Professional Documents
Culture Documents
Visa Confidential
Important Note on Confidentiality and Copyright
The Visa Confidential label signifies that the information in this document is confidential
and proprietary to Visa and is intended for use only by Visa Clients subject to the
confidentiality restrictions in the Visa Rules, non-Client Third-Party Processors that have
an executed and valid Exhibit K on file with Visa, and other third parties that have a
current nondisclosure agreement (NDA) with Visa that covers disclosure of the information
contained herein.
This document is protected by copyright restricting its use, copying, distribution, and
decompilation. No part of this document may be reproduced in any form by any means
without prior written authorization of Visa.
All other product names mentioned herein are the trademarks of their respective owners.
This document is a supplement of the Visa Core Rules and Visa Product and Service
Rules. In the event of any conflict between any content in this document, any document
referenced herein, any exhibit to this document, or any communications concerning this
document, and any content in the Visa Core Rules and Visa Product and Service Rules, the
Visa Core Rules and Visa Product and Service Rules shall govern and control.
If you have technical questions or questions regarding a Visa service or questions about
this document, please contact your Visa representative.
Contents
Manual Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Document Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
16.3.1 How V.I.P. Determines Effective and Update Date and Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-4
17.6 How Automatic Cardholder Database Update (Auto-CDB) Service Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-5
18.6.4 Updating Merchant IDs for Visa, American Express, MasterCard, and Check
Acceptance Record Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-19
18.9.1 Key Fields Glossary for Merchant Central File Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-27
24.5.4 Service Monitoring for CVV and iCVV Service Participation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-12
24.8 How Dynamic Card Verification Value (dCVV) Service Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-25
26.6 How Cardholder Authentication Verification Value (CAVV) Verification Service Works. . . . . . . . . . . . . . . . . . . .26-8
27.6.4 V.I.P. Field Edit and DRC Requirements for CPS/ATM Authorization Requests. . . . . . . . . . .27-13
29.6 How Deferred Clearing Advice File (DCAF) Service Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-8
31.7.4 How VisaNet Applies Buy and Sell Currency Conversion Rates to Transactions. . . . . . . . .31-11
32.4.3.2 Prerequisites for Using the IBM PIN Offset Method. . . . . . . . . . . . . . . . . . . . . . .32-10
33.7.7 Visa Resolve Online (VROL) Processing of POS Check Transactions. . . . . . . . . . . . . . . . . . . . . . . .33-15
34.6 How Positive Authorization Capacity Management (PACM) Service Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34-6
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .IX-1
1 Document Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
2 V.I.P. System Manual Descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
16-1 Purchase and Cash Activity Merchant Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-7
16-2 Exception File Update Processing Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-11
16-3 V.I.P. Format Exception File Update Processing Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-11
17-1 Auto-CDB Pick-Up Action Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-6
18-1 Effective Date for File Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-5
18-2 MCF Record Types and Data by Card Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-10
18-3 Key MCF Fields by Record Type for 0100 and 0400 Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-12
18-4 MCFS Augmentation Logic by Record Type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-12
18-5 Merchant Central File Record Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-16
18-6 Field 127M.4 Universal Format Data Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-19
18-7 Information Supplied by MCFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-22
18-8 Field 91 File Update Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-28
20-1 Key AVS Data Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-7
20-2 Fixed Format Address Data Compression by Leading Numerics and by First Five Numerics
Algorithms for Non-U.K. Participants. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-16
20-3 Fixed Format Address and Postal or ZIP Code Compression by First Five Numerics for U.K. Participants.20-16
20-4 AVS Format Matching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-17
20-5 Field 44.2 Address Verification Result Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-19
20-6 AVS Result Code Conversion Based on Jurisdiction and Representment Rights. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-20
20-7 AVS Result Code Conversion Based on Acquirer Participation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-21
20-8 Sample Address Verification Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-21
20-9 Abbreviations Used in Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-25
20-10 Full and Compressed Data Formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-35
21-1 BASE I Field 70 Advice Recovery Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-12
22-1 SMS Field 70 Advice Recovery Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-14
24-1 Issuer Participation Activities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-9
24-2 Issuer Testing Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-11
24-3 V.I.P. Monitoring of Issuer CVV Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-13
24-4 V.I.P. Monitoring of Acquirer CVV Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-13
24-5 Set A and Set B Parameter Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-15
24-6 Issuer Implementation Activities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-15
24-7 Acquirer Implementation Activities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-17
24-8 CVV or iCVV Response Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-23
24-9 CVV Error Codes for Emergency Replacement Cards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-24
24-10 dCVV Verification Service Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-26
Each service chapter lists available documents containing additional information, technical
specifications, service implementation specifics, and service activation information.
Audience
This manual is intended for Visa clients’ technical and non-technical staff and managers,
and Visa customer support personnel who answer clients’ system and production
questions. Non-technical staff may find this information useful in making decisions about
subscribing to services and selecting service options.
Readers without a working knowledge of VisaNet and the V.I.P. System should see
Chapter 1, Introduction to System Services, and Chapter 2, System Fundamentals,
before reading the service descriptions.
Manual Structure
The two-volume V.I.P. System Services manual has seven parts, based on service functions.
Volume 1
Part 1: System Basics (Chapters 1 and 2)—Part 1 defines V.I.P. services and the manual’s
scope. It also describes the V.I.P. System, VisaNet components, and V.I.P. transaction
processing.
Part 5: Chip Card Services (Chapters 14 and 15)—Part 5 describes services available
through the V.I.P. System using chip cards and terminals that read chip cards in addition
to magnetic stripe cards.
Volume 2
Document Conventions
Table 1 Document Conventions
Document
Convention Purpose in This Manual
boldface Extra emphasis (stronger than italics); field values and codes.
The first manuals in this series: V.I.P. System Overview, V.I.P. System Services, Volume 1
and Volume 2, and V.I.P. System Reports, apply to BASE I System and Single Message
System (SMS) processing.
The next manuals are specific to the BASE I System: V.I.P. System BASE I Processing
Specifications and V.I.P. System BASE I Technical Specifications, Volume 1 and Volume 2.
For the Single Message System (SMS), the Visa U.S.A. (U.S.) region processing specifications
for ATM, Interlink, and POS are consolidated in one manual, V.I.P. System SMS Processing
Specifications (U.S.). For the international audience, there are processing specifications
manuals for ATM and POS.
General Information
V.I.P. System Overview
Describes the VisaNet network and its components, connection methods, processing concepts,
requirements, and options. Defines the V.I.P. System, the BASE I System, and the Single Message
System (SMS), Direct Exchange (DEX) and Visa Extended Access Servers (EA Servers), issuer
and acquirer responsibilities, and Visa Interchange Center (VIC) operations. Briefly introduces
V.I.P. services.
Doc ID 0851-28
V.I.P. System Reports
Provides sample reports for BASE I and SMS processing and V.I.P. services.
Doc ID 0852-28
V.I.P. System Services, Volume 1
Describes V.I.P. services available to BASE I and SMS users. Service descriptions include basic
information, processing requirements, options, features, key message fields, and message flows.
Volume 1 contains:
Doc ID 0853A-28
V.I.P. System Services, Volume 2
Describes V.I.P. services available to BASE I and SMS users. Service descriptions include basic
information, processing requirements, options, features, key message fields, and message flows.
Volume 2 contains:
Doc ID 0853B-28
BASE I
V.I.P. System BASE I Processing Specifications
Describes V.I.P. transaction processing in the BASE I environment, including message types,
processing considerations, related services, and VisaNet connection methods.
Doc ID 0847-28
Doc ID 0844A-29
V.I.P. System BASE I Technical Specifications, Volume 2
Doc ID 0844B-29
Interlink
V.I.P. System SMS Processing Specifications (U.S.)
Doc ID 0857-28
V.I.P. System SMS Interlink Technical Specifications
Companion to V.I.P. System SMS Processing Specifications (U.S.). Describes message formats,
field descriptions, and file specifications for Interlink.
Doc ID 0866-27
SMS ATM
V.I.P. System SMS Processing Specifications (U.S.)
Doc ID 0857-28
V.I.P. System International SMS ATM Processing Specifications
Contains information about SMS ATM processing, including message types, processing
considerations, VisaNet connection methods, and related services for clients outside the
U.S. region.
Doc ID 0839-28
V.I.P. System SMS ATM Technical Specifications, Volume 1
Companion to V.I.P. System SMS Processing Specifications (U.S.) and V.I.P. System International
SMS ATM Processing Specifications. Contains information about field descriptions for ATM.
Doc ID 0868A-27
V.I.P. System SMS ATM Technical Specifications, Volume 2
Companion to V.I.P. System SMS Processing Specifications (U.S.) and V.I.P. System International SMS
ATM Processing Specifications. Contains information about message formats and file specifications
for ATM.
Doc ID 0868B-27
SMS POS
V.I.P. System SMS Processing Specifications (U.S.)
Doc ID 0857-28
V.I.P. System International SMS POS (Visa & Visa Electron) Processing Specifications
Contains information about SMS POS processing, including message types, processing
considerations, VisaNet connection methods, related services, and reports for clients outside
the U.S. region.
Doc ID 0835-28
V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications, Volume 1
Companion to V.I.P. System SMS Processing Specifications (U.S.) and V.I.P. System International SMS
POS (Visa & Visa Electron) Processing Specifications. Describes fields for Visa POS and Visa Electron.
Doc ID 0869A-28
V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications, Volume 2
Companion to V.I.P. System SMS Processing Specifications (U.S.) and V.I.P. System International
SMS POS (Visa & Visa Electron) Processing Specifications. Describes message formats and file
specifications for Visa POS and Visa Electron.
Doc ID 0869B-27
Other Documents
Other documents used as sources for V.I.P. System Services include the Visa Core Rules and
Visa Product and Service Rules, RTN publications, general and detailed design documents,
and service advisories.
Chapter Structure
Service description chapters appear in the part (V.I.P. Basics or Routing Services,
for instance) appropriate to their functions, as described in “Manual Structure.” Except for
introduction and overview chapters, which appear first, service chapters within each part
are listed alphabetically.
Each service description chapter follows a standard structure, sharing section headings to
make finding information as easy as possible. A service description chapter explains the
service and presents the following sections.
Eligible Participants
This section contains text and icons (simple graphics) identifying which entities can use
the service. Icons indicate:
Represents the Central and Eastern Europe, Middle East, and Africa (CEMEA) region
BASE I
SMS
BASE I only
BASE I
SMS
SMS only
BASE I
SMS
Issuer
Acquirer
Service Summary
Participation Requirements
This section describes all prerequisites and requirements for participating in the service.
It provides information about:
• Testing.
• Service monitoring.
• Planning and implementation.
Related Messages
This section lists message types the service directly uses or that contain key service fields.
Boxes list key message fields and values contained in the messages.
• White boxes represent request messages. Shaded boxes represent response messages.
• Boxes with dotted lines illustrate advice messages. Arrows between boxes indicate
advice message creators and advice paths.
NOTE
V.I.P. typically creates advice messages for issuers to let them know it performed processing on their behalf.
In Figure 1, the acquirer creates the request message and sends it to V.I.P. within VisaNet.
V.I.P. processes the message and, indicated by the next arrow, sends the message to
the issuer for processing.
The issuer creates a response message and sends it to V.I.P. for processing. V.I.P. performs
its functions on the response and sends it to the acquirer.
In Figure 1, V.I.P. creates an advice for the issuer to recover. When the issuer receives the
advice, it responds with an advice response message.
NOTE
Responding to some advices is optional. For other advices, responses are mandatory.
NOTE
Message flows indicate key fields.
The V.I.P. documentation does not contain details about the BASE II System.
Related Publications
The publications listed provide information about Visa systems, rules, and additional
services not covered in this manual.
Visa Rules
Visa Core Rules and Visa Product and Service Rules contain the Visa Rules.
Qualifying merchants and third-party agents can also request the Interchange Qualification
Guide.
• Payment Card Industry Encrypting PIN PAD (EPP) Security Requirements Manual
• Payment Card Industry POS PIN-Entry Device Security Requirements Manual
V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications, Volume 1 and Volume 2
Security
Credit Rewards: Visa Incentive Network and Credit Interchange Frequently Asked Questions
JCB, MasterCard, Visa (EMV) Specifications, EMV '96 Version 3.1.1 and EMV 2000
Version 4.0—Contain industry standards for chip card and terminal interaction. They are
available at www.emvco.com.
Visa Smart Debit and Visa Smart Credit Service Description—Briefly describes VSDC
program features and benefits.
Visa Smart Debit and Credit Planning Guide—Helps clients plan VSDC programs and
migration strategies.
Visa Smart Debit and Credit Member Implementation Guide for Acquirers—Provides
guidelines for acquirers implementing VSDC programs.
Visa Smart Debit and Credit Member Implementation Guide for Issuers—Provides guidelines
for issuers implementing VSDC programs.
Visa Smart Debit/Visa Smart Credit System Technical Manual—Provides information for
clients and Visa staff responsible for implementing and operating VSDC programs.
Visa Integrated Circuit Card Specifications (VIS)—Contains technical specifications for the
VSDC card application, describing VSDC transaction functionality and flow.
Visa Global ATM Planning Guide—Contains information about the Visa and Plus
International ATM Program. It includes a program overview, business requirements,
optional services, risk management, processing options, testing procedures,
and back-office management.
Part 6, Authorization Database Files and Services, includes information about the
Cardholder Database (Chapter 16) and the Merchant Central File (Chapter 18). These two
main databases within the V.I.P. System contain cardholder and merchant data.
Chapter 18, Merchant Central File Service (MCFS)—This chapter provides an overview
of the Merchant Central File, which contains merchant data. The chapter describes the
Merchant Central File Service (MCFS), which uses information from this database to check
for complaints against merchants.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-3
16.1 In Brief
The Cardholder Database (CDB) resides at each VisaNet Interchange Center (VIC).
This database contains cardholder information used by the stand-in processor (STIP)
when it handles authorization, address verification, PIN verification, account verification,
and stop payment requests.
This chapter summarizes the CDB files, the file layouts, and the field contents, and also
identifies which entity is responsible for maintaining each file.
A full description of the Cardholder Database and its files appears in V.I.P. System BASE I
Processing Specifications and in V.I.P. System SMS Processing Specifications (U.S.).
Field description requirements for the files appear in V.I.P. System BASE I Technical
Specifications, Volume 1 and Volume 2, and in V.I.P. System SMS POS (Visa & Visa Electron)
Technical Specifications, Volume 1 and Volume 2.
Activity File
All Data Maintained by Visa
Advice File
All Data Maintained by Visa
Exception File
Account Cardholder Spending Spending
Number Account Purge Country Action Region Amount Count Update Effective
Length Number Date Code Code Coding Limit Limit Time Time
Portfolio File
Account Cardholder Card- Merchant
Number Account Country Issuer ID Type of holder Account
Length Number Purge Date Code Length Issuer ID Stop Order Name Number
Risk-Level File
Merchant
Account Cardholder Daily Group
Number Account Purge Country Issuer ID Issuer Risk Spending Activity Update Effective
Length Number Date Code Length ID Level Limit Limits Time Time
16.3.1 How V.I.P. Determines Effective and Update Date and Time
Effective Date and Time for Records—Effective time is the date and time when the
record goes into effect. The effective time is the date and time the VIC receives the
message. This time applies both to adding records and to deleting records.
Update Date and Time for Records—Update time is a system-generated “time stamp”
indicating the date and time that VisaNet establishes a record. Update time is not visible
to users but is available to Visa for research and for settling chargeback disputes. VisaNet
automatically generates the update time when it first enters a pick-up record in the file,
and when it changes a VIP (Very Important Person) or an XA (exception action) code
in an existing record to a pick-up code.
For the Exception File, update time refers to the first date and time that VisaNet updates
the file with an action code other than an approval, that is, pick-up codes 01, 04, 07, 41,
or 43. VisaNet keeps this date and time and does not change it during subsequent
updates as long as the action code is not an approval. For file types other than Exception
File types, the update time date specifies the date and time of the last record update.
The service chapters in this manual describe only those files that directly relate to the
processing of the specific service. While V.I.P. may check additional files during transaction
processing, this chapter does not describe these files or illustrate them in the flows.
Thus, the Related Services subsections may mention relationships between files and
services that the service chapters do not describe.
Related Services
The following V.I.P. System services rely on the Activity File:
The PIN Verification Service (PVS)—For issuer processors using the PIN Verification
Service, the activity record contains one accumulator that tracks the number of consecutive
invalid PIN-entry attempts. Issuer processors control PIN-retry activity by selecting a value
to limit the number of consecutive invalid PIN-entry attempts for one day.
File Control
Each VIC has a unique Activity File, containing STIP and PIN-verification activity for its
issuer processors. Visa is solely responsible for the content, the maintenance, and the
integrity of the activity files at all VICs.
File Content
The Activity File organizes activity file records by cardholder account number. For activity
checking, each cardholder record contains accumulators that track:
• Merchant group activity.
• Invalid PIN-entry activity (applies to BASE I only).
V.I.P. accumulates activity for approved transactions. Issuer processors specify whether
STIP is to check activity and set activity limits.
The following table illustrates the contents and the structure of an activity record for
purchases and for cash.
Activity Record
Invalid PIN-entry
attempts (BASE I
Purchase Activity Cash Activity Daily Spending Monthly Spending only)
separate counts of transactions approved under each set of activity limits (available and
unavailable). V.I.P. accumulates all activity together.
Related Services
The following V.I.P. System service relies on the Address Verification File:
The Address Verification Service (AVS)—When V.I.P. verifies addresses, it checks the
address data in the request message against the billing address information in the
Cardholder Database's Address Verification File. Issuers maintain this file at the VIC. Issuers
supply the address verification result code in the 0110 authorization response message,
unless STIP performs the address verification on behalf of the issuer. In this case, STIP
then sends an 0120 advice message to the issuer. The 0120 advice message contains the
billing address and the AVS result code.
File Control
Issuers are responsible for maintaining the contents of the Address Verification File.
File Maintenance
Issuer processors that choose to use the Address Verification File are responsible for
assigning and for maintaining the postal or ZIP code and the address verification value
fields.
Related Services
All V.I.P. services that use STIP also use the advice files. For information about the advice
files as they relate to a particular service, see the pertinent service chapter.
File Control
Visa is responsible for maintaining the data in the advice files. BASE I and SMS issuers,
as well as SMS acquirers, are responsible for retrieving advices from the advice files.
File Maintenance
VisaNet keeps advices on file at the VIC. Issuer processors can choose to receive their
advice records either by using online messages or through BASE II. If issuer processors
recover their advices online, they cannot recover the same advices using BASE II. They can,
however, request printed BASE I or BASE II reports of their advices.
NOTE
V.I.P. stores SMS advices online for 30 days. SMS issuers that want to retrieve their advices need to retrieve
them within this 30-day period.
For more information about advice retrieval, see Advice Retrieval Service—BASE I, and
Advice Retrieval Service—SMS.
Issuers use the Card-Level Product ID File to register their reward programs and eligible
cardholders in the VIN’s Cardholder Information Repository (CIR) database. In turn, the CIR
periodically (daily, monthly, semi-annually) provides the online Cardholder Database (CDB)
with updated information that V.I.P. needs for authorization processing. Currently, the VIN
provides the CDB with Visa Traditional Rewards program data.
When V.I.P. receives an 0100 authorization or 0200 full-financial request from an acquirer,
V.I.P. uses the CDB data to populate Field 62.23—Product ID with the appropriate product
value for the card before it forwards the request to the issuer. If the CDB does not
contain information for the account number being processed, V.I.P. uses the BIN default
product value.
File Content
The update file consists of a control record followed by as many data records necessary
for updates. A separate file containing a trailer record follows the last data record.
All records (control, data, and trailer) are in variable length EBCDIC and UMF format
• Activation Date
• Account Product ID
• Rewards Program ID
File Control
The CDB’s Card-Level Product File is updated from data in the CIR database.
File Maintenance
Issuers are responsible for ensuring (maintaining and updating) that the CDB file data
is correct.
Issuers can update the Exception File using an online transaction. To list an account
number, issuers use message type 0302 specifying file type E1, E2, E3, or E4. Once issuers
list an account number using file type E3, for any future updates for that account number,
issuers must always use file type E3; otherwise, V.I.P. rejects the updates.
For CDB update files and file types, refer to V.I.P. System BASE I Technical Specifications,
Volume 1 and Volume 2, V.I.P. System SMS ATM Technical Specifications, Volume 1 and
Volume 2, V.I.P. System SMS Interlink Technical Specifications, and V.I.P. System SMS POS
(Visa & Visa Electron) Technical Specifications, Volume 1 and Volume 2.
Related Services
The following V.I.P. System services rely on the exception files:
ATM/POS Split Routing Service—The ATM/POS Split Routing Service allows issuers that
operate as alternate processors to update and to access exception file account records
on behalf of the primary issuer.
Card Recovery Bulletin (CRB) Service—The Exception File is the only source for the
electronic CRB bulletins. Entering an account number in the Exception File with a pick-up
response code and with the CRB region coding ensures that the service includes the
account number in the applicable bulletins.
Visa Shortest Online Path (VSOP) Service—As part of standard request processing,
V.I.P. checks the Exception File and then routes the authorization requests directly to the
issuers, bypassing MasterCard's Banknet.
File Control
Issuers are responsible for the contents and the maintenance of the Exception File.
Every issuer must decide how best to use the Exception File. They base this decision on
the authorization center's mode of operation and on the degree of control they want.
Visa advises issuers to include all pick-up accounts in the Exception File so that STIP does
not authorize transactions for those accounts when processing transactions for the issuer.
File Maintenance
When updating the Exception File, issuers can update accounts having 5- to 28-digit
account numbers, including alphanumeric account numbers.
Table 16-3 summarizes the V.I.P. format exception file update processing actions.
Table 16-3 V.I.P. Format Exception File Update Processing Actions (continued)
Format 2 Additions and Changes—For additions and changes to Exception File records,
V.I.P. converts the purge date to coincide with the expiration date of the CRB in effect
at that time, using the YYMMDD format.
V.I.P. rejects Exception File records submitted with purge date years 2042 through 2098.
NOTE
The exception file stores only one purge date at a time for an account. This date corresponds to the expiration
date of the applicable bulletin for the region in which the account is listed.
Refer to V.I.P. System BASE I Processing Specifications for more information about purge
dates.
NOTE
STIP is not available for MasterCard transactions.
The Visa Security Module (VSM) at the VIC uses the PIN Verification File to verify the
cardholder for the issuer. V.I.P. uses the PIN Verification File as follows:
• When the issuer does not encode the PIN Verification Value (PVV) and the PIN
Verification Key Index (PVKI) or the IBM PIN offset on the magnetic stripe, they must
list these values in the PIN Verification File. Otherwise, V.I.P. assumes that the PVV and
PVKI or the offset appears in the authorization request.
• When the issuer encodes the PVV and PVKI or the offset on the stripe, issuer use of
the file is optional. An issuer may use the file for exceptions, such as for emergency
card reissues or for changes in account numbers, PINs, or PIN Verification Keys (PVKs).
In these instances, the data on the file overrides any magnetic stripe data present in
the authorization request.
NOTE
The PIN Verification File cannot contain multiple PVV and PVKIs or IBM offsets for the same cardholder
account. If the issuer issues cards with the same account number but with unique PVVs and PVKIs or offsets for
individual family members, the issuer should not use the PIN Verification File.
Related Services
The following V.I.P. System services rely on the PIN Verification File:
ATM/POS Split Routing Service—The ATM/POS Split Routing Service allows issuers that
operate as alternate processors to update and to access PIN Verification File account
records on behalf of the primary issuer.
PIN Verification Service (PVS)—The issuer must place PVVs and PVKIs or offsets on the
magnetic stripe of its cards or must maintain them in the PIN Verification File at the VIC.
If PVVs and PVKIs appear both on the magnetic stripe and in the PIN Verification File,
the data in the PIN Verification File overrides the data in the magnetic stripe.
PIN/No-PIN Split Routing Service—If the issuer uses the Split Routing option for
PIN/No-PIN transactions or to route ATM and POS transactions, V.I.P. uses information in
the PIN Verification File to process transactions with PINs.
Visa Shortest Online Path (VSOP) Service—For VSOP issuers, V.I.P. uses information in
the PIN Verification File to process transactions with PINs. Issuers, however, must define
their MasterCard account ranges in the split-BIN table to be linked to the same BIN as
their Visa card account ranges.
File Control
Issuers are responsible for ensuring that the PIN Verification File contains current account
numbers, PVVs, and PIN verification keys or IBM PIN offset values. If the file is incomplete
or is out of date, V.I.P. cannot verify PINs correctly.
File Maintenance
When updating this file, issuer processors can update accounts having 5- to 28-digit
account numbers, including alphanumeric account numbers.
Related Services
The following V.I.P. System service relies on the Portfolio File:
File Control
Issuers are responsible for maintaining all of their cardholders' stop payment orders
in the Portfolio File.
File Maintenance
Issuers update the records with 0302 messages using a tag-length-value (TLV) field format
for the type of stop order, cardholder name, and merchant account number. V.I.P. gets
other record information, such as the transaction identifier (TID), from other fields in
the 0302 message. Refer to the field 127.PF description in V.I.P. System BASE I Technical
Specifications, Volume 1, for details about submitting Portfolio File data.
Using these options, issuers can tailor risk levels and daily spending and activity limits
to suit a particular cardholder. The file-resident risk levels override the BIN defaults and
the card-encoded risk levels. This file lists only accounts that have exceptions to the
assigned default values.
Related Services
The following V.I.P. System services rely on the risk-level file:
File Control
Issuer processors that choose to use the risk-level file have sole responsibility for assigning
and for maintaining individual cardholder's risk levels, daily spending limits, and merchant
group daily activity limits in the risk-level file.
File Maintenance
If the issuer has not specified a risk level (A, B, C, or D), V.I.P. assigns the default risk
level (C).
Refer to V.I.P. System BASE I Processing Specifications for more information about the
risk-level file.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-3
17.1 In Brief
The Automatic Cardholder Database Update (Auto-CDB) Service allows V.I.P. to update the
Exception File when participating issuers return a pick-up response code in authorization
response messages.
Auto-CDB Service helps issuers prevent losses from problem accounts and improves the
accuracy of cardholder information available to V.I.P. for stand-in processing (STIP).
BASE I
The Auto-CDB Service is available to both BASE I System and Single Message
SMS System (SMS) issuers that process Visa Electron and Plus ATM transactions.
It is not available for Interlink card issuers.
BASE I and SMS
Issuer
The Exception File is comprised of account data, both favorable and unfavorable.
V.I.P. checks these files during online authorization when STIP responds to a request on
the issuer's behalf. The account records in the Exception Files specify the action STIP is
to take for each listed account.
V.I.P. confirms issuer requests for updates to the Exception File by generating either an
0130 or 0332 advice message. For Auto-CDB Exception File updates, V.I.P. confirms the
updates in an 0210 or 0322 response message.
For more information about the exception file, refer to the Cardholder Database Overview
chapter.
17.4.1 Testing
Visa requires testing before issuers can use the Auto-CDB Service. Issuers that choose to
receive 0120 advices must test that they can receive 0120 advices and can send 0110 file
update messages. Issuers that choose to receive 0322 advices must test that they can
receive 0322 advices and can optionally send 0332 advice response messages.
Refer to the Card Recovery Bulletin (CRB) Service, in Volume 1 for more information.
To prepare for Auto-CDB testing, issuers must supply Visa with test account numbers.
To test this service, clients must contact their Visa representatives.
0110: Auto-CDB Authorization Response—When issuers specify the pick-up action code
in Field 39—Response Code and the Exception File does not already list the account with a
pick-up status, V.I.P. updates the exception file and sends an 0120 advice. (See Table 17-1
for a list of pick-up action codes.)
0120: Advice of Exception File Update—This message notifies issuers that V.I.P. has
updated the Exception File (Field 44.1—Response Source/Reason Code contains CRB
reason code 0).
0210: Financial Transaction Response—When issuers specify the pick-up action code in
field 39 and the Exception File does not already list the account with a pick-up status,
V.I.P. updates the Exception File and sends an 0220 advice.
0322: File Update Advice—This message notifies issuers that choose to receive 0322
advices that V.I.P. updated the Exception File; it includes the updated authorization
response information. If V.I.P. could not process the 0110 or 0210 message, the 0322
message includes the discrepancy code in Field 48—Additional Data—Private.
SMS issuers must generate an 0332 response to acknowledge receipt of this advice.
Issuers that choose to receive 0322 advices optionally may generate an 0332
response to acknowledge receipt of this advice. Message type 0322 does not contain
Field 44—Additional Response Data.
0332: File Update Advice Response—This message notifies V.I.P. that the issuer received
the 0322 advice.
The issuer receives one of the following types of Exception File update advices:
• 0120 advice of Exception File update
• 0322 file update advice (sent only to issuers that have successfully completed testing
to process message type 0322)
NOTE
An issuer cannot receive both types of update advices.
See “Related Messages” in this chapter for more information about 0120 and 0322 advice
messages.
The discrepancy advice may contain a file update error code indicating that the update
request was inconsistent with the authorization response or that the request contained
edit errors.
For a description of valid error codes, refer to V.I.P. System BASE I Technical Specifications,
Volume 1 and Volume 2.
Table 17-1 lists the pick-up action codes for the Auto-CDB Service that issuers can send in
field 39 of an 0110 or 0210 authorization response.
Code Description
04 Pick-Up Card (non-fraud)—This code is a decline-and-pick-up response. For an
unspecified but non-fraud reason, the issuer wants the card recovered at the
point of sale or point of service (POS).
07 Pick-Up Card—Special Condition (fraud)—This code is a decline-and-pick-up
response. For a reason other than a lost or stolen card, the issuer wants the
card recovered at the POS.
41 Pick-Up Card—Lost Card (fraud)—This code is a decline-and-pick-up response.
A cardholder has reported a lost card; the issuer wants the card recovered.
43 Pick-Up Card—Stolen Card (fraud)—This code is a decline-and-pick-up
response. A cardholder has reported a card theft; the issuer wants the card
recovered.
During Auto-CDB processing, V.I.P. checks the Exception File for accounts receiving a
pick-up response code in the authorization response message. If the Exception File lists
the account with something other than pick-up status, V.I.P. changes the listing to pick-up
status. If the file does not list the account, the V.I.P. System adds the listing with the
appropriate pick-up code and with CRB region code 0.
The Auto-CDB Service lists the account either for the authorization purge date or until the
original expiration date for the existing account listing, whichever date is later.
Exception
File
Exception
File
(or)
See Table 17-1 for a list of pick-up response codes that issuers use in 0110 and 0210
authorization responses for Auto-CDB.
SMS Auto-CDB participants use field 63.4 to identify the reason that SMS generated
an advice. It appears in 0322 advices and contains code 9030, indicating a pick-up
response from the issuer.
