As your payments partner, we want to keep you up to date with industry changes and card brand developments. There are 14 updates and reminders included here. To avoid potential inclusion in a non-compliance programme and potential non-compliance fees please act on all updates which are relevant to you and your payments processing.
All card brands (reminder): CVM limits by country
You’re reminded to be aware of the maximum value for contactless transactions in the countries in which you operate. Below are those maximums for both Visa and Mastercard.
|
Country |
Currency |
Mastercard Contactless Limit |
Visa Contactless Limit |
|---|---|---|---|
|
Albania |
ALL |
4,500 |
5,500 |
|
Andorra |
EUR |
50 |
50 |
|
Argentina |
ARS |
8,000 |
8,000 |
|
Armenia |
AMD |
20,000 |
25,000 |
|
Austrailia |
AUD |
200 |
100 |
|
Austria |
EUR |
50 |
50 |
|
Azerbaijan |
AZN |
100 |
100 |
|
Belarus |
BYN |
100 |
120 |
|
Belgium |
EUR |
50 |
50 |
|
Bosnia & Herzegovina |
BAM |
60 |
90 |
|
Brazil |
BRL |
200 |
170 |
|
Bulgaria |
BGN |
100 |
100 |
|
Canada |
CAD |
250 |
250 |
|
China |
CNY |
1,000 |
1,000 |
|
Colombia |
COP |
100,000 |
250,000 |
|
Costa Rica |
CRC |
30,000 |
30,000 |
|
Cyprus |
EUR |
50 |
50 |
|
Czech Republic |
CZK |
500 |
500 |
|
Denmark |
DKK |
350 |
350 |
|
Estonia |
EUR |
50 |
50 |
|
Finland |
EUR |
50 |
50 |
|
France |
EUR |
50 |
50 |
|
Georgia |
GEL |
100 |
160 |
|
Germany |
EUR |
50 |
50 |
|
Gibraltar |
GIP |
100 |
45 |
|
Greece |
EUR |
50 |
50 |
|
Hungary |
HUF |
15,000 |
15,000 |
|
Iceland |
ISK |
7,500 |
7,500 |
|
India |
INR |
5,000 |
5,000 |
|
Ireland |
EUR |
50 |
50 |
|
Israel |
ILS |
300 |
300 |
|
Italy |
EUR |
50 |
50 |
|
Kazakhstan |
KZT |
25,000 |
25,000 |
|
Kosovo, United Nations Mission in Kosovo (UNMIK) |
EUR |
50 |
50 |
|
Kyrgyzstan |
KGS |
2,500 |
4,000 |
|
Latvia |
EUR |
50 |
50 |
|
Liechtenstein |
CHF |
80 |
50 |
|
Lithuania |
EUR |
50 |
50 |
|
Luxembourg |
EUR |
50 |
50 |
|
Macedonia |
MKD |
2,000 |
2,500 |
|
Malta |
EUR |
50 |
50 |
|
Moldova |
MDL |
1,000 |
1,000 |
|
Monaco |
EUR |
50 |
50 |
|
Netherlands |
EUR |
50 |
25 |
|
New Zealand |
NZD |
200 |
200 |
|
Norway |
NOK |
500 |
500 |
|
Peru |
PEN |
150 |
170 |
|
Philippines |
PHP |
5,000 |
5,000 |
|
Poland |
PLN |
100 |
100 |
|
Portugal |
EUR |
50 |
50 |
|
Romania |
RON |
200 |
100 |
|
Russian Federation |
RUB |
5,000 |
3,000 |
|
San Marino |
EUR |
50 |
50 |
|
Serbia |
RSD |
4,000 |
5,000 |
|
Slovakia |
EUR |
50 |
50 |
|
Slovenia |
EUR |
25 |
25 |
|
Spain |
EUR |
50 |
50 |
|
Sweden |
SEK |
400 |
400 |
|
Switzerland |
CHF |
80 |
80 |
|
Tajikistan |
TJS |
200 |
500 |
|
Turkey |
TRY |
250 |
500 |
|
Turkmenistan |
TMT |
90 |
200 |
|
Ukraine |
UAH |
500 |
1,500 |
|
United Kingdom |
GBP |
100 |
100 |
|
Uzbekistan |
UZS |
250,000 |
500,000 |
|
Vatican City |
EUR |
50 |
50 |
What you need to do:
If you are using an Elavon POS terminal, you have no action to take as we look after this for you. If you are using a third-party POS terminal, you should contact your provider to make sure the correct maximum contactless limits are supported.
