codes will be introduced for insufficient fund decline responses, as shown in the table below. These values are provided to advise merchants when to resubmit the transaction for approval.
Table – Merchant Advice Codes
|
Merchant Advice Code |
Recommendation |
|
24 |
Retry after 1 hour |
|
25 |
Retry after 24 hours |
|
26 |
Retry after 2 days |
|
27 |
Retry after 4 days |
|
28 |
Retry after 6 days |
|
29 |
Retry after 8 days |
|
30 |
Retry after 10 days |
Published September 27, 2022
On October 14, 2022, Mastercard will include all processing days in the calendar week for timeliness enforcement, which will reduce the time between authorization and clearing of a transaction. With this change, Sunday will be counted in determining timeliness for interchange qualification purposes.
For some interchange programs, Mastercard requires a certain number of days or timeliness between authorization and clearing. If timeliness is not met according to their current rules, it could result in timeliness-related rejects or downgrades of some interchange programs.
Published September 27, 2022
American Express revised their policy on the use of alternate Merchant Category Codes (MCC) for declined transactions. Altering an MCC to resubmit a transaction that was previously declined by American Express is strictly prohibited and may be assessed a non-compliance fee as shown below.
Table – American Express Merchant Acquiring Non-Compliance Fee
|
Instance of Violation |
Fee Assessment |
|
First Violation |
Warning letter with specific date and action for correction |
|
Second Violation of the same policy regulation within a 12-month period after notification of the first violation |
Up to $50,000 |
|
Third and all subsequent violation of the same policy regulation within a 12-month period after notification of the first violation |
Up to $100,000 |
Published September 27, 2022
On October 14, 2022, American Express OptBlue will update their ECV thresholds as outlined in the table below. This is for your information only and no actions are required.
Table – American Express OptBlue ECV Program Limits
|
Industry Category |
ECV Program Limit |
|
|
Rolling 3 months |
Rolling 12 months |
|
|
B2B/Wholesale |
$100,000 |
$1,000,000 |
|
Charity |
No Threshold |
No Threshold |
|
Education |
No Threshold |
No Threshold |
|
Emerging Markets |
$100,000 |
$1,000,000 |
|
Government |
No Threshold |
No Threshold |
|
Healthcare |
No Threshold |
No Threshold |
|
Insurance |
No Threshold |
No Threshold |
|
Online Gambling |
No Threshold |
No Threshold |
|
Other |
$100,000 |
$1,000,000 |
|
Residential Rent |
No Threshold |
No Threshold |
|
Restaurant |
$100,000 |
$1,000,000 |
|
Retail |
$100,000 |
$1,000,000 |
|
Services & Professional Services |
$100,000 |
$1,000,000 |
|
Travel & Entertainment |
$100,000 |
$1,000,000 |
|
Utilities |
No Threshold |
No Threshold |
Published September 27, 2022
On October 20, 2022, SHAZAM will be introducing a new Capability of Terminal (DE 22, Position 1) value 9 (Contact and Contactless Chip Read Capabilities). This will better communicate the capabilities of the terminal that initiates the transaction which will provide more accurate information to the issuing banks.
You are required to pass the appropriate Data Entry Source (DES) values for all transactions.
Please visit our Developer Center for the complete specifications required to indicate if your terminals support both contact and contactless chip read capabilities.
Published September 27, 2022
On October 15, 2022, CULIANCE will reduce the timeframe a terminal participant may submit an adjustment request. Adjustment requests may be submitted 1 to 45 days from the original transaction settlement date.
Published September 27, 2022
Armed Forces Financial Network (AFFN) has reduced their representment timeframe, to dispute previously sent chargebacks, to 30 calendar days from the original chargeback date.
Published September 27, 2022
Discover is clarifying that JCB and UnionPay are equally supported by their network. You are expected to apply practices that employ equal and favorable treatments to any issuer and/or cards operating on the Discover network, including the brands mentioned.
Please visit our Payment Portal to obtain designated JCB and UnionPay BINs.
Published September 27, 2022
Starting October 15, 2022, Visa will expand Dispute Condition 13.3 – Not as Described or Defective Merchandise/Services. Disputes will no longer be subject to the Travel & Entertainment (T&E) $25 or local currency equivalent minimum dispute amount when a travel agency using a Visa Commercial Card Virtual Account has a contractual agreement with a T&E merchant that covers the terms for specified services, and either:
|
· The merchant failed to honor the contractual agreement, or · The services provided by the merchant to the virtual account holder were not as described in the contractual agreement. |
In addition, the dispute right that currently applies only to lodging merchants or vehicle rental merchants will now apply to all T&E merchants.