Field 127E.1 appears in 0110 responses as well as in 0120 and 0322 advices. It must
contain the pick-up code from field 39.
For V.I.P. Auth-Only participants, the 0322 advice contains the original contents that
the issuer included in field 127E1. VisaNet does not require an advice response
(0332 message). For V.I.P. Full Service participants, issuers receive field 127 in the 0322
advice. Issuers, however, do not return field 127 in the 0332 advice response.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18-3
18.1 In Brief
The Merchant Central File Service (MCFS) supplies merchant information from the point
of sale or point of service (POS) that VisaNet requires in all authorization or reversal
requests. When the required information does not appear in the request because of
device limitations, V.I.P. adds the information from the Merchant Central File (if the data is
available) before it forwards the request to the issuer or to the stand-in processor (STIP).
The Merchant Central File (MCF) is separate from the Cardholder Database.
See Chapter 16, Cardholder Database Overview, for information about this database.
The Merchant Central File Service (MCFS) uses the MCF database of merchant information
exclusively; therefore, this chapter includes the description of the Merchant Central File.
BASE I
SMS MCFS is available to BASE I and SMS acquirers that participate in
Network 0002.
A Participation in MCFS is optional for both BASE I and SMS acquirers and
processors.
Acquirer
The MCF organizes files by acquirer BIN and by merchant identification (merchant ID,
merchant terminal ID, or both). Each merchant ID or merchant terminal ID within a
merchant facility can support multiple card types (such as MasterCard and Discover).
The Merchant Central File Service (MCFS) retrieves merchant information stored in the
MCF and adds field data that the merchant cannot supply in requests before it forwards
them to issuers.
IMPORTANT
If an acquirer uses MCFS, it must comply with the policies and procedures necessary to maintain its entries
in the MCF at the VIC. Acquirers must include the controls necessary to ensure accuracy of the data and
the procedures for conveying updates to the VIC.
Acquirers are responsible for supplying and for maintaining the data in the MCF. If the
acquirer does not provide VisaNet with the necessary MCFS information in the MCF,
V.I.P. forwards to the issuer those requests that are missing the necessary message
information.
Batch File Update—MCFS offers a batch update option. Clients must coordinate all batch
MCF update tape updates through their account managers. These files require additional
VIC processing time. Visa can provide clients with the approximate processing time once
staff verifies the total number of records. During V.I.P. freeze periods, Visa scrutinizes
requests to process large files (such as the MCF) to avoid causing major spikes in the
highest processing periods. Clients should expect increased processing delays with
large update files.
For message specifications, refer to the pertinent V.I.P. System technical specifications
manuals listed in “For More Information” in this chapter.
For more information about the record format for the update tapes, refer to V.I.P. System
BASE I Technical Specifications, Volume 1 and Volume 2, and to the pertinent V.I.P. System
SMS technical specifications manuals.
Online Method—The effective date and time is the date and time the VIC receives the
message.
Batch Method—The effective date and time is the center-specified date and time in the
file header (for instance, the file creation date or time).
The VIC uses the effective date and time to control the priority of multiple updates to the
same record. The question of priority arises when an acquirer updates a record by batch
method and then updates the same record online before the VIC receives the tape.
When the effective date and time of the MCF database record does not match the
effective date and time of the update record under the specified conditions, V.I.P. processes
the record according to the guidelines in Table 18-1.
If... Then...
The database effective date and time is less V.I.P. updates the MCF with the information in
than the effective date and time on the update the update record.
record...
The database effective date and time is greater V.I.P. does not update the MCF and rejects
than the effective date and time of the update the record with an effective date error (error
record... number 707).
The database effective date and time is equal For an update processed by the same VIC as
to the effective date and time of the update the previous update, V.I.P. accepts the change.
record... Otherwise, if a different VIC processes the
update, V.I.P. rejects the update with an effective
date and time error (error number 707).
Acquirers can request MCF records at any time while they are signed on to the network.
However, Visa reserves the right to ask that acquirers not request records during peak
volume hours. When VisaNet receives a request, it verifies that the acquirer or the
processing center is authorized for file access.
Acquirers or processing centers can also contact their Visa representatives to request a
listing of MCF records for a Processing Center Record (PCR), for BINs, or for BIN ranges
within a PCR.
For details about online file inquiry requests, refer to V.I.P. System BASE I Technical
Specifications, Volume 1 and Volume 2, and to the pertinent V.I.P. System SMS technical
specifications manuals.
18.4.1 Testing
Visa does not require testing for participation in MCFS if acquirers deliver MCF updates
using the CUP batch method. Otherwise, acquirers must test that they can send 0300
messages and can receive 0310 responses.
NOTE
MCFS uses Field 32—Acquiring Institution Identification Code and Field 41—Card Acceptor Terminal
Identification to retrieve the file from the MCF. MCFS does not update the information in these fields.
0400: Reversal Request—When V.I.P. receives an 0400 request for an acquirer, V.I.P. checks
the system files to determine if augmentation data exists for the acquirer. V.I.P. then adds
the MCF data to these fields in the request (as applicable to each card type):
• Field 18 • Field 59
• Field 42 • Field 62.20 (for Universal Service only)
• Field 43 • Field 100 (for Check Acceptance Service only)
NOTE
MCFS uses field 32 and field 41 to retrieve the file from the MCF. MCFS does not update the information in
these fields.
0300: Acquirer File Update Request—Acquirers use this message to add, change, delete,
or retrieve MCF information. An 0300 message includes the following fields indicating the
specific information to add to the authorization or reversal request:
NOTE
Field 63.1—Network ID Code is mandatory in SMS 0300 request and 0310 response messages.
0310: Acquirer File Update Response—This message is the response to an 0300 file
update request indicating the results of the file update. Field 39 indicates whether V.I.P.
updated the Merchant Central File with the additional information provided in the 0300
request. If V.I.P. encounters errors with the request, it does not perform the update and
inserts response Code 06 (error) in field 39. V.I.P. inserts a code in Field 48—Additional
Data—Private that identifies the error.
Figure 18-1 illustrates the structure for an acquirer that establishes record types by
merchant. In addition to Visa cards and MasterCard cards, Merchant A can also accept
Discover and American Express cards. Thus, the acquirer would have four MCF records
for Merchant A, one each for Visa, MasterCard, Discover, and American Express, and all
are keyed to the merchant ID for Merchant A. Merchant B only accepts Visa cards and
MasterCard cards. Thus, the acquirer would have two Merchant Central File records for
Merchant B, one each for Visa and for MasterCard, and both are keyed to the merchant ID
for Merchant B. If the acquirer has 100 merchants accepting only Visa cards, there must
be 100 Visa-record-type merchant identification records in the MCF.
Acquirer
Merchant A Merchant B
Figure 18-2 illustrates an example structure for an acquirer that establishes record types
by merchant terminal. For Merchant A, there would be four separate MCF records for
Terminal A (Visa, MasterCard, Discover, and American Express), another four MCF records
for Terminal B, and another four for Terminal C. All would be keyed to the merchant ID
for Merchant A.
Acquirer
Merchant A
If an acquirer establishes record types by merchant terminal ID, and the merchant has 200
terminals, the MCF must contain 200 different terminal identification records keyed to
that merchant for each card type.
Acquirers have the option of establishing MCF Universal records with both the merchant ID
and the merchant terminal ID as keys. This option requires establishing the same number
of records as establishing records by merchant terminal ID.
Table 18-3 lists the key fields for the different record types. Whether the acquirer can
use one field or the other, or both, depends on the record type. The key identifier length
is the card type’s maximum allowable length for the acquirer’s merchant identification
1. The V.I.P. System internally refers to Canada as CA and uses CA when referring to system code; otherwise,
the abbreviation for Canada is CAN in the V.I.P. documentation.
(field 41, field 42). The maximum merchant identifier for Universal card types is 23 bytes
(8 bytes for field 41 and 15 bytes for field 42). For all other card types, the maximum
merchant identifier length is 15 bytes.
Table 18-3 Key MCF Fields by Record Type for 0100 and 0400 Messages
Acquirers cannot set fields 41 and 42 for Visa and Universal data at the same time.
Table 18-4 summarizes the augmentation logic for the different record types.
NOTE:
The Check Acceptance Service is a U.S. region-only service.
Figure 18-3 shows how an acquirer might use MCFS to insert a merchant category code
in Visa-record-type authorization requests. The acquirer has previously specified that
the value in field 42 in the authorization or reversal request will always be 5 characters
in length. V.I.P. matches the value in field 42 (up to 5 characters in length) to the
corresponding field 42 five-character value in the MCF record. When a match occurs,
V.I.P. copies the merchant category code 9999 from the MCF record to Field 18—Merchant
Type in the request.
Figure 18-3 How V.I.P. Inserts an MCF Value in a Visa Card Type Request
Acq ID: 7777 Key: Fld 42 length = 5 Acq ID: 7777: Merchant ID = 12345 (5 bytes)
Figure 18-4 shows how V.I.P. inserts a merchant type (that is, a merchant category code)
and a merchant name and location in a Universal-card-type authorization request.
The acquirer has specified that the value in field 42 and in field 41 will always be the
merchant identification and a terminal identifier, and that this combined identifier will
always be 21 characters in length (the maximum length allowed is 23 bytes; 8 bytes for
field 41, 15 bytes for field 42). V.I.P. matches the request's acquirer ID and the field 41 and
field 42 values to the corresponding values in the correct MCF record. When a match
occurs, V.I.P. copies the MCF information to field 43 in the request.
Figure 18-4 How V.I.P. Inserts an MCF Value in a Universal Card Type Request
System Table
Merchant Central File Record
Acq ID: 7777 Key: Fld 41 length = 6 bytes Merchant ID= 123456789012345678 (21 bytes)
Fld 42 length = 15 bytes
Record type = Universal Merchant Type= 9999
Field 43 = anynameloc
Figure 18-5 illustrates how V.I.P. replaces existing data in a request with MCF data.
All record types except Universal allow MCFS to overlay data.
Figure 18-5 How V.I.P. Substitutes an MCF Value in a Visa Card Type Request
Acq ID: 7777 Key: Fld 42 length = 15 bytes Merchant ID= 123456789012345 (15 bytes)
Acquiring Acquiring <—These first fields are common to all Merchant Central File records.
Institution Institution Merchant
ID Length ID Record Type
Presence of these fields depends on record type:
Merchant
Name,
Purge Merchant Location, Postal Update Effective
Date Merchant ID Type Country Terminal ID Vendor ID Zone Time Time
Record
Record Type Field Description 0100/0400 Fields 0300 Fields
Visa, American Acquiring Function: key identifier Not applicable; resides n/a; resides in the
Express, Check Institution in the MCF MCF
Acceptance, ID Length Number of digits in the acquiring
Discover, institution ID.
MasterCard
Visa, American Acquiring Function: key identifier Field 32—Acquiring Field 32—Acquiring
Express, Check Institution Institution Identification Institution
Acceptance, ID The 4- to 11-digit acquiring Code Identification Code
Discover, (Acquiring institution ID. (It is usually 6 digits.)
MasterCard BIN) This field along with the merchant
identification field constitutes the
MCFS file key.
Visa, American Merchant Function: file maintenance n/a; resides in the MCF Field 127M.1—Format 2,
Express, Check Record Type Merchant Record Type
Acceptance, The 1-character code identifying
Discover, the card program. The values are:
MasterCard
A—Check Acceptance
D—Discover
M—MasterCard
V—Visa
X—American Express
Visa, American Purge Date Function: file maintenance n/a; resides in the MCF Field 73—Date, Action
Express, Check
Acceptance, The date after which VisaNet
Discover, removes the record. The format is
MasterCard MMDDYY. The date 999900 means
an indefinite purge date.
Visa, Universal, Merchant Function: key identifier Field 41—Card Acceptor Field 41—Card
American Express, Identifier Terminal Identification Acceptor Terminal
Check Acceptance, A unique 1- to 15-digit code for Identification
Discover, the acquirer BIN's merchant or Field 42—Card Acceptor
MasterCard merchant's terminal. This field Identification Code Field 42—Card
along with the acquiring institution Acceptor Identification
ID constitutes the MCFS file key. Code
Depending on the card type,
field 41, field 42, or both, can Field 127M.2—Format 2,
contain the identifier. Merchant Data 1
Record
Record Type Field Description 0100/0400 Fields 0300 Fields
American Express, Replacement Function: augmentation data Field 41—Card Acceptor Field 127M.2—Format 2,
Discover Terminal ID Terminal Identification Merchant Data 1
The 1- to 15-character terminal
identification replacement value Field 42—Card Acceptor
in field 41 or field 42 of the Identification Code
authorization request. V.I.P. adds
the identifier to the request
before STIP-or-issuer routing.
V.I.P. reinstates the original value in
field 41 or field 42 of the response.
Universal, Card Function: augmentation data Field 43—Card Acceptor Field 127M.3—Format 2,
MasterCard Acceptor Name/Location Merchant Data 2
Name, The 40-digit merchant identifier
Location, that comprises a 25-digit card Field 127M.4—Format 2,
Country acceptor name, 13-digit city name, Merchant Data 2
and 2-digit country code.
Check Acceptance Vendor ID Function: augmentation data Field 100 Field 127M.3—Format 2,
Merchant Data 2
A 1-character alphanumeric code
assigned to the vendor.
Universal, Postal Zone Function: augmentation data Field 59, positions 6–15 Field 127M.3—Format 2,
MasterCard Merchant Data 2
An alphanumeric 9-character
postal code.
Universal, Visa Merchant Function: augmentation data Field 62.20 Field 127M.5,
Verification Format 2, Merchant
Value An alphanumeric 10-character Data 2
MVV code.
A—Check Acceptance
D—Discover
M—MasterCard
U—Universal
V—Visa
X—American Express
• Universal: 40-digit card acceptor state, country, or ZIP code, as follows. All subfields
must be present.
• Visa: n/a.
• American Express: n/a.
Field 127M.4—Format 2, Merchant Data 2
This field contains additional data MCFS is to add or change in the Merchant Central
File for the different record types:
• Check acceptance: n/a.
• Discover: n/a.
• MasterCard: 40-digit card acceptor name/location as follows:
Subfield 127M.4.1 Subfield 127M.4.2 Subfield 127M.4.3
25-digit card acceptor name 13-digit city name 2-digit country code
• Visa: n/a
• American Express: n/a
• Universal: 16-digit card acceptor state, country, ZIP, or province code, as shown in
Table 18-6.
Subfield Content
127M.4.1 For all record types except M (MasterCard), this subfield contains a 2-digit
field length.
If the country code is CA (Canada1) and the record type is not M, this subfield
contains the 2-digit numeric province code.
If the country code is not US or CA and the record type is not M, this subfield
contains a 1- to 14-digit alphanumeric postal code.
If the record type is M (MasterCard), this subfield contains the 13-digit city
name.
127M.4.3 If the country code is US (United States) and the record type is not M,
this subfield contains the 3-digit numeric country code.
1. The V.I.P. System internally refers to Canada as CA and uses CA when referring to system code; otherwise, the
abbreviation for Canada is CAN in the V.I.P. documentation.
18.6.4 Updating Merchant IDs for Visa, American Express, MasterCard, and
Check Acceptance Record Types
Updating merchant IDs using file update messages involves field 41, field 42, or both.
Field 41 is an 8-byte field and field 42 is a 15-byte field. Both are left-justified and are
space-filled after the value itself. When acquirers use file update messages to update
merchant IDs, acquirers store the ID value in the MCF and specify the key field in the
system tables.
Regardless of the system table setting for key fields, if the acquirer spreads the
merchant ID across field 42 and field 41 and sends both fields in a file update message,
the system assumes that both fields are part of the key.
If both fields' concatenated value is 15 digits or less, V.I.P. stores the concatenated value
in the MCFS table and associates it with the key field specified in the system tables.
For instance, if the system table setting is field 42, then V.I.P. would insert the combined
value of field 42 and field 41 in the file update message into field 42.
If the result is more than 15 digits, V.I.P. uses only the value in the field specified in the
system tables as the merchant ID and ignores the other field value. For instance, if the
system tables specify field 41, then V.I.P. stores only field 41 in the 0300 message in the
MCFS table and discards the field 42 value.
If V.I.P. finds a match, it adds or replaces the necessary information from the MCF to the
request message before it sends it to the issuer or to STIP for processing.
Merchant
Central
File
The acquirer sends the V.I.P. tries to match key The issuer provides an
authorization or reversal merchant information in the appropriate authorization
request to the issuer. request to the Merchant or reversal response.
Central File. When it finds
a match, V.I.P. adds the
necessary information to
the request.
For transactions eligible for the MCFS Universal Service, if the field to be augmented
already exists in the message, V.I.P. does not change the information (except for that in
Field 59—National Point-of-Service Geographic Data). If field 59 is present but contains
zeros or blanks, V.I.P. considers field 59 as not being present and replaces the entire field
using the MCF data (if available).
NOTE
When applicable, V.I.P. does an all-inclusive field replacement, which comprises all subfields.
Depending on the type of card transaction, MCFS provides the information (in Table 18-7),
which the following example describes.
EXAMPLE
If an acquirer’s terminals cannot supply the merchant category codes for Visa transactions, the acquirer can
place those codes in the MCF. When the VIC receives a Visa card authorization or reversal request from one
of these terminals, V.I.P. adds the MCF merchant category code (MCC) to the request or replaces it before
routing the request to the issuer.
NOTE:
V.I.P. adds MCFS information only if the equivalent
information does not appear in a request.
When V.I.P. does not find the merchant terminal ID in the authorization or reversal request
message in the MCF, it performs special processing, which the following subsections
describe.
NOTE
The terminal translation feature does not apply to Visa, MasterCard, or check acceptance transactions.
• If field 42 is present in the message (either from the acquirer or from the MCF) and
is numeric, V.I.P. performs check-digit validation.
- If the first two digits of field 42 are 93, V.I.P. performs check-digit validation using
positions 1–10 of field 42.
- If the first two digits are not 93, V.I.P. performs check-digit validation using
positions 2–10 of field 42.
If the check digit is valid, V.I.P. replaces the last five digits of field 42 with spaces. If the
check digit is not valid, V.I.P. replaces field 42 with the default terminal ID.
• If field 42 is present in the message (either from the acquirer or from the MCF) but is
not numeric, V.I.P. replaces the value in field 42 with the default terminal ID.
If Field 100—Receiving Institution Identification Code is present in the authorization or
reversal request, V.I.P. does not perform MCFS augmentation.
When V.I.P. returns the response message, it reinstates the original value in field 42.
When V.I.P. returns the response message, it reinstates the original value in field 42.
Merchant
Central
File
If the value in field 91 is 1 or 2 in an 0300 request, VisaNet requires field 18 for Visa
transactions and it must include the merchant's type. If field 18 does not appear in the
authorization, financial, or reversal request, V.I.P. adds the information using MCF data,
if available. For Visa and MasterCard transactions, if field 18 is present, V.I.P. replaces
the value using the data in the MCF, if available.
For electronic POS terminals, when the ID is not unique to a specific terminal, acquirers
can use field 42 along with this field. ATM terminal IDs must be unique within the
acquirer's network, depending on the type of card transaction.
NOTE
Acquirers also use field 41 in 0300 requests for MCF updates.
Field 43 appears in ATM 0100 requests and balance inquiries and in all ATM
confirmations. If it appears in the original request, it is required in any subsequent
0400 reversal. Issuers do not include it in 0110 or 0410 responses.
U.S. Card Acceptors—This identifier is a numeric state code, a numeric ZIP code,
or both.
If the file update request contains update code 4 in field 91, V.I.P. rejects the transaction
with Error Code 0568—Invalid Value in Field 127—Format 1: File Maintenance.
The length and content of field 127M.2 depends on the record type that appears in
field 127M.1. Also, the length and content of field 127M.2 depend on the merchant’s
type value that appears in field 18.
Depending on the type of card transaction, the following field requirements apply:
Universal Data Format—Field 127M.2 appears if the code in field 101 is M9 or MCF,
and the code in field 91 is 1 or 2. Field 127M.2 (if supplied) must contain a valid
merchant category code. If the acquirer does not supply field 127M.2, it must supply a
value for field 127M.3 or field 127M.4. If the acquirer does not supply field 127M.3 and
field 127M.4, it must supply field 127M.2. The length of field 127 should be 5.
Visa and Universal Data—Acquirers must supply a valid merchant category code
(MCC).
If the code in field 91 is 3 or 5, field 127M.2 should not appear in the message.
American Express, Discover, and Visa—This field does not apply for format 2
requests.
The length and the content of field 127M.3 depend on the merchant’s type value in
field 18.
American Express, Discover, Visa, and Check Acceptance—This field does not apply.
Universal Data—This field appears in 0300 format 2 add or change requests for the
MCF. V.I.P. omits this field when it is not applicable. If present, the acquirer must
supply all of the subfields.
MasterCard—V.I.P. omits this field when it is not applicable. If present, the acquirer
must submit all of the subfields (127M.4.1, 127M.4.2, and 127M.4.3). The country code
must be a valid 2-digit alphanumeric code.
Universal Data—This field appears in 0300 format 2 add or change requests for the
MCF. V.I.P. omits this field when it is not applicable. The 0300 requests are able to
receive merchant verification values independent of the merchant data in field 127M.2
and in field 127M.4.
Part 7, Authorization Services, describes V.I.P. services that process authorization request
messages. These include:
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19-3
19.1 In Brief
The Account Verification Service enables merchants to request an account number
verification as an initial check for an estimated purchase. V.I.P. supports requests for
account number information through the Account Verification Service.
BASE I
SMS The Account Verification Service is available both to BASE I System users and
to Single Message System (SMS) users.
NOTE
A merchant's floor limit is an amount limit set by the acquirer (subject to Visa Rules maximums)
that determines if VisaNet authorization is needed to complete a transaction. V.I.P. only processes transactions
above a merchant’s floor limit. Transactions at or below the floor limit do not require authorization processing.
The service replaces the manual process of checking paper card recovery bulletins.
Instead of using a paper bulletin, the merchant contacts its acquirer to initiate an
account verification request. Refer to Chapter 11, Card Recovery Bulletin (CRB) Service, in
Volume 1, for information about bulletins.
19.4.1 Testing
Testing is required for participation in the Account Verification Service. Acquirers must
successfully complete testing to send and to receive account verification request messages.
The VisaNet Certification Management Service (VCMS) provides testing assistance for
Account Verification Service participants. Clients can contact their Visa representatives to
make the arrangements.
If the issuer is not available, STIP checks the account in the 0100 request message
to determine if the check digit is valid, and if the account is listed in the Exception File.
If the message requests address verification, CVV2 verification, or both, STIP returns
an address verification results code, and, if the issuer has provided Visa with its CVV2
verification keys, a CVV2 verification results code.
NOTE
STIP is not available for MasterCard transactions.
For account verification-only status checks, the amount in field 4 must be zero in requests
and their reversals, if:
• Field 3—Processing Code, positions 1–2, contains:
- 39 (eligibility message) for SMS.
- 39 (eligibility message), 70 (PIN change/unblock), 72 (PIN unblock or prepaid
activation), 00 (goods or service purchase), 01 (withdrawal or cash advance), or 11
(quasi-cash transaction) for BASE I.
• Field 25—Point-of-Service Condition Code contains 51 (zero amount account
verification).
If the 0100 message contains code 51 in field 25, but field 4 does not contain zero, V.I.P.
rejects the account verification request with Reject Code 0018—Invalid Value.
If the issuer is available, VisaNet forwards the verification request to the issuer. The issuer
performs normal transaction verification and returns the appropriate response code. If the
issuer finds no negative condition, and the account is in good standing, the issuer returns
response code 85 (no reason to decline) or code 00 (approved). For account verification
purposes, V.I.P. treats both responses in the same manner.
NOTE
Visa Europe Authorisation Services can send 0100 account verification messages that contain Verified by Visa
(VbV) authentication data. V.I.P. authenticates the CAVV and performs standard VbV processing on these
messages before forwarding them to issuers.
If the request message requests address verification, the issuer returns its response in
Field 44.2—Address Verification Results Code, unless it chooses to have V.I.P. perform
this function on its behalf. If the request messages requests CVV2 verification and
the issuer chooses to perform the verification, it returns the verification result in
Subfield 44.10—CVV2 Result Code.
If the issuer is unavailable (either is logged off, or the transaction timed out), V.I.P. forwards
the account verification request to STIP (unless the request is a MasterCard request).
When STIP receives the verification request, it verifies the check digit and checks the
exception file. The exception file is an online file comprised of issuer-supplied cardholder
data, both favorable and unfavorable. Refer to the Cardholder Database Overview chapter
in this volume for information about the exception file.
STIP sends an 0110 response message to the acquirer containing response code 85
(no reason to decline), in Field 39—Response Code, if the card:
• Has a valid check digit.
• Is not listed in the exception file with a negative action code.
• Is listed in the exception file with a positive action code.
STIP returns negative response codes based on invalid check digits or on information
that the issuer lists in the exception file.
STIP then creates an 0120 advice message for the issuer with code 2 in
Field 44.1—Response Source/Reason Code, indicating that STIP provided the code.
For general information about advices and about advice creation, refer to the V.I.P. System
Overview. Refer to the pertinent V.I.P. System technical specifications manuals for details
about advice creation. Refer to “For More Information” in About This Manual for a list
of V.I.P. publications.
Figure 19-1 illustrates the Account Verification Service process and message flow when
the issuer is available.
Figure 19-1 Account Verification Service Process and Message Flow (Issuer Available)
Exception
File
Figure 19-2 illustrates the Account Verification Service process and message flow when
the issuer is unavailable.
Figure 19-2 Account Verification Service Process and Message Flow (Issuer Unavailable)
Exception
File
Response code 85 is not the same as response code 00 (approved). Response code 00
specifically indicates that the transaction is approved. Response code 85 means
only that the issuer or STIP found no specific negative reason for an unsuccessful
verification. However, for account verification purposes, V.I.P. treats both responses in
the same manner.
If V.I.P. performs address verification, it returns the verification result code in the
response to the acquirer. If requested by the issuer, V.I.P. also includes the code in the
advice sent to the issuer.
If V.I.P. performs address verification but the issuer performs the transaction approval,
V.I.P. includes its results code in field 44.2 when it forwards the response from the
issuer to the acquirer.
If the issuer performs address verification, it inserts the verification result code in
field 44.2 of the response.
If the issuer performs address verification, but STIP performs the authorization process,
the acquirer receives field 44.2 only if the issuer returns it in the response.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20-3
20.1 In Brief
The Address Verification Service (AVS) is an online Visa service that enables merchants
to reduce fraud losses by verifying cardholders' billing addresses for card-not-present
(CNP) transactions.
Merchants, acquirers, and issuers can use AVS for Visa, American Express, and Discover
transactions, and for MasterCard point-of-sale (POS) transactions. In the Visa U.S.A. (U.S.)
region, participants can also use AVS for Visa-approved U.S.-issuer proprietary and
private-label transactions.
For MasterCard transactions, U.S. acquirers can also use AVS service for cards issued
in Canada.
NOTE
The V.I.P. stand-in processor (STIP) performs address verification for Visa and proprietary and private-label
transactions only.
BASE I
SMS AVS is available both to BASE I System users and to Single Message System
(SMS) users.
All issuers in the U.S. region must support AVS. All issuers in the United
I Kingdom (U.K.) must support AVS. U.S. and U.K. issuers must successfully
complete testing to receive and to send AVS codes for all products.
For address verification-only status checks, the amount in field 4 can be zero in requests
and their reversals, if:
• Field 3—Processing Code, positions 1–2, contains:
- 39 (eligibility message) for SMS.
- 39 (eligibility message), 70 (PIN change/unblock), or 72 (PIN unblock or prepaid
activation) for BASE I.
• Field 123—Verification Data is present.
Also, field 4 can be zero in 0302 file update requests. If the request meets all the
verification-only field requirements, and field 4 contains an amount other than zero,
STIP ignores the amount and, if the request is successful, responds with a value of 85
(no reason to decline) in field 39.
IMPORTANT
When V.I.P. receives an AVS-only account verification request destined for a U.K. issuer that is directly connected
to Visa Europe Authorisation Services, V.I.P. forwards the request to Visa Europe Authorisation Services, which
determines whether the request is to be processed by its stand-in processing system or forwarded to the issuer.
V.I.P. or the issuer verifies the cardholder address submitted by the merchant. V.I.P. or the
issuer determines the verification response, and V.I.P. forwards the response to the acquirer.
20.4.1 Testing
To use the service, testing is mandatory for all acquirers and issuers.
AVS testing ensures that the acquirer can send and can receive AVS fields in
authorization-related messages, and that the issuer can receive them and can respond
with the proper values in AVS fields:
• Field 25—Point-of-Service Condition Code
• Field 44.2—Address Verification Result Code
• Field 123—Address Verification Data
Issuers must supply test account numbers to use in test scripts.
The VisaNet Certification Management Service (VCMS) provides testing assistance for AVS
participants. Clients can contact their Visa representatives to make the arrangements
for testing.
0120: Advice—An 0120 advice notifies issuers when STIP processes an address
verification request on their behalf. If the address verification request includes an
authorization, field 39 contains the authorization response. Field 44.2 contains the address
verification result code. If the request does not include authorization, STIP includes only
the address verification result code in the advice.
0200: Financial Request—An 0200 financial request can include the address verification
request information. Acquirers can also use 0200 messages for address-verification-only
requests. V.I.P. and issuers send 0210 response messages to acquirers.
0210: Financial Transaction Response—V.I.P. and issuers send 0210 financial response
messages in response to 0200 financial request messages. An 0210 response message
contains the address verification result code in field 44.2 and the authorization response
code in field 39.
0220: Advice—An 0220 advice notifies issuers when V.I.P. processes an address
verification request on their behalf. V.I.P. sends 0220 advices to issuers and to acquirers
when V.I.P. performs address verification for 0200 request messages. If the address
verification request includes authorization, field 39 contains the authorization response
code. Field 44.2 contains the address verification result code. If the request does not
include authorization, V.I.P. includes only the address verification result code in the advice.
0420: Advice—An 0420 advice notifies acquirers when V.I.P. sends an 0400 reversal
to the issuer because the acquirer is unavailable to receive an 0210 response. If the
0210 response includes authorization, field 39 contains the authorization response code.
Field 44.2 contains the address verification result code. If the request does not include
authorization, V.I.P. includes only the address verification result code in the advice.
Table 20-1 identifies the key fields required in Visa messages requesting address
verification. “Key Fields Glossary” in this chapter fully describes the fields and their
contents.
To request address verification, acquirers must include cardholder billing address and
postal or ZIP code data in Field 123—Address Verification Data of the message. Visa does
not require U.S. acquirers to include state codes.
NOTE
If an acquirer or an issuer processor submits a non-original or exception item with address verification data
in field 123, SMS rejects the message with Reject Code 0699—Presence of PIN/Track/AVS Data Inconsistent
With Message Type.