All card brands – Cashback in Poland
Effective immediately, Mastercard and Visa are updating the cash-back limit for Poland. In the case of Mastercard the limit is increasing from 500 PLN to 1,000 PLN. For Visa it is rising from 300 PLN to 1,000 PLN.
You’re reminded to be aware of the maximum value for cashback transactions in the countries in which you operate. Below are a summary of those maximums for both Visa and Mastercard.
|
Country |
Currency |
Visa Cash-Back Limit |
Mastercard Cash-Back Limit |
|---|---|---|---|
|
Austria |
EUR |
200 |
200 |
|
Bulgaria |
BGN |
50 |
100 |
|
Canada |
CAD |
200 |
100 |
|
Cyprus |
EUR |
100 |
100 |
|
Finland |
EUR |
400 |
100 |
|
Germany |
EUR |
200 |
200 |
|
Greece |
EUR |
50 |
100 |
|
India |
INR |
2,000 |
2,000 |
|
Ireland |
EUR |
100 |
100 |
|
Italy |
EUR |
100 |
100 |
|
Poland |
PLN |
300 |
500 |
|
Romania |
RON |
200 |
100 |
|
Slovakia |
EUR |
50 |
100 |
|
Switzerland |
CHF |
300 |
300 |
|
UK |
GBP |
100 |
100 |
|
USA |
USD |
200 |
200 |
What you need to do:
Elavon is working with both card brands to agree an implementation date for this change, which came in 1 September 2022. Further communications will be issued once this process is complete. If you are using a third party for your POS, you should contact your provider to make sure they can support this change.
All card brands - PIN entry bypass support for face-to-face transactions
PIN (personal identification number) bypass occurs when a chip/PIN card interfaces with a chip/PIN terminal during a point-of-sale (POS) transaction. The card chip has been read but the PIN has not been verified because the merchant has taken a step to bypass PIN entry.
Mastercard has announced plans to sunset support for PIN bypass in Europe from 12 October 2022.
Please see below table for all card brands:
What you need to do:
If you are using an Elavon POS terminal, you have no action to take as we look after this for you. If you are using a third-party POS terminal, you should contact your provider to make sure PIN entry bypass will not be supported for Mastercard transactions from October 2022.
All card brands – Changes to Sierra Leone currency codes
The International Organization for Standardization (ISO) has announced a new alphanumeric currency code for Sierra Leone. The new alphanumeric currency code is SLE/925.
What you need to do:
If you are using an Elavon point-of-sale (POS) terminal or eCommerce gateway you have no action to take as we look after this for you. If you are using a third-party POS or Gateway provider, you should contact your provider to make sure they can support the new alphanumeric code.
Visa and Mastercard – Croatia will join the Eurozone from 2023.
The Council of the European Union formally approved the accession of Croatia to the Eurozone from 1 January 2023.
The Croatian National Bank has confirmed that the exchange rate to convert the Croatian Kuna (HRK) to Euro (EUR) has been set at 7.53450 HRK to 1 EUR.
Points to note:
Authorisation and settlement for Croatia’s domestic currency (HRK) will change to the Euro (EUR).
Authorisation requests using the Croatian Kuna submitted after 12.00am on 1 January 2023 will be rejected.
Global and regional providers of in-flight currency conversion services such as Dynamic Currency Conversion (DCC) and Multi Currency Conversion (MCC) should make sure that Croatian cardholders are not offered or guided to pay in HRK after 31 December 2022.
What you need to do:
If you are using an Elavon POS terminal or eCommerce gateway you have no action to take as we look after this for you. If you are using a third party as your POS or Gateway provider, you should contact your provider to make sure they’re ready for this change.