Published July 13, 2022
Effective October 18, 2022, Mastercard is transitioning all customers to EMV 3DS Directory Server v2.2.0, which promotes frictionless cardholder authentication during checkout.
Mastercard will continue to support 3DS v2.1.0 transactions on the Mastercard Authentication Network until October 18, 2022. The 3DS v2.1.0 decommission will begin at 12 p.m. Central Time.
Published July 13, 2022
Discover has increased the threshold for Automated Fuel Dispenser (AFD) transactions from $125 to $175.
Published July 13, 2022
Update: The full rollout of the Visa Token Service (VTS) for U.S. cardholders will be in Q1 2023. Make sure your business is prepared to accept tokens for transactions submitted through a web browser, or email us with your information (please see below) at [email protected] to opt out now.
For more information on the VTS functionality, you may refer to the below resources:
Visa is introducing their Visa Token Service (VTS) to web browsers for improved security and consumer
experience on card-not-present (CNP) transactions.
Merchants could begin seeing tokenized transactions within Google Chrome as early as June 21, 2022, when Visa begins limited testing with the Google Chrome browser.
Visa and Google Chrome plan to gradually introduce the VTS functionality beginning August 2022 for CNP transactions made in the Google Chrome browser including mobile devices.
Prior to this integration, cardholders could choose to have their account and expiration date stored for use on a merchant checkout
page.
The integration between Visa and Google Chrome will allow purchases to use a token, which converts the account number and expiration date into a separate, new value with a dynamically generated Token Verification Value (DTVV).
The DTVV is collected and used in the same manner as the 3-digit Cardholder Verification Value (CVV2) found on the back of a physical card.
The token autofill feature is automatically enabled for all merchants.
Please assess if your business is prepared to accept a token for purchases.
No additional action is required if your business is ready to accept tokens for transactions made through a browser.
If your business is not ready, you can opt out and opt back into the Visa token web browser autofill process by providing the
following information to one of the email addresses noted below:
|
• Merchant name(s) |
|
|
• Merchant URL(s) for their web pages that include payment credential entry forms |
|
|
• Merchant App Package/Bundle ID(s), if applicable |
|
|
|
◦ An Android or iOS application ID; similar in format to a URL
|
|
|
◦ This information is only required if you have an app that cardholders use on their
mobile device for purchases |
|
• Merchant Token Requestor ID(s) (TRIDs), if applicable |
|
The above information must be provided via email to opt back into the service.
Email us at [email protected] to opt out/in of this process.
Updated December 12, 2022
Published June 15, 2022
While the use of Address Verification Service (AVS) on all AFD transactions is highly encouraged to mitigate fraud, Visa is no longer requiring the AVS zip code information to be included in all AFD authorization messages in areas identified as high-fraud geographies.
Published June 15, 2022
Effective July 1, 2022, NYCE will make the Address Verification Service optional for PINless POS transactions, and zip code data will no longer be required at Automated Fuel Dispensers.
Published June 15, 2022
Starting October 15, 2022, Visa will no longer support 3-D Secure (3DS) 1.0.2 and related technology. 3DS 1.0.2 transactions attempted after this date will fail and must be submitted as non-authenticated (ECI 7) transactions. Merchants must migrate to 3DS 2 prior to October 2022.
Please visit our Developer Center for the complete specifications required to migrate to 3DS 2 to continue to receive liability protection after October 2022.
Published April 14, 2022
Beginning June 7, 2022, Mastercard will validate Digital Secure Remote Payment (DSRP) cryptograms when present in e-commerce cardholder-initiated transactions (CIT) and merchant-initiated transactions (MIT). Reusing the same DSRP cryptogram across CITs and MITs will result in the transaction getting declined as replayed attempts. These changes will allow Mastercard to further strengthen the security and integrity of your e-commerce transactions.
On April 22, 2022, Discover will revise its trademark use and marketing guidelines. To see the latest requirements, please refer to the Brand Guidelines document available in discoversignage.com
On April 22, 2022, Visa will introduce the Visa Secure Credential Framework. This framework concerns the retaining and returning of Additional Token Response Information to identify transactions eligible for token services. The token program value that you will receive from the authorization should be retained and returned when clearing and reversing transactions.
Further details on this will be communicated in the Developer Center closer to the effective date.
Starting April 22, 2022, Discover will enable you to include the Network Reference ID (NRID) from the original card sale in the return authorization. This will allow issuing banks easier transaction matching to reduce fraud.