IMPORTANT
V.I.P. assigns result code N (no match) to requests that include field 123 but the field is empty (all spaces).
Field 123 being present with all spaces also disqualifies an address verification request for CPS consideration.
The code in Field 62.1—Authorization Characteristics Indicator (Bit Map Format) in the response is N and the
downgrade reason code is AV.
Key Fields
Kind of Request
Field 3 Field 4 Field 49 Field 123
Address verification with authorization request 000000 Amount 840 Address data
Address verification without authorization 000000 Zeros 840 Address data
request
File within the Cardholder Database. Issuers maintain this file at the VisaNet Interchange
Center (VIC).
When the issuer specifies that it wants to verify addresses, V.I.P. forwards the request
to the issuer for address verification.
Issuers can receive both the address data and the V.I.P. address verification result code
in incoming authorization requests. Acquirers receive the verification result code in the
response.
Refer to the Cardholder Database Overview chapter in this volume for more information
about the database and the files it contains.
The AVF contains records organized by account number. V.I.P. checks a portion of the
cardholder's address in the address verification request against a portion of the address
information in the AVF for the account.
V.I.P. compares the information in the following fields in AVF records to the address
information in request messages:
Postal or ZIP Code—This field in AVF records contains either the cardholder's 5-digit or
9-digit postal or ZIP code. If the acquirer uses five digits, it must left-justify the digits
and space-fill the remainder of the field. Visa calls the V.I.P. postal or ZIP code verification
process Visa Verify. Visa Verify functionality is currently available only to issuers in the
U.S. region.
Address Verification Value (AVV)—This field in AVF records contains the leading digits
(up to five) of the cardholder's address. Acquirers must left-justify the contents of this
field and space-fill the remainder. Numeric street names must be in numeric form.
EXAMPLE
Acquirers must send “Third Street” as: “3 Street”.
The figure below illustrates the data fields in an AVF record. V.I.P. compares the shaded
fields to fields in the request message.
Refer to the V.I.P. System Overview for basic information about file maintenance. Refer to
the Files appendix in the appropriate V.I.P. technical specifications manuals for detailed
information about file maintenance processes and procedures.
Refer to the Cardholder Database Overview chapter for a description of the Cardholder
Database. Refer to the Cardholder Database, Merchant Central File, and Advice File
chapter in V.I.P. System BASE I Processing Specifications, and to the Cardholder Database
chapter in V.I.P. System SMS Processing Specifications (U.S.), for more detailed information
about the Cardholder Database.
Refer to V.I.P. System BASE I Processing Specifications or to V.I.P. System SMS Processing
Specifications (U.S.) for a summary of the AVF.
Figure 20-1 and Figure 20-2 illustrate the basic AVS process flows.
Figure 20-1 AVS Process Flow When the Issuer Must Perform Address Verification and Is Available
Address
Verification
File
The acquirer sends an If the issuer performs its The issuer performs
authorization request own address verifications address verification,
containing address in-house, V.I.P. forwards authorization (or both)
information to the issuer. the request message to the and returns the results
issuer. Otherwise, V.I.P. in the response message.
performs address
verification and forwards
the request message to
the issuer.
Figure 20-2 AVS Process Flow When the Issuer Must Perform Address Verification and Is Unavailable
Address
Verification
File
1. V.I.P. scans the 20-character address data in field 123 from left to right and extracts
the first five numeric characters before it comes to the first alphabetic character or
space. The algorithm ignores any special characters (for instance, /, \, #, -) within
the first five numerics.
2. It extracts the 5-digit or 9-digit postal or ZIP code.
3. V.I.P. then compares the extracted data with the postal or ZIP code and the Address
Verification Value (AVV) in the AVF.
4. Finally, V.I.P. returns a verification result code in the response message, indicating the
results of the data comparison. (See Table 20-5 for a list of result codes.)
Issuers have the option of receiving full- or compressed-format address data from
acquirers and from V.I.P. The differences between the two formats are:
Full Format—The issuer receives the full 9-position postal or ZIP code and up to the first
20 alphanumeric characters of the street address.
Compressed Format—The issuer receives the 9-position postal or ZIP code and the
leading numeric characters of the street address.
Refer to “Key Fields Glossary” in this chapter for a detailed description of both formats.
IMPORTANT
Postal or ZIP code data compression is only available to U.K. clients.
Non-IDS data must be specifically identified as such within the authorization request
message. Clients that want to establish a data standard that varies from that of the
IDS must provide a definition of the non-IDS standard to Visa, Inc. through their Visa
representatives. Visa, Inc. will assign a data type identifier that must be sent in request
messages, allowing V.I.P. and issuers to identify the data type.
Issuers and acquirers in all regions may use the TLV format, which is the only option
available outside of the U.S. region and the United Kingdom (U.K.). Acquirers in the U.S.
region and in the U.K. can send field 123 data either in fixed format or in TLV format,
depending on merchant support requirements.
NOTE
For U.K.-domestic transactions, U.K. acquirers use a unique U.K.-only compressed format for sending address
data in field 123.
Fixed Format
For U.S.-domestic transactions, clients use the fixed format for sending address data in
field 123. The fixed format of this field has two subfields following the Length subfield:
Positions:
1–9 10–29
Length Postal Code Cardholder Street Address
Byte 1 Bytes 2–10 Bytes 11–30
Length Subfield—The value in this subfield indicates the number of bytes of field 123
after the Length subfield.
Postal Code Subfield (Positions 1–9)—The value in this subfield is the postal or ZIP
code. The subfield contains the 9-digit code or the 5-digit code left-justified with four
positions of right-space fill.
NOTE
For U.K.-domestic transactions, clients use a unique U.K.-only compressed format for sending address data
in field 123.
NOTE
Acquirers and merchants can submit field 123 data in fixed format in compressed or uncompressed form.
(Again, only U.K. service participants can compress the postal or ZIP code data.) Refer to “Data Compression”
in this chapter for information about compressing data.
TLV Format
The following table illustrates the TLV format.
Positions:
1 2–3 4–255
Subfield 1: Subfield 2: Subfield 3: Subfield 4:
Length Dataset ID Dataset Length Address Data TLV Elements
TLV1 TLVN
Length Subfield—One-byte binary subfield that contains the number of bytes in this
field. (This Length subfield byte itself is not counted when defining the number of bytes
of the Length subfield.)
Dataset Length (Positions 2–3)—This subfield contains a two-byte binary number that
indicates the total combined length of the subsequent postal or ZIP code and the street
address datasets. Acquirers and merchants right-justify the value with leading zeros.
Tag—This element is a one-byte binary value that identifies the postal or ZIP code dataset
element or the street address dataset element:
• Hex C0 = postal or ZIP code
• Hex CF = street address
AVS global participants cannot send multiple elements within the same tag.
Length—This element is a one-byte binary value that indicates how many bytes of data
constitute the Value element. For instance, a value of 05 means that 5 bytes of postal
data reside in the Value element.
• If the issuer wants to receive the postal or ZIP code and the street address data
exactly as the acquirer sent it, V.I.P. does not perform any compression on the data
(that includes any non-numeric characters).
• If the issuer wants to receive compressed data, V.I.P. removes any alpha characters and
special symbols in a street address and sends only the numeric values. The address
verification services for U.S.- and U.K.-domestic transactions match only on numeric
values.
The compression option applies to street address and, for U.K. participants, to street
address and postal or zip code.
IMPORTANT
Acquirers must be capable of sending at least 20 characters of uncompressed street address data unless
agreements on compatible compression methods have been established between specific acquirers and specific
issuers.
V.I.P. provides two compression algorithms, leading numerics and first five numerics,
for compressing data sent to issuers and for compressing postal or ZIP code and street
address data stored in the Cardholder Database for issuers that choose to have V.I.P.
perform address verification. V.I.P. also supports unique regional compression methods
such as the non-leading numeric, first five approach participants use for U.K.-domestic
transactions. Refer to “U.K.-Domestic Transactions” in the “Field 123 Usage” section for
more information.
Leading Numerics—V.I.P. scans the street address subfield from left to right, extracting
numeric digits. V.I.P. stops scanning when it encounters a space or an alphabetic character
(not including any special characters) or when it scans the entire street address. Table 20-2
illustrates the leading numerics compression algorithm. The ^ symbol denotes spaces.
First Five Numerics—V.I.P. scans the street address subfield from left to right, as it does
in the leading numerics algorithm. V.I.P. stops scanning when it has extracted five numeric
digits or when it scans the entire street address. Table 20-2 illustrates the first five
numerics compression algorithm. The ^ symbol denotes spaces.
Table 20-2 shows the difference in results between the two algorithms using data
submitted in fixed format.
Table 20-2 Fixed Format Address Data Compression by Leading Numerics and by First Five
Numerics Algorithms for Non-U.K. Participants
Compressed Compressed
Postal/ZIP by Leading by First Five
Code Actual Street Address Uncompressed Numerics Numerics
91234-0615 123 1st Street 912340615 123 1st Street 912340615123 9123406151231
Table 20-3 shows the fixed format address and postal or ZIP code compression by first
five numerics for U.K. AVS participants for the address: 5678 London Court #99, Postal
Code: 5S76D.
Table 20-3 Fixed Format Address and Postal or ZIP Code Compression by
First Five Numerics for U.K. Participants
Compressed by First
Postal or ZIP Code Actual Street Address Five Numerics
5S76D 5678 LONDONCOURT#99 576^^^^^^56789
For fixed-format submissions, compressed data includes spaces necessary to fill out a
subfield.
/ (forward slash)
\ (backward slash)
When compressing data in the TLV format, the element length equals the length of the
resulting compressed data. For TLV submissions, compressed data does not require
any space-fill.
The initial character in field 123 identifies the format; TLV data always begins with an
EBCDIC non-displayable character. V.I.P. translates:
• TLV IDS data to fixed data.
• Fixed U.S. IDS data to U.K. fixed data.
• Fixed U.S. IDS data to TLV IDS data.
When switching transactions to issuers, V.I.P. sometimes truncates one or more address
data elements if the formats are incompatible or cannot be accurately translated. These
translations are:
• TLV non-IDS data to fixed data.
• Fixed non-IDS U.K. data to U.S. fixed data.
• Fixed non-IDS U.K. data to TLV data.
NOTE
V.I.P. also converts issuer-generated AVS result codes to their counterpart codes for the appropriate format when
it encounters incompatible data standards. Refer to the Result Code Conversion sections in this chapter.
If V.I.P. receives an authorization request containing field 123 for a card type that is not
valid for AVS, it removes the field before passing the request to the issuer. When V.I.P.
receives the 0110 issuer response, it inserts result code U (unavailable; issuer not an AVS
participant) in Field 44.2—AVS Result Code.
Acquirers can use an 0100 message to request an address verification by itself or along
with an authorization request. Field 44.2 contains the address verification result code.
IMPORTANT
When V.I.P. receives an AVS-only account verification request destined for a U.K. issuer that is directly connected
to Visa Europe Authorisation Services, V.I.P. forwards the request to Visa Europe Authorisation Services, which
determines whether the request is to be processed by its stand-in processing system or forwarded to the issuer.
The following subsections summarize regional AVS transaction requirements, including the
usage of field 123.
U.S. acquirers can submit uncompressed or compressed street address data either in fixed
or TLV formats. U.S. acquirers can also submit only the street address and the postal or
ZIP code; VisaNet does not require the state.
NOTE
Acquirers must always forward uncompressed address data unless agreements on compatible compression
methods have been established between specific acquirers and specific issuers.
IMPORTANT
U.S. issuer participation in AVS is mandatory. U.S. issuers can choose to receive address data either in fixed or
TLV format, and in compressed or uncompressed format.
U.K. acquirers submit address data in the U.K. compressed format, subject to the following
requirements:
Table 20-5 lists the valid address verification result codes that V.I.P. returns in
Field 44.2—Address Verification Result Code in 0110 and 0210 response messages.
Code Applies to
Code Definition Domestic Global
A Street addresses match. The street addresses match but
the postal or ZIP codes do not, or the request does not
include the postal or ZIP code.
B Street addresses match. Postal or ZIP code not verified
due to incompatible formats. (Acquirer sent both street
address and postal or ZIP code.)
C Street address and postal or ZIP code not verified due to
incompatible formats. (Acquirer sent both street address
and postal or ZIP code.)
D Street addresses and postal or ZIP codes match.
F Street addresses and postal codes match. Applies to
U.K.-domestic transactions only.
G Address not verified for international transaction. Issuer is
not an AVS participant, or AVS data was present in the
request but issuer did not return an AVS result, or V.I.P.
performed address verification on behalf of the issuer and
there was no address record on file for this account.
I Address information not verified.
M Street addresses and postal and ZIP codes match.
N No match. Acquirer sent postal or ZIP code only, or street
address only, or both postal or ZIP code and street address.
P Postal or ZIP codes match. Acquirer sent both postal or
ZIP code and street address, but street address not verified
due to incompatible formats.
Code Applies to
Code Definition Domestic Global
R Retry: System unavailable or timed out. Issuer ordinarily
performs address verification but was unavailable.
V.I.P. uses code R when issuers are unavailable. Issuers
should refrain from using this code.
S Not applicable. If present, V.I.P. replaces it with U or
with G.1 Available for U.S. issuers only.
U Address not verified for domestic transaction. Address not
verified for international transaction. Issuer is not an AVS
participant, or AVS data was present in the request but
issuer did not return an AVS result, or V.I.P. performed
address verification on behalf of the issuer and there was
no address record on file for this account.
W Not applicable. If present, V.I.P. replaces it with Z. Available
for U.S. issuers only.
X Not applicable. If present, V.I.P. replaces it with Y. Available
for U.S. issuers only.
Y Street address and postal and ZIP code match.
Z Postal or ZIP codes match, street addresses do not match
or street address not included in request.
1. Issuers can send codes S, W, and X, but V.I.P. converts them to U, Z, and Y, as appropriate, before it forwards the
message to the acquirer.
NOTE
V.I.P. uses AVS result code N (in field 44.2) if an acquirer requests address verification without providing any
address data in field 123 in the request. AVS transactions attempting to qualify for CPS consideration will not
qualify; they receive downgrade reason code AV. This process ensures that acquirers are not afforded a better
CPS rate and chargeback protection when requesting address verification without supplying address data.
However, V.I.P. does not downgrade transactions that include postal or ZIP code data in field 123 and they
receive CPS qualification.
It is mandatory for U.K. acquirers to receive the result code G in field 44.2. U.S. acquirers
can choose to receive all or none of these AVS result codes: B, C, D, G, I, M, P.
20.7.6.5 Result Code Conversion Based on Acquirer Participation (U.K. and U.S. Only)
If an acquirer cannot receive the AVS global result codes (B, P, C, D, I, M, and G),
V.I.P. converts them, as indicated in Table 20-7, before forwarding the response to the
acquirer. If the acquirer cannot receive the first replacement code from V.I.P. or from the
issuer, V.I.P. uses the second, or default, replacement code.
Issuer or V.I.P. Result Code First Replacement Code Second Replacement Code
G I U
B A
C G U
D Y (in the U.S. region only) or
F (in the United Kingdom only)
I U
M Y (in the U.S. only) or F (in
the United Kingdom only)
P Z
Table 20-8 shows sample results that can occur during address verification. The table
shows data extracted in compressed format. The caret symbol (^) in the table represents
a blank space.
Visa's or
Issuer's Result
Merchant-Supplied Address Verification Postal/ZIP Code AVV Code
Data (Field 123) Data Extracted (AVF) (AVF) (Field 44.2)
91234^^^^One^Elm^Street 91234 91234 1 Z
Visa's or
Issuer's Result
Merchant-Supplied Address Verification Postal/ZIP Code AVV Code
Data (Field 123) Data Extracted (AVF) (AVF) (Field 44.2)
912340615123^1st^Street 912340615123 912340615 123 Y
912340615123^First^Street 912340615123 912340615 123 Y
85282^^^^89^25th^Avenue 85282^^^^89 85282 89 Y
85282^^^^89^Twenty-Fifth^Aven 85282^^^^89 85282 89 Y
70433012322^Walnut^Street^#23 70433012322 704330123 22 Y
70433^^^^22^Walnut^Street^#23 7043322 70433 22 Y
70454^^^^P.O.^Box^12345 70454^^^^ 70454 Y
94112^^^^111^Jones^Street 94112^^^^111 93123 111 A
43111^^^^998^Acorn^Street^#23 43111^^^^999 32678 999 N
94823^^^^222^Maple^Street 94823^^^^222 94823 346 Z
If STIP provides the authorization approval or decline code after the issuer has supplied
the address verification result code in Field 44.2—Address Verification Result Code
(as occurs for some transactions), the acquirer receives the authorization response value
assigned by STIP in Field 38—Authorization Identification Response, rather than the
code assigned by the issuer.
• If the issuer returns a non-approval response code (any code except 85) in field 39 for
an address-verification-only request, V.I.P. forwards the issuer-generated response to the
acquirer. Additionally, V.I.P. forwards the issuer-generated code in field 38.
• If the issuer returns response code 85, V.I.P. generates the code in field 38.
Refer to “Key Fields Glossary” in this chapter for AVS fields in messages.
V.I.P. performs address verification by comparing the incoming address data in the request
message with address data stored in the Address Verification File.
V.I.P. forwards the authorization request to the issuer or processes it in stand-in according
to issuer-specified parameters and transaction characteristics.
• Whether the request is for address verification only or for address verification and
authorization.
• Issuer-specified AVS options.
• Transaction characteristics and issuer-specified parameters V.I.P. is to use when the
address verification request is combined with an authorization request.
V.I.P. performs transaction authorization functions as requested in the acquirer's message.
V.I.P. returns the 0110 or 0210 response, which includes the address verification result
code, to the acquirer.
NOTE
The issuer can request that V.I.P. include the address verification result code in an 0120 or 0220 advice.
When an issuer chooses to perform address verification, V.I.P. routes the acquirer's address
verification request directly to the issuer for processing. The issuer verifies the address and
returns a verification result code. Table 20-5 lists valid address verification result codes.
If the request is for both address verification and authorization, the issuer verifies the
address data, and the issuer or V.I.P. processes the authorization request depending on
the transaction characteristics and on issuer-specified STIP parameters. V.I.P. returns both
results in the response to the acquirer.
Address In-house
Verification Address
File Verification
As appropriate, the examples illustrate processing when the issuer is available, when the
issuer is unavailable and STIP processes the request, and when the STIP performs the
processing regardless of the availability of the issuer. Table 20-9 defines the abbreviated
terms the examples use.
Examples 1 and 2 illustrate the processing flow when STIP processes the transaction and
the issuer chooses not to have V.I.P. forward the verification result. In Example 1, the issuer
is available; in Example 2, the issuer is unavailable.
Example 1
In this example, the following conditions exist:
- The request is for both address verification and authorization.
- The issuer is available.
V.I.P. does not forward the verification result to the issuer because the issuer chooses
not to receive it.
In this example, V.I.P. performs address verification for the issuer, but the issuer does
not want to see the result. V.I.P. passes the request without address data to the issuer.
When the acquirer requests an address verification, V.I.P. verifies the address data against
the information in the Address Verification File and sends the result in Field 44.2—Address
Verification Result Code in the response to the acquirer but does not advise the issuer
that it performed address verification.
Verification result
Example 2
In this example, the following conditions exist:
- The request is for both address verification and authorization.
- The issuer is unavailable.
V.I.P. does not forward the verification result to the issuer.
If the issuer is unavailable, STIP processes the request. The message flow is the same
as the message flow illustrated in Example 1, except that STIP does not forward the
authorization request to the issuer. If STIP creates an advice for the authorization,
the advice does not contain the verification result code in field 44.2.
Address data
Verification result
Examples 3 and 4 illustrate the processing flow when STIP processes the transaction and
the issuer chooses to have V.I.P. forward the verification result. In Example 3, the issuer is
available; in Example 4, the issuer is unavailable.
Example 3
In this example, the following conditions exist:
- The request is for both address verification and authorization.
- The issuer is available.
V.I.P. forwards the verification result to the issuer.
In this example, V.I.P. performs address verification for the issuer, and the issuer wants
to see the result. When an acquirer submits a combination authorization and address
verification request, V.I.P. verifies the address data against the information in the Address
Verification File. V.I.P. forwards the verification result code (in field 44.2) and the address
data (in field 123) to the issuer in the request. The issuer returns the verification result
code in the response to the acquirer.
Example 4
In this example, the following conditions exist:
- The request is for both address verification and authorization.
- The issuer is unavailable.
If the issuer is unavailable, STIP processes the request. The message flow is the same
as the message flow illustrated in Example 1, except that STIP does not forward the
authorization request to the issuer because the issuer is unavailable. If STIP creates an
advice for the authorization, STIP includes the verification result code (in field 44.2)
and the address data (in field 123) in the advice.
Address data
Example 5
In this example, the following conditions exist:
- The request is for address verification only.
- The issuer is available.
V.I.P. creates an advice for the issuer.
In this example, the acquirer requests address verification only by including POS condition
code 51 in the message in addition to address data. Because V.I.P. is verifying the address
for the issuer, V.I.P. processes the request entirely within the system. V.I.P. includes the
verification result code (in field 44.2) and the response code (in field 39) in the response
message sent to the acquirer. V.I.P. creates an advice for the issuer containing the
verification result and the address data.
Address data
Example 6
In this example, the following conditions exist:
- The acquirer requests address verification.
- The issuer does not support it.
The message flow is the same as those for address verification-only requests or for
combined authorization and address verification requests when the issuer supports
address verification.
Address data
Verification result = U
In Example 7, the acquirer requests address verification only, but the issuer is in the
U.K., so V.I.P. forwards the transaction to Visa Europe Authorisation Services for approval
processing.
Example 7
In this example, the following conditions exist:
- The acquirer requests address verification only.
- The issuer resides in the U.K.
V.I.P. does not forward the request to the issuer because the issuer is in the U.K.
V.I.P. forwards the request to Visa Europe Authorisation Services for an approval or decline
decision.
POS code = 51
Address data
Response code = 57
Example 8
In this example, the following conditions exist:
- The acquirer requests both authorization and address verification.
- The issuer prefers to perform these functions and is available.
Example 9
In this example, the following conditions exist:
- The acquirer requests both authorization and address verification.
- The issuer prefers to perform these functions but is unavailable.
In this example, the issuer is unavailable, so STIP processes the authorization request
according to the issuer's STIP parameters and sends verification result code R
(retry—system unavailable or timed out) to the acquirer. If STIP creates an advice for the
authorization, it includes the address verification result code and the address data.
Address data
Example 10
In this example, the following conditions exist:
- The acquirer requests both authorization and address verification.
- The request is an airline transaction that qualifies for STIP processing, and the
issuer is available.
When STIP processes a combined authorization and address verification request that
contains an airline merchant category code (in Field 18—Merchant Type), V.I.P. changes
the POS code (in Field 25—Point-of-Service Condition Code) to 51 (address verification
only) and forwards the request with the address data to the issuer. V.I.P. then processes
the authorization according to the issuer's STIP parameters. The issuer verifies the address
information. If the issuer declines the transaction because it does not pass address
verification, the issuer returns a decline response code in field 44.2 in the response to V.I.P.
Then, V.I.P. sends field 44.2 and the STIP results in field 39 to the acquirer.
Reason code
Verification result
Verification result
Examples 11 and 12 illustrate message flows when the issuer performs address verification
and the message requests address verification only. In Example 11, the issuer is available;
in Example 12, the issuer is unavailable.
Example 11
In this example, the following conditions exist:
- The acquirer requests address verification only.
- The issuer prefers to perform this function and is available.
When the acquirer requests address verification only (by using POS condition code 51),
V.I.P. forwards the request to the issuer with the address data and with POS code 51.
The issuer verifies the address data and includes the address verification response in
Field 39—Response Code.
Example 12
In this example, the following conditions exist:
- The acquirer requests address verification only.
- The issuer prefers to perform this function but is unavailable.
In the following example, the issuer is unavailable, so STIP processes the request. Because
the issuer cannot verify the address, V.I.P. sends address verification result code R
(retry—system unavailable or timed out) in field 44.2 to the acquirer.
POS code = 51
Address data
Verification result = R
If STIP provides the authorization approval or decline code after the issuer has
supplied the address verification response code, as occurs in some transactions,
the acquirer receives the code assigned by STIP, rather than the code assigned by the
issuer, in field 38.
Refer to V.I.P. System BASE I Technical Specifications, Volume 1 and Volume 2, and to
V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications, Volume 1 and
Volume 2, for a complete list of valid authorization codes and response codes.
However, if STIP provides the authorization decision after the issuer processor provides
the address verification response, the acquirer processor receives code 2 in field 44.1.
(The authorization source takes precedence over the address verification source.)
If V.I.P. performs address verification, it returns the verification result code in the
response to the acquirer. If requested by the issuer, V.I.P. also includes the code in the
advice sent to the issuer.
If V.I.P. performs address verification but the issuer performs the transaction approval,
V.I.P. includes its results code in field 44.2 when it forwards the response from the
issuer to the acquirer.
If the issuer performs address verification, it inserts the verification result code in
field 44.2 of the response.
If the issuer performs address verification, but STIP performs the authorization process,
the acquirer receives field 44.2 only if the issuer returns it in the response.
Refer to Table 20-5 in this chapter for valid address verification result codes.
Both formats are shown in Table 20-10. The caret symbol (^) represents a blank space.
Field 123 consists of up to 29 characters of the cardholder's address. In the full format,
the first nine positions contain either the 5-digit or 9-digit postal or ZIP code, and the
remaining positions contain the first 20 alphanumeric characters of the street address.
If the issuer has chosen to receive address data in compressed format, it receives a total
of 14 positions made up of a 9-position postal or ZIP code field and a 5-position address
field. V.I.P. reduces the street address to its first five digits before the first alphabetic
character or space.
The number in a street address and any numeric names of streets must be sent by the
merchant or the acquirer in numeric form to match the address data stored in the
Address Verification File.
EXAMPLE
Acquirers must convert and send the address “One Fifty-Five Park Place” as “155 Park Place”.
The issuer must not return the address information in the response.
IMPORTANT
Acquirers should not send address data in compressed format because issuers have the option to receive the
data in the full, or uncompressed, format.
V.I.P. compresses address information only for Visa card transactions; it never compresses
address data for MasterCard, American Express, or Discover card transactions.
If V.I.P. receives an authorization request containing field 123 for a card type that is not
valid for address verification or is for an issuer that does not support address verification,
it removes field 123 before passing the request to the issuer. When V.I.P. receives the 0110
issuer response, it inserts code U (unavailable; issuer not an AVS participant) in field 44.2.
For issuer processors that participate in AVS but choose not to receive the result code,
V.I.P. removes this field from the request before it sends the request to the issuer
processor for authorization.
Refer to V.I.P. System BASE I Technical Specifications, Volume 1 and Volume 2, and to
V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications, Volume 1 and
Volume 2, for a complete list of valid response codes and authorization codes.
• V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications, Volume 1 and
Volume 2
• V.I.P. System SMS Processing Specifications (U.S.)
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21-3
21.1 In Brief
The BASE I Advice Retrieval Service allows issuers to retrieve (or to recover) their stand-in
processing (STIP) advice data from the BASE I advice file.
The BASE I Advice Retrieval Service is available to issuers in all Visa regions.
BASE I
The BASE I Advice Retrieval Service is mandatory for BASE I System issuers
SMS and processors.
BASE I only
Issuer
Each VIC maintains a BASE I advice file, in which it stores BASE I STIP response records.
Every record reflects information from the authorization or reversal request, the STIP
response, and the reason why STIP processed the request.
NOTE
STIP does not create advices for all of the transactions that it processes. For instance, STIP does not generate
an advice for a request that has decline response code 15 (no such issuer).
V.I.P. creates a record in the BASE I advice file each time one of the following services
initiates an update to the Cardholder Database files:
• Global Customer Care Services (GCCS)
• Vsafe
• Merchant Fraud Performance Program
V.I.P. stores BASE I STIP advice records for a maximum of 15 days or until the issuer retrieves
the advices from the BASE I advice file. After 15 days, V.I.P. purges any unretrieved BASE I
advices. V.I.P. stores the following categories of advice messages in the BASE I advice file:
• STIP processing advices (these include authorization and reversal requests, and negative
results obtained from checking the exception file).
• BASE I exception file update advices. Refer to the Cardholder Database Overview
chapter in this manual for information about this file.
Issuers can select one of the following methods for retrieving BASE I advices:
Online—Issuers can recover advices online using their VisaNet connection. For online
advice retrieval, issuers must be authorized to access the advice records. Issuers can use
either one station or multiple stations per Processing Center Record (PCR) to retrieve
advices:
• The One Station per PCR method uses a single station for each V.I.P. connection identifier
(known as a PCR), which initiates a sign-on message to retrieve advices from the advice
queue, one at a time. The participant must respond to each advice message before
it can retrieve the next advice message.
• The Multiple Stations per PCR method uses a single PCR, in which a processor can
sign on to more than one station at a time to retrieve advices from the advice queue.
This method allows processors to retrieve their BASE I advices much more quickly than
they could from a single station. Participants can continue advice retrieval from a single
station through their primary connection to VisaNet.
Offline—Issuers can receive machine-readable or print-ready advice records through the
BASE II System as transaction code 48 (TC 48) advices.
Receiving advices through BASE II is especially useful when the issuer is both a BASE I
authorization center and a BASE II processing center.
Issuers can also contact their Visa representatives to subscribe to the BASE I report
BIOSR320, Advice File Listing. BIOSR320 is a weekly report of all advices BASE I stored
since the last reporting date. The report can be delivered electronically or in printed form.
21.4.1 Testing
Advice retrieval testing is mandatory for all BASE I issuers that choose to retrieve advices
online. BASE I issuers in the Visa U.S.A. (U.S.) region must successfully complete testing
before they can receive advices whether or not they participate in the service.
The testing process ensures that the issuer can successfully send and receive the following
messages:
• 0120—STIP advices.
• 0120 and 0322—Exception File update advices for the following:
- The Automatic Cardholder Database Update (Auto-CDB) Service. Refer to the
Automatic Cardholder Database Update (Auto-CDB) Service chapter for information
about this service.
- Global Customer Assistance Services (GCAS). For information about GCCS, clients
can contact their Visa representatives.
NOTE
Receipt of 0322 advices is optional for BASE I issuers, as is sending 0332 advice responses. SMS issuers
that participate in either or both advice retrieval services must successfully complete testing before they
can receive 0322 advices and send 0332 advice responses. If the BASE I issuer chooses not to receive 0322
advices, V.I.P. generates 0120 advices for file updates.
• 0420—Reversal advices.
• 0800 and 0810—Advice recovery sign-on and sign-off network management messages.