All card brands – Strong Customer Authentication
The Payment Services Directive 2 (PSD2) has changed online banking forever by introducing an extra layer of security for internet and mobile payments. The implementation of this directive delivered many benefits including a reduction in online fraud and increased consumer confidence in ecommerce and card not present payments. The PSD2 journey is not over yet and the following articles include important information and reminders about upcoming milestones and reminders about ways to further improve the customer experience and compliance of ecommerce and card not present payments.
-
All card brands have agreed an industry-wide sunset of 3D Secure (3DS) version 1 to EMV 3D Secure 2.x. The final sunset date for 3DS 1 is 15 October 2022, after which 3DS 1 transactions will no longer be supported for cardholder authentication.
What you need to do:
If you are unsure whether you are processing on EMV 3DS 2.x, you should contact your gateway support team to check readiness ahead of the October 2022 3DS 1 sunset date.
-
Under PSD2, most eCommerce transactions require Strong Customer Authentication (SCA) unless an exemption or exclusion (like merchant-initiated transactions (MITs)) is applied.
Non-3DS transactions with no exemption are non-compliant with the PSD2 directive and are highly likely to be declined by issuers. While the share of non-3DS non-compliant transactions is declining there are ways to make these transactions compliant.
Ecommerce transactions under 30 Euro can be made compliant by applying low-value exemption flag. Merchant Initiated Transactions (MITS) or Recurring Payments can be made compliant by applying the exemption flags and correct transaction indicators. Achieving compliance is likely to increase the approval rate of these transactions and avoid potential non-compliance fees.
What you need to do:
You should contact your gateway support team to make sure they’re using EMV 3DS 2.x and/or the correct exemption.
-
Under the Payment Services Directive 2 (PSD2), most eCommerce transactions require Strong Customer Authentication (SCA) unless an exemption or exclusion (like merchant-initiated transactions (MITs)) is applied. To satisfy these PSD2 SCA requirements, customers are required to use the EMV 3DS or any other SCA-compliant method to avoid issuer SCA soft declines. A SCA soft decline is a declined authorisation where the issuer requests SCA to make it successful. In this case, you should re-submit the authorisation after successfully authenticating your customer with 3DS.
Mastercard launched the PSD2 optimisation programme to monitor transactions to check if EMV 3DS 2.X was used after a SCA soft decline.
What you need to do:
You should contact your gateway support team to make sure that when transactions are soft declined, the transaction is retried with EMV 3DS 2.X.
-
Mastercard is rolling out a Europe region-wide roadmap to achieve a network migration from EMV 3DS 2.1 to EMV 3DS 2.2 effective from 14 October 2022. As part of this announcement, Mastercard not only requires support for EMV 3DS 2.2, Mastercard also requires the support of key EMV 3DS features as outlined below:
All eCommerce businesses must be ready for EMV 3DS v2.2 as of 14 October 2022. Mastercard does not require that all transactions are sent using EMV 3DS v2.2. and EMV 3DS 2.1 must continue to be supported until Mastercard formally announces its sunset.
All eCommerce businesses must support and perform authentication app re-direction through the merchant app, the 3DS SDK and EMC 3DS v2.2 transactions if the cardholder authentication method is OOB.
All eCommerce customers must support 3RI payments. 3RI payments offer you the option to system-generate a payment transaction when the cardholder is not in session. These transactions are used for use cases where there is an initial purchase transaction while the cardholder is in session, called consumer-initiated transaction (CIT), followed by subsequent transactions that are 3RI MIT. With 3RI payments, you can provide evidence, using the DS Transaction ID field, that SCA has been performed where the customer was involved and maintain their fraud liability protection for the full amount that has been authenticated.
What you need to do:
You should contact your gateway support team to make sure they’re ready to meet the October 2022 EMV 3DS 2.2 readiness date.
If your gateway has already been certified for EMV 3DS 2.2 (or will do so before 14 October 2022) additional functional testing is required to make sure the mandatory features defined in the roadmap are properly implemented. Mastercard will not require a new EMV 3DS 2.2 certification for this purpose.