Please visit our Developer Center for the complete specifications required on return authorizations.
On April 22, 2022, Discover will update the transaction tolerance level for merchant category codes (MCC) 5300 (warehouse clubs) and 5411 (supermarkets). Any difference between the card sale amount in the sales data and the amount approved in the authorization response must be within the new transaction tolerance level.
Table – Transaction Tolerance Level
|
Current Transaction Tolerance Level |
New Transaction Tolerance Level |
|
+/-10% |
+/-15% |
On April 22, 2022, Mastercard will revise its chargeback standards with maximum timeframes to dispute "Goods or Services Not Provided or Not as Described" or "Credit Not Processed" transactions for certain travel and entertainment (T&E) merchant category codes (MCC).
Table 1 – Timeframes for "Service Not Provided" or "Credit Not Processed" Chargeback Disputes*
|
Transaction Type |
Chargeback Dispute Timeframe |
|
Transactions using card issued in either Canada or US at a merchant located in Canada or US |
· Within 120 calendar days from original delivery or performance date by the merchant
|
|
All other transactions |
· Within 120 calendar days from the latest anticipated delivery or performance date specified by the merchant
|
* See Table 2 below for MCCs this change applies to.
Table 2 – Impacted T&E Merchants of the Revised Chargeback Dispute Timeframes
|
MCC |
Merchant Category |
|
3000 – 3350, 4511 |
Airlines and Air Carrier |
|
3351 – 3500, 7512 |
Car Rental Agencies |
|
4411 |
Cruise Lines |
|
3501 – 3999, 7011 |
Lodging – Hotels, Motels, Resorts |
|
7519 |
Motor Home and Recreational Vehicle Rental |
|
6513 |
Real Estate Agents and Managers-Rentals |
|
7922 |
Theatrical Producers, Ticket Agencies (excluding Motion Picture) |
|
4722 |
Travel Agencies and Tour Operators |
Visa has now expanded the U.S. Debt Repayment Incentive Interchange Program to allow auto lenders to process auto lease and loan payments. Auto lenders registered in the program may also be eligible to receive incentive interchange for auto lease payments made with exempt consumer Visa debit and prepaid cards.
Debt repayment transactions processed with Visa small business debit or prepaid cards do not qualify for the incentive interchange program. Participating merchants in this program must not accept Visa credit or commercial credit cards for debt repayment transactions.
Update: Visa has confirmed that all affected merchants, see Table 1, are required to support this initiative by October 2023; extensions will no longer be granted.
On April 22, 2022, Visa will introduce enhancements in the fleet product platform as part of the Visa Fleet 2.0 initiative. This initiative introduces new Visa chip requirements that are based on both International Forecourt Standards Forum (IFSF) and Conexxus industry standards1 for purchase restrictions and prompting information.
Fuel merchant category codes (MCC) are required to support the Fleet 2.0 initiative as shown in Table 1. Highlighted below are key changes in this initiative:
Table 1 – Fuel MCCs Required to Support Fleet 2.0 Initiative
|
MCC |
Merchant Description |
|
4468 |
Marinas, Marine Service, and Supplies |
|
5541 |
Service Stations (C-Stores) - with or without Ancillary Services |
|
5542 |
Automated Fuel Dispensers |
|
5499 |
Miscellaneous Food Stores – Convenience Stores and Specialty Markets |
|
5983 |
Fuel Dealers – Fuel Oil, Wood, Coal, and Liquefied Petroleum |
Table 2 – Visa Fleet Card BIN Ranges
|
448544-448547 |
448466 |
48540–448541 |
461472–461479 |
|
448550–448551 |
448470–448471 |
448621 |
461482–461485 |
|
448553–448555 |
448473–448475 |
448623–448625 |
461487–461499 |
|
448558–448559 |
448477 |
448628–448629 |
471562 |
|
448561–448563 |
448483 |
448631-448663 |
480701–480704 |
|
448565–448569 |
448489–448492 |
448665-448674 |
480706–480849 |
|
448571–448576 |
448494–448498 |
448676–448680 |
480851–480853 |
|
448581–448582 |
448500–448501 |
448682–448686 |
480855–480856 |
|
448584–448586 |
448503–448505 |
448689–448699 |
480859 |
|
448588–448589 |
448507–448508 |
461400 |
480861–480864 |
|
448593–448597 |
448510 |
461402–461410 |
480866 |
|
448599–448601 |
448513–448514 |
461412–461421 |
480869 |
|
448603–448610 |
448518–448521 |
461423–461425 |
480871–480874 |
|
448613–448614 |
448525 |
461430–461435 |
480876 |
|
448616–448619 |
448528–448532 |
461437–461459 |
480878–480899 |
|
448462–448464 |
448535–448538 |
461461–461468 |
|
In addition to fleet BINs, a new EMV tag will be present on Fleet 2.0 chip cards that can be used to identify a Fleet card.