The VisaNet Certification Management Service (VCMS) provides testing assistance for
BASE I Advice Retrieval Service participants. Clients can contact their Visa regional
representatives to make the arrangements.
Recovering Advices—Issuers can choose to recover advices throughout the day or only
during certain periods. Issuers can optionally set up some of their BINs for online advice
retrieval and set up other BINs for offline advice retrieval.
Issuers must sign off from Advice Recovery mode if they do not want to receive advices
at certain times. Issuers must sign on to Advice Recovery mode once they are ready to
receive advices. V.I.P. does not automatically sign an issuer on or off Advice Recovery
mode.
Increased Advice Message Traffic—Issuers must be able to handle the increased advice
throughput. Processor host constraints may limit the number of stations that issuers can
sign on to Advice Retrieval mode at one time.
Multiple Stations per PCR Method—Issuers can sign on to multiple stations per V.I.P.
connection identifier (known as a Processing Center Record [PCR]) to speed up advice
recovery. Each issuer, however, must analyze their VisaNet connection capacity for the
following factors before converting to the Multiple Stations per PCR option:
• Line speed
• Number of stations
• Host connectivity protocol
Participants can discuss potential implementation problems with their Visa representatives.
0120: STIP Action or Exception File Update Advice—This advice is a notice of a request
and its response data when BASE I STIP processes an address verification-only request on
behalf of a BASE I issuer.
V.I.P. generates Exception File update advices for updates made by the Auto-CDB Service,
the Merchant Fraud Performance Program, Vsafe, or Global Customer Assistance Services
(GCAS). BASE I issuers can receive these advices as 0120 or 0322 message types, or as
BASE II TC 48 advices.
0130: STIP Action or Exception File Update Advice Response—BASE I issuers that
choose to receive 0120 file update advices can optionally send 0130 file update advice
response messages.
0322: File Maintenance Advice—This advice indicates that V.I.P. updated the Cardholder
Database on the issuer's behalf. BASE I issuers can choose to receive either type of file
update advice, 0120 or 0322, but cannot choose to receive both. If a BASE I issuer chooses
to receive 0322 file update advices, it can optionally send 0332 advice response messages.
0420: Reversal Advice—This advice notifies the issuer when STIP processes an 0400
reversal and advice creation is appropriate under the rules of the Positive Cardholder
Authorization Service (PCAS). For information about this service, refer to the Positive
Cardholder Authorization Service (PCAS) chapter.
0430: Reversal Advice Response—Issuers can optionally send this response message to
acknowledge receipt of an 0420 reversal advice.
BASE I participants enrolled in PCAS have the option to specify which conditions trigger
STIP to generate an advice. For information, see the Positive Cardholder Authorization
Service (PCAS) chapter.
For information about the exception file, see the Cardholder Database Overview chapter.
The response code in the advice message is usually, but not always, the code V.I.P.
returns in the response message. For instance, if the Card Verification Value (CVV) or the
Integrated Chip Card CVV (iCVV) failed the verification process, the issuer can receive
error code 082 in the advice, depending on the issuer's option for receiving notice of CVV
or iCVV errors. The acquirer, however, receives an issuer-defined default response code
in Field 39—Response Code, unless V.I.P. detects a more serious error. See V.I.P. System
BASE I Processing Specifications and V.I.P. System BASE I Technical Specifications, Volume 1
and Volume 2, for more information.
Normal Mode—Issuers can receive and can send real-time messages but cannot receive
advices from V.I.P.
Advice Recovery Mode—V.I.P. sends advices to issuers (at the time V.I.P. stores them
in the BASE I advice file).
When an issuer station is in Advice Recovery mode, it receives advices in one of the
following ways:
• The issuer can receive advices automatically every two seconds without a required
response. (Usually, advices arrive in chronological order, but creation of advices at
a secondary VIC can affect the order.) Stations request the automatic method by
sending BASE I an 0800 message with code 078 in Field 70—Network Management
Information Code.
• Issuers can choose a more rapid advice retrieval process by prompting V.I.P. to send the
next advice. To initiate rapid advice retrieval, issuers must respond to each advice request
message with a corresponding advice response message (to send the next advice).
NOTE
If the advice response message is longer than two seconds, normal pacing of transmission resumes.
Issuers can send and receive real-time messages as well as receive stored advices. The
issuer sends a “sign on to recovery” 0800 request while it is still signed on for normal
message processing.
1. Signing Off from Normal (Request Processing) Mode—If the issuer chooses to operate
only in Advice Recovery mode, it must sign off from Normal (request processing) mode
by sending an 0800 message with code 072 in field 70. V.I.P. acknowledges the request
by sending an 0810 message with code 072 in field 70.
2. Signing On for Advice Recovery—To initiate advice retrieval, issuers submit an
0800 message with code 078 in field 70 to sign on to Advice Recovery mode.
V.I.P. acknowledges the request by sending an 0810 message with code 078 in field 70.
For more information about network messages, refer to V.I.P. System BASE I Technical
Specifications, Volume 1 and Volume 2, and to the pertinent V.I.P. System SMS technical
specifications manuals.
V.I.P. sends advices to the issuer's station at the rate of one advice every two seconds,
beginning with the highest priority advices on file. V.I.P. delivers BASE I advices in
the following priority sequence:
- Priority 1: 0120 STIP action or exception file update advices
- Priority 2: 0420 reversal advices
- Priority 3: 0620 administrative advices
NOTE
Advice recovery does not interrupt authorization traffic. The same issuer station can be signed on for
normal traffic and for advice recovery at the same time.
When V.I.P. performs advice recovery for issuers that participate in the Positive
Authorization Capacity Management (PACM) Service, the system pauses or stops
advice recovery when the issuer reaches its processing capacity. As soon as processing
returns to below capacity, the system resumes advice recovery. Refer to the Positive
Authorization Capacity Management (PACM) Service chapter for information about
this service.
3. Selecting More Rapid Advice Recovery (Optional)—Issuers can choose to speed up the
advice recovery process by responding to each advice or by using multiple stations for
signing on to Advice Recovery mode. To prompt for additional advices, issuers send a
corresponding advice response message after each advice request message.
When issuers use this option, V.I.P. immediately sends the next advice in the queue
rather than waiting two seconds before sending the next advice. V.I.P. sends the first
and subsequent advices, as prompted, all the way through the end of the file.
NOTE
For more information, see “Multiple Stations per PCR Option” in this chapter.
4. Signing off from Advice Recovery—To stop (and to sign off from) advice recovery while
using either the normal or rapid advice recovery method, issuers send an 0800 message
with code 079 in field 70. V.I.P. acknowledges the request by sending an 0810 message.
- To resume advice recovery processing at a later time, however, the issuer must
submit another “sign on to recovery” message.
Issuers can choose to remain in Advice Recovery mode after recovering all of their
advices from the BASE I advice file so that they can recover advices as V.I.P. creates
them.
5. Signing Back On to Normal (Request Processing) Mode—If the issuer is operating only
in Advice Recovery mode, it must sign on to Request Processing mode by sending an
0800 message with code 071 in field 70. V.I.P. acknowledges the request by sending
an 0810 message.
Figure 21-1 illustrates the BASE I Advice Retrieval Service process flow.
Issuer V.I.P.
For more rapid recovery, the (or) V.I.P. sends the issuer’s
issuer can optionally resond advices individually until all
to each advice. advices are sent.
If the issuer wants to have three stations actively processing advices, it must first send
three separate “sign on to recovery” messages. If the issuer chooses to retrieve its advices
more rapidly, it must respond to each advice that is received from each station.
NOTE
Visa does not require retesting for issuers that want to convert from the One Station per PCR retrieval method.
Issuers can select some of their BINs to retrieve advices online and can select other BINs
to retrieve advices through BASE II. However, issuers cannot set up the same BIN for both
the online and offline advice retrieval methods.
The BASE II System offers two TC 48 record formats for delivering BASE I advices:
Standard and Enriched. For information about both formats, refer to the BASE II Clearing
Interchange Formats manuals.
NOTE
The BASE II Advice Retrieval option delays receipt of advices until the next processing day.
Switchovers from a primary VIC to a back-up VIC can be planned (for instance, for a
network or systems test), or they can occur automatically when the primary VIC
experiences problems.
Whether planned or automatic, the switchover of VICs has impacts on advices stored in
the BASE I advice file, as explained in the next subsections.
During the switchover, V.I.P. stores advices in the advice file at the next available VIC.
Issuers that choose to recover advices during the switchover should be aware that some
advices may still be on file at the primary VIC. Issuers cannot recover these advices until
VisaNet switches them back to their primary VIC.
After the switchover, V.I.P. automatically delivers to the issuer any advices that the back-up
VIC created. After the switch back to the primary VIC, V.I.P. automatically delivers to the
issuer any remaining advices in the advice file at the primary VIC.
Issuer V.I.P.
If the code in Field 91—File Update Code is 1 or 2 in an 0300 request, VisaNet requires
that field 18 be present and must include the merchant category code.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22-3
22.1 In Brief
The SMS Advice Retrieval Service enables acquirers and issuers to retrieve (or to recover)
their stand-in processing (STIP) advice data from the SMS advice file.
The SMS Advice Retrieval Service is available to clients in all Visa regions.
BASE I
SMS The SMS Advice Retrieval Service is mandatory for Single Message System
(SMS) users.
SMS only
I
Participation in the SMS Advice Retrieval Service is mandatory for SMS issuers.
Issuer
Acquirer
decide when they want to retrieve advices so they can manage their advice volume
efficiently. The SMS advice file advice types include the following:
• STIP processing advices—Each VIC maintains an SMS advice file containing SMS STIP
authorization or reversal response records that include authorization or reversal request
information, the STIP responses, and the reasons why STIP processed the requests.
• Fraud reporting advices.
• BASE II deferred clearing advices—These advices originate from dual-message acquirers
that do not generate online clearing messages. Clients that participate in the Deferred
Clearing Advice File (DCAF) Service can receive original BASE II clearing transactions
in batch file format. For DCAF Service information, see the Deferred Clearing Advice
File (DCAF) Service.
• SMS reversal and exception item processing advices.
• SMS file maintenance advices.
• Funds transfer totals messages.
• BASE II deferred clearing advices.
NOTE
V.I.P. stores SMS advices online for 30 days. SMS issuers that want to retrieve their advices need to retrieve
them within this 30-day period.
Service participants may retrieve their advice data online through their VisaNet
connections using one of the following methods:
One Station per Processing Center Record (PCR) Method—For each V.I.P. connection
identifier (known as a PCR), a single station initiates a sign-on message to retrieve advices
from the advice queue, one at a time. The participant must respond to each advice
message before it can retrieve the next advice message.
Multiple Stations per PCR Method—Using a single PCR, a processor can sign on to
more than one station at a time to retrieve advices from the advice queue. This method
allows processors to retrieve their SMS advices much more quickly than they could from a
single station. Participants may continue advice retrieval from a single station through
their primary connection to VisaNet.
Service participants may retrieve deferred clearing advice data through V.I.P. on request.
22.4.1 Testing
SMS Advice Retrieval Service testing is mandatory for all service participants that choose
to retrieve advices online.
The process requires testing to ensure that the client can successfully send and receive
the following messages:
• 0120 and 0130—STIP advices.
• 0220 and 0230—STIP advices.
• 0322 and 0332—Exception file update advices for the following services:
- Automatic Cardholder Database Update (Auto-CDB) Service. See the Automatic
Cardholder Database Update (Auto-CDB) Service, for information about this service.
- Merchant Fraud Performance Program.
- Global Customer Assistance Services (GCAS). For information about GCAS, clients
can contact their Visa representatives.
• 0420 and 0430—Reversal advices.
• 0620 and 0630—Funds transfer advices.
• 0800 and 0810—Advice Recovery mode sign-on and sign-off network management
messages.
The VisaNet Certification Management Service (VCMS) provides testing assistance for SMS
Advice Retrieval Service participants. Clients can contact their Visa representatives to
make the arrangements.
NOTE
Visa does not require retesting for acquirers that want to convert from the One Station per PCR method
to the Multiple Stations per PCR retrieval method.
Same Station for Advice Retrieval and Response—VisaNet must receive the response
from the same station that originated the request. Processors must ensure that the station
that sends the original advice sends the advice response back to VisaNet.
Multiple Stations per PCR Option—Clients can sign on to multiple stations per V.I.P.
connection identifier (known as a Processing Center Record [PCR]) to speed up advice
recovery. Each client must analyze their VisaNet connection capacity for the following
factors before converting to the Multiple Stations per PCR option:
• Line speed
• Number of stations
• Host connectivity protocol
Increased Advice Message Traffic—Participants must be able to handle the increased
advice throughput. Processor host constraints may limit the number of stations that
participants can sign on to Advice Retrieval mode at one time.
Participants can discuss potential implementation problems with their Visa representatives.
0220: STIP Processing Advice—This advice notifies an issuer that STIP has acted
on its behalf: STIP processed an 0200 financial transaction (original or adjustment);
or it responded to an 0200 balance inquiry, account transfer, merchandise credit,
or downtime transaction. SMS STIP creates the advice for the issuer and stores it in the
advice file for the issuer to recover. The issuer must respond with an 0230 advice.
NOTE
V.I.P. stores SMS advices online for 30 days. SMS issuers that want to retrieve their advices need to retrieve
them within this 30-day period.
0322: File Maintenance Advice—This message notifies an issuer that V.I.P. updated
the Cardholder Database file on the issuer's behalf; the advice includes the updated
record content.
0332: File Maintenance Advice Response—SMS issuers must send this response
message to acknowledge the receipt of an 0322 file maintenance advice. (BASE I issuers
that choose to receive 0322 file maintenance advices may optionally acknowledge their
receipt with these response messages.)
0420: Reversal Advice—The issuer receives this advice when STIP processes an 0400
reversal on behalf of the issuer. The issuer must respond with an 0430 advice.
0422: Chargeback Advice—Clients use this message for chargeback reversals, issuer fee
collection or funds disbursement, advice of a BASE II transaction, chargeback validation,
and chargeback reversal validation. This advice requires an 0432 advice response.
0490: Issuer Status Advice Response—This message acknowledges the issuer's receipt
of an 0480 chargeback or chargeback reversal status advice. The response code must
be 00, indicating acceptance of the 0480 advice.
0520: Reconciliation Advice—This is an advice that conveys that the settlement day is
closed and no more transactions will be settled for that settlement date.
0220: Representment Advice Response Usage 2—This message is an advice from the
acquirer used to re-present a financial transaction that was charged back. The issuer must
respond with an 0230 advice response. The response code must be 00.
0220: Acquirer Fee Collection/Funds Disbursement Advice Usage 3—This advice gives
notice that an acquirer is collecting or remitting a miscellaneous fee from or to an issuer.
This advice requires an 0230 advice response.
STIP uses advices to notify issuers of authorization and financial transactions processed
under stand-in conditions. An advice contains the request and the STIP response.
It provides the information the issuer needs for account maintenance and for settlement
of financial transactions.
SMS uses advices when supplying clients with undeliverable approval responses,
settlement information, and status advices.
V.I.P. also uses advices for updating the SMS exception file. For information about the
exception file, see the Cardholder Database Overview chapter.
Deferred Clearing Advices—SMS issuers receive deferred clearing advices (0220s) when
they acquire a clearing transaction in dual-message mode. Acquirers may submit deferred
clearing advices several days after authorization.
For further information about DCAF, see the Deferred Clearing Advice File (DCAF) Service
chapter, the Deferred Clearing Advice File (DCAF) Service Technical Implementation Guide,
and the Deferred Clearing Advice File (DCAF) Service Technical Specifications manual.
Normal Mode—Clients can receive and can send real-time messages but cannot receive
advices from V.I.P.
Advice Recovery Mode—V.I.P. sends advices (as it stores them in the SMS advice file)
to clients.
Normal and Advice Recovery Mode—Clients can send and can receive real-time
messages as well as receive stored advices. The client “signs on to recovery” while it is still
signed on for normal message processing.
Signing Off From Request Processing—If the client chooses to operate only in
Advice Recovery mode, it must sign off from request processing mode by sending an
0800 message with code 002 in Field 70—Network Management Information Code.
V.I.P. acknowledges the request by sending an 0810 message with code 002 in field 70.
Signing On for Advice Recovery—V.I.P. delivers SMS advices in the following priority
sequence:
• Priority 2: 0220 financial advices
• Priority 3: 0420 reversal advices
• Priority 4: 0520 reconciliation advices
• Priority 5: 0620 administrative advices
• Priority 6: BASE II transaction advices
To initiate advice retrieval, clients submit an 0800 message with code 078 or 088 in
field 70 to sign on to Advice Recovery mode. V.I.P. acknowledges the request by sending
an 0810 message with code 078 or 088 in field 70. Common Member Interface (CMI)
stations can use code 078 in field 70 to request transmission of both BASE I and SMS
advices. For more information about network messages, see V.I.P. System BASE I Technical
Specifications, Volume 1 and Volume 2, and V.I.P. System SMS POS (Visa & Visa Electron)
Technical Specifications, Volume 1 and Volume 2.
NOTE
Advice recovery does not interrupt authorization traffic. The same client station may be signed on for normal
traffic and for advice recovery at the same time.
When V.I.P. performs advice recovery for clients that participate in the Positive
Authorization Capacity Management (PACM) Service, the system pauses or stops advice
recovery when the client reaches its processing capacity. As soon as processing returns to
below capacity, the system resumes advice recovery. For information about PACM, refer to
the Positive Authorization Capacity Management (PACM) Service chapter.
Selecting More Rapid Advice Recovery (Optional)—Clients can choose to speed up the
advice recovery process by having multiple stations “sign on to recovery.” See “Multiple
Stations per PCR Option” in this chapter for information.
Concluding Advice Recovery—To stop (and to sign off from) Advice Recovery mode,
the client can send an 0800 message with code 079 or 089 in field 70. V.I.P. acknowledges
the request by sending an 0810 message. To resume advice recovery processing at a later
time, the client must submit another “sign on to recovery” message.
Clients can choose to remain in Advice Recovery mode after recovering all of their advices
from the SMS advice file so that they can recover advices as V.I.P. creates them.
NOTE
The system does not perform automatic sign-off after the client recovers the last advice in the file. By default,
clients always remain signed on to Advice Recovery mode.
Figure 22-1 illustrates the SMS Advice Retrieval Service process flow.
V.I.P.
Acquirer Issuer
(or)
SMS
Advice
File
If the client wants to have three stations actively processing advices, it must first send
three separate “sign on to recovery” messages. The client still needs to respond to each
advice individually before retrieving the next advice from the advice queue.
Service participants can contact their Visa representatives to convert from the One Station
per PCR option to the Multiple Stations per PCR option.
NOTE
Visa does not require retesting for acquirers or for issuers that want to convert from the One Station per
PCR retrieval method.
Whether planned or automatic, the switchover of VICs has impacts on advices V.I.P. stores
in the SMS advice file, as the next subsections describe.
During the switchover, V.I.P. stores advices in the advice file at the secondary VIC. Clients
that choose to recover advices during the switchover should be aware that some advices
may still be on file at the primary VIC. Clients cannot recover these advices until VisaNet
switches them back to the primary VIC.
Figure 22-2 illustrates the message flow for SMS advice recovery.
NOTE
If possible, clients should remain in Sign-On mode while retrieving advices.
(or)
SMS
Advice
File
Advice-Created-by Flag:
1 = STIP-generated advice
Advices-Pending Flag:
0 = no advices pending
Advice-Transaction Flag:
1 = recovered advice
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23-3
23.1 In Brief
Acquirers can choose to send ATM transactions either as single messages or as dual
messages. The ATM Format Conversion Service allows Single Message System (SMS)
issuers to receive all ATM transactions as single-message transactions.
The ATM Format Conversion Service offers SMS issuers the option of receiving all ATM
transactions as full financials, regardless of whether the acquirer uses dual-message
processing. For ATM Format Conversion Service participants, V.I.P. converts ATM
authorization requests from dual-message acquirers to full financials before it forwards
the requests to the SMS issuers.
The ATM Format Conversion Service is available to clients in all Visa regions.
BASE I
SMS The ATM Format Conversion Service is available to SMS users.
SMS only
I Participation in the ATM Format Conversion Service is optional for SMS issuers
in the Visa U.S.A. (U.S.) region. Participation in the service is required for
SMS issuers in all other Visa regions.
Issuer
VisaNet authorizes, clears, and settles approved transactions with issuers on the same
settlement day it processes the authorization requests. This service description does not
include the processing for format conversion that V.I.P. performs for clearing transactions.
Clients can contact their Visa representatives about processing ATM format-converted
reversals and exception item transactions.
Additionally, a client that issues cards that can access credit and deposit accounts may
choose to process credit cash advances as dual-message transactions, but can have
withdrawals from deposit accounts converted to full-financial transactions.
23.4.1 Testing
Testing for this service is required for issuers before they can send and receive SMS Visa
ATM transactions. It is required for Plus issuers.
The VisaNet Certification Management Service (VCMS) provides testing assistance for ATM
Format Conversion Service participants. Clients can contact their Visa representatives to
make the arrangements.
Clients should consider the following key points in planning their implementation of the
ATM Format Conversion Service.
• Cross-Systems Reconciliation staff must review their changes and entries to the V.I.P.
system tables before service activation.
Clients can contact their Visa representatives to make all service activation arrangements
and changes to their existing service specifications.
0110: Response—V.I.P. converts the 0210 response from the issuer to an 0110 response
before it forwards the response to the acquirer.
0100: Balance Inquiry—V.I.P. converts this message to an 0200 balance inquiry request
before it forwards the message to the issuer. The issuer must respond with an 0210
response.
0110: Response—V.I.P. converts the 0210 response from the issuer to an 0110 response
before it forwards the response to the acquirer.
0100: Balance Inquiry—V.I.P. converts a BASE I 0100 balance inquiry request to an SMS
0200 balance inquiry request before it forwards the message to the issuer. The issuer
must respond with an 0210 response.
0210: Response—V.I.P. converts this response to an 0110 response before it forwards the
message to the acquirer.
BASE I 0400: Reversal—V.I.P. converts this message to an SMS 0420 reversal before it
forwards the message to the issuer. The issuer must respond with an SMS 0410 reversal
response.
BASE I 0410: Response—V.I.P. converts the SMS 0410 response to a BASE I 0410
response before it forwards the response to the acquirer.
VisaNet settles funds with the issuer before it receives a clearing transaction from the
acquirer. VisaNet holds the funds and the identifying transaction in suspense in a file
pending the clearing submission from the acquirer.
When VisaNet receives the BASE II clearing message (clearing record TC 07), it reconciles
the suspense file by matching the record with the information in the identifying
transaction held in suspense.
If VisaNet does not find an identifying transaction that matches the clearing message,
VisaNet returns the clearing message to the BASE II acquirer. If the acquirer does not
submit a clearing message that matches the identifying transaction held in suspense
within the number of days specified by the region, VisaNet generates a credit adjustment
to the SMS issuer to offset the previously settled cash withdrawal.
NOTE
VisaNet issues a credit adjustment to the issuer if a suspended cash withdrawal authorization remains
unmatched in the suspense file for more than the minimum number of days specified by the region and for
less than the maximum number of days specified by the region (for instance, more than 29 days and less
than 31 days).
subfield 43.1 [merchant name] or subfield 43.2 [merchant location] are blanks or zeros, or
if subfield 43.3 [country code] is missing, is filled with blanks or zeros, or is invalid.)
When the 0400 reversal is sent to SMS with only the subfield 43.3 country code, SMS
uses Field 19—Acquiring Institution Country Code to populate subfields 43.1 and 43.2
in the converted 0420 request. For instance, if field 19 indicates Australia, SMS sets
subfields 43.1, 43.2, and 43.3 as follows:
Figure 23-1 illustrates the basic ATM request transaction process flow.
The acquirer submits the V.I.P. converts the request The issuer performs
0100 ATM request to V.I.P. to an 0200 financial standard processing and
request and forwards the returns the response to
request to the issuer. the acquirer.
VisaNet holds the original
message in suspense.
Figure 23-2 ATM Format Conversion Service Authorization Request Message Flow
Figure 23-3 illustrates the message flow when the acquirer submits a BASE I 0400 reversal
request for a misdispense. After converting the request to an SMS 0420 request, V.I.P.
forwards the request to the issuer. The issuer sends the SMS 0430 response. After
converting the response to an BASE I 0410 reversal response, V.I.P. forwards the response
to the acquirer.
Figure 23-3 ATM Format Conversion Service Reversal (Misdispense) Request Message Flow
Figure 23-4 illustrates the message flow when the acquirer submits a BASE I 0400 reversal
request. After converting the request to an SMS 0420 request, V.I.P. forwards the request
to the issuer. The issuer sends the SMS 0430 reversal response. After converting the
response to a BASE I 0410 reversal response, V.I.P. forwards the response to the acquirer.
Figure 23-4 ATM Format Conversion Service Reversal Request Message Flow
The following codes are used only by issuers that participate in the ATM Format
Conversion Service:
Foreword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-3
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-4
CVV Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-4
dCVV Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24-5
24.1 Foreword
Visa offers two types of contactless cards:
• A magnetic stripe Visa card with an embedded contactless chip.
• A Visa Smart Debit/Smart Credit (VSDC) chip card that has a magnetic stripe and
supports a contactless chip.
NOTE
A contactless transaction is a transaction conducted using a contactless card over a wireless interface such as
radio frequency (RF) or infrared, at the point of service (POS).
CVV
A card verification value (CVV) is a unique value calculated from data encoded in the
magnetic stripe using the Data Encryption Standard (DES) algorithm. A CVV is a 3-digit
number that is stored in the following ways:
• It is encoded on the magnetic stripe located on the back of a credit or debit card.
• It is stored as an image in the “chip” of a Visa Smart Debit/Smart Credit (VSDC) card.
In VSDC chip cards, the magnetic stripe image (MSI) is stored in the contactless chip.
dCVV
A CVV can also be stored in a contactless chip card for contactless applications and is
referred to as a Dynamic Card Verification Value (dCVV). The dCVV is different from the
CVV. It is a unique 3-digit value calculated each time a contactless transaction is initiated
by Visa magnetic stripe data (MSD) contactless chip cards. A contactless transaction is a
transaction conducted over a wireless interface such as radio frequency (RF) or infrared,
at the point of service (POS).
Both the magnetic stripe and the magnetic stripe image (MSI) in the chip can contain
the same CVV. Therefore, VSDC issuers can choose to have CVV verification performed
using either of the following components:
• The magnetic stripe.
• The MSI in the chip.
iCVV
VSDC issuers also have the option of choosing a 3-digit number that is different from the
CVV in the MSI. This alternate number is called an Integrated Chip Card card verification
value (iCVV); it is also referred to as an alternate CVV. The iCVV is a unique value calculated
from data encoded on the chip image using the DES algorithm. Therefore, the CVVs in the
magnetic stripe and in the MSI are identical, unless the MSI, in the chip contains an iCVV.
NOTE
Clients that want to accept and process VSDC chip cards for contactless transactions must participate in
the VSDC Service.
Issuers can include the contactless chip in VSDC chip cards or in non-VSDC magnetic
stripe Visa contactless cards. In a VSDC chip card, the contactless chip will contain
the dCVV algorithm as well as a CVV or an iCVV. In a non-VSDC magnetic stripe Visa
contactless card, the contactless chip will contain the dCVV algorithm and the CVV will
reside in the Track 1 or Track 2 magnetic stripe.
24.2 In Brief
The Card Verification Value (CVV) Service and the Dynamic Card Verification Value (dCVV)
Service are point-of-sale or point-of-service (POS) and ATM risk control services that
protect issuers and acquirers from fraud losses associated with counterfeit Visa cards.
The Card Verification Value (CVV) Service verifies magnetic stripe-based CVVs and
chip-based CVVs and iCVVs. The Dynamic Card Verification Value (dCVV) Service verifies
dCVVs on contactless chip-based cards. V.I.P. processes dCVV-based transactions similar
to the way that it processes CVV and iCVV transactions. The differences between the
ways V.I.P. processes the three CVVs are minor. This service description explains how
CVVs, iCVVs, and dCVVs are processed, and where necessary, describes their processing
differences. It also explains how contactless chip cards work.
• The CVV is placed correctly on Track 2 of the magnetic stripe. The presence of padding
zeros does not matter.
• The content in the magnetic stripe and in the MSI in the chip are identical, unless the
MSI contains an iCVV.
IMPORTANT
In the event that information in the MSI has been used to create a fraudulent magnetic stripe, CVV verification
will fail if the magnetic stripe and MSI have different values, such as the CVV and the iCVV, respectively.
Contactless chips and the terminals that accommodate the contactless cards
communicate using wireless technology such as radio frequency (RF) or infrared.
BASE I
SMS The CVV Service is available to BASE I System users and to Single Message
System (SMS) users.
I Participation in the CVV Service is mandatory for issuers of all Visa card
products.
A Acquirers of all Visa card products must provide complete, unaltered magnetic
stripe data (either from the magnetic stripe or from the chip) in 0100
authorization messages and in 0200 financial messages.
Acquirer
For VSDC cards, issuers encode the CVV or the iCVV in the MSI, in the chip using the
same DES key. The CVV and the iCVV values are calculated using the same formula,
with two exceptions:
• The CVV is calculated using a service code.
• The iCVV is calculated using a value of 999 instead of the service code.
For all practical purposes, verifying the CVV from the magnetic stripe or from the MSI
in the chip and verifying the iCVV from the MSI, as well as client CVV Service options,
are the same. All options, parameters, and keys specified for CVV processing are used to
process iCVVs.
Issuers can choose to perform their own CVV or iCVV verification or to have V.I.P. perform
verification on their behalf. Also, issuers can choose to have V.I.P. verify the CVVs or the
iCVVs in all authorization requests or only in those processed by V.I.P. stand-in processing
(STIP).
If V.I.P. performs the verification, it verifies the CVV or the iCVV before it forwards the
authorization request to the issuer.
The issuer or V.I.P. verifies the CVV or the iCVV in the following manner:
• Uses the DES key, Primary Account Number (PAN), Card expiration date, and other
information from the track to calculate a CVV or an iCVV value. The algorithm for CVV
uses a service code, while the algorithm for iCVV uses the value 999.
• Compares the generated value to the encoded CVV value on the stripe or to the
encoded iCVV value in the MSI, in the chip.
The CVV is valid, if the generated CVV value exactly matches the encoded CVV value,
or the generated iCVV value exactly matches the encoded iCVV value. Otherwise, the
verification fails.
The CVV verification process fails, if any of the following conditions occur:
• MSD has been altered on the card.
• The iCVV value is received on a magnetic stripe-initiated transaction.
Issuers or V.I.P. can approve, refer, or decline transactions that fail CVV or iCVV verification,
depending on issuer-specified parameters.
The new iCVV calculation process poses minimal impact on existing systems that support
the generation and verification of CVVs.
