Visa news update for 2022

Visa news update for 2022

Visa news

Welcome to second news update for 2022, this time focusing on Visa.

Sunset for 3DSecure Version 1

Effective 15 October 2022, Visa will discontinue support of 3-D Secure 1.0.2 and related technology.

Restrictions on Standing Instruction MITs Related to Card-on-File Tokens

In an effort to optimize the merchant-initiated transaction (MIT) framework, Visa will restrict token-originated standing instruction MITs to card-on-file tokens only.

Standing instruction MITs are transactions that address pre-agreed instructions from cardholders for the provision of goods and services and are performed as follow-ups to a cardholder-initiated transaction (CIT).

Other than by using primary account numbers (PANs), a popular method to initiate a standing instruction MIT is done by the merchant accepting a token payload provided by a digital wallet. Effective with the October 2022 VisaNet Business Enhancements release, Visa will restrict standing instruction MITs initiated by tokens to card-on-file (COF) tokens only. This change is being implemented in order to optimize the MIT framework and enhance security. COF tokens are domain-restricted to the merchant and provide a higher level of security and better
visibility of the end-merchant to the issuer.

The following standing instruction MITs that are initiated by tokens will be impacted by this change:

• Installment payment transactions: A transaction in a series of transactions that use a stored credential and that represent a cardholder agreement for the merchant to initiate one or more future transactions over a period for a single purchase of goods or services. These transactions are identified with the value “I” in POS Environment Field 126.13.
• Recurring payment transactions: A transaction in a series of transactions that use a stored credential and that are processed at fixed, regular intervals (not to exceed one year between transactions), representing a cardholder agreement for the merchant to initiate future transactions for the purchase of goods or services provided at regular intervals. These transactions are identified with the value “R” in POS Environment Field 126.13.
• Unscheduled COF transactions: A transaction using a stored credential for a fixed or variable amount that does not occur on a scheduled or regularly occurring transaction date, where the cardholder has provided consent for the merchant to initiate one or more future transactions. These transactions are identified with the value “C” in POS Environment Field 126.13.

Acquirers should advise their merchants to prepare for this upcoming requirement. Merchants are advised to work with their payment providers to initiate the process toward supporting merchant COF tokens.

Tokens will continue to be supported for CITs and industry-standard MITs as usual.

Visa Guidance to Guard Against Enumeration Attacks and Account Testing Schemes

Visa is reminding clients to maintain adequate controls to swiftly detect and block enumeration attacks and account testing schemes. While 3DSecure is an effective block of enumeration attacks failure to block enumeration attacks will leads to traffic overload on 3DSecure systems which associated costs.

Visa provides an excellent guide on mitigating these attacks at the link below:

https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-guidance-to-guard-against-enumeration-attacks.pdf