Visa Rules for Enhanced Risk Performance—What You Should Know

Visa Rules for Enhanced Risk Performance—What You Should Know

The year 2021 will bring new rules for fraud prevention introduced by Visa. Here’s what you should know and how it can impact your online business.

The new rules are intended to improve your payment performance by reducing fraudulent activity and creating more transparency, hence to remove confusion from processing payments.

The main changes include the following issues:

Decline code management
Consistency of authorization of data
Cardholder fraud management.

Let’s dive deeper into what you can expect in the months ahead.

Decline code management

From 16 April 2021 existing decline codes will be regrouped into 4 categories, so issuers will be required to provide accurate decline reasons. The change results in extra fees for merchants who reattempt to authorize a transaction after receiving a certain reason for decline.

The main reason for introducing the 4 categories is minimizing confusion and creating more clarity in the payment process. This is because when issuers send generic decline reasons that are hard for merchants to understand, merchants reattempt to send the same transaction which leads to increased costs—and confused customers.

Below are decline reasons grouped into the categories to shine more light on whether reattempts are allowed, how many of them are allowed, and for how long merchants can reattempt.

Category 1—Issuer will not approve

This category includes transactions with blocked or never existing cards, so there is no circumstance under which the issuer will approve the transaction.

Be ready for fees charged for any reattempt to authorize a transaction under category 1 from 1 October 2021. The decline codes in this category are:

03 Invalid merchant
04 Pickup card
07 Pickup card, special condition
12 Invalid transaction
15 No such issuer
41 Pickup card (lost card)
43 Pickup card (stolen card)
57 Transaction not permitted to cardholder
62 Restricted card
78 No account
93 Transaction cannot be completed
R0 Stop payment order
R1 Revocation of authorization order
R3 Revocation of all authorization

Category 2—Issuer cannot approve at this time

Requirements for issuers in this category relate to transactions that may be approved, but not at the moment due to a system issue or insufficient funds on the cardholder’s account. So the decline is temporary and may change after reattempts.

Note that for any attempt over 15 transaction reattempts per card in 30 days that received a category-2 decline there will be a fee from 1 April 2021. Below are the decline codes in category 2:

19 Re-enter transaction
51 Insufficient funds
59 Suspected fraud
61 Exceeds withdrawal amount limits
65 Exceeds withdrawal frequency
75 Allowed number of PIN entry tries exceeded
86 ATM malfunction
91 Issuer or switch is inoperative
96 System malfunction
N4 Cash request exceeds issuer limit
N3 Cash service not available

Category 3—Data quality issues

Category 3 is for when the issuer cannot approve the transaction based on the provided details, such as an expired card or an incorrect CVV2.

For any attempt over 15 reattempts per card in 30 days and for any attempt to authorize a transaction after receiving 25,000 category-3 declines in 30 days per merchant a fee will be charged as of 1 April 2021. Reattempts are not permitted for code 14 – Invalid account number.

Here are the decline codes in category 3:

14 Invalid account number
54 Expired card
55 Incorrect PIN
82 Negative online CAM, dCVV, iCVV, or CVV results
N7 Decline for CVV2 failure [Visa]
In the Europe region: 1A (Additional customer authentication required)
In the Europe region: 70 (PIN data required)

Category 4—Generic response codes

This category includes all other decline response codes, so it should be used for transactions where no other value applies. A fee will be charged from 1 April 2021 for attempting to authorize more than 15 transaction reattempts per card in 30 days.

The new decline code grouping rules are especially important for merchants offering recurring transactions, as the nature of such payments comes with more authorization reattempts.

How high is a transaction fee?

If a merchant doesn’t comply with the limits mentioned above, the following fees will apply. For domestic and intraregional transactions Visa will charge 0.10 USD from 1 April 2021, and 0.15 USD for international transactions (valid from 1 October 2021). The fees will be charged from the first transaction exceeding the limits.

That’s why you need to update your system to comply with these limits.

Authorization data consistency

Another thing included in the new rules introduced by Visa is the consistency of authorization effective from 1 October 2021. The main purpose of this program is to enhance the effectiveness of transactions’ authorization run by issuers. Visa defined guidelines for maintaining consistency of data and decreasing the number of resubmitting authorization requests with changed data elements usually practiced by merchants to improve success rates.

Following the new rules, from 1 October 2021 Visa will apply a fee if you reattempt a declined authorization with changed data fields. The data fields that cannot be changed include the merchant’s country, AVS, and electronic commerce indicator (ECI) as part of your 3D Secure process.

Why is that important? One of the main reasons is that amending data fields, even if effective in some cases, is often a waste of time and resources for every party involved in the process. A non-compliance fee will also apply to transactions that were a result of fraud attacks or mislaying.

Cardholder fraud management

Visa’s internal research has revealed that this lack of consistent decline reason code grouping opens new opportunities for fraudsters. As they’ve noticed an increasing trend of cardholders raising fraud chargebacks for legitimate purchases (read more about friendly fraud here), Visa introduced guidelines for preventing and managing fraud.

First party fraud is difficult for merchants to control and comes with extra costs for both issuers and merchants. Here’s how you can control such an issue to limit suspicious activity:

  • Control how your customers use the card on file:
Pay attention to the way your customers use the card on file by limiting the number of transactions that a customer can make with the card on file daily and set base-level daily cardholder velocity controls.
Set the number of transactions to match your dispute rates, but note that the maximal number of transactions per card cannot exceed 25 a day.
  • Prevent future fraud attempts:
Cancel any future transactions and revoke provision of goods or services if you receive a fraud chargeback from a cardholder until the fraud issue has been resolved.
Reauthenticate the cardholder before further transactions.
Contact the cardholder to clarify the transaction.
  • Include contact information on the transaction details in the merchant location field so that your customers can easily request refunds directly from you rather than issuing a dispute. If you don’t provide such information, penalties for non-compliance will apply.

Fraud prevention tools—protect your online business

The good news is that the new rules don’t require any technical changes on your end, as we’ll take care of them on your behalf so that they don’t affect your transaction processing.

You can (and should) also take extra steps to protect your business from online fraud and to reduce decline rates by working with a reliable payment processor that delivers proven fraud prevention tools.

Fraud detection requires a comprehensive approach to analyzed data, so a multilevel strategy is what you should aim for. A single tool is not enough to defend your business. Ask your payment processor whether it provides a versatile mix of features to collect and analyze the data so that you can rest assured that your business is in good hands.

If you have any questions, please contact our support team always available to address them.

The following two tabs change content below.

Sandra Wróbel-Konior

A well-established Content Marketing Specialist with a tech-savvy personality, experience in writing, and a passion for reading. Staying up to date with the latest technology and social media trends, in love with GIFs and craft chocolate.

Latest posts by Sandra Wróbel-Konior (see all)

Credit Card Chargebacks: Merchants’ Rights

What to Consider When Choosing a Payment API