Visa & Mastercard – Point of Sale updates to support Single Tap & PIN
Single Tap & PIN was introduced to enable an issuer to request Online PIN (personal identification number) verification on low-value contactless transactions, without the need to insert the card via a chip reader. Visa and Mastercard currently mandate that Single Tap & PIN is supported for all point-of-sale (POS) devices in Central and Eastern Europe.
Since 16 April 2022, Visa has mandated that acquirers and businesses in the European Economic Area (EEA) and the UK make sure that POS devices comply with Version 1.5 of Visa’s Terminal Requirements and Implementation Guidelines. The guidelines also include the details of the Single Tap & PIN requirements, noting that the UK is an offline-PIN market where a point-of-sale device will need to switch interface to insert the card to capture PIN when an issuer prompts for PIN verification to comply with SCA requirements. The Visa mandate does not apply to unattended POS terminals for transit fares and parking fees.
Mastercard have mandated support for Single Tap & PIN on all POS devices as outlined in the table below.
|
Country |
Effective Date |
|---|---|
|
Central & Eastern European Countries |
Current |
|
Andorra, Belgium, Luxembourg, |
31 Mar 2021 |
|
Kazakhstan & Georgia |
1 July 2021 |
|
Denmark, Estonia, Iceland, Latvia, |
31 Dec 2021 |
|
Germany |
30 Sep 2022 |
|
Finland, France, Italy, Monaco, |
31 Dec 2023 |
The Mastercard mandate does not apply to
Unattended POS terminals for transit fares and parking fees
Mobile point-of-sale (mPOS) Software-based PIN entry devices or
The following MCCs
6010 – Manual Cash Disbursements – Customer Financial Institution
6011 – Automated Cash Disbursements – Customer Financial Institution
6012 – Merchandise and Services – Customer Financial Institution
4814 – Telecommunication Services
4900 – Utilities – Electric, Gas, Heating, Oil, Sanitary Water
6050 – Quasi-Cash – Customer Financial Institution
5542 – Fuel Dispenser, Automated
5552 – Electric Vehicle Charging
What you need to do:
If you are using an Elavon POS terminal, you have no action to take as we look after this for you. If you are using a third-party POS terminal, you should contact your provider to make sure Single Tap & Pin will be supported by the relevant dates.
Visa & Mastercard – You’re required to continue accepting Visa cards with all designs
You are reminded that you must not decline to accept a card based on card design, particularly those which are unembossed and/or have distinctive design qualities. Please familiarise yourself and your teams with the below card design summaries.
Card design summary for unembossed cards
An unembossed card has a smooth, flat surface with the 16-digit account number, cardholder name and expiration date printed or engraved on the front of the card instead of embossing with raised characters.
The full 16-digit account number is printed on the front or back of the card instead of embossing with raised characters.
The expiration date is printed on the front or back of the card.
A signature panel on the card is optional.
The Card Verification Value 2 (CVV2) is printed directly onto the card plastic on either the front or back of the card.
An unembossed card can be accepted at any merchant location that has an electronic terminal. These cards can also be used for mail, telephone and internet orders.
Card design summary for embossed cards
An embossed card has imprinted or stamped payment card details that can be felt above the card’s surface with the 16-digit account number, cardholder name / cardholder identifier and expiration date embossed with raised characters.
The full 16-digit account number must be embossed on the front of the card.
The expiration date must be embossed on the front of the card.
A signature panel on the card is optional.
The Card Verification Value 2 (CVV2) is printed directly onto the card plastic on the back of the card.
An embossed card can be accepted at any merchant location that has an electronic terminal. These cards can also be used for mail, telephone and internet orders.
What you need to do:
You are encouraged to make sure all your POS locations, and teams taking payments there, are fully aware of the above design summaries and accept all cards. Refusal to accept a card based on an unembossed design while accepting a card with embossed design is considered a violation of card brand rules.
Visa – Expiration of the Interim Transaction Identifier waiver
Visa has announced the end of support for Interim Transaction Identifier issued in EEA and UK relative to Merchant Initiated Transactions (MITs).
As you may know, to successfully process a MIT transaction it must contain the Original Transaction Identifier (OTID) of the initial cardholder-initiated transaction or previous MIT. This requires that the OTID is stored and subsequently retrieved and populated in the appropriate field of MIT transactions. To comply with PSD2 requirements Visa had provided European acquirers with an Interim Transaction Identifier (under a waiver) that could be used where OTID was not provided by the customer or gateway.
Visa OTID waiver is now set to expire on 31 October 2022.
Visa has also announced non-compliance assessment (NCA) fees starting from August 2022. Therefore, we recommend migrating to a valid OTID as soon as possible in accordance with the Visa Rules to avoid non-compliance fees. The use of the Interim Transaction Identifier will be technically disabled in the Visa authorisation system effective 31 October 2023.
Businesses that currently use the Interim Transaction Identifier must start migrating to a valid transaction ID as soon as possible.
There are two options on how you can obtain a valid Original Transaction Identifier (OTID) to replace the Interim transaction ID:
- Request a Cardholder Initiated Transaction (CIT), effectively reauthenticate, and store OTID for future use.
- Use Transaction ID of any previous MIT within the same merchant-cardholder agreement.
Below is guidance on how merchants can migrate from use of the Interim Transaction ID to a valid Transaction ID.
What you need to do:
If you are using a third-party integrated POS solution or gateway provider, you should contact your service provider to make sure they can support a valid transaction ID as soon as possible.
Visa - Restrictions on standing instruction MITs related to card-on-file tokens
Visa is restricting token-originated standing instruction MITs to card-on-file tokens only. Standing instruction MITs are transactions that address pre-agreed instructions from cardholders for the provision of goods and services and are performed as follow-ups to a cardholder-initiated transaction (CIT).
Other than by using primary account numbers (PANs), a popular method to initiate a standing instruction MIT is done by your business accepting a token payload provided by a digital wallet.
Effective from February 2024, Visa will restrict standing instruction MITs initiated by tokens to card-on-file (COF) tokens only. The following standing instruction MITs that are initiated by tokens will be impacted by this change:
- Installment payment transactions: A transaction in a series of transactions that use a stored credential and that represent a cardholder agreement for the merchant to initiate one or more future transactions over a period for a single purchase of goods or services.
- Recurring payment transactions: A transaction in a series of transactions that use a stored credential and that are processed at fixed, regular intervals (not to exceed one year between transactions), representing a cardholder agreement for the merchant to initiate future transactions for the purchase of goods or services provided at regular intervals.
- Unscheduled COF transactions: A transaction using a stored credential for a fixed or variable amount that does not occur on a scheduled or regularly occurring transaction date, where the cardholder has provided consent for the merchant to initiate one or more future transactions.
What you need to do:
If you are using an Elavon POS terminal or eCommerce gateway you have no action to take as we look after this for you. If you are using a third party as your POS or Gateway provider, you should contact your provider to initiate the process toward supporting merchant COF tokens. Tokens will continue to be supported for CITs and industry-standard MITs as usual.
Visa – Consumer choice for card brand selection in Europe
EU Interchange Fee Regulation mandates customer choice at point of sale when using a card that supports more than one payment brand (i.e. co-branded cards).
Your business must:
Display on the acceptance device (or for eCommerce, on the pages before final checkout) the available choice of card brands and enable the cardholder to make their own choice of card brand.
Not override the cardholder’s choice of card brand.
Apply this to all transaction types: POS at terminal (POS) and eCommerce
For your business this also means that while you may steer customers towards a particular card brand, the cardholder must be offered a clear choice of which card brand is going to be used for the transaction. Cardholders must be able to make the final decision to select the card brand of choice.
What you need to do:
You are reminded that you must display acceptance, and can set priorities on payment acceptance channels, while still making sure the consumer is able to make the final choice. If you are using an Elavon POS terminal or eCommerce gateway you have no action to take as we look after this for you. If you are using a third-party POS terminal or Gateway, you should contact your provider to make sure there is correct support for co-branded cards.
Mastercard – Germany country code update
Mastercard are reminding businesses and acquirers that the correct country code for Germany is 280. Country code 276 is invalid and should not be used. Mastercard is starting a series of data integrity checks on compliance from 1 October 2022.
What you need to do:
If you are using an Elavon POS terminal or eCommerce gateway you have no action to take as we look after this for you. If you are using a third-party POS or Gateway provider, you should contact your provider to make sure the correct country code for Germany is being used.
Mastercard - MC Maestro to MC Migration
Maestro-branded cards don’t provide cardholders with the features they expect in a digital economy, as a large portion of Maestro-branded cards are still not enabled for eCommerce. Mastercard is announcing plans to replace Maestro-branded cards with the Mastercard brand in the Europe region. From 1 July 2023 new cards, renewals and replacements of Maestro-branded cards must be issued as Mastercard card programs.
Further to this, Mastercard have launched additional steps to improve Debit Mastercard Acceptance at POS terminals and for online payments in Belgium, with an aim to reach full acceptance by the end of 2022 at the latest. For Debit Mastercard, making a purchase to access cashback is not a requirement mandated by Mastercard, however it is highly recommended to offer this.
Mastercard have also issued guidance in relation to the required brand logos to be displayed, the Maestro logo must continue to be displayed during the phasing out of the Maestro brand. If more than one Mastercard brand is accepted, the logos should be displayed with the Mastercard logo first followed by the other products such as Maestro. Please see illustration below for guidelines on use of logos:
What you need to do:
If you are using an Elavon point-of-sale (POS) terminal or eCommerce gateway you have no action to take as we look after this for you. If you are using a third party for your POS or Gateway provider, you should contact your provider to make sure they can fully support Debit Mastercard acceptance.
You should ensure that you are familiar with the Mastercard branding guidelines and display the logos correctly. Updated artwork can be downloaded here and branding guidelines can be found here.
Mastercard - Cardholder Initiated Transaction and Merchant Initiated Transaction indicators
Mastercard is introducing a new indicator to specify the type of cardholder-initiated transaction (CIT) or merchant-initiated transaction (MIT) within authorisation requests from October 2022.
The new CIT and MIT indicators convey to the issuer that your business and the cardholder have an established relationship and an agreement to use stored payment credentials as part of the transaction process. This makes it easier for issuers to identify legitimate transactions and make better informed authorisation decisions.
The new indicators will distinguish the following CIT and MIT types of eCommerce transactions and aligns with the existing Visa MIT framework.
Cardholder-initiated transaction (CIT) is any transaction where the cardholder is actively participating in the transaction. Transactions may be performed based on credentials provided by the cardholder at the time of transaction or a stored credential-on-file (COF) from a previous interaction. Transactions can occur as an in-store point-of-sale (POS) transaction, an eCommerce transaction, a mail order/telephone order transaction (MOTO), or an ATM transaction.
Merchant-initiated transaction (MIT) is a transaction where the cardholder is not actively participating in the transaction. MITs may often be preceded by either a CIT or an Account Status Inquiry (ASI).
Recurring Payment or Instalment MIT:
A transaction arising from an agreement between the cardholder and your business whereby the cardholder agrees for your business to store the cardholder’s credential and to use that stored credential-on-file (COF) for a subsequent purchase of goods or services. These transactions may be classified as:
standing order
subscription
instalment, or
unscheduled credential-on-file.
Industry Practice MIT:
A transaction initiated by your business that most often occurs after an initial interaction with the cardholder. Industry practice transactions may be performed with credentials that are stored on file, or credentials that are not stored on file, but are rather temporarily retained by your business as agreed to by the consumer. These industry practice MITs may be classified as
partial shipments
related or delayed charge
no show, or
resubmission
What you need to do:
If you are using a third-party integrated POS solution or gateway provider, you should contact your service provider to make sure they will be ready to support these new indicators for Mastercard MIT and CITs for October 2022.