Please visit our Developer Center for the detailed specifications.
Chase is also in the process of adding new Visa Fuel & Non-Fuel product codes, refer to the specification documents for details.
1. International Forecourt Standards Forum (IFSF) of international petroleum retailers has a common objective of harmonization of equipment interconnectivity and communication standards for use in Petroleum Retail. Conexxus is a non-profit, member-led technology organization that focuses on the development and implementation of standards, technologies innovation and advocacy for the convenience store and petroleum market.
2. Not mandatory for transactions containing non-fuel items only, provided all the data is present in the authorization message itself.
Updated December 12, 2022
Published March 21, 2022
Starting April 22, 2022, Visa will reclassify certain cardholder-initiated transactions, using device-based tokens, as electronic commerce indicator (ECI)1 value of 05 based on the following conditions:
If you offer recurring payment billing, you are expected to:
Visa is making this reclassification based on the low levels of fraud that are observed on these transactions. Visa will monitor these transactions regularly to ensure low fraud rates are maintained. If the low fraud rates are not maintained, Visa will discontinue providing the ECI value of 05 for device-based tokenized transactions.
Please visit our Developer Center for more information on the technical specifications.
1 ECI value is returned in the authorization response when submitting a transaction for clearing to receive fraud liability protection.
On April 23, 2022, Visa is introducing the performance requirements to enhance the Digital Authentication Framework. This requires global fraud rates and monthly fraud amounts to be below the threshold outlined below.
Fraud will be measured separately for transactions processed through the Visa Token Service or Visa Secure using EMV 3DS. Identification in the fraud program is based on an "AND" condition when both thresholds are exceeded.
|
Fraud Rate |
Monthly Fraud Amount |
|
0.10% |
$100,000 USD |
The following conditions will apply when a merchant exceeds both thresholds outlined above.
Table 2 – Conditions When Thresholds are Exceeded
|
Period |
Condition/s |
|
Month 1: Notification |
• Merchants will be contacted and acquirers will be sent an advice for their merchants when program thresholds have been exceeded in the previous month. |
|
Month 2 – 5: Monitoring Period |
• Merchants retain fraud dispute protection on DAF transactions during the Monitoring Period but are expected to show progress on reducing fraud if they want to maintain fraud dispute protection. • If fraud falls below the thresholds during the Monitoring Period, the merchant will exit the Monitoring Period. |
|
Month 6 and beyond: Enforcement Period (including loss of fraud dispute protection) |
• Enforcement applies when fraud exceeds both thresholds for 5 consecutive months. • A merchant may exit the Enforcement Period and regain fraud dispute protection by demonstrating three consecutive months of global fraud performance below the re-entry fraud rate threshold on all e-commerce transactions. The re-entry fraud rate is two times the fraud rate threshold (i.e., 20 bps). |
Update: Mastercard added communication requirements for account management capabilities to their merchant standards for subscription billing including subscription cancellation (see the third, fourth, and sixth bullets below). Guidance for not-for-profit or charity merchants has also been added.
On September 22, 2022, Mastercard will update requirements for their subscription/recurring payments model. This change promotes transparency for cardholders and the prevention of disputes on transactions where the cardholder has agreed for the merchant to provide ongoing and/or periodic delivery of physical products or digital goods.
