On This Page

Audience and Purpose

This April mandates document informs acquirers, merchants, and customer-facing teams of mandate updates that are planned for April 2024.

Recent Revisions to This Document

26.05.01

Mastercard Transaction Link Identifier: updated the transaction link identifier character length from 36 to 22 characters.

24.04.01

Initial release.

Payment Mandates

Contact PMPayment-cybs@visa.com for questions about payment mandates.

Anticipated Amount

Effective date:
April 12, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
Authorizations
Feature
As of April 12, 2024,
Cybersource
 is enabling merchants to send the anticipated amount for a transaction when merchants process an
account verification
 request, also known as a
zero amount authorization
 request. With this information included in the authorization request, the customer's bank can confirm the available funds for a future transaction of the specified amount.
Merchants
Merchants can include this optional field in a zero amount authorization request:
  • REST API:
    orderInformation.amountDetails.anticipatedAmount
  • SCMP API:
    anticipated_amount
  • Simple Order API:
    purchaseTotals_anticipatedAmount

Customer-Initiated and Merchant-Initiated MOTO Tokenized Requests

Effective date:
April 12, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
Authorizations
Feature
As of April 12, 2024, Visa is requiring that acquirers who process tokenized
Mail Order or Telephone Order
 (MOTO) transactions with a Mastercard, support the required fields and values. These values are listed in the
Credentialed Transactions Developer Guide
 for customer-initiated transactions (CITs) and merchant-initiated transactions (MITs). These token types are affected:
  • Cloud token
  • Secure element token
  • Static token
Merchants
Merchants who process customer-initiated transactions (CITs) and merchant-initiated transactions (MITs) must support the required fields and values listed in the
Credentialed Transactions Developer Guide
. For more information about processing CITs and MITs with tokens, see:

EMV 3-D Secure 2.1.0 Support Ending

Effective date:
September 25, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
  • Authorization request
Feature
As of September 25, 2024, EMV 3-D Secure 2.1.0 will no longer be supported. In the API fields below, merchants must not use the value
2.1.0
, which signifies that EMV 3-D Secure 2.1.0,was used to authenticate the transaction. Before support for EMV 3-D Secure 2.1.0 ends, merchants must complete any work necessary to support EMV 3-D Secure 2.2.0.
Merchants
Merchants must use the
2.2.0
 value or later in this field in an authorization request message:
  • REST API:
    consumerAuthenticationInformation.paSpecificationVersion
  • SCMP API:
    pa_specification_version
  • Simple Order API:
    ccAuthService_paSpecificationVersion

EMV 3-D Secure for Standing Instruction Merchant-Initiated Transactions

Effective date:
April 12, 2024
Processor:
Visa Platform Connect
Regions:
All
As of April 12, 2024, Visa is requiring that acquirers who process payments using the EMV 3-D Secure specifications support the fields and values for standing instruction merchant-initiated transactions (MITs) that are processed by the Visa Secure Digital Authentication Framework. The MIT standing instruction fields and values are documented in the
Credentialed Transactions Developer Guide
 for these types of requests:
  • Installment Payments
  • Mastercard Standing Order Payments
  • Mastercard Subscription Payments
  • Recurring Payments
  • Unscheduled COF Payments
Merchants
Merchants processing customer-initiated transactions (CITs) and merchant-initiated transactions (MITs) must support and send the required fields and values listed in the
Credentialed Transactions Developer Guide
. For more information about processing CITs and MITs, see:

Encrypted PINs for Online Discover and Diners Club Transactions

Effective date:
 April 12, 2024
Processor:
Visa Platform Connect
Regions:
 All
Services:
 Authorization Requests
Merchants
As of April 12, 2024, for online and ATM PIN transactions with Discover and Diners Club cards, merchants must include encrypted PIN data in this field when requesting an authorization:
  • REST API:
    pointOfSaleInformation.encryptedPin
  • SCMP API:
    pin_data_encrypted_pin
  • Simple Order API:
    pinDataEncryptedPIN

Extended Authorizations for Transactions

Effective date:
May 31, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
Authorization request and response
Feature
As of May 31, 2024, Visa is requesting a 30‐day extended clearing for cardholder‐initiated card‐not‐present transactions.
Cybersource
 receives the expected clearing date details from Visa.
Merchants
Merchants who support extended authorizations must set this field to
true
 in an authorization request and response message:
  • REST API Field:
    processingInformation.authorizationOptions.extendAuthIndicator
  • SCMP API Field:
    auth_extend_auth_indicator
  • Simple Order API Fields:
    ccAuthService_extendAuthIndicator

Mastercard EMV Tags

Effective date:
April 14, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
 Authorization request
Feature
As of April 14, 2024, Mastercard is adding these optional, integrated-circuit-card‐data tag values in authorization requests:
  • Mastercard authenticated application data (tag 9F60): Allows issuer proprietary data, that is provided by the card to the terminal to be communicated securely to the issuer host.
  • Mastercard kernel identifier-terminal data (tag 96): Identifies the particular contactless kernel used by the terminal to process the transaction.
Acquirers
Acquirers must support this data in the TC 33 capture file:
  • Mastercard authenticated application
    • Record: CP 02 TCR 2
    • Position: 5‐131
    • Field: Mastercard authenticated application
  • Mastercard kernel identifier-terminal
    • Record: CP 02 TCR 2
    • Position: 132‐139
    • Field: Mastercard kernel identifier-terminal
Merchants
Merchants who support EMV functionality for Mastercard can choose to submit tags 9F60 and 96 with other EMV tags included in this API field:
  • REST API:
    pointOfSaleInformation.emv.tags
  • SCMP API:
    emv_request_combined_tags
  • Simple Order API:
    emvRequest_combinedTags

Mastercard Merchant Advice Codes

Effective date:
April 12, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
Authorization responses
Feature
As of April 12, 2024, Mastercard is introducing new merchant advice code values for use in authorization responses associated with customer non-reloadable prepaid products, customer single‐use virtual card numbers, the MoneySend Payment Transactions Program, and the Gaming and Gambling Payments Program.
Merchant Advice Code Values
Merchants who support Mastercard transactions must support these merchant advice code values in the authorization response:
  • 40
    : Non-reloadable prepaid card
  • 41
    : Non-reloadable prepaid card
  • 42
    : Sanctions score exceeds applicable threshold value
This is the advice code field:
  • REST API Field:
    processorInformation.merchantAdvice.code
  • SCMP API Field:
    merchant_advice_code
  • Simple Order API Field:
    ccAuthReply_merchantAdviceCode
Merchant Advice Code Raw Values
Merchants who support Mastercard transactions must support these merchant advice code raw values in the authorization response:
  • 7903
    : Do not try again
  • 7921
    : Do not honor
  • 7940
    : Non‐reloadable prepaid card
  • 7941
    : Non‐reloadable prepaid card
  • 7942
    : Sanctions score exceeds applicable threshold value
This is the merchant advice code raw field:
  • REST API Field:
    processorInformation.merchantAdvice.codeRaw
  • SCMP API Field:
    auth_merchant_advice_code_raw
  • Simple Order API Field:
    ccAuthReply_merchantAdviceCodeRaw

Mastercard Merchant Payment Gateway ID

Effective date:
April 12, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
  • Authorization request
  • Authorization reversal request
  • Credit request
Feature
As of April 12, 2024, Mastercard is revising standards to populate the merchant payment gateway ID for all card-not-present transactions.
When merchants process card-not-present Mastercard transactions and do not include the merchant payment gateway ID in their request,
Cybersource
 sets the field value to
00000163065
.
Acquirers
Acquirers must support this data in the TC 33 capture file:
  • Record: CP01 TCR 7
  • Position: 158-168
  • Field: Merchant Payment Gateway ID
Merchants
Merchants who support card-not-present Mastercard transactions must include this field in all transaction requests. When merchants process card-not-present transactions and do not include this field in their request,
Cybersource
 sets the field value to
00000163065
.
  • REST API Field:
    processingInformation.networkPartnerId
  • SCMP API Field:
    network_partner_id
  • Simple Order API Field:
    ccAuthService_networkPartnerId

Mastercard Transaction Link Identifier

Effective date:
June 4, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
  • Authorization response
  • Authorization subsequent request
  • Authorization reversal
  • Authorization reversal response
  • Credit response
  • Follow-on credit authorization request
Feature
As of June 4, 2024, Mastercard is introducing the transaction link identifier. Mastercard generates a new transaction link identifier as a 22-character unique identifier and populates it in the first message in a transaction life-cycle. Mastercard generates a value and populates it in the response message if one was not previously assigned. For life-cycle transactions, Visa includes the value provided by the acquirer.
Acquirers
Acquirers must support this data in the TC 33 capture file:
  • Record: CP12 TCR 4
  • Position: 73-108
  • Field: Transaction Link Identifier
Merchants
Merchants receive a transaction link identifier in this field for the first transaction of a transaction life-cycle sent by Mastercard:
  • REST API Field:
    issuerInformation.transactionInformation
  • SCMP API Field:
    payment_network_transaction_information
  • Simple Order API Field:
    paymentNetworkTransactionInformation

Payment Enabler ID Field

Effective date:
April 14, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
  • Authorization
  • Original credit transaction (OCT)
Feature
As of April 14, 2024, Visa is assigning an enabler verification value (EVV) to payment enablers. Merchants who use a payment enabler for requesting authorization and OCT services must use the enabler ID value.
The EVV is an optional five-character hexadecimal value that Visa assigns to identify the payment enabler that processes requests for authorization and OCT services. If the wrong enabler ID is used in a transaction, the transaction is still accepted. If the enabler ID character string is longer than five characters, the transaction is declined.
The agent unique ID data is still supported in the TC 33 capture file in the first five positions:
  • Record: CP12 TCR1
  • Position: 138-148
The five positions that follow the agent unique ID in CP12 TCR1 are used for the EVV. The final position is reserved for 0. Except for the first digit which is fixed, CP12-TCR1 positions 138-148 () now occupy all of ISO field 126.18.
Merchants
When merchants use a payment enabler, this field must be included in an authorization or OCT request.
  • REST API:
    processingInformation.enablerId
  • SCMP API:
    enabler_id
  • Simple Order API:
    enabler_id

Payment Facilitator Details

Effective date:
 April 12, 2024
Processor:
Visa Platform Connect
Regions
: All
Services:
 Authorization requests
Feature
As of April, 12, 2024,
Cybersource
 merchants must include payment facilitator details for Discover transactions.
Acquirers
Acquirers must support this data in the TC 33 capture file:
  • Marketplace identifier/payment facilitator ID
    • Record: CP 01, TCR 6
    • Positions: 95-105
    • Field: Marketplace identifier/payment facilitator ID
  • Independent sales organization ID
    • Record: CP 01, TCR 6
    • Positions: 106-116
    • Field: Independent sales organization ID
  • Sub-merchant ID
    • Record: CP 01, TCR 6
    • Positions: 117-131
    • Field: Sub-merchant ID
Merchants
If the merchant uses an aggregator for transaction processing, they must include payment facilitator details in the authorization request for Discover transactions.
The merchant must include these fields in an authorization request:
  • REST API:
    • merchantInformation.salesOrganizationId
    • aggregatorInformation.aggregatorId
    • aggregatorInformation.subMerchant.id
  • SCMP API:
    • sales_organization_id
    • aggregator_id
    • submerchant_id
  • Simple Order API:
    • invoiceHeader_salesOrganizationID
    • ccAuthService_aggregatorID
    • invoiceHeader_submerchantID

Response Code for Zero Amount Authorization

Effective date:
April 12, 2024
Processor:
Visa Platform Connect
Regions:
All
Services:
Zero Amount Authorization request and response
Feature
As of April 12, 2024, Visa is supporting response code value
Z5
 (valid account, but amount is not supported). Merchants receive response code
Z5
 when the anticipated amount mentioned in the transaction exceeded the account limit or available funds.
Acquirers
Acquirers must support response code
Z5
 (valid account, but amount is not supported) in responses.
Merchants
Merchants must be prepared to receive value
Z5
 (valid account, but amount is not supported) in this field in an authorization response:
  • REST API:
    processorInformation.responseCode
  • SCMP API:
    auth_auth_response
  • Simple Order API:
    ccAuthReply_processorResponse

Country-Specific Mandates

Contact PMPayment-cybs@visa.com for questions about country-specific mandates.

Response Codes for PIN and SCA Requirements

Effective date:
April 12, 2024
Processor:
Visa Platform Connect
Regions:
Albania, Azerbaijan, Moldova, Montenegro, North Macedonia, and Ukraine
Services:
Authorization request and response
Feature
As of April 12, 2024, Visa is enforcing PIN data requirements for card-present transactions and strong customer authentication (SCA) requirements authorizations in Albania, Azerbaijan, Moldova, Montenegro, North Macedonia, and Ukraine. Merchants will receive response code
70
 when PIN data is required for card-present transactions on a terminal. Merchants will receive response code
1A
 when SCA (additional customer authentication request) is required to approve a transaction.
Acquirers
Acquirers must support response codes
70
 (PIN data required) and
1A
 (additional customer authentication required) in responses.
Merchants
Merchants must be prepared to receive values
70
 (PIN data required) and
1A
 (additional customer authentication required) in this field in an authorization response:
  • REST API:
    processorInformation.responseCode
  • SCMP API:
    auth_auth_response
  • Simple Order API:
    ccAuthReply_processorResponse

French Territories: SCA Indicator

Effective date:
April 12, 2024
Processor:
Visa Platform Connect
Regions:
CEMEA, LAC, and Europe regions
Services:
Authorization request and response
Feature
As of April 12, 2024, changes are being made to support the migration of these seven French territories from the LAC and CEMEA regions to the Europe region:
  • Guadeloupe (Country code 312 GP) from Region LAC to Region Europe 3
  • French Guiana (Guyana 254 GF) from Region LAC 5 to Region Europe 3
  • Martinique from Region LAC (474 MQ) to Region Europe 3
  • Saint‐Martin (French Part) from Region LAC (663 MF) to Region Europe 3
  • Saint‐Barthélemy (652 BL) from Region LAC to Region Europe 3
  • Réunion from Region CEMEA (638 RE) to Region Europe 3
  • Mayotte from Region CEMEA (175 YT) to Region Europe 3
Acquirers
Acquirers based in the French territories that are moving to the Europe region must support strong customer authentication (SCA)-related fields that correspond to this data in the TC 33 capture file:
  • Record: CP07 TCR9
  • EU Processing Position: 1–9, 29–140
  • Field: EU Processing
Merchants
Merchants transacting in the listed countries must include the SCA indicator in the transaction request. They must also be prepared to receive the SCA validation results in the transaction response.