Visa has communicated a change to the availability of temporary transaction IDs through payment gateways. This primarily affects organizations who operate within the European Economic Area (EEA) and are subject to PSD2/SCA Regulations.
Below are more details on the impact of this change.
Who is affected?
Anyone who is performing Ecommerce, Merchant Initiated Transactions (MIT) in the EEA with VISA credit cards.
What is the summary of the impact?
Payment gateways have been able to inject a default or temporary Network Transaction ID (NTID) value on behalf of merchants if the NTID was deemed invalid by Visa. There is a Visa mandate that goes into effect October 31st, 2023 that will prevent the use of these default NTID values and require the NTIDs returned by the card scheme from a CIT transaction.
We have heard from some payment gateways, such as Adyen and Credorax, that they will begin this enforcement February 1, 2023 and that Cybersource will begin this enforcement March 1, 2023.
Spreedly is not aware of any other specific gateway changes, but it is advised you reach out to the payment gateway(s) you are using to inquire about when they will enforce this change. We are here to assist with any additional guidance.
What should I do?
If you have been performing SCA transactions which are ECOM payment type where the Authorization was requested as a Customer Initiated Transaction (CIT) and 3DS Challenges are supported, Spreedly is confident that we will be able to store the correct NTID on your behalf and submit it on future MIT without issue. In this case, you do not need to do anything.
If you have been performing MIT for any reason without first performing a CIT and without some form of SCA exemption, we strongly suggest performing a CIT first or you risk a hard decline on the transaction. Ultimately, it is your Payment Gateway’s responsibility to communicate who is at risk of decline and we recommend that you confirm with them if you feel your payment workflow represents a risk as a result of these changes. Some examples of workflows we know may present a problem:
- Card imports (where the next transaction is an MIT)
- Account Updater where a card has changed from a Mastercard to a Visa
- Any MIT in the EEA where a CIT was performed on a different gateway or card.
For these examples, the recommendation is to perform a CIT in order to obtain an NTID for the transaction before attempting any subsequent MIT.
Furthermore, if you are seeing an influx of 05 - Do Not Honor hard declines on your MIT payment attempts, please contact Spreedly support for additional investigation.
How do I perform a CIT?
Please review the Spreedly documentation for Stored Credentials framework here.
What should I expect if I do nothing?
In the majority of cases, there will be no change required. If you start to see a higher than normal decline rate in your Merchant Initiated Transactions, please submit an inquiry here or directly contact us at firstname.lastname@example.org.
Will I incur any fines?
At this time, it is our understanding that only the acquiring banks can be issued fines. Merchants risk hard declined transactions with the decline reason “05 - Do Not Honor”. Additional discussions with your payments gateway(s) are encouraged.
Why did Spreedly send this communication so close to the February 1 date?
These changes are gateway specific before October 2023. It was up to the gateways to determine when this change would be enacted and only recently were we made aware that certain gateways had begun to roll out changes. In the future, Spreedly will improve our efforts to more closely align with our gateways and the card brands to ensure communications are sent out much earlier.
What should I do if I still have questions or need further assistance?
Please reach out to our Support team here.