If you offer recurring payment billing, you are expected to:
|
• Disclose the subscription terms simultaneously with a request for card credentials including the price that will be billed and the frequency of the billing (for example, “You will be billed $9.95 per month until you cancel the subscription.”). If you utilize a negative option billing model, you must disclose the terms of the trial including any initial charges, the length of the trial period, and the price and frequency of the subsequent subscription (for example, “You will be billed $2.99 today for a 30-day trial. Once the trial ends, you will be billed $19.99 each month thereafter until you cancel.”). |
|
• Clearly and prominently display the subscription terms on any payment and order summary webpages and capture a cardholder’s affirmative acceptance of the subscription terms before the subscription order.1 |
|
• Promptly send a subscription order confirmation to the cardholder through an email message or other electronic communication method that includes the subscription terms. The confirmation message must include or provide access to instructions for account management capabilities, including instructions for cancelling the subscription (and thereby withdrawing permission for any subsequent payment transactions). |
|
• Provide the cardholder with a transaction receipt through an email message or other electronic communication method that includes the amount and reason for the billing and provides access to instructions for account management capabilities, including cancelling the subscription (and thereby withdrawing permission for any subsequent recurring payment transactions) and an opt-out for receiving these notices. |
|
• Provide an online or electronic cancellation method (similar to unsubscribing from email messages or any other electronic method) or clear instructions on how to cancel that are easily accessible online (such as a “Manage Subscription” or “Cancel Subscription” link on the merchant’s home page). |
|
• Send an electronic reminder to the cardholder at least seven days prior to the next billing date that includes the subscription terms and provides access to instructions for account management capabilities, including instructions for cancelling subscription for any subscription where the billing frequency is every six months (180 days) or less frequently (e.g. cardholder is billed every six months, every year, every two years, etc.). The communication must clearly reference in the subject line that it relates to upcoming charges to the cardholder (for example, “Important Information About Upcoming Charges to Your Account”) and the message must be distinct from marketing communications that are otherwise sent to the cardholder. |
Not-for-profit or charity merchants: The standards above are only best practice recommendations for any not-for-profit or charity merchants that use a recurring payment plan. These standards become requirements when a not-for-profit or charity merchant that uses a recurring payment plan is identified for four months or more in the existing Acquirer Chargeback Monitoring Program (ACMP) as an Excessive Chargeback (ECM), a High Excessive Chargeback Merchant (HECM) and/or an Excessive Fraud Merchant (EFM) within the same audit period.
Please visit this page for more information on the ACMP.
1. Applies to e-commerce merchants
Updated January 13, 2023
Published March 21, 2022
Update: We are changing the effective date of the Mastercard Merchant Standards for Negative Option Billing from March 21, 2022 to September 22, 2022.
On September 22, 2022, Mastercard will update its requirements for negative option billing model. The change promotes transparency to cardholders and prevention of disputes on transactions that are initiated by an agreement between the cardholder and the merchant whereby the cardholder agrees to receive from the merchant a sample of the product or services (either complimentary or at a nominal price) for a trial period. The sample may be larger, equal to, or smaller than the product provided by the merchant during the subscription period.
After the trial period has expired, the cardholders previously-provided account credentials may be used to submit transactions on a recurring basis each time the product is shipped, delivered, or otherwise made available to the cardholder, until either:
The following standards below apply to recurring payment transactions associated with negative option billing merchants offering digital goods or services:
* Note: After the cardholder has provided consent, the merchant may not change this date; however, a later payment date may be offered by the merchant prior to consent, if the authorization request results in a declined response from the issuer due to insufficient funds in the cardholder's Account.
Updated November 3, 2022
Published March 21, 2022
Starting February 17, 2022, Mastercard will only require cardholder verification methods (CVM) on contactless transactions amounting to US$100 and above at AFDs. This change will help facilitate faster checkouts and stay true to the tap-and-go experience.
If you have contactless terminals at an AFD, you should update the CVM transaction limit to $100 or less.
Mastercard started a monitoring program for the necessary presence of Tag 84 (Dedicated File Name) in Field 55 (Chip EMV Data) for all chip authorization and deposit/clearing messages.
Please make sure to submit Tag 84 in Field 55 for all chip authorization deposit/clearing (submission) messages.
Published September 27, 2022
The information herein includes summaries of select changes, and the changes summarized here are subject to modification by Visa®, Mastercard®, American Express®, and Discover®® at any time. This document was prepared for informational use only and does not substitute for Visa®, Mastercard®, American Express®, and Discover® release documentation, or as a substitute for technical/coding specifications. Should there be a conflict between the information contained herein and the actual Visa®, Mastercard®, American Express®, and Discover® release documentation or technical/coding specifications, the latter will govern. To ensure you are aware of all requirements applicable to you, the merchant, review all documentation in its entirety. Information in this document has been obtained from sources believed to be reliable, but neither J.P. Morgan nor any of its affiliates warrant the completeness or accuracy of the information contained herein. If you have franchisees or sub-merchants, they may not be receiving payment brand updates from us. You are responsible for communicating these financial impacts and process changes to your franchisees or sub-merchants.
|
© JPMorgan Chase & Co. Member FDIC. All rights reserved. The statements herein are confidential and proprietary and not intended to be legally binding. Not all products and services are available in all geographical areas. Visit jpmorgan.com/paymentsdisclosure for further disclosures and disclaimers related to this content. |