For issuers that implement iCVV verification in addition to CVV verification, V.I.P. checks the
code in Field 22—Point-of-Service Entry Mode Code to determine which value to calculate.
• If the POS entry mode code is 90, which represents a magnetic stripe-initiated
transaction, V.I.P. or the issuer performs CVV verification.
• If the POS entry mode code is 05, which represents a chip-initiated transaction with
an iCVV, V.I.P. or the issuer substitutes the service code with 999 and performs iCVV
verification.
NOTE
The presence of code 90 in field 22 does not guarantee CVV processing. If a non-participating acquirer
submits code 90 in field 22, V.I.P. rejects the message.
NOTE
The service code on the MSI matches the service code on the physical magnetic stripe.
If iCVV value is received on a magnetic stripe-initiated transaction, and if the issuer uses
V.I.P. to verify the iCVV, V.I.P. declines these transactions. Issuers can, at their discretion,
implement risk-management software to identify magnetic stripe-initiated transactions
with failed CVVs that pass the iCVV verification process. This type of checking can help
reveal problems with fraudulent cards, suspicious merchants, or a merchant’s error in
setting the POS entry mode code, for instance, using code 90 instead of code 05 for
chip-initiated transactions with iCVVs.
Table 24-1 lists the activities that issuers must perform to participate in the CVV Service.
Participation
Requirement Issuer Action
Card Encoding Issuers must:
• Add the CVV to all cards, and the iCVV if participating.
NOTE:
Encoding the CVV is allowed but is not required on proprietary Plus ATM
cards.
ALL—V.I.P. verifies the CVV or the iCVV on all eligible transactions and
forwards the results to the issuer in the request messages.
STIP ONLY—V.I.P. verifies the CVV or the iCVV when the transaction
is processed by STIP. If verification fails, and if no other, more severe
response code is assigned to the transaction, STIP responds to the
acquirer with the issuer-provided CVV invalid response code and
indicates that the CVV or the iCVV verification failed in the advice to
the issuer.
NOTE:
The STIP ONLY and NONE options are not available in the Asia-Pacific region.
Clients can contact their Visa representatives for more information.
Cards must be labeled “Valid” or “Invalid” as appropriate and must be received by Visa
five days before the test date. Visa may request additional cards if necessary.
BASE I Issuers—Issuers must generally provide three test cards, depending on regional
preferences. Two cards must have valid CVVs, and the third must have an incorrectly
calculated or improperly located CVV.
All test cards must have the same expiration date, equal to or later than the date
established on the Member Information Questionnaire (MIQ). The expiration dates must
be at least a few months in the future of any existing card issued to cardholders.
Visa does not return test cards. Clients can contact their Visa representatives to get
a copy of the MIQ and testing specifics.
SMS Issuers—Issuers must generally provide four test cards, depending on regional
preferences. Three cards must have valid CVVs, and the fourth must have an incorrectly
calculated or improperly located CVV.
All four cards must have the same expiration date, equal to or later than the date
established on the MIQ.
Phase I Testing
Phase I is optional, depending on regional requirements. Visa recommends, however,
that issuers complete Phase I and Phase II at the same time to prevent issuing cards
with invalid keys.
Phase I testing confirms that the issuer is correctly calculating the CVVs and is correctly
locating the values on the test cards. Each issuer must pass Phase I for each unique set
of encryption keys and displacements to be used. If the issuer uses the same keys and
displacements across several BINs, a single phase testing is acceptable.
IMPORTANT
Phase I testing only verifies that the CVV is correctly encoded in the proper track location. Phase I does
not constitute a complete CVV testing.
Phase II Testing
Phase II is the online testing phase, confirming that the issuer's systems can meet the
processing requirements for the issuer's chosen options.
Phase IIA, Key and Advice Testing—The CVV is properly encoded using the keys loaded
into VisaNet. The issuer can receive advices containing CVV information.
Phase IIB, Stripe and Response Testing—Transactions are generated to verify that the
issuer can accept code 90 in Field 22—Point-of-Service Entry Mode Code, and can
generate the appropriate values in response messages.
NOTE
Testing specifics vary by region.
Adding a New BIN—Visa strongly recommends testing for issuers adding a new BIN
using new keys or displacements, or adding additional keys or displacements to an
existing BIN. The testing involves new test plastics and certification testing.
In both cases, once the separate Phase IIB testing is successfully completed, Visa does
not require additional Phase IIB testing when issuers add new BINs or keys. Table 24-2
lists testing requirements.
Testing requirements for CVV and for iCVV vary by region. Generally, to test, acquirers
must execute Visa-supplied scripts using Visa-supplied test cards on the acquirer's
production system. One of the Visa-supplied test cards contains an invalid CVV; the
others contain valid ones. All cards have the same expiration date. Acquirers completing
partial testing as part of their initial service rollout are required only to complete the
relevant steps.
IMPORTANT
Acquirers must use a physical device to perform testing. Visa cannot accept simulations or manual creation
of data.
Although each region determines its own testing requirements, acquirers must usually
include testing with a manually keyed transaction. Although the CVV Service does not
apply to key-entered transactions, testing ensures that manually keyed transactions
contain required data indicating that the full magnetic stripe was not read.
For further VSDC testing, monitoring, and participation information, see the Visa
Smart Debit/Smart Credit Service chapter in Volume 1. Refer to the VSDC Member
Implementation Guide for Acquirers, to the VSDC Member Implementation Guide for Issuers,
and to the VisaNet Certification Management Service Testing Guide, V.I.P. System, Client
Version for complete details. Also see the statement in “CVV Emergency Replacement”
in this chapter.
Issuers already participating in the CVV Service that want to add BINs may optionally
undergo minimal monitoring of the new BINs to ensure magnetic stripe data integrity.
Visa representatives keep issuers informed of their status during the monitoring phase.
Issuers must encode the CVV according to the established Visa standard for CVV
calculation and CVV placement on the magnetic stripe or in the MSI.
NOTE
CVV processing is performed only if the CVV is positioned correctly on the track.
By using a second, later expiration date, issuers can encode cards with a CVV or an iCVV
that relates to a second set of encryption keys and is tied to a second start date.
Issuers have the option of specifying two date ranges to be used for CVV Service checking.
Issuers relate each date range to a CVV start date and to a set of processing parameters,
including CVV keys and CVV displacement specifics on Track 2 of the magnetic stripe. By
having two sets of parameters, issuers have the ability to vary encryption keys and the
placement of the CVV when they issue new cards.
These two sets of parameters are referred to as Set A and Set B. Table 24-5 indicates
V.I.P. processing for the two sets of cards.
If... Then...
The expiration dates are later than the CVV V.I.P. processes the CVV or the iCVV according
start date for Set A but are earlier than the start to Set A parameters.
date for Set B...
The expiration dates are later than the CVV V.I.P. processes the CVV or the iCVV according
start date for Set B... to Set B parameters.
For fraud prevention, Visa recommends that issuers issuing cards on a new BIN (never
before used to issue cards) indicate the expiration month as the current month rather
than as the earliest expiration date of the cards issued.
However, Visa does recommend that issuers use the same verification keys for CVVs as
they do for Card Verification Value 2s (CVV2s). Refer to Chapter 25, Card Verification
Value 2 (CVV2) Service, in this manual for information about CVV2s.
Table 24-6 summarizes the implementation activities that issuers may be required to
complete to use the CVV Service to process Visa POS, Interlink, and ATM (both Visa
and Plus) transactions. Required activities vary by region. Issuers can contact their Visa
representatives for region-specific requirements.
Type of Issuer
Implementation
Activity Visa POS Interlink Visa ATM and Plus
Encode the CVV on Both Track 1 and Track 2 Both Track 1 and
the magnetic stripe, Track 2 Track 2
and on the chip if
participating.
Supply Visa with Yes Yes Yes
DES keys for STIP
processing.
Type of Issuer
Implementation
Activity Visa POS Interlink Visa ATM and Plus
Receive the specified Response code 82 Response code N6 Response code 82
negative CVV (BASE I and SMS (SMS issuers only) (SMS issuers only)
verification result issuers)
in field 39, if the issuer
chooses not to receive
the result in field 44.5.
NOTE:
Visa highly
recommends that
issuers successfully
complete testing to
receive CVV results in
field 44.5, rather than
in field 39.
(Optional) Receive Select option. Valid Select option. Valid Select option. Valid
positive or negative codes are: codes are: codes are:
CVV verification results
in field 44.5. 1 = The transaction 1 = The transaction 1 = The transaction
failed CVV verification. failed CVV verification. failed CVV verification.
NOTE:
Testing is required for 2 = The transaction 2 = The transaction 2 = The transaction
this option. passed CVV passed CVV passed CVV
verification. verification. verification.
3 = The transaction Space = The CVV was Space = The CVV was
passed CVV not tested. not tested.
verification. (This
value is used only
for emergency
replacement cards
issued by Global
Customer Assistance
Services [GCAS]).
New terminal software or download loads may be required to support the capture and the
transmittal of the complete, unaltered magnetic stripe content and its associated indicator.
Table 24-7 summarizes the implementation activities that acquirers must complete to use
the CVV Service to process Visa POS, Interlink, and ATM (both Visa and Plus) transactions.
Type of Acquirer
Implementation Activity Visa POS Interlink Visa ATM and Plus
Test that systems can transmit Yes No, because: No, because:
complete, unaltered Track 1 • Track 1—not • Track 1—not
and Track 2 magnetic stripe applicable applicable
content. • Track 2—Interlink • Track 2—Visa ATM
acquirers have and Plus acquirers
successfully have successfully
completed testing completd testing
that complete that complete
Track 2 data can Track 2 data can
be sent. be sent.
Send the specified value 90 or 05 if 90 90, 02, or 05, 95
in field 22 to indicate that chip-initiated
complete, unaltered magnetic NOTE: Visa recommends
V.I.P. converts using a value of 90
stripe data is included in the
code 02 to 90. or 05 to ensure
message.
consistency across
A value of 90 is multiple acceptance
required in the environments.1
Asia-Pacific (AP)
A value of 90 is
region.
required in the AP
region.
Send full Track 2 Yes Yes Yes
data; otherwise, no
counterfeit-stripe
chargebacks are allowed.
Must be monitored before Varies by region Varies by region Varies by region
full participation.
Type of Acquirer
Implementation Activity Visa POS Interlink Visa ATM and Plus
Accept reject header Yes Yes Yes
code 0142 (field 22 =
90 or 91 but no track data is
present).
1. Unless code 90 or 05 is present in ATM transactions originating from a BASE I acquirer, the Plus CVV Service is not able
to verify the CVV or the iCVV on behalf of the issuer.
Acquirers must ensure that their merchants comply with the CVV Service requirements.
For further CVV Service testing, monitoring, and participation information, refer to the
Card Verification Value (CVV) Member Implementation Guide.
Issuers use a contactless indicator sent from the contactless card in the authorization
message to identify contactless transactions. Issuers set the value for the contactless
indicator in the last nibble of the IDD field in Track 2 in the chip card. This value must not
equal 0 (zero) or space. A value other than 0 or space indicates that the POS payment is a
contactless transaction.
Issuers may continue to use the IDD field in Track 2 data in the physical magnetic stripe.
However, issuers must not use the last nibble of the IDD field in the physical magnetic
stripe as it reserved for contactless cards.
Acquirers and issuers that want to participate in the Contactless Payment Program must
modify their systems to:
• Participate in the CVV Service.
• Support the new POS entry mode code values.
• Provide the capability to process the unique value of the IDD that was provided
by the contactless chip card in the authorization in Field 35—Track 2 Data or in
Field 45—Track 1 Data.
• Process dCVVs for Track 1 or Track 2 data in contactless transactions.
• Support the ATC in field 35 or field 45 for online transactions.
• Support POS entry mode value 91 (contactless chip transaction using magnetic stripe
rules).
• Support Field 60.2—Terminal Entry Capability value 8 for contactless transactions.
• Support processing capabilities for BASE I or SMS message types. Interlink messages
also require support.
• Issue new card program for contactless transactions with chip data provided by the
chip card.
24.5.6.1 Acquirers
Participating acquirers must support the full set of transactions initiated for the contactless
program and responses from participating issuers and from VisaNet.
Acquirers that want to use the service must comply with Visa participation requirements
for BASE I and SMS transactions.
• Support the new POS entry mode code value 91 in field 22.
• Provide the ability to pass the unique value of Visa-defined Issuer Discretionary Data
(IDD) that is provided by the contactless chip card in the authorization in field 35 or in
field 45.
• Send the ATC in field 35 or in field 45.
• For SMS processing, send all the data necessary to authorize, clear, and settle
transactions with a single online message.
• For BASE I processing, send all the data necessary to authorize transactions. Clearing
and settlement is completed during BASE II processing.
Visa contactless cards can be used either for contactless transactions (at this time,
POS transactions) or magnetic stripe transactions.
Refer to the Visa U.S.A. Contactless Payment Program Technical Implementation Guide
for further information.
24.5.6.2 Issuers
Issuers participating in the service must support the full set of transactions. Issuers must
continue to support existing online fields and processing requirements including unique
values that are used to identify contactless transactions.
Participating issuers must comply with the following general Visa participation
requirements for contactless chip cards. The contactless chip cards must have the
capability to support both contactless payment processing and the normal point-of-sale
processing of magnetic stripe transactions.
• Support the new POS entry mode code value 91 in field 22.
• Establish the capability to support dCVV data including the unique value of the IDD that
is provided by the contactless chip card in the authorization in field 35 or in field 45.
• Establish a contactless processing BIN to support the new card program for contactless
payment.
• Support changes for contactless payment processing in BASE I, SMS, and Interlink
transactions.
• Provide Visa with a STIP default response code; 00 (approval) is not allowed.
Issuers participating in the contactless program must establish a BIN that supports both
contactless payment and magnetic stripe transactions.
Issuers participating in the service must reissue new contactless cards that support both
magnetic stripe and contactless transactions for acceptance at the point of sale.
Any Visa credit or debit card may be issued with a contactless chip in accordance with the
standards published by Visa. The Visa contactless chip cards must contain:
• A magnetic stripe with an embedded contactless chip.
• A dCVV embedded in the magnetic stripe data in the last 4 bytes of the IDD.
Refer to the Visa U.S.A. Contactless Payment Program Technical Implementation Guide
for further information.
The value that the acquirer places in Field 22—Point-of-Service Entry Mode Code
determines if the track data is from the magnetic stripe or from the VSDC chip card.
• Code 90 or 05 in positions 1 and 2 indicates that the acquirer included the track data
from the chip or the magnetic stripe and that CVV or iCVV checking is possible.
• Code 02 or 95 in positions 1 and 2 indicates that the magnetic stripe data may be
unreliable and accurate CVV processing may not be possible.
• For Plus ATM transactions only, code 02 in positions 1 and 2 indicates that the exact
contents of track 2 were read and that CVV checking is possible.
• For Visa ATM or Interlink transactions, code 90 or 02 can be used to indicate that the
complete, unaltered magnetic stripe content has been read, and that CVV or iCVV
checking may not be possible. Interlink transactions require code 90; if acquirers submit
code 02 in Interlink requests, V.I.P. changes it to code 90.
• For Visa ATM or Interlink transactions, code 05 can be used to indicate that the
complete, unaltered integrated circuit card content has been read, and that CVV or
iCVV checking is possible.
• For Visa ATM or Interlink transactions, code 95 can be used to indicate that the
complete, unaltered integrated circuit card content has been read, and that CVV or iCVV
checking may not be possible.
Visa recommends code 90 or 05 in field 22 to ensure consistency for acquirers across
multiple products to indicate that the entire, unaltered contents of the integrated circuit
card are included in the message. The presence of code 90 in field 22 does not guarantee
CVV processing. If a non-participating acquirer submits code 90 in field 22, V.I.P. rejects
the message. Code 90 must be used for transactions in the Asia-Pacific (AP) region.
If the issuer has not successfully completed testing for CVV processing, V.I.P. replaces
code 90 in field 22 with code 02 before forwarding the request message to the issuer. For
chip transactions, V.I.P. replaces code 05 with code 95 before forwarding the message.
When V.I.P. receives the request message with code 90 or 05 (or code 02 for Plus
transactions) in field 22, it:
1. Calculates the CVV or the iCVV.
2. Verifies the CVV or the iCVV on the card by comparing it to the calculated value.
3. Sends the result to the issuer or processes the transaction in STIP depending on the
CVV or iCVV result and on issuer-specified options.
NOTE
For CVV verification requests forwarded by BASE I acquirers to SMS issuers, the acquirer BIN (as indicated
in Field 32—Acquiring Institution Identification Code of the request) must have its CVV participation
flag on. Otherwise, V.I.P. downgrades the transaction from code 90 to 02 in field 22 for magnetic stripe
transactions, and from 05 to 95 for chip transactions.
For a detailed description of the DES algorithm and of the CVV or iCVV verification
process, refer to the Card Verification Value (CVV) chapter of the Payment Technology
Standards Manual.
• The full, unaltered magnetic stripe data is included in the appropriate field: field 35 for
Track 2 data, and field 45 for Track 1 data.
• The expiration dates on cards are within the designated ranges for CVV checking.
Issuers inform Visa of the earliest expiration dates for cards affected by an individual
encryption key set.
CVV or iCVV verification can fail for any one of the following reasons:
• Fraudulent card
• Inaccurate reading or transmission of Track 1 or of Track 2
• Incorrect encoding of the CVV or the iCVV, such as incorrect position or wrong key
Issuers performing their own CVV and iCVV verification must follow these important
procedures:
• For non-chip CVV Visa and Plus ATM transactions, issuers must be able to receive
codes 90 or 02 in Field 22—Point-of-Service Entry Mode Code. For VSDC iCVV Visa
transactions, issuers must be able to receive codes 05 or 95 in field 22.
• For non-chip CVV Visa POS and Interlink transactions, issuers must be able to process
all defined values for field 22.
• Depending on the issuer's parameters, issuers must perform CVV or iCVV verification if:
- The CVV or the iCVV is present, and the code in field 22 is 90 or is 05.
- The CVV is present, and the value in field 22 is 02 or is 95 in Plus ATM transactions.
These codes indicate that the magnetic stripe or the magnetic stripe image in the chip
was read and that the entire contents were transmitted.
Optionally, issuers can send CVV or iCVV results generated either by V.I.P. or by the issuer
in field 44.5 of the response message. If the issuer returns field 44.5 in the response,
V.I.P. forwards the CVV or iCVV results to acquirers that have chosen to receive them.
IMPORTANT
If STIP provides a higher severity response than an invalid CVV or iCVV response, the code in field 39 in an
advice message may not be the same code as the one that was sent to the acquirer. To preserve the response
code in field 39 for the issuer, Visa recommends that issuers receive CVV or iCVV results in field 44.5.
NOTE
If the transaction response is a denial (field 39 contains a non-zero value), V.I.P. removes the CVV/iCVV results
from the response message unless the acquirer BIN is a VISC or V-SAFE BIN.
Table 24-8 lists the CVV or iCVV response codes from which issuers can choose.
Valid for
Response Codes Visa Interlink Plus
00 = Approve
Refer to V.I.P. System BASE I Technical Specifications, Volume 1 and Volume 2, and to
V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications, Volume 1 and
Volume 2, for VSDC-specific response codes.
The VISC also performs optional magnetic stripe encoding at an issuer's request. Refer to
the Payment Technology Standards Manual for more information about optional encoding.
CVV emergency replacement for Visa Electron cards are allowed for the following regions:
• Visa Europe (VE, Region 3)
• Asia Pacific (AP, Region 4)
• Latin American and Caribbean (LAC, Region 5)
• Central Europe, Middle East, and Africa (CEMEA, Region 6)
VisaNet cannot process CVV emergency replacement cards for Visa Electron card issuers
from the U.S. region (region 1) or from the Visa Canada region (region 2).
IMPORTANT
Emergency replacement cards with iCVVs are currently unavailable.
Error
Code System Description Length
1000 BASE I ERC participation flag not on for source station. 02
1002 BASE I and SMS Invalid Card Product. 02
1004 BASE I, SMS Required CVV/CVV2 data is not present in system 02
tables (start dates, keys, and so forth).
1005 BASE I, SMS Error returned from security module. 02
1006 BASE I, SMS Security module could not be accessed. 02
1008 BASE I, SMS Expiration date before CVV start date. 02
1009 BASE I, SMS Invalid account number (not in valid range). 02
V.I.P. sends all data elements to the issuer so the issuer can generate the correct dCVV.
The issuer's host security module (HSM) needs the primary account number (PAN) and the
PAN sequence number to generate the Unique Derivation Key (UDK). The PAN sequence
number is assumed to be zero for the calculation of the UDK used for dCVVs.
V.I.P. applies the same methodology for verifying dCVVs as for verifying CVVs; the only
difference is the usage of the IDD in verifying the dCVV. In addition, the dCVV
methodology leverages current systems and processes. dCVV methodology uses a
cryptographic algorithm similar to the one for CVV verification.
However, dCVV methodology uses a UDK, a cryptographic key unique to each card
and stored in the chip on the contactless card. The contactless card uses the UDK to
calculate a unique dCVV value that changes with each transaction, providing the issuer
with enhanced security.
The UDK in the card, along with a count of transactions (the ATC), is used with the
standard CVV algorithm to generate a dCVV value for every transaction.
3. V.I.P. edits the message and ensures that the issuer is a dCVV Service participant.
V.I.P. forwards requests to available issuers that have elected to perform their own
dCVV verification.
4. The Issuer verifies the dCVV and puts the result code in Field 44.5—CVV Results Code
in the response. The response does not include the POS entry mode value and full
Track 2 data.
5. V.I.P. forwards the response from the issuer to the acquirer. The transaction is
considered complete when the merchant receives the response from the acquirer. The
merchant must provide a transaction receipt to the cardholder upon request.
NOTE
Interlink transactions require code 90. If acquirers submit code 02 in Interlink requests, V.I.P. changes it
to code 90.
For VSDC transactions, code 05 or 95 in positions 1 and 2 indicates that the acquirer
has included the track data and the iCVV from the magnetic stripe image residing
on the VSDC card.
V.I.P. rejects authorization and financial requests with code 0142 if the code in field 22
is 90, 02, or 91, but there is no magnetic stripe data in field 35 or in field 45.
V.I.P. also rejects authorization requests with code 0019 if the code in field 22 is 90,
but the acquirer has not successfully completed testing to transmit code 90.
For non-chip transactions, if issuers have not successfully completed testing, V.I.P.
replaces code 90 submitted by a participating acquirer with code 02 before it forwards
the request to available issuers. For chip transactions, V.I.P. replaces code 05 with
code 95 before forwarding the request.
The valid code for contactless transactions is 91 (contactless chip transaction originated
using magnetic stripe data rules).
Refer to the Payment Technology Standards Manual for complete format specifications
for Track 2.
CVV-participating issuers can choose to receive CVV or iCVV results in field 44.5
instead of in field 39.
3 = The transaction passed CVV verification. (This value is used only for emergency
replacement cards issued by Global Customer Care Services (GCCS).
Space (or not present) = The CVV or the iCVV was not tested. Either the issuer did not
encode the card, or a system error prevented CVV or iCVV verification.
The use of field 44.5 is optional both for issuers and for acquirers. Issuers forward
CVV results generated either by V.I.P. or by the issuer in field 44.5 of the response
message. Then, V.I.P. forwards the CVV or iCVV results to acquirers that have chosen
to receive them. In any event, acquirers must not forward any code in this field to
merchant terminals.
The valid codes for dCVV verification are space or not present, 1 (fail), or 2 (pass).
Positions:
1–2 3–6
Length CVV Displacement CVV2 Value with Leading Zero
Byte 1 Bytes 2–5 Bytes 6–7
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25-3
25.1 In Brief
A Card Verification Value 2 is a 3-digit security number. The Card Verification
Value 2 (CVV2) Service is a card verification tool designed to reduce fraud losses on
card-not-present and card-present transactions including manual key-entered transactions.
In addition to deterring fraud, the CVV2 Service also provides issuers with enhanced
risk protection by:
• Checking cardholder address changes requested by phone.
• Preventing account fraud.
• Verifying new card activations.
Clients can use the CVV2 number to verify that a genuine Visa card is present during a
transaction. The CVV2 is calculated using a secure cryptographic process and a key
known only to the issuer and to Visa.
Participating merchants manually enter the CVV2 numeric value for verification by the
V.I.P. System, by the issuer, or by both. V.I.P., the issuer, or both, verify the CVV2 and return
the CVV2 results code to the merchant. Depending on the region, VisaNet supports CVV2
verification-only requests with a zero transaction amount.
All Visa cards (including emergency replacement cards) must carry the CVV2 security
number.
BASE I
SMS The CVV2 Service is available both to BASE I System users and to Single
Message System (SMS) users.
I All issuers can participate in the CVV2 Service if their region supports the
service. All issuers in the Visa U.S.A. (U.S.) region and in the United Kingdom
(U.K.) must participate in the CVV2 Service.
Issuer
A All acquirers can participate in the CVV2 Service if their region supports the
service.
Acquirer
To verify the CVV2, V.I.P. uses the DES key and other CVV2 parameters provided by
participating issuers to calculate the CVV2 value and then compares it to the CVV2 on
the card. If V.I.P. or the issuer generates a CVV2 “no match” result, V.I.P. assigns CVV2
result code N—No Match to the transaction. V.I.P. forwards the results to the issuer.
The issuer optionally may recheck the CVV2 and return another CVV2 result code or
may rely solely on the V.I.P. CVV2 result and return the CVV2 result code along with
the appropriate response code.
If the request meets all the verification-only field requirements, and field 4 contains
an amount other than zero, STIP ignores the amount and, if the request is successful,
responds with a value of 85 (no reason to decline) in field 39.
Issuers may also use the CVV2 Service for the following purposes:
• To enhance the effectiveness of voice referrals.
• To prevent account takeover fraud, to activate cards, and for address changes.
Issuers can perform their own CVV2 verification, can have V.I.P. verify the CVV2 for them,
or can do both. If V.I.P. performs the verification, it verifies the CVV2 before it passes
the authorization request to the issuer or to the V.I.P. stand-in processor (STIP). If V.I.P.
performs the verification and it is successful, it processes the CVV2 transaction normally
and approves or declines it based on all other conditions of the transaction. Issuers can
choose to have V.I.P. check the CVV2 in all CVV2-eligible authorization requests.
IMPORTANT
In the Visa U.S.A. (U.S.) region, if a merchant sends the CVV2 in the authorization request and the issuer
has not successfully completed testing for the CVV2 Service, the issuer should not use Chargeback Reason
Code 61—Fraudulent Mail/Telephone Order Transaction, if the transaction is fraudulent.
Acquirers have representment rights if an issuer tries to charge back a transaction using reason code 61.
Acquirers receive CVV2 Result Code U—Untested Issuer to indicate that the issuer is unavailable, is not a
CVV2 Service participant or has not provided Visa with its encryption keys. Acquirers should retain the result
code to ensure their representment rights.
25.4.3 Testing
Visa requires testing for CVV2 Service participation. The VisaNet Certification Management
Service (VCMS) provides testing assistance for CVV2 Service participants. Clients can
contact their Visa representatives to make the arrangements.
• Demonstrate the ability to correctly receive all of the CVV2 fields in 0100 BASE I
authorization requests and in 0200 SMS financial requests.
• Demonstrate the ability to transmit the new CVV2 field values in 0110 BASE I
authorization responses and in 0210 SMS response messages.
• Conduct testing with processor-provided account numbers, card expiration dates, and
CVV2 values.
• Demonstrate the capability to generate and to send response code N7 in
Field 39—Response Code.
• Demonstrate the ability to receive advices when V.I.P. sends a transaction to STIP.
• Test that the CVV2 keys provided to Visa are correct.
NOTE
In addition, issuers in the U.S. region must demonstrate the ability to calculate the CVV2 correctly for each
issuer BIN (or BIN range) that has the same keys by submitting test account numbers to Visa.
The issuer's processor must first pass the processor CVV2 testing before it can begin
the BIN-level testing. After a successful BIN testing, an issuer BIN moves directly to
CVV2-participating status.
IMPORTANT
V.I.P. does not perform CVV2 verification on transactions when issuers are unavailable, do not meet the testing
criteria, or have not provided Visa with their CVV2 encryption keys. Instead, V.I.P. sets the CVV2 result code
to U (issuer is unavailable, has not successfully completed testing, or has not provided Visa with its encryption
keys), in the authorization request message if the processorhas successfully completed testing to receive the
CVV2 fields but this issuer has not established CVV2 keys for the BIN.
V.I.P. always overwrites any CVV2 result code sent in the response message from an issuer with code U when
there are no CVV2 keys at Visa for that issuer's BIN.
Visa does not require BIN-level testing for acquirers. Acquirer processors must
demonstrate the ability to:
• Correctly transmit Field 126.10—CVV2 Authorization Request Data in 0100 and 0200
authorization request messages and receive Field 44.10—CVV2 Result Code in 0110 and
0210 response messages.
• Conduct online testing with manually keyed transactions using Visa-provided scripts,
test account numbers, card expiration dates, and CVV2 values.
• Accept response code N7 in field 39.
Acquirers that participate in the CVV2 Service must modify V.I.P. authorization request and
response message formats to support the service.
Issuers can optionally generate response code N7 (declined for CVV2 no match). Issuers
should always return field 44.10. Additionally, 0120 and 0220 STIP advices include
field 126.10 and field 44.10. Advices also include the CVV2 failure response code in
field 39 when STIP processes a CVV2 that fails verification.
Clients establishing their CVV2 encryption keys on their cards for the first time need to
consult and follow the CVV2 encryption standards in the Payment Technology Standards
Manual.
Issuers should work with their Visa representatives to establish the required CVV2
parameters.
Issuers can use the same indent module both for Visa products and for MasterCard
products. If an issuer currently prints a CVV2 (called a Card Verification Code 2 [CVC2]
by MasterCard) on its MasterCard cards, it must use the same location and font for its
CVV2 on its Visa cards.
Refer to the Payment Technology Standards Manual for documentation about the physical
characteristics of the CVV2 and about CVV2 calculation. For detailed card standards,
refer also to Visa Core Rules and Visa Product and Service Rules.
Acquirers can contact their Visa representatives for terminal specification changes related
to CVV2. For additional documentation about terminal changes, refer to Visa International
Acquirer Services, External Interface Specifications, Second Generation Authorization Record
Formats, EIS1080-v5.6.
During stand-in processing, V.I.P. does not return field 126.10 in response messages.
V.I.P. rejects response messages from issuers that return field 126.10 with reject code 0518
(the message contains an invalid field).
If V.I.P. performs the verification, the Visa Security Module (VSM) verifies the CVV2 before
V.I.P. passes the authorization request to the issuer or to STIP. The issuer optionally may
recheck the CVV2 and return another CVV2 result code or may rely solely on the V.I.P.
CVV2 result and return the CVV2 result code along with the appropriate response code.
V.I.P. applies the issuer service selections for CVV2–based authorization requests to
verification-only requests.
When merchants receive CVV2 Result Code N—No Match, they have three options.
They can:
• Reject the transaction.
• Ask again for the CVV2 to obtain a match.
• Accept the transaction and the associated risk.
NOTE
VisaNet requires a full reversal if the merchant receives an approval response with a CVV2 value of N in
field 44.10 and does not want to conclude the transaction with the cardholder.
V.I.P., the issuer, or both, use the following data elements to compute the CVV2:
• Primary account number (PAN)
• Expiration date
• Three zeros, used as the service code value element in the calculation
V.I.P. or the issuer encrypts the three data elements using a DES algorithm and a Card
Verification Key (CVK) pair. This process determines the 3-digit CVV2 value.
The CVV2 calculation uses the Data Encryption Standard (DES) algorithm defined by the
National Institute of Standards and Technology (NIST) (formerly, the U.S. National Bureau
of Standards). The standard algorithm requires a 128-bit cryptographic key consisting of
two 64-bit DES keys, each having odd parity and constructed according to the standards
in the Payment Technology Standards Manual.
NOTE
Clients establishing their CVV2 encryption keys and printing CVV2s on their cards for the first time need to
consult and follow the CVV2 encryption standards in the Payment Technology Standards Manual.
Visa requires issuers using new CVV2 encryption keys (or using CVV2 keys that are
different from those used for their CVV program) to submit those keys to Visa on a Key
Conveyance Form. The Payment Technology Standards Manual explains the generation
and conveyance of keys.
When Visa does not have the CVV2 encryption keys for an issuer, V.I.P. sends CVV2 result
code U (untested issuer) to the acquirer in Field 44.10—CVV2 Result Code.
For ease of implementation, Visa recommends that issuers use the same encryption keys
for CVV2 that they use for CVV.
IMPORTANT
Visa mandates the following security precautions for CVV2 keys.
• Issuers must not use the same verification keys for CVV2 as those they use for PIN
Verification Values (PVVs) with the PIN Verification Service (PVS). If the common keys are
compromised, it would affect both the issuer's PVVs and its CVV2s.
• Issuers must keep the CVK pair secret and unknown, in their entirety, to any person.
If issuers know or suspect the unauthorized disclosure of a CVK pair, they should replace
the CVK pair immediately. Issuers should reissue cards with the CVV2 values generated
using the potentially compromised keys as soon as possible. When issuers have reissued
all such cards, they should invalidate the potentially compromised CVK pair.
To facilitate changing an issuer's CVK pair for any reason, V.I.P. supports multiple CVK pairs
for each issuer. V.I.P. can support two CVK pairs online.
Similar to any DES-based scheme, the security of the output value depends on the
secrecy of the DES keys.
Issuers can reverify the CVV2 results received from V.I.P., by recalculating and generating a
CVV2 result code or can accept and use the result code generated by V.I.P. Issuers can
send back any CVV2 result code in the response message to the acquirer and return any
response code. Visa recommends that issuers use the CVV2 result code as a component
along with other factors when determining an authorization response. If the issuer's
processor is not available, STIP can perform CVV2 verification. In the U.S. region, all issuers
must select the CVV2 ALL processing option.
STIP responds to successful CVV2 verification-only requests with code 85 (no reason
to decline) in field 39 and a valid value in field 44.10. V.I.P. then processes the CVV2
transaction normally and approves or declines it based on all other conditions of the
transaction.
NOTE
The CVV2 response code STIP assigns depends on the hierarchy of response codes; higher priority failure
reasons may override the CVV2 failure response code.
STIP creates advices for messages that fail CVV2 verification, indicating that STIP detected
a CVV2 verification failure. Advices include the CVV2 in field 126.10, the CVV2 result code
in field 44.10, and the CVV2 failure response code in field 39 when STIP generates CVV2
Result Code N—No Match. For BASE I issuers, advice-generation is subject to the advice
limits specified by the issuer. STIP only sends advices with CVV2 fields to issuers that have
successfully completed testing to receive the CVV2 fields.
Participating issuers that select the CVV2 ALL option must supply Visa with two CVV2
failure response codes to use for messages that fail CVV2 verification when the issuer is
unavailable. STIP responds to the acquirer using one of the two CVV2 failure response
codes selected by the issuer. The code STIP uses depends on the CVV2 response type
option indicated by the merchant.
Acquirer Issuer
Encryption
Keys
Tested Tested Provided V.I.P. Processing
No Yes Yes V.I.P. does not pass any CVV2 data to the issuer.
Yes Yes Yes V.I.P. performs CVV2 verification and passes the CVV2 result to the issuer.
If the issuer selects the CVV2 NONE option, V.I.P. inserts code P in field 44.10
and passes the transaction to the issuer. The issuer can override this value
regardless of the processing option it selects. V.I.P. returns the value received
from the issuer to the acquirer unchanged.
Yes No Yes V.I.P. inserts code U in field 44.10 and returns this code to the acquirer at
the acquirer's option.
Yes Yes No V.I.P. passes the CVV2 data provided by the acquirer to the issuer. If the issuer
returns a CVV2 result code, V.I.P. overrides the result code. V.I.P. inserts code U
in field 44.10 and returns this code to the acquirer at the acquirer's option.
Yes No No V.I.P. inserts code U in field 44.10 and returns this code to the acquirer at
the acquirer's option.
• If a participating tested issuer provides Visa with its CVV2 encryption keys, V.I.P. verifies
the CVV2 value and passes the CVV2 result in the request to the issuer for the approval
or decline decision. Code M in field 44.10 indicates a match. Code N indicates no
match. For the response, the issuer can override the V.I.P.-assigned result code with a
different code (M, N, P, or S). Code S indicates that verification was unsuccessful and
the message should have contained a CVV2 value. V.I.P. forwards field 44.10 to the
acquirer as it was received from the issuer. Otherwise, V.I.P returns the V.I.P.-assigned
code in the response to the acquirer.
• If a participating issuer selected the CVV2 NONE service option but provides Visa with
its CVV2 encryption keys, V.I.P. inserts code P (not processed) in field 44.10 of the 0100,
0200, 0120, or 0220 request message, and forwards the request to the issuer for the
approval or decline decision. For the response, the issuer can override the V.I.P.-assigned
result code with a different code (M, N, P, or S); V.I.P. forwards field 44.10 to the
acquirer as it receives it from the issuer. Otherwise, V.I.P. returns code P in field 44.10
in the response to the acquirer.
- If the issuer is unavailable, V.I.P. forwards the request to STIP, which returns code P in
field 44.10 in the response to the acquirer.
• If an issuer is not a CVV2 service participant, or has not provided Visa with its CVV2
encryption keys, V.I.P. inserts code U in field 44.10 of the 0100, 0200, 0120, or 0220
request message, and passes the message to the issuer for the approval or decline
decision. If the issuer overrides result code U with a different code (M, N, P, or S),
V.I.P. restores the value of U in field 44.10 before it forwards the message to the acquirer.
The acquirer only receives code U in field 44.10 when STIP has responded to an
issuer-unavailable request and the issuer has not successfully completed testing or has
not provided Visa with its encryption keys.
Because the expiration date in Field 14—Date, Expiration determines which key to use,
CVV verification requires field 14. When a tested acquirer submits an authorization
request and does not supply the expiration date, V.I.P. edits the transaction. If the
transaction passes all tests, V.I.P. inserts code P or code U in field 44.10 and forwards
the request to the issuer for further processing. When the expiration date is missing,
V.I.P. uses code P if the issuer has successfully completed testing and has provided Visa
with encryption keys. It uses code U if the issuer has not successfully completed testing
or did not provide Visa with keys.
In addition to the CVV2 data in field 126.10, a CVV2 verification-only request must
include a zero transaction amount in Field 4—Amount, Transaction, and include code 51
in Field 25—Point-of-Service Condition Code (request for account number and CVV2
verification without authorization). Successful verifications result in the response message
containing a valid value in field 44.10 and response code 85 (no reason to decline a
request for account number verification or address verification) in field 39.
and SMS issuers. GCCS uses an 0600 administrative message to request the CVV2 for the
emergency replacement card. Refer to the field 48 description in “Key Fields Glossary for
CVV2 Emergency Replacement” in this chapter for more information.
VisaNet supports CVV2 emergency replacement for Visa Electron cards in the following
regions:
• Visa Europe (VE, Region 3)
• Asia Pacific (AP, Region 4)
• Latin America and Caribbean (LAC, Region 5)
• Central and Eastern Europe, Middle East, and Africa (CEMEA, Region 6)
VisaNet cannot process CVV2 emergency replacements for Visa Electron card issuers in
the U.S. region (region 1) or in the Visa Canada region (region 2).
Error
Code System Description Length
1000 BASE I ERC participation flag not on for source station. 02
1002 BASE I and SMS Invalid card product. 02
1004 BASE I, SMS Required CVV or CVV2 data is not present in system tables (start 02
dates, keys, and so forth).
1005 BASE I, SMS Error returned from security module. 02
1006 BASE I, SMS Security module could not be accessed. 02
1008 BASE I, SMS Expiration date before CVV start date. 02
1009 BASE I, SMS Invalid account number (not in valid range). 02
transactions, field 126.10 contains the CVV2 and the VisaNet Gateway transfers it to
DE 48.92 in the Banknet-format request message to the MasterCard issuer.
P = Not processed
U = Issuer unregistered
In Malaysia, the Visa CVV2 Service is available for MasterCard CVC2 transactions.
The CVC2 is the MasterCard equivalent of the Visa CVV2; Visa and MasterCard use the
same CVV2 algorithm. Issuers must supply Visa with MasterCard CVC2 keys if they want
VisaNet to verify the CVC2. Field 32—Acquiring Institution Identification Code must
contain the acquirer's Visa BIN that signed the MasterCard-accepting merchant that
participates in the service.
American Express does not use field 44.10; acquirers receive only the field 39 response
code.
In responses, V.I.P. converts the American Express code to a corresponding Visa code
before it forwards the message to the acquirer.
The fee program covers credit, deferred-debit, and direct-debit account usages:
• Credit—A credit card offers the cardholder a line of credit, specific to that credit card
account, and the ability to revolve part of any outstanding balance, or all of the
outstanding balance, on the credit card account during each statement cycle.
• Deferred Debit—A deferred debit or charge card is linked to an account whereby:
- VisaNet accumulates the transactions with other transactions on a deferred basis.
- VisaNet issues a statement.
- The cardholder pays the account in full.
NOTE
For cardholders that have the option to revolve credit on the account, issuers should report the details as a
credit card program, not as a deferred debit card program.
• Direct Debit—A direct (immediate) debit card is linked to a current (or deposit access)
account from which a transaction is debited immediately (within a maximum of two
working days) on receipt of the transaction by the issuer.
Table 25-3 shows the key data requirements and the fee program edit criteria for the
CVV2 CNP fee program.
Table 25-3 CVV2 Key Data Requirements and Fee Program Edit Criteria
Accordingly, Figure 25-1 illustrates both the process flow and the message flow.
CVV2-Certified CVV2-Certified
CNP Merchant Acquirer V.I.P. Issuer
For clients that do not participate in CVV2 pass-through processing and have not
successfully completed testing to receive data in field 126.10, V.I.P. drops field 126.10
before forwarding the message with the magnetic-stripe data to the issuer. This action
applies to BASE I transactions only.
Clients that choose to use CVV2 pass-through processing identify participation at the BIN
level. Visa does not require them to participate in the CVV2 Service.
Issuers can also generate response code N7 when the merchant indicates that the
Visa card has no CVV2 printed on it (CVV2 presence indicator contains 9) and the
issuer knows that the card was imprinted with a CVV2. Issuers can return CVV2 Result
Code S—CVV2 Should Be on the Card But the Merchant Has Indicated That CVV2 Is
Not Present in subfield 44.10.
When the merchant receives response code N7, the merchant has the option of
declining the transaction, or of resubmitting the authorization request with a different
CVV2 value or with no CVV2.
Subfield 44.10—CVV2 Result Code (Request Message)—If the issuer has provided
Visa with its CVV2 encryption keys, V.I.P. verifies the CVV2 for participating issuers that
select the CVV2 ALL processing option and passes subfield 44.10 to the issuer in the
appropriate BASE I and SMS 0100, 0200, 0120, or 0220 messages.
or because not all of the information needed to verify the CVV2 value (such as the
expiration date) was included in the request.
• S—CVV2 should be on the card: Indicates that V.I.P. or the issuer was unable to
perform CVV2 verification and notifies the merchant that the card should contain
a CVV2 value.
• U—Issuer is not available, does not participate in the CVV2 Service, or participates
but has not provided Visa with encryption keys: Indicates that the issuer is not
participating in the CVV2 Service or has not provided Visa with encryption keys
needed to perform verification, or that STIP has responded to an issuer-unavailable
response.
CVV2 verification requires the card's expiration date. When a tested acquirer submits
an authorization request that does not include an expiration date, V.I.P. performs edit
checks on the transaction. If the transaction passes all tests, V.I.P. inserts code P in
subfield 44.10 and forwards the request to the issuer for further processing. If the
issuer can access the expiration date for the card from its systems, the issuer may
be able to calculate the CVV2.
The following rules apply for setting the CVV2 result code if the acquirer does not
provide the expiration date:
• If the issuer has successfully completed testing and has provided Visa with the
encryption keys, V.I.P. inserts code P in subfield 44.10.
• If the issuer is unavailable, has not successfully completed testing, or has not
provided Visa with the encryption keys, V.I.P. inserts code U in subfield 44.10.
Subfield 44.10—CVV2 Result (Response Message)—If the issuer decides to override
the result sent from V.I.P., the issuer must return code M, N, P, or S in subfield 44.10.
If the issuer returns an invalid code, V.I.P. rejects the response back to the issuer with
reject code 0149 and returns the V.I.P. result code in subfield 44.10 to the acquirer.
If the issuer does not override the V.I.P. CVV2 result code in subfield 44.10, V.I.P. returns
the V.I.P. CVV2 result code to the acquirer if the merchant has requested that V.I.P.
return subfield 44.10 in the response message.
IMPORTANT
If the issuer is not available, does not participate in the CVV2 Service, or has not sent Visa its CVV2
encryption keys, V.I.P. always returns CVV2 result code U to the acquirer, even if the issuer tries to override
the V.I.P. CVV2 result code in subfield 44.10. This processing also applies to non-Visa products such
as American Express.
The merchant has the option of receiving subfield 44.10 in the authorization response.
If the merchant has indicated that V.I.P. is not to return subfield 44.10 (CVV2 response
type = 0), V.I.P. removes subfield 44.10 from the authorization response.
American Express—As indicated in the above note, American Express CID processing
does not use field 44.10.
Table 25-4 describes Subfield 126.10—CVV2 Authorization Request Data in field 126.
Positions:
1–2 3–6
Length CVV Displacement CVV2 Value With Leading Zero
Byte 1 Bytes 2–5 Bytes 6–7
See “Table 25-2” in this chapter for a list of the CVV2 error codes.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26-3
26.1 In Brief
The CAVV Verification Service is part of a suite of services available through Verified by
Visa (VbV). VbV enhances the security of Internet purchases cardholders make with Visa
cards. The service allows issuers to register cardholders for the service and to authenticate
the cardholder as the owner of the card account when the cardholder makes an online
purchase at a participating merchant location. For information about VbV, refer to the Visa
Secure Electronic Commerce (VSEC) With Verified by Visa (3-D Secure) chapter in Volume 1.
The Cardholder Authentication Verification Value (CAVV) Verification Service provides the
functionality to verify that the Cardholder Authentication Verification Value (CAVV) that an
acquirer submits in a Verified by Visa (3-D Secure) authorization message matches the
CAVV generated by the Visa Access Control Server (ACS) or by an issuer's ACS during
authentication.
The outcome of the CAVV validation determines the type of transaction, either
authentication, authentication attempt (attempt), or non-secure. Liability shifts when V.I.P.
classifies a transaction as an authentication or an attempt.
Issuers can optionally have V.I.P. verify the CAVV on their behalf.
BASE I
The CAVV Verification Service is available both to BASE I System users and to
SMS
Single Message System (SMS) users.
Issuer
Acquirer
The CAVV Verification Service begins when the acquirer submits the authorization or full
financial message and includes the CAVV that the issuer or V.I.P. generated during the
VbV phase in the request. When the CAVV is present in the transaction, the issuer or V.I.P.
verifies that the CAVV in the message matches the CAVV generated during the Verified by
Visa phase. If the CAVV passes verification, the transaction has protection from certain
chargebacks should disputes arise later.
When the issuer or V.I.P. completes the CAVV validation process, it populates the results
of the validation in Field 44.13—CAVV Results Code. The value in this field indicates the
outcome of the validation, which entity performed the validation, and the classification of
the transaction (either authentication, attempt, or non-secure).
To validate the CAVV, the issuer or V.I.P. uses Data Encryption Standard (DES) keys
and other CAVV parameters to calculate the CAVV and then compares it to the CAVV
generated by the appropriate ACS. Issuers that choose to have V.I.P. perform verification
on their behalf must provide Visa with their DES keys.
Visa offers two CAVV Verification Service processing options to issuers that participate in
Verified by Visa—authentication and attempt.
Authentication—With this option, the issuer is a full participant in the service and has
cardholders enrolled in Verified by Visa. Visa classifies transactions as authentication
transactions when the acquirer, the issuer, and the cardholder all participate in Verified by
Visa.
Attempt—With this option, the issuer or V.I.P. generates a CAVV for attempted
transactions. Visa classifies transactions submitted by a participating acquirer as attempt
transactions when either the issuer or the cardholder does not participate in Verified
by Visa. Liability shifts for these types of transactions. This option is mandatory in
some regions.
Both options allow issuers to select a predefined process by which VisaNet is to process
their transactions both in Normal mode and during stand-in processing (STIP):
All CAVV Verification Results to the Issuer Option—With this option, VisaNet performs
all validations on the issuer's behalf and forwards all status results of transactions to
the issuer.
Issuer Supports Own CAVV Verification Option—With this option, VisaNet forwards
the transactions to the issuer to perform validation. The issuer returns the status results
in the response message.
Depending on the region, VisaNet assesses interchange reimbursement fees (IRFs) based
on the CAVV Verification Service classification of the e-commerce transactions.
The CAVV Verification Service supports both magnetic stripe Visa cards and Visa Smart
Debit/Smart Credit (VSDC) cards.
26.4.4 Testing
Visa must test that participants can send or can receive the following fields:
• Field 44.13—CAVV Results Code
• Field 60.8—Mail/Phone/Electronic Commerce and Payment Indicator (for BASE I)
Participating acquirers must modify their systems to submit the required Verified by Visa
data and to receive the CAVV results code field.
For more information about required Verified by Visa fields, refer to Table 26-1 in this
chapter.
When the issuer or V.I.P. completes the validation process, it populates Field 44.13—CAVV
Results Code. For information about valid values, refer to V.I.P. System BASE I Technical
Specifications, Volume 1 and Volume 2, and to V.I.P. System SMS POS (Visa & Visa Electron)
Technical Specifications, Volume 1 and Volume 2.
Acquirers include the CAVV and an electronic commerce indicator (ECI) in BASE I and SMS
0100 authorizations and in SMS 0200 full financial requests. Table 26-1 lists the key fields.
Acquirers determine the appropriate ECI value to submit in BASE I messages (field 60.8)
and in SMS messages (field 63.6) as follows:
• 05 or 5: the authentication was successful.
• 06 or 6: the merchant or the acquirer tried to authenticate the transaction. Either the
issuer or the cardholder is not enrolled in Verified by Visa.
• 07 or 7: the issuer or V.I.P. could not perform the authentication.
NOTE
ECI codes 08 or 8 and 09 or 9 are invalid for Verified by Visa transactions.
Table 26-2 CAVV Verification Service Processing Under Normal and STIP
Conditions for Full Authentication Transactions
Option and
Description V.I.P. Processing
Authentication Options—Normal Mode Processing
Authentication V.I.P. processes transactions as follows:
option 1: Standard • If CAVV ACS result = 0 (successful) and:
Issuer CAVV Service - CAVV validation fails, V.I.P. declines the transaction with Response
Code 05—Do Not Honor.
V.I.P.: - CAVV validation is successful, V.I.P. forwards the transaction to the
• Performs all CAVV issuer with CAVV Results Code 2—CAVV Passed Validation.
validations on the • If CAVV ACS result = 5 (authentication attempted, not able to
issuer's behalf. complete):
• Declines - V.I.P. forwards the transaction to the issuer with CAVV Results
transactions when Code 0—CAVV Not Validated Due to Erroneous Data Submitted.
CAVV validation • If CAVV ACS result = 9 (failed):
fails. - V.I.P. forwards the transaction to the issuer with CAVV results code 0.
• Forwards status
results in
transactions that
it did not decline to
the issuer.
Authentication V.I.P. processes transactions as follows:
option 2: All CAVV • V.I.P. validates the CAVV submitted in the transaction.
Verification Results to • V.I.P. forwards all CAVV validation results to the issuer with the
Issuer appropriate code in the CAVV results code field.
V.I.P.:
• Performs CAVV
validation on the
issuer's behalf.
• Forwards all CAVV
validation results to
the issuer.
Authentication The issuer does not provide Visa with its CAVV DES key(s). V.I.P. does not
option 3: Issuer perform CAVV validation. V.I.P. processes the transaction according to
Supports Own CAVV the existing issuer STIP parameters and either declines all transactions
Verification that contain a CAVV or ignores the presence or content of field 126.9.
V.I.P.:
• Does not validate
the CAVV for the
transaction.
• Forwards the CAVV
fields to the issuer
for the issuer to
perform CAVV
validation.
• Forwards the XID,
if present, to the
issuer.
Table 26-2 CAVV Verification Service Processing Under Normal and STIP Conditions
for Full Authentication Transactions (continued)
Option and
Description V.I.P. Processing
Authentication Options—STIP Processing
For Authentication V.I.P. processes transactions as follows:
options 1 and 2: • If CAVV ACS results code = 0, V.I.P.:
- Declines the transaction with response code 05 if the transaction
Issuers must establish contains CAVV data in field 126.9.
CAVV DES keys at Visa. - Returns the CAVV results code value in response and advice
messages.
or
- Ignores the presence and the content of field 126.9 and responds
based on existing issuer STIP parameters.
- Returns the CAVV results code value in response and advice
messages.
• If CAVV ACS results code = 1, depending on issuer parameters, V.I.P.:
- Declines the transaction with response code 05.
- Returns the CAVV results code value in response and advice
messages.
or
- Ignores the presence and the content of field 126.9 and responds
based on existing issuer STIP parameters.
- Returns the CAVV results code value in response and advice
messages.
• If CAVV ACS results code = 2, V.I.P.:
- Processes the transaction based on existing issuer STIP parameters.
- Returns the CAVV results code in response and advice messages.
For Authentication If issuers do not establish DES keys at Visa, V.I.P. cannot validate the
option 3: Issuer CAVV. V.I.P. processes the transactions according to the issuer's option.
supports own CAVV The options are:
verification. (Visa does • Decline all transactions that contain CAVV data in field 126.9 with
not require issuers to response code 05.
establish CAVV DES • Ignore the presence and the content of field 126.9 and respond based
keys at Visa.) on existing issuer STIP parameters.
NOTE: If issuers establish CAVV DES keys at Visa, V.I.P. processes transactions
Issuers can choose to
using the STIP processing rules for Authentication options 1 and 2.
establish CAVV DES
keys at Visa.
Table 26-3 summarizes the issuer CAVV Verification Service processing and STIP options
for attempt transactions.
Option and
Description V.I.P. Processing
Attempt Options—STIP Processing
Attempt Options—Normal Mode Processing
Attempt option 1: V.I.P. processes transactions as follows:
Standard • If CAVV ACS result = 7 (authentication attempt) and:
Decline/Failure - CAVV validation fails, V.I.P. declines the transaction with response
code 05 and returns CAVV results code 4 or 7.
V.I.P.: - CAVV validation is successful, V.I.P. forwards the transaction to the
• Performs all CAVV issuer with CAVV results code 3 or 8.
validations on the • If CAVV ACS result = 8 (authentication attempted, not able to complete
issuer's behalf. because issuer ACS is unavailable) and:
• Declines - CAVV validation fails, V.I.P. declines the transaction with response
transactions when code 05 and returns CAVV results code 9.
CAVV validation - CAVV validation is successful, V.I.P. forwards the transaction to the
fails. issuer with CAVV results code A.
• Forwards status
results in NOTE:
transactions that Only the Visa U.S.A. (U.S.) region uses CAVV ACS results code 8.
it did not decline
to the issuer.
Attempt option 2: V.I.P. processes transactions as follows:
All CAVV Verification • V.I.P. validates the CAVV submitted in the transaction.
Results to Issuer • V.I.P. forwards all CAVV validation results to the issuer with the
appropriate CAVV results code.
V.I.P.:
• Performs CAVV
validation on the
issuer's behalf.
• Forwards all CAVV
validation results to
the issuer.
Attempt option 3: V.I.P. processes transactions as follows:
Issuer Supports Own • If CAVV ACS result = 7 (authentication attempt):
CAVV Verification - V.I.P. forwards the CAVV and the XID fields to the issuer to perform
CAVV validation.
V.I.P.: - Issuers validate the CAVV based on the CAVV calculation method
• Does not validate specified in the 3-D Secure protocol. Issuers return the results of
the CAVV for the CAVV validation in the CAVV results code field in response messages.
transaction. • If CAVV ACS result = 8 (authentication attempted, not able to complete
• Forwards the CAVV because issuer ACS is unavailable) and:
field to the issuer - CAVV validation fails, V.I.P. declines the transaction with CAVV results
for the issuer to code 9.
perform CAVV - CAVV validation is successful, V.I.P. forwards the transaction to the
validation. issuer with CAVV results code A.
• Forwards the XID,
if present, to the NOTE:
issuer. Only the Visa U.S.A. (U.S.) region uses CAVV ACS results code 8.
Table 26-3 CAVV Verification Service Processing and STIP Options Summary
for Attempt Transactions (continued)
Option and
Description V.I.P. Processing
Attempt Options—STIP Processing
For Attempt options 1 V.I.P. processes transactions as follows:
and 2: Participating • If CAVV ACS result = 7 (authentication attempt) and:
issuers can establish - CAVV validation fails, V.I.P. declines the transaction with response
attempt CAVV DES code 05 and returns CAVV results code 7.
keys at Visa. - CAVV validation is successful, V.I.P. does not forward the CAVV
results code to the issuer. V.I.P. processes the transaction using
processing rules according to the transaction characteristics and to
issuer-specified STIP processing parameters.
- V.I.P. returns the CAVV results code in response and advice messages.
• CAVV ACS result = 8 (authentication attempted, not able to complete
because issuer ACS is unavailable) and:
- CAVV validation fails, V.I.P. declines the transaction with response
code 05 and returns CAVV results code 9.
- CAVV validation is successful, V.I.P. does not forward the CAVV
results code to the issuer. V.I.P. processes the transaction using
processing rules according to the transaction characteristics and to
issuer-specified STIP processing parameters.
- V.I.P. returns the CAVV results code in response and advice messages.
NOTE:
Only the Visa U.S.A. (U.S.) region uses CAVV ACS results code 8.
For BASE I, if the issuer's selected CAVV Attempt or Authentication option in the Customer
Online Repository (CORE) is F or V, V.I.P. forwards the field 44.13 CAVV result code in the
request to the issuer. If the issuer responds with a code other than the one it received,
V.I.P. overrides the issuer's result code with its own before it sends the response to the
acquirer.
The following types of transactions are not eligible for chargeback protection:
• Transactions using “anonymous” cards, such as gift cards and prepaid cards
• Transactions conducted in New Channels or in other devices that do not use a standard
Hypertext Markup Language (HTML) browser to process an authentication request
EXAMPLE
Any environment in which a cardholder initiates payment by a Cardholder-Access Device for electronic
commerce.
EXAMPLE
A cardholder uses a mobile phone to conduct a mail order or telephone order (MOTO) transaction.
Table 26-4 lists the chargeback reason codes for which issuers cannot submit chargebacks
of authentication or attempt transactions.
Table 26-4 Chargeback Reason Codes the CAVV Verification Service Does Not Allow
Reason
Code Description International U.S.
23 Invalid travel and entertainment (T&E) transactions
61 Fraudulent mail order or telephone order (MOTO) or
electronic commerce transaction
75 Cardholder does not recognize transaction
83 Non-possession of card (fraudulent) transaction
Issuers can charge back an e-commerce transaction if V.I.P. or the issuer generated the
CAVV during the Verified by Visa phase, but the merchant or the acquirer does not submit
the CAVV in the authorization request.
When a CAVV and a CVV2 are present, V.I.P. validates the CAVV first:
• If the CAVV validation is successful, V.I.P. verifies the CVV2, and forwards both results
to the issuer and to the acquirer in the response. (The CVV2 result is contained in
field 44.10; the CAVV result is contained in field 44.13).
• If the CAVV validation fails, CAVV Verification Service rules apply:
- If the issuer specifies that V.I.P. is to decline all transactions that fail the CAVV check,
V.I.P. declines the transaction without verifying the CVV2.
- If the issuer specifies that V.I.P. is to forward all results to the issuer regardless of
the outcome, V.I.P. validates the CVV2 and includes both field results in the request
to the issuer.
NOTE
If the issuer approves the authorization request that contains a successful CAVV result, the issuer may not
submit a chargeback for reason code 23 (T&E—invalid transaction) or 61 (fraudulent mail order or telephone
order transaction).
Merchants or acquirers supply field 25, and Visa requires the field in:
• Authorization requests, reversals, and advices
• Full financial requests, reversals, and advices
• Merchandise credits and advices
VisaNet returns the field in responses.
Authentication—The cardholder, the acquirer, and the issuer all participate in Verified
by Visa.
Non-Secure—Both the acquirer and the issuer do not participate in Verified by Visa.
The issuer or V.I.P. populates this field in authorization and full financial responses.
BASE I drops field 60.8 if the issuer has not successfully completed testing to receive it.
Visa no longer requires this field in e-commerce transactions in some regions. When
required, merchants or acquirers supply this field, and it appears in 0100 authorization
requests and in 0200 financial requests. VisaNet does not return it in 0110 or 0210
responses. Reversals do not use this field.
Merchants or acquirers supply this field, and it appears in 0100 authorization requests
and in 0200 financial requests. VisaNet does not return it in 0110 or 0210 responses.
NOTE
Field 126.9 is an optional field for SMS quasi-cash 0100 transactions.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27-3
27.1 In Brief
Custom Payment Service (CPS)/ATM is an incentive program that provides accurate
settlement and improved management of cardholders' accounts through better matching
of messages, from authorization through clearing, using a unique transaction identifier
(TID).
In addition, CPS/ATM ensures more timely delivery of clearing records by acquirers and
reduces exception item processing by improving transaction integrity and life-cycle control.
NOTE
This service description applies only to international participants. Visa U.S.A. (U.S.) participants should see the
latest U.S. Interchange Reimbursement Fee (IRF) Rate Qualification Guide.
NOTE
Visa charges a special handling fee for international ATM transactions that are not submitted for CPS/ATM
consideration or that fail to meet CPS/ATM fee edit criteria. This special ATM handling fee is USD$5.00
and appears on the monthly Integrated Billing statement. The fee is not charged for a representment nor
returned to the acquirer for a chargeback. Additionally, a CPS/ATM transaction submitted for clearing after
the 3-calendar-day processing limit is not returned to the acquirer but is settled and assessed a minimum
special ATM handling fee of USD$5.00.
BASE I
SMS CPS/ATM is available both to BASE I System users and to Single Message
System (SMS) users.
Issuer
For issuers, CPS increases risk control and improves account balance management. Issuers
can accurately match a transaction's authorization and clearing messages using a unique
transaction identifier (TID) that is assigned by the Visa Integrated Payment (V.I.P.) System.
Transactions ineligible for CPS are described in the Visa Rules and include quasi-cash and
transactions submitted from certain “high-risk” merchants. Refer to the Visa Core Rules
and Visa Product and Service Rules for more information about high-risk merchants.
V.I.P. applies CPS processing rules by editing authorization and full financial requests
for specific field values. If, during the authorization phase, a request cannot qualify
because it fails an edit or a combination of edits, and if the failure of an edit does not
cause the message to be returned to the sender as a reject, V.I.P. assigns the request
a CPS downgrade reason code (DRC) that indicates which requirement was not met.
Downgraded requests can still be approved; non-CPS processing continues, assuming that
there are no conditions to cause an outright message reject.
For single-message transactions, SMS assigns the ACI or the DRC, and if the request
qualifies, clears the transaction according to CPS parameters. The requested incentive fee
is included with the 0200 financial request in Field 63.11—Reimbursement Attribute. In
the case of a POS BASE I acquirer and an SMS issuer, the acquirer conveys the incentive
fee information to the issuer in BASE II-generated 0220 deferred clearing advices.
27.3.2 CPS/ATM
Custom Payment Service (CPS)/ATM applies to international Visa or Plus transactions
that originate at an ATM at which the card and the personal identification number (PIN)
are present.
This service description describes the CPS/ATM incentive program processing requirements
for BASE I dual-message cash disbursement transactions.
To qualify for the CPS/ATM program rate, a transaction must have the following
characteristics:
• The request includes Track 2 magnetic stripe or chip card track data and a
cardholder-entered PIN. If Field 35—Track 2 Data in an authorization request or balance
inquiry does not contain the Track 2 magnetic stripe data, V.I.P. rejects the message with
reject code 0291 (field missing).
• The merchant category code (MCC) must be 6011 (ATM).
• The ATM location and the card acceptor information that are required in fields 41,
42, and 43, are present.
• The clearing transaction must include the ACI, the TID, and the validation code received
from V.I.P. with the authorization response.
• One authorization per clearing transaction is allowed.
• The authorization amount must match the clearing amount exactly.
• The transaction must clear within three days.
NOTE
The CPS/ATM rate structure can also be obtained using the Single Message System (SMS).
SMS processing is mandated for all ATM acquirers in the U.S. region and for all new ATM
acquirers in all regions. All existing ATM acquirers must successfully complete testing for
SMS or for CPS/ATM processing and thereby meet Tier II requirements.
International ATM transactions that do not meet these criteria lose all international cash
disbursement fees. International ATM transactions that do not qualify for SMS or for
CPS/ATM are assessed a minimum special ATM handling fee of USD$5.00.
Acquirers receive a cash disbursement fee if the transaction meets the Tier II business and
technical requirements. All SMS and dual message acquirers must meet the following
business and technical requirements.
Business Requirements:
• Provide the basic ATM cash withdrawal service and accept Visa cards and cards bearing
the Plus symbol.
• Comply with the applicable Visa Rules requirements, including but not limited to:
- Online reversal processing
- Authorization and clearing processing through the same network
- Acceptance of Visa and Plus cards encoded with an unrecognized service code
- No expiration date editing
• Use the V.I.P. System Multicurrency Service for authorization requests.
• Perform timely installation and use of the Visa and Plus routing tables for transaction
routing.
Technical Requirements:
• Participate in SMS or, for dual-message acquirers, participate in the CPS/ATM Service.
• Comply with the Visa international acquirer quality service standards.
• Participate in the Card Verification Value (CVV) Service. Plus authorization requests must
include code 05 or 90 in Field 22—Point-of-Service Entry Mode Code to be eligible
for CVV checking.
• Comply with customer account selection standards.
NOTE
To qualify for the Tier II fee, an acquirer must have completed the necessary service testing, demonstrating that
it meets business and technical qualifications (refer to regional Interchange Reimbursement Fee Guides for
ATM Cash Disbursement fee programs).
27.4.1 Testing
CPS/ATM testing is available for dual-message Visa/Plus international ATM acquirers and
issuers. Clients can contact their Visa representatives to make arrangements for testing.
If the issuer approves the non-qualified request, V.I.P. sets the ACI to N (not qualified),
inserts the appropriate DRC in field 62.3, and forwards the response to the acquirer. If the
issuer declines a qualified request, V.I.P. sets the ACI to N and adds downgrade reason
code NA to field 62.3.
5. The acquirer submits a clearing message to BASE II with a Requested Payment Service
(RPS), which specifies CPS/ATM. The clearing transaction contains the ACI, the TID,
and the validation code received from V.I.P. with the authorization response.
6. BASE II regenerates the validation code and validates that the key authorization fields
contained in the clearing transaction match those sent in the authorization request and
in the CPS fields received in the outgoing response. BASE II applies edits to ensure
that the transaction qualifies for CPS/ATM.
VisaNet then forwards the transaction to the issuer with the ACI, the TID, the TCR 5
record, and the RPS.
The issuer uses the TID to match the clearing transaction to the authorization.
27.6.1 Authorization
Transactions requesting qualification for the CPS/ATM Service contain the following key
data elements:
• Authorization characteristics indicator (ACI).
• ATM owner and location data.
• Entire, unaltered Track 2 magnetic stripe contents in field 35. If field 35 does not contain
the Track 2 magnetic stripe data, V.I.P. rejects the authorization request or balance
inquiry with reject code 0291 (field missing).
All Visa and Plus international ATM transactions must be processed through the V.I.P.
System. CPS/ATM requests must include an ACI value of Y.
Plus transactions must include POS entry mode code 05 or 90 in field 22 to be eligible
for CVV checking.
Table 27-2 correlates the ACIs supplied by the acquirer with the values returned by V.I.P.
Value
Submitted V.I.P. Value
by Validation Returned
Acquirer Authorization Criteria Result to Acquirer
Y • Full contents of the Track 2 data of the magnetic Card present E
stripe were transmitted. with valid
• Card authentication performed through Card data.
Verification Value (CVV) Service.
• ATM owner and location data submitted in the
authorization request.
• Retrieval reference number value contains a valid
date.
• Acquirer BIN is valid.
Y Authorization does not qualify as a CPS/ATM Transaction N
transaction. downgraded.
Not = Y Field 62 is not forwarded to issuer or returned to ACI invalid. Omitted
acquirer.
Specifications, Volume 1 and Volume 2, for more information about CPS downgrade
reason codes.
27.6.2 Clearing
All Visa and Plus international ATM transactions using dual-message processing must be
cleared through BASE II. One authorization per clearing record is allowed.
Each CPS/ATM clearing message must include the transaction identifier (TID), an
authorization characteristics indicator (ACI) with the value E, the validation code from
the authorization response, and key CPS/ATM fields used to develop the validation
code. All authorization requests must have been approved and the clearing message
submitted within three calendar days from the transaction date (as opposed to four days
for non-CPS/ATM transactions).
Additionally, the clearing transaction must include the acquirer's request for the CPS/ATM
fee through the use of the Requested Payment Service (RPS). The RPS value 9 indicates that
the transaction complies with the CPS/ATM authorization and clearing qualification rules.
To qualify a transaction for CPS/ATM, V.I.P. performs a validation code check to ensure
that key authorization and clearing data elements are identical. A successful validation
confirms that the transaction has been properly authorized.
If the criteria is met (ACI = E, RPS = 9, clearing occurs within the 3-day period), BASE II
qualifies the transaction for the CPS/ATM Tier II rate.
• If all of the criteria except the clearing timeliness is met, BASE II reclassifies the
transaction, and acquirers receive a TC 04—Reclassification Advice with reclassification
reason code 1R (transaction does not meet the timeliness criteria for the requested
interchange). These transactions do not qualify for international cash disbursement fees.
• If all of the criteria except the validation code matching is met, BASE II reclassifies the
transaction, and acquirers receive a TC 04—Reclassification Advice with reclassification
reason code HO (validation code in the authorization and clearing transactions do not
match). These transactions do not qualify for international cash disbursement fees.
transaction does not qualify for CPS/ATM. If a transaction fails to qualify for CPS/ATM, the
transaction does not qualify for international cash disbursement fees.
An issuer can use the TID to better manage cardholders' open-to-buy balances by
matching authorization and clearing records.
The TID, Fee Program Indicator, and Terminal ID must be retained and returned on all
exception transactions.
Chargebacks for international ATM cash disbursement transactions may be submitted with
Chargeback Reason Code 62—Counterfeit Transaction.
NOTE:
A value of 01 (with a value
of 6011 in Field 18—Merchant
Type) indicates that an ATM
transaction code is to be used in
the BASE II field.
NOTE:
The first digit of the BASE I value
must be used in the BASE II field.
NOTE:
Track 2 is required or V.I.P. rejects
the message.
27.6.4 V.I.P. Field Edit and DRC Requirements for CPS/ATM Authorization
Requests
Table 27-4 lists the key field edit requirements and related downgrade reason code (DRC)
conditions for a CPS/ATM dual-message authorization request. Multicurrency fields are
not included in the table.
The “DRC or Action If Requirement Not Met” column contains the action the V.I.P. System
takes if the requirements are not met; actions can include downgrading the message or
rejecting it outright. For more information about CPS downgrade reason codes, see
V.I.P. System BASE I Technical Specifications, Volume 1 and Volume 2.
DRC or Action
If Requirement
Key Field Not Met
General Requirements
Acquirers must be successfully tested CPS/ATM participants. NT
Non-U.S. acquirers must participate in the Multicurrency Service. MC
The authorization or financial request must be approved (field 39 response code = 00). NA
The request must be for a Visa card or a Plus card. NV
Field-Specific Requirements
Field 2—Primary Account Number: Primary account number must be present. 02
Primary account number in field 2 must match the account number in field 35 or field 45 TA
when magnetic stripe or chip data is included.
Field 3—Processing Code: Positions 1–2 must be 01 for cash disbursement. IM
NOTE:
If the transaction is an account selection transaction, the “from” account type is in positions 3-4.
Field 4—Amount, Transaction: The amount is either in U.S. dollars or in the currency specified by the No DRC
currency code in Field 49—Currency Code, Transaction. If the transaction is a misdispense, field 4
contains the original amount, and field 61.1 contains the amount of the cash actually dispensed.
Field 14—Date, Expiration: The expiration date in field 14 must match the date in field 35 or in TD
field 45 if: magnetic stripe or chip data is included, field 22 contains 05 or 90, and the ACI from
the acquirer is Y.
Table 27-4 CPS/ATM Field Edit Requirements and DRC Conditions (continued)
DRC or Action
If Requirement
Key Field Not Met
BASE I and SMS—If magnetic stripe or chip data was read, and field 22 contains 05 or 90 ED
and the ACI from the acquirer is Y, the track data must contain the expiration date.
Field 18—Merchant Type: Field 18 must be present and the merchant category code (MCC) No DRC
must be 6011.
Field 19—Acquiring Institution Country Code: If the country code is non-U.S., the acquirer must be MC
a Multicurrency Service participant.
Field 22—Point-of-Service Entry Mode Code: It must be one of the following codes: 05 (chip), 90 22
(magnetic stripe), 07 (chip proximity) or 91 (magnetic stripe proximity) for possible CVV or iCVV in
complete, unaltered field 35 track data.
NOTE:
Plus transactions do not require CVV checking—any valid field 22 code is acceptable.
If the code is 05 or 90, track data is included, and the request is an original submission CV; CX if acquirer
(ACI = Y), the acquirer must be a full CVV Service participant. is on temporary
exception list
Field 28—Amount, Transaction Fee, required to carry the access fee and must be present in all V.I.P. rejects the
domestic and international Visa and Plus ATM transactions. message with reject
code 0308 (field
missing).
Field 32—Acquiring Institution Identification Code: Required and must contain the 6–11-digit Visa No DRC; reject if
or Plus acquirer BIN. missing or if invalid
Field 35—Track 2 Data: The account numbers in the track data and in field 2 must match. TA
Track data must contain the expiration date if: magnetic stripe or chip data was read, field 22 ED
contains 05 or 90, and the ACI from the acquirer is Y.
Expiration date in field 14 must match the date in field 35 or in field 45 if: magnetic stripe or TD
chip data was read, field 22 contains 05 or 90, and the ACI from the acquirer is Y.
Field 41—Card Acceptor Terminal ID: Must be present with a code that indicates a specific ATM No DRC; reject if
within the acquirer's network. The value cannot be all zeros. missing
Field 42—Card Acceptor ID Code: The field must be present with the ATM owner's name. 42
Field 43—Card Acceptor Name/Location: The ATM location, the card acceptor name, and the city IC
and country code must be present. The country code must be valid.
The state code must be valid. IS
Field 49—Currency Code, Transaction: Required. In CPS-qualified responses, field 49 is protected No DRC
by the validation code in field 62.3.
Field 59—National POS Geographic Data: BASE I and SMS—The merchant's ZIP or postal code 59
must be present.
Field 59—National POS Geographic Data: For U.S.-domestic, the state code must be valid. IS
For Canada-domestic, a valid province code is required.
Field 61—Other Amounts: If present in ATM confirmations for misdispenses, this field contains the No DRC; reject
actual amount dispensed. if invalid
Field 62.1—Authorization Characteristics Indicator: BASE I and SMS—If qualified, V.I.P. assigns the Acquirer receives N
ACI for the response. For CPS/ATM—Y in request, E in response. if transaction is
declined
Field 62.2—Transaction Identifier: The TID in the initial approved authorization or financial request TI
must appear in all subsequent messages.
Table 27-4 CPS/ATM Field Edit Requirements and DRC Conditions (continued)
DRC or Action
If Requirement
Key Field Not Met
Field 62.3—Validation Code: BASE I—This field is generated by V.I.P. and is present in qualified Validation code
transaction responses. If the request is downgraded, the DRC is present instead of the validation or DRC
code.
V.I.P. changes the value to reflect the results of its CPS evaluation. For CPS/ATM, a
request with a value of Y will have an E in the response on an approved and qualified
transaction. Acquirers whose requests do not qualify receive an N (not qualified) in
this field in the response.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28-3
28.1 In Brief
Custom Payment Service (CPS)/POS is a series of payment services that are customized
to serve the needs of distinct merchant segments for point-of-sale (POS) transactions.
CPS/POS accommodates different merchant procedures and decreases fraud losses and
operating expenses associated with each transaction. CPS/POS increases Visa client
profitability by reducing client operating costs, by improving risk management techniques,
and by increasing client revenues through increased card usage.
CPS POS transactions can be processed as dual messages through BASE I and BASE II.
NOTE
This service description only describes CPS/POS for international participants. Visa U.S.A. (U.S.) participants
should see the U.S. Interchange Reimbursement Fee (IRF) Rate Qualification Guide.
BASE I CPS/POS is available both to BASE I System users and to Single Message
SMS System (SMS) users.
Issuer
A
Participation in CPS/POS is optional for BASE I System acquirers.
Acquirer
For issuers, CPS increases risk control and improves account balance management. Issuers
can accurately match a transaction's clearing and authorization messages using a unique
transaction identifier (TID) that is assigned by the Visa Integrated Payment (V.I.P.) System.
Non-U.S. acquirers can submit both dual-message and single-message formats for CPS
consideration by acquirers connected either to BASE I or to SMS.
Transactions ineligible for CPS are described in the Visa Rules and include certain
“high-risk” merchants. Refer to Visa Core Rules and Visa Product and Service Rules for
more information about high-risk merchants.
CPS processing rules are applied by editing authorization and full financial requests
for specific field values. If, during the authorization phase, a request cannot qualify
because it fails an edit or a combination of edits, and if the failure of an edit does not
cause the message to be returned to the sender as a reject, the request is assigned
a CPS downgrade reason code (DRC) that indicates which requirement was not met.
Downgraded requests can still be approved; non-CPS processing continues, assuming that
there are no conditions to cause an outright message reject. Refer to V.I.P. System BASE I
Technical Specifications, Volume 1 and Volume 2, for the CPS downgrade reason codes.
For single-message transactions, SMS assigns the ACI or the DRC and if the request
qualifies, clears the transaction according to CPS parameters. Acquirers include the
requested incentive fee in Field 63.11—Reimbursement Attribute of the 0200 financial
request. In the case of a BASE I POS acquirer and an SMS issuer, the acquirer conveys the
incentive fee information to the issuer in BASE II-generated 0220 deferred clearing advices.
28.3.2 CPS/POS
This service description describes the CPS/POS incentive program processing requirements
for card-present (CP) and card-not-present (CNP) transactions. This service description
applies only to international participants. Brazil national market is also covered by this
service.
NOTE
This service description does not specify actual CPS/POS rates. Refer to the appropriate Visa Rules contained in
Visa Core Rules and Visa Product and Service Rules to determine current CPS/POS rates. Also refer to the
documents listed in “For More Information” in this chapter.
BASE I-acquired POS transactions that contain PINs do not qualify for CPS. If BASE I
acquirers request CPS qualification for such transactions, V.I.P. returns an ACI value of T.
VisaNet stores qualified CPS transactions in a history database and systematically protects
them from invalid authorization-related chargebacks using the Chargeback Reduction
Service (CRS). For more information about CRS, see “Chargeback Reduction Service (CRS)”
in this chapter.
Card
Card Not
CPS/POS Program Description Present Present
Brazil
CPS/Retail For retail transactions including those initiated at
restaurants at which the magnetic stripe is read.
28.4.1 Testing
CPS/POS testing requirements are generally the same for the different national markets.
Clients can contact their Visa representatives to make arrangements for testing.
Acquirers may choose to have VisaNet return these transactions. If acquirers do not
request this option, VisaNet reclassifies these transactions and delivers them to the issuer.
BASE II changes the ACI to X, which indicates that the transaction does not qualify as a
CPS transaction. VisaNet sends an advice to the acquirer as notification that it reclassified
the transaction.
Transactions that VisaNet reclassifies as non-CPS receive the next best rate that VisaNet
can apply, for instance, the Electronic Interchange Reimbursement Fee (EIRF) Rate
or Standard Rate. VisaNet updates the reimbursement attribute (RA) to reflect the
appropriate rate applied. VisaNet changes the value in the requested payment service
(RPS) field to a space.
Some national market participants participate in the National Net Settlement Service
(NNSS). In those cases, the NNSS rate structure applies. Refer to the appropriate Visa Rules
contained in Visa Core Rules and Visa Product and Service Rules for more information.
When calculating clearing times, VisaNet does not include the transaction date, the BASE II
CPD, Sundays, and specific holidays. Holidays depend on the national market.
All transactions that qualify for the CPS/POS program requested but fail either the clearing
timeliness or the industry-specific data requirements for the interchange reimbursement
fee (IRF) associated with the requested CPS program receive a fee change to the next
best rate that VisaNet can apply—EIRF or standard. VisaNet changes the RA to reflect
the rate at which the transaction was settled. VisaNet does not change the value in the
requested payment service field.
For specific national-market CPS information about fee changing circumstances and
procedures, clients can contact their Visa representatives.
Whether clients can use amount adjustments depends on the applicable Visa Rules
outlined in Visa Core Rules and Visa Product and Service Rules.
BASE II forwards a chargeback rights indicator to the issuer in the original purchase
transaction that identifies which set of authorization-related chargeback protection rights
applies to the transaction.
5. The acquirer submits a clearing message to BASE II with a value in the Requested
Payment Service (RPS) field, which specifies the CPS program desired. The clearing
transaction also contains the ACI, the TID, and the validation code received from V.I.P.
with the authorization response.
6. BASE II validates that the key authorization fields in the clearing transaction match
those used in the authorization message by recalculating the validation code. BASE II
applies edits to ensure that the transaction qualifies for the requested CPS program.
BASE II sets a chargeback rights indicator to identify the set of chargeback rights for
which the transaction is ineligible.
VisaNet then forwards the transaction to the issuer with the ACI, the TID, the validation
code, the requested payment service, and the chargeback rights indicator.
The issuer uses the TID to match the clearing transaction to the authorization.
DRC or Action
If Requirement
Key Field Not Met
General Requirements
The acquirers must be a successfully tested CPS participant. NP
The client must participate in CPS/ATM. NT
The request must be for a Visa card. NV
The acquirer and the issuer must participate in the Multicurrency Service. MC
The request must be approved (the response code in field 39 must be 00). NA
The CVV2 authorization request data must be 1, 2, or 9. PI
The CVV2 result code must be U, M, or P. I2
The e-commerce transaction must qualify. NE
The e-commerce transaction must be secure. NS
The purchase identifier must be valid. IP
Field-Specific Requirements
Field 2—Primary Account Number: The primary account number must be 02
present.
Table 28-4 CPS/POS Field Edit Requirements and DRC Conditions (continued)
DRC or Action
If Requirement
Key Field Not Met
The primary account number must match the account number in field 35 TA
or in field 45 when the message includes magnetic stripe or chip data.
Field 14—Date, Expiration: The expiration date in field 14 must match the TD
date in field 35 or in field 45 if the message includes magnetic stripe or chip
data, field 22 must contain 05 or 90, and the ACI from the acquirer must be Y.
If the terminal read magnetic stripe or chip data, the track data must ED
contain the expiration date, field 22 must contain 05 or 90, and the ACI
from the acquirer must be Y.
Field 18—Merchant Type: The merchant category code (MCC) must be present 18
and be one of the valid codes listed in the system tables.
The MCC must be valid for the target CPS program. IM
If field 25 contains 71 (key entry), the MCC cannot be 5542, 5960, 5962, CK
5964–5969, or quasi-cash.
Field 19—Acquiring Institution Country Code: This field must be present and IC; reject if
must contain a valid acquirer country code. missing
The code in field 19 or in field 43 must be a valid U.S.-region code if the MC
acquirer does not participate in the Multicurrency Service.
Field 22—Point-of-Service Entry Mode Code: The code must be 02, 05, 90, 22
or 95. The CPS/Retail credit value must be 05 or 90. Key-entry requests
must contain 01.
If field 22 contains 05 or 90, track data must be present in field 35 or 22
in field 45.
If the code in field 22 is 05 or 90, the message includes track data from CV; CX if the
the magnetic stripe or from the chip, and the request is an original CPS acquirer is on
request (the ACI is Y), the acquirer must be a full participant in the Card the temporary
Verification Value (CVV) Service. exception list
Cash must qualify for CPS/Retail. CN
For U.S. mail order or telephone order (MOTO) transactions (field 25 CD
contains 08), field 22.1 must contain 01 (manual key entry), and track data
must not be present in the message.
Field 35—Track 2 Data or Field 45—Track 1 Data: If the terminal read magnetic AN
stripe or chip data, the full, unaltered Track 1 or Track 2 data must be present
and must contain the account number. Track data is mandatory if field 22
contains 90.
NOTE:
The magnetic stripe or the chip image of the magnetic stripe can contain track data.
If the terminal read magnetic stripe or chip data, the account numbers in TA
the track data and in field 2 must match.
Track data must contain the expiration date if: the terminal read magnetic ED
stripe or chip data, and field 22 contains 05 or 90, and the ACI from the
acquirer is Y.
The expiration date in field 14 must match the date in field 35 or in field 45 TD
if the terminal read magnetic stripe or chip data, field 22 contains 05
or 90, and the ACI from the acquirer is Y.
Table 28-4 CPS/POS Field Edit Requirements and DRC Conditions (continued)
DRC or Action
If Requirement
Key Field Not Met
Field 42—Card Acceptor ID Code: Visa requires this field to be present in all 42
0100 and 0200 requests and it must contain an ID or a name.
Field 43—Card Acceptor Name/Location: Visa requires the field and it must EM
include the merchant's name and location. (This process results in an ACI
of Y in the response.)
The code in field 43 or in field 19 must be a valid U.S. code if the acquirer MC
does not participate in the Multicurrency Service.
The state code must be valid. IS
Field 44.5—CVV/iCVV Results Code: BASE I and SMS—If track data is present, No DRC
and if CVV or iCVV checking is performed, field 44.5 must be blank (not
checked) or be 2 (passed) in requests forwarded to issuers or in responses.
Field 49—Currency Code, Transaction: BASE I and SMS—Visa requires this No DRC; reject
field to be present. BASE I—In CPS-qualified responses, the validation code in if missing or if
field 62.3 protects field 49. invalid
Field 59—Merchant ZIP Code must be present and must be valid for the 59
U.S. acquirer.
Field 62.1—Authorization Characteristics Indicator: This field must contain Y RV
in the request, and contain A or E in the response, depending on the
transaction type. Acquirer
receives N if
VisaNet declines
the transaction
Field 62.2—Transaction Identifier: V.I.P. inserts this field. The TID in the initial TI
approved authorization or financial request must appear in all subsequent
messages, including incremental authorization requests and reversals.
Field 123—Address Verification is requested. AV
NOTE
Refer to the appropriateVisa Rules for more information about valid combinations of data element values.
Also see “For More Information” in this chapter for a list of other national market documents.
Table 28-5 Valid Data Element Value Combinations for CPS/POS National Markets
NOTE
Participants also can use the authorization characteristics indicator M for non-U.S. MOTO and Visa Secure
Electronic Commerce (VSEC) transactions that do not include address verification data.
NOTE
BASE II specifically edits for POS entry mode code 90 if:
- The RPS field contains A, C, D, 1, 4, 6, or 9.
- The ACI is A or E.
- The reimbursement attribute is A or 4.
For approved transactions, V.I.P. computes a validation code using key elements in the
authorization message. Participants must submit the values of the protected data fields'
key elements unchanged from authorization through clearing. If a participant changes any
values from authorization through clearing, V.I.P. reclassifies the transaction to a non-CPS
transaction or returns it. Table 28-6 lists the protected fields.
The validation code algorithm also uses the following fields for international CPS/ATM
transactions: field 3 (positions 3–4), field 32, and field 43. These fields do not have
default values. See the Custom Payment Service (CPS)/ATM chapter in this volume for
more information.
Authorization Clearing
Data Element Field Value BASE II Field Value
Merchant Category Code (MCC) 18 Retail: not 4815, 5960, 5962, TCR 0, Retail: not 4815,
5964–5969, 6010–6011 positions 133–136 5960, 5962,
5964–5969,
Petrol: 5541 6010–6011
Restaurant: 5812
or 5814
POS Entry Mode 22 90 TCR 0, 90
positions 162–163
Track Data 35 or 45 Full Track 1 or Track 2 — —
Authorization Characteristics 62.1 Y in request TCR 0, A or E
Indicator (ACI) A or E in response position 151
Transaction Code Qualifier (TCQ) — — All TCRs, 0
position 3
Requested Payment Service (RPS) — — TCR 0, A for Retail
position 145 including Petrol
B for Restaurant
Authorization Date — — TCR 5, In transaction
positions 5–191 identifier
Purchase Date — — TCR 0, Within one day
positions 58–61 of authorization
date
Cardholder ID Method — — TCR 0, 1
position 160
Central Processing Date (CPD) — — TCR 0, Within two days
positions 164–167 of purchase date
Reimbursement Attribute (RA) n/a — TCR 0, A
position 168
1. Embedded in the transaction identifier.
At the point of sale, the merchant terminal or the electronic cash register sends an
authorization request to the V.I.P. System. If the authorization request is for a potential
CPS/POS transaction, it must include a valid authorization characteristics indicator (ACI).
After V.I.P. receives the message, it examines and validates the contents of the
authorization request. V.I.P. assigns an appropriate ACI value. V.I.P. downgrades
transactions that do not meet authorization-related edits and do not qualify for
CPS/POS and for the associated rate. When V.I.P. downgrades a transaction, it sets
the ACI value to N.
For technical details, refer to Table 28-8, which correlates the ACI supplied by the
acquirer with the value returned by the V.I.P. System.
For approved transactions, V.I.P. computes a validation code by using key elements
in the authorization message. Refer to “Common CPS/POS Data Requirements:
All National Markets” in this chapter for the fields V.I.P. uses to calculate the validation
code. The BASE II System uses this code to ensure that the clearing message includes
required elements from the authorization message. The V.I.P. System sends the
authorization response to the acquirer, including the TID, the updated ACI, the updated
market-specific authorization data indicator, and the validation code.
Declined or referred transactions cannot qualify for a CPS program and V.I.P.
downgrades them.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29-3
29.1 In Brief
The Deferred Clearing Advice File (DCAF) Service enables Single Message System (SMS)
issuers to receive deferred clearing advices, in bulk files, in addition to receiving advices
individually online.
Deferred advices are those that are not created and sent immediately in response to the
single message request, but are deferred, that is, created later, and sent to the issuer
after they are generated. Deferred clearing advices originate from dual-message, BASE II
acquirers that do not generate online clearing messages.
The DCAF Service can help issuers manage large volumes of advices without negatively
affecting system capacity and resource allocation.
BASE I
SMS The DCAF Service is available to SMS issuers.
SMS only
I
Participation in the DCAF Service is optional for SMS issuers in all Visa regions.
Issuer
This process is different from standard online advice recovery, in which V.I.P. sends advices
one at a time to each issuer station signed on to Advice Recovery mode and requires an
acknowledgment (advice response) for each advice. An issuer could have many online
connections receiving advices. The transmission of tens of thousands of advices and
responses requires significant online communications capacity and hardware.
With the DCAF Service, online capacity is augmented by a file transfer process by which
many deferred clearing advices are collected into a bulk file or bulk files. V.I.P. delivers the
bulk files to participating issuers using network transmission lines that are separate from
the issuer's online station lines.
• Receive advices that provide the same information contained in online clearing advices.
• Retrieve and research advices using either:
- VisaNet Transaction Research Service (VTRS)
- Visa Exceptions
• Select the format in which advices are delivered:
- International Organization for Standardization (ISO) format
- Fixed format
See “File Content and Record Format” in this chapter for information about both formats.
VisaNet connection methods are available for issuers in all Visa regions. Issuers can use the
same connection for multiple Visa applications, such as for online processing and for DCAF
file receipt. Visa staff can help issuers determine appropriate processing combinations,
depending on client volumes, timing requirements, and other processing considerations.
Visa has direct VisaNet connections for all clients. These connectivity options enable
clients to connect directly to VisaNet. See About This Manual for documentation about
VisaNet connections.
IMPORTANT
Regardless of the method of delivery, V.I.P. delivers the bulk files through file transfer connectivity that is
independent from the issuer's online connectivity to VisaNet.
Issuers receive DCAF files at their VisaNet connection at one or more of the delivery
windows. Delivery is not controlled by any issuer options. If there are advices to send,
V.I.P. sends them. Otherwise, V.I.P. sends nothing. Issuers can start processing advices
when a file delivered from V.I.P. reaches the issuer's host computer.
DCAF files delivered to the VisaNet connection can be restaged to an issuer's host system
at the issuer's option, without requiring retransmission from V.I.P.
NOTE
Host-to-host transmissions must be restarted if an issuer system failure requires retransmission.
Refer to “For More Information” in About This Manual for documentation that provides
information about connecting to VisaNet and about VisaNet connection methods.
Complete details about advice record formats are located in the various V.I.P. System
technical specifications manuals. Refer to “For More Information” in About This Manual
for a list of these V.I.P. System manuals.
To activate DCAF processing, Visa staff must make changes to V.I.P. system table entries.
Each affiliate BIN that will use DCAF requires the change. The issuer must inform Visa of
all such change requests.
Visa representatives handle the Visa internal table changes based on information supplied
by the issuer's technical staff.
Clients can contact their Visa representatives to make all service activation arrangements
and changes to their existing service specifications.
29.4.1 Testing
The VisaNet Certification Management Service (VCMS) provides testing assistance for
DCAF Service participants. VCMS staff help the issuer prepare for testing and develop test
cases. Clients can contact their Visa representatives to make the arrangements.
A batch file communications connection must exist (or be established) between the issuer
and VisaNet. Existing VisaNet connections must be modified for file delivery connectivity.
Once the communications link is established, delivery tests can start. Refer to the Deferred
Clearing Advice File (DCAF) Service Technical Specifications Manual for complete details
and for sample network definitions.
VCMS supports the creation and delivery of test files directly to the issuer's VisaNet
connection, after which the issuer must transfer the test file. Visa representatives help
issuers work with Global Client Testing Support (IGSS) to arrange for this part of the
implementation.
Testing is not required for implementing the DCAF Service. However, VisaNet testing
specialists perform specific tests with the client to ensure that the issuer's host applications
meet minimum requirements before they begin interfacing with the production systems.
Clients should consider the following impacts when planning for implementation of DCAF.
Legal Impact—DCAF does not affect issuer participation, Treasury processing, or BIN
licensing. An issuer processor, or a third-party processor, that is considering implementing
the DCAF Service should review its legal processing agreements to determine if any
changes must be made.
Table 29-1 provides an overview of issues that Visa staff and clients must consider when
implementing the DCAF Service.
If file delivery processing does not currently exist at the issuer site, issuers must establish
a new communications link from the issuer host to VisaNet using a VisaNet connection.
For more information about VisaNet connections, refer to “For More Information” in
About This Manual for documentation about VisaNet connections.
0220: Merchandise Credit Transaction Advice—This advice contains processing code 20.
All other deferred clearing advices, both financial and non-financial, are delivered online
through the standard advice retrieval process.
NOTE
SMS issuers that participate in the ATM Format Conversion Service do not receive deferred clearing advices
for cash disbursement transactions. See the ATM Format Conversion Service chapter in this manual for
information about this service.
Once VisaNet delivers a file of deferred clearing advices to the VisaNet connection, the file
is available for transfer to the client's host system for processing.
As part of the DCAF Service, V.I.P. can provide participants with a list of all of the files
delivered and can notify participants that the last file for the settlement cycle has been
delivered. Clients can use the file inventory and the last file notification to schedule
internal processing.
NOTE
The inventory file and last file notification are available to all DCAF participants regardless of the file format or
file delivery mechanism they choose. However, last file notification processing differs depending on whether the
issuer uses a VisaNet connection method or a direct VisaNet connection.
For detailed information about inventory file and last file notification processing for
VisaNet connection anddirect connection file recipients, refer to the Deferred Clearing
Advice File (DCAF) Service Technical Specifications Manual.
The following sections describe the DCAF process flow and message flow.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30-3
30.1 In Brief
The Dynamic Key Exchange (DKE) Service is an optional service that enables Single
Message System (SMS) clients to change working keys that are used to protect cardholder'
PINs through the use of online messages.
BASE I
SMS Dynamic Key Exchange Service is available to Single Message System (SMS)
users.
SMS only
I
Participation in Dynamic Key Exchange Service is optional for issuers.
Issuer
A
Participation in Dynamic Key Exchange Service is optional for acquirers.
Acquirer
The DKE Service also reduces the effort involved in managing keys manually. In addition
to cost reductions, the service eliminates manual intervention, minimizing errors.
Visa has modified its PIN processing and cryptographic key management practices and
requirements in accordance with national and international Data Encryption Standard
(DES) specifications, which include the use of the Triple DES Encryption Algorithm (DEA).
To facilitate this transition, VisaNet currently supports both single-length (16-byte)
cryptographic keys and double-length (32-byte) cryptographic keys. Various Triple DES
mandates require clients to use Triple DES keys now or in the near future.
Clients can choose the times they want VisaNet to generate a new key:
Automatic Key Delivery—VisaNet delivers the key automatically. Clients can choose one
of the following options for the frequency of key delivery.
• Set hourly interval: Clients can specify the time, in hours, that should elapse between
automated key exchanges.
• Daily: Clients can specify the time, in GMT, when they want VisaNet to send a new key.
Clients that implement the DKE Service at the PCR level and at the station level must
specify the station to which VisaNet should deliver the key. Acquirers and issuers can
receive key management messages without signing on to a station. In this case, the client
does not need to specify the network.
Clients that implement the DKE Service at the BIN level can optionally specify the station.
In this case, the client must select a network to which VisaNet should deliver the key.
Clients that are set up for automatic key delivery also can request a key delivery at any
time at its discretion as necessary.
On-Request Key Delivery—Clients send an 0800 message to request a key. When VisaNet
receives a request, it generates a key and sends it to the client.
Acquirers—Acquirers have the option of maintaining either one Acquirer Working Key
(AWK) or two AWKs. The acquirer specifies the AWK it used to encrypt the PIN in field 53.4
(Field 53—Security-Related Control Information, positions 7–8, Zone Key Index) of the
request. For the DKE Service, this coding enables participants to use either the single-key
arrangement or the two-key arrangement.
If an acquirer selects the two-key arrangement and the acquirer subscribes to automatic
key delivery, VisaNet alternates from one key to another with each key delivery.
If an acquirer selects the two-key arrangement and the acquirer wants to initiate an
on-request key delivery, it must specify which key it wants to change in field 53.4 in
the request message.
Acquirers can send the PIN in the request encrypted with either of the two keys. The
acquirer must specify the key it used to encrypt the PIN in field 53.4 so VisaNet can select
the appropriate key for decrypting the PIN.
Issuers—Issuers have the option of maintaining either one Issuer Working Key (IWK) or
two IWKs.
If an issuer selects the one-key arrangement, VisaNet always delivers the key specified
by code 01 in the Zone Key Index subfield. VisaNet always uses that IWK to encrypt
the PIN sent to that issuer.
If an issuer selects the two-key arrangement, VisaNet alternates from one key to another
with each key delivery.
The Zone Key Index code used for the last key delivery is the active Zone Key Index.
VisaNet uses the key specified in the active Zone Key Index for encrypting the PIN in
the transaction sent to the issuer.
Before establishing the actual service, participants must complete the Key Management
and ZCMK Request forms. Upon receipt of the ZCMK Request Form, VisaNet generates the
Zone Control Master Key. VisaNet sends the ZCMK in component form to the recipients in
a secure mailer within 14 days of receipt of the request forms.
Service participants must also complete a Dynamic Key Exchange Enrollment Form, which
is part of the Member Implementation Questionnaire.
30.4.1 Testing
Testing is mandatory for all acquirers and issuers that want to use the service.
Clients interested in using the DKE Service can contact their Visa representatives.
0800: Key Change Request (Client to V.I.P.)—Clients use this 0800 message to request
an encryption key change.
0810: Key Change Request Acknowledgment (V.I.P. to Client)—V.I.P. uses this 0810
message to acknowledge a client’s message for an on-request key change.
0800: Key Delivery Message (V.I.P. to Client)—V.I.P. uses this 0800 message to deliver
the key to the client.
0810: Key Delivery Acknowledgment (Client to V.I.P.)—Clients use this 0810 message
to acknowledge receipt of the key.
0800: Key Delivery (V.I.P. to Client)—V.I.P uses this 0800 message to deliver key to
the client.
0810: Key Delivery Acknowledgment (Client to V.I.P.)—Clients use this 0810 message
to acknowledge receipt of key delivery.
0800: Key Delivery Message (Client to V.I.P.)—Clients use this 0800 message to deliver
a key to V.I.P.
0810: Key Delivery Acknowledgment (V.I.P. to Client)—V.I.P. uses this 0810 message to
acknowledge receipt of the key.
Key exchange is the process by which a Working Key is synchronized between a client and
VisaNet. Key exchange is necessary to give a client the capability to set a new Working
Key and synchronize it with VisaNet to preclude the possibility of the existing Working
Key being compromised.
Key exchange may be dynamic or static, depending on client settings. In either case,
the key exchange procedure is similar except that dynamic key exchange occurs online in
V.I.P. and is used only for Issuer Working Keys (IWKs) and Acquirer Working Keys (AWKs).
Figure 30-1 DKE Process Flow—On-Request Key Exchange Request (V.I.P. Master)
Zone Key
Index File
1. The client requests an AWK or an IWK change with an 0800 key change request.
2. V.I.P. processes the 0800 key change request in the following manner:
a. V.I.P. rejects the request with reject code 0384 if a dual-key V.I.P.-format client does
not send in Field 53—Security-Related Control Information.
b. V.I.P. rejects the request with reject code 0621 if:
• a single-key client wants V.I.P. to perform PIN verification and the code for the
ZKI in field 53 is not 01.
• a V.I.P. format client tries to do PIN DKE with NMI other than 0160 (AWK) or
0161 (IWK) in the request.
• for a BIN-based DKE client, the source station and the BIN in field 33 of the
request do not have the same PCR.
• for a BIN-based DKE client, the BIN in field 33 does not have encryption data
defined.
• for a station- or PCR-based DKE client, the source station does not have
encryption data defined.
• the client is requesting AWK change when they do not have an AKEK set up.
• the client is requesting IWK change when they do not have an IKEK set up.
c. V.I.P. rejects the request with reject code 0622 if the client requesting key exchange
does not participate in DKE.
d. V.I.P. declines with an 0810 Key Change Request Acknowledgment using response
code 06 if:
• DKE has been globally stopped with ZQOKE STOP.
• only one VIC in the complex is up.
• the inter-VIC link with the client-connected primary VIC is down.
• client requests key change when a key change for that client is already in progress.
• security module key generation fails.
• inter-VIC synchronization fails because of fluctuating inter-VIC linkage.
• a client sends in a key change request during the cool-off period (1 minute)
for that key.
e. V.I.P. responds with an 0810 Key Change Request Acknowledgment using response
code 00 if none of the above errors are encountered. This response is followed
up by the next message.
3. V.I.P. sends an 0800 Key Delivery to the client with the requested Working Key.
4. Client responds to the 0800 Key Delivery in the following manner:
a. Client declines with an 0810 Key Delivery Acknowledgment using response code 06
if they encounter problems translating and/or storing the Working Key delivered by
V.I.P.
b. Client responds with an 0810 Key Delivery Acknowledgment using response
code 00, which completes the process of dynamic key exchange.
Figure 30-2 DKE Process Flow—Automatic Key Exchange Request (V.I.P. Master)
Zone Key
Index File
1. V.I.P. sends an 0800 key delivery request to the client with the requested Working Key.
2. Client responds to the 0800 key delivery request in the following manner:
• Client declines with an 0810 Key Delivery Acknowledgment using response code 06
if they encounter problems translating, storing, or both, the Working Key delivered
by V.I.P.
• Client responds with an 0810 Key Delivery Acknowledgment using response code 00,
which completes the process of dynamic key exchange.
Figure 30-3 DKE Process Flow—Automatic Key Exchange Request (V.I.P. Slave)
Zone Key
Index File
The dynamic key exchange process flow when a client delivers a new key to Visa consists
of the following steps:
1. Client requests an AWK or IWK change with an 0800 Key Delivery message.
2. V.I.P. processes the 0800 Key Delivery in the following manner:
a. V.I.P. rejects the request with reject code 0384 if a dual-key V.I.P.-format client did
not indicate the key to be changed in field 53.
b. V.I.P. rejects the request with reject code 0621 if:
• a single-key client tries to do PIN DKE with ZKI in field 53 not 01.
• a V.I.P.-format client tries to update PIN Working keys with an NMI other
than 0164 (AWK) or 0165 (IWK).
• for a BIN-based DKE participant, the source station and the BIN in field 33 of
the request do not have the same PCR.
• for a BIN-based DKE participant, the BIN in field 33 does not have encryption
data defined.
• for a station- or PCR-based DKE participant, the source station does not have
encryption data defined.
• the client is requesting an AWK change when they do not have an AKEK set up.
• the client is requesting an IWK change when they do not have an IKEK set up.
c. V.I.P. rejects the request with reject code 0622 if the client requesting key exchange
does not participate in the DKE Service.
d. V.I.P. declines with an 0810 Key Delivery Acknowledgment using response code 06 if:
• DKE has been globally stopped with ZQOKE STOP.
• only one VIC in the complex is up.
• the inter-VIC link with the client-connected primary VIC is down.
• the client is not set up as V.I.P. Slave.
• the client requests key change when a key change for that client is already in
progress.
• the security module key translation fails.
• the inter-VIC synchronization fails because of fluctuating inter-VIC linkage.
• a client sends in a key change request during the cool-off period (1 minute)
for that key.
e. V.I.P. responds with an 0810 Key Delivery Acknowledgment using response code 00
if none of the above errors are encountered. This completes the process of dynamic
key exchange.
VisaNet uses a 10-second timeout value for all messages containing a new encryption
key. If the client does not respond within 10 seconds or if the client responds indicating
improper receipt of the new key, V.I.P. resends the key delivery message. If the second
attempt to deliver the new key fails, V.I.P. cancels the key exchange.
If clients encounter encryption or decryption errors from their security module, they
should respond to V.I.P. with response code 81 (cryptographic error). This response notifies
the V.I.P. System that it must generate a new encryption key for delivery to the client.
V.I.P. delivers a single-length key using Field 96—Message Security Code in the 0800
Key Delivery Message. It delivers double-length key requests using Field 105—Message
Security Code—Double-Length Key.
Acquirer processors can begin using the new key after sending the 0810 key delivery
response to V.I.P. For acquirers supporting a single key, V.I.P. will process messages with the
new key or the old key for five minutes, after which time all acquirer-generated messages
must have PINs encrypted with the new key.
For issuers, V.I.P. begins using the new key upon receipt of the 0810 response (in which
the code in Field 39—Response Code is 00). In an on-request exchange, V.I.P. continues
sending messages using the old key until it receives the 0810 response.
Figure 30-4 DKE Message Flow—On-Request Key Exchange Request (V.I.P. Master)
Zone Key
Index File
0810 Key Change Request Acknowledgement 0810 Key Change Request Acknowledgement
F7: Transmission Date and Time (Required) F7: Transmission Date and Time (Required)
F11: System Trace Audit Number (Required) F11: System Trace Audit Number (Required)
F33: The Institution ID for which a Working Key is requested F33: The Institution ID for which a Working Key is requested
(Required for BIN-based DKE; not required for station- or (Required for BIN-based DKE; not required for station- or
PCR-based DKE) PCR-based DKE)
F39: Response Code (Required) F39: Response Code (Required)
F53: Security Related Control Information (Not required for VIP F53: Security Related Control Information (Not required for VIP
format Single-Key members; required otherwise) format Single-Key members; required otherwise)
F7: Transmission Date and Time (Required) F7: Transmission Date and Time (Required)
F11: System Trace Audit Number (Required) F11: System Trace Audit Number (Required)
F33: The Institution ID for which a Working Key is requested F33: The Institution ID for which a Working Key is requested
(Required for BIN-based DKE; not required for station- or (Required for BIN-based DKE; not required for station- or
PCR-based DKE) PCR-based DKE)
F48: Check Digit of Key Delivered F48: Check Digit of Key Delivered
F53: Security Related Control Information (Not required for VIP F53: Security Related Control Information (Not required for VIP
format Single-Key members; required otherwise) format Single-Key members; required otherwise)
F63.1: Network ID (Required) F63.1: Network ID (Required)
F70: Network Management Information (Required) F70: Network Management Information (Required)
F96: SDES Working Key, or F105--TDES Working Key F96: SDES Working Key, or F105--TDES Working Key
F11: System Trace Audit Number (Required) F11: System Trace Audit Number (Required)
F33: The Institution ID for which a Working Key is requested F33: The Institution ID for which a Working Key is requested
(Required for BIN-based DKE; not required for station- or (Required for BIN-based DKE; not required for station- or
PCR-based DKE) PCR-based DKE)
F39: Response Code F39: Response Code
F48: Check Digit of Key Delivered F48: Check Digit of Key Delivered
F53: Security Related Control Information (Not required for VIP F53: Security Related Control Information (Not required for VIP
format Single-Key members; required otherwise) format Single-Key members; required otherwise)
F63.1: Network ID (Required) F63.1: Network ID (Required)
F70: Network Management Information (Required) F70: Network Management Information (Required)
F96: SDES Working Key, or F105--TDES Working Key F96: SDES Working Key, or F105--TDES Working Key
Figure 30-5 DKE Message Flow—Automatic Key Exchange Request (V.I.P. Master)
Zone Key
Index File
V.I.P. uses an 0810 response to acknowledge receipt of the key request. The trace number,
in field 11, which is assigned by the 0800 message originator (the client), must be returned
unchanged in the 0810 response. If the client resends a new request, it uses the trace
number from the original request.
V.I.P. begins using the new key upon receipt of the 0800 key delivery message.
Figure 30-6 DKE Message Flow—Automatic Key Exchange Request (V.I.P. Slave)
Zone Key
Index File
Response Code 00, Request Acknowledged (Will Comply)—V.I.P. returns this code
when it accepts the client's request for a key change. The client must use this response
code to indicate that the encryption key has been accepted and is ready for use.
The client must use this code when it cannot accept the new key because the key
check value does not match or the security module is in error.
Response Code 81, Cryptographic Error Found in PIN—The client returns code 81
to V.I.P. when a security module finds a cryptographic error during PIN decryption.
Field 48, Usage 14—Dynamic Key Exchange Working Key Check Value
Field 48 is used for encryption key check values and appears in 0800 requests with
network management codes 162 and 163 in field 70.
The format of this field in an outgoing request must be that indicated by the PIN
block format code in Field 53—Security-Related Control Information of the request.
In an incoming request or advice, the format conforms to the PIN block format of
the issuer as specified to Visa.
The personal identification data type subfield within field 53 indicates whether this
field contains a PIN or a password.
The Visa Security Module edits the contents of this field during PIN translation and
PIN verification. If there is an error (most commonly an acquirer key problem) V.I.P.
does not reject the request message. Instead, V.I.P. sets the response code in field 39
of the 0110 or 0210 response to 81 or 86.
The code in field 53 indicates which of the possible encryption keys that can be
changed:
Code 01 in field 53.4 in a DKE 0800 key delivery message is always for single-key
DKE players. V.I.P. rejects requests with code 02 in field 53.4 for single-key clients.
Single-key clients cannot send in field 53 at all in the DKE request, or when they do,
they should send code 01 in field 53.4.
The code in field 53.4 changes from 01 to 02 in automatic key delivery requests for
dual-key clients. For DKE requests, V.I.P. populates field 53.4 with the value from the
request in the 0800 key delivery response.
Field 53.3 (positions 5-6) has no significance for the DKE Service. The field is primarily
for decrypting and encrypting PIN blocks. However, it is part of ISO field 53, which
DKE needs, and is set to 01 for all formats other than Plus.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31-3
31.1 In Brief
The Multicurrency Service supports authorization, clearing, and settlement processing
in selected international currencies.
Visa uses buy and sell rates for currency conversion. These rates are paired into:
• USD-based rates that are used when converting non-USD currencies against the U.S.
dollar.
• Cross rates (non-USD-based rates) that are used for selected currencies for which the
rates quoted are against a currency other than the U.S. dollar.
The Multicurrency Service includes the following transaction currency processing features:
Currency Rate Delivery Service—This feature delivers the conversion rate and provides
clients (five days a week, Monday through Friday) with the currency conversion rates
Visa uses to process transactions.
With this feature, VisaNet calculates the optional issuer interregional and intraregional
currency conversion fees and any issuer interregional and intraregional currency conversion
fees that issuers apply to specific issuer BINs and includes them in Field 6—Amount,
Cardholder Billing. VisaNet sends the transaction to the issuer for clearing.
The Currency Precision Service is available only to SMS participants using the
Multicurrency Service. Visa card, Interlink, and Plus acquirers and issuers participating in
this service must use the V.I.P. ISO format and must have successfully completed testing.
Plus acquirers and issuers must be directly attached to VisaNet.
Impacts to U.S. Clients—Participation does not affect a U.S. client's settlement, which
remains in U.S. dollars. Clients can receive additional information about the transactions
they initiate outside the U.S. or acquire in the U.S. for a cardholder whose billing currency
is other than U.S. dollars. Participating U.S. clients receive the standard multicurrency
fields in their online messages and reports. U.S. clients choosing not to participate in the
Multicurrency Service do not receive the fields specific to multicurrency in their online
messages.
For SMS clients, V.I.P. sends all amounts in Field 4—Amount, Transaction in U.S. dollars
(USD).
31.4.1 Testing
Participating issuers and acquirers must have successfully completed testing that they can
process multicurrency-specific data fields in both outgoing and incoming messages.
During service implementation, issuers must specify which currency or currencies they will
support.
The VisaNet Certification Management Service (VCMS) provides testing assistance for
Multicurrency Service participants. Clients can contact their Visa representatives to make
the arrangements.
• Receive two-place accuracy in any amount field supplied by VisaNet. (This requirement
is not applicable to V.I.P. online.)
Currencies are defined as having zero, two, or three minor units of currency. For instance,
the U.S. dollar has two minor units of currency (the two positions to the right of the
decimal point); the Japanese yen has no minor units.
EXAMPLE
A numeric value of 6789 is interpreted by the Multicurrency Service as 6.789 (three minor units of currency),
67.89 (two minor units of currency), or 6789 (no minor units of currency).
Issuers must be able to receive the decimal positions indicator in the following messages:
• Authorizations
• Preauthorizations
• Financial requests
• Reversals
• Adjustments
• Representments
• Issuer status advices
• Reconciliation messages
The optional issuer service assessment, which may be a mark-up or rebate, is maintained
in VisaNet databases according to issuer BINs. This optional service assessment is
calculated at the time of currency conversion using the percentage rate established by the
issuer. To implement an optional issuer fee (OIF), the client must contact Visa.
All VisaNet systems that support Multicurrency Service processing use common
conversion rates.
In cross-border money transfer enhanced OCTs, the optional issuer fee (OIF) is not
deducted from the amount that the recipient receives.
Figure 31-1 illustrates a Multicurrency Service process flow for a transaction acquired in
U.S. dollars for an Australian cardholder.
The acquirer sends: V.I.P. performs standard request The issuer receives:
processing, including:
• •
Transaction currency = Original transaction amount
USD100 Clearing Conversion • Conversion fees
•
Cardholder billing currency = Obtains issuer settlement currency •
Converted transaction
AU from the BIN
amount in cardholder’s billing
Converts transaction currency to currency
cardholder billing currency
Settlement Conversion
The issuer sends a
response to V.I.P.
Obtains issuer settlement currency
from the BIN
Converts transaction currency to the
acquirer settlement currency
Conversion Charge Calculation
Uses a buy or sell rate to obtain the TADC
Uses a Visa currency conversion percentage
to obtain the currency conversion charge
Uses an optional issuer fee rate to obtain the
optional issuer fee
To use this capability, the PCR and acquiring BIN must both be Multicurrency Service
participants. Acquirers of MasterCard transactions that do not participate in the Visa
Multicurrency Service will continue to have their currency changed to U.S. dollars before
the gateway converts the message to the Banknet format.
31.7.4 How VisaNet Applies Buy and Sell Currency Conversion Rates to
Transactions
This section describes how VisaNet applies buy and sell rates to transactions during
authorization, and during clearing and settlement.
31.7.4.1 Terminology
The new Visa currency conversion rate system involves new terminology. Table 31-1
defines the new terminology.
Term Description
Base This term is associated with a currency. Within VisaNet, variable units of a base currency
are equivalent to one unit of a counter currency.
Counter This term is associated with a currency. Within VisaNet, one unit of a counter currency is
equivalent to variable units of a base currency.
Buy Rate The buy rate in VisaNet is the number of units of base currency required to buy one
unit of the counter currency.
Sell Rate The sell rate in VisaNet is the number of units of base currency received from selling
one unit of the counter currency.
USD-Based Rate Pair In this type of pair, the U.S. dollar is always the base currency and fluctuates against the
counter currency. The counter currency will be a currency other than USD.
Exchange Direction This term is used to designate the set of currency conversion processing rules that will
be applied to a transaction based on the transaction type.
Transaction Amount in This term is used to identify the submitted transaction amount in the currency that is
Destination Currency (TADC) appropriate to the destination endpoint. The TADC is included in Field 6—Amount,
Cardholder Billing and in BASE II TCRs that include positions named destination amount.
Besides the TADC, these fields may contain the optional issuer service assessment. The
optional service assessment will not be affected by these changes.
The V.I.P. amount, cardholder billing, and BASE II destination amount fields are provided
in clearing transactions to the issuer. Issuers have the discretion to increase or to
decrease the amount in these fields when billing cardholders.
In this section, standardized terminology is used for amount fields in both V.I.P. and
BASE II transactions.
Table 31-2 provides a mapping of the terminology used to the corresponding fields
in V.I.P. and BASE II.
Table 31-2 Map of Section Terminology to V.I.P. and BASE II Fields in Purchase Transactions
V.I.P. Field/Name
Article Terminology BASE I SMS BASE II TCR/Position
Source Amount Field 4—Amount Transaction Field 4—Amount, Draft Data TCR 0,
Transaction Positions 77–88
TADC Field 6—Cardholder Billing1 Field 6—Cardholder Billing1 Draft Data TCR 0,
Positions 62–731
Settlement Amount—Source n/a Field 5—Amount, Settlement n/a
or Destination
1. In this section, only the TADC component is described and displayed in these fields. The OIF is not addressed.
When converting currencies, VisaNet compares the currencies of the source amount
and the TADC to determine whether to use a USD-based or a non-USD-based rate pair.
The USD-based rates are applied to all settlement services and to all amounts, including
assessments that are displayed on daily settlement reports, except for the following
amounts that meet the conditions required to qualify for a non-USD-based rate:
• TADC
• Settlement amounts, source or destination
VisaNet applies USD-based rates to transactions when a match between the currencies in
the transaction and a corresponding non-USD-based rate pair is not found on the rate file.
IMPORTANT
The contents of the Visa International Currency Conversion Rate File (that is, rate update records or TC 56 files)
are confidential and may be used only by Visa and its authorized client financial institutions. Any other use
is strictly prohibited unless expressly authorized by Visa International.
Once the rate pairing type is established, VisaNet applies the actual buy and sell rates to
the transaction based on what is happening to the counter currency. Both a buy rate and
a sell rate can be applied in the same transaction if more than one conversion is required.
The following are the basic formulas that VisaNet uses for all transactions when converting
currencies:
• When converting from the counter currency to the base currency, the formula is:
Counter currency x rate = Base currency
• When converting base currency to counter currency, the formula is:
Base currency ÷ rate = Counter currency
From these basic formulas, Visa has established sets of processing rules for each type
of transaction and has categorized them into the following exchange direction groupings:
• Buy–Sell
• Sell–Buy
VisaNet uses exchange direction processing rules for the rate pair type that is appropriate
for the transaction and for the type of conversion required when performing the currency
conversion.
• Table 31-17
• Table 31-18
The information in the Rule column indicates which rule was applied to a transaction in
the scenarios that follow in this section. The information in the Currency Combination
column indicates the type of conversion required.
Exchange Currency
Direction From Field To Field Rule1 Combination Processing Rule
Buy–Sell Source Amount TADC DB–1 Non-USD to USD Source amount x
buy rate of source
currency
Exchange Currency
Direction From Field To Field Rule1 Combination Processing Rule
Sell–Buy Source Amount TADC DB–5 Non-USD to USD Source amount x
sell rate of source
currency
Figure 31-2 shows the flow of the transaction and money for original purchase
transactions.
Purchase Transaction
USD-Based Currency
Merchant Cardholder
VisaNet
Authorization &
Source Clearing System Destination
Acquirer Issuer
Settlement System
Legend
= Transaction Flow
= Money Flow
Table 31-4 lists the USD-based rate pairings and rates that are used to calculate the
TADC in the scenarios that follow.
The following scenarios are provided to illustrate how VisaNet applies USD-based rates to
original purchase transactions to calculate the TADC. The calculated TADC only reflects
the conversion from the amount submitted in the source amount field and does not
include any assessments or charges.
Scenario 1
An original purchase transaction is submitted to VisaNet for a purchase made by a USD
cardholder at an ABC merchant. The purchase amount of the transaction is ABC 1,000.00.
The relationship between the originator of the transaction and the type of currency in the
transaction is as follows:
• Source = ABC = Counter currency
• Destination = USD = Base currency
Because the currency of the TADC is USD, only the buy rate is applied to this transaction.
VisaNet converts the source amount to the TADC using the:
• USD-based rate pairing of ABC/USD
• DB–1 rule: Non-USD to USD formula: source amount x buy rate of source currency
As applied to this transaction, the calculation is:
ABC 1,000.00
USD TADC
Table 31-5 shows how the USD-based rate is displayed in a currency entry segment
of the TC 56 record.
Table 31-5 Currency Entry for USD-Based Rate in TC 56 Record for Scenario 1
Table 31-6 shows the content of the source amount and TADC fields and corresponding
currency code fields in V.I.P. original purchase and BASE II sales draft transactions. For
BASE II transactions, all positions referenced are carried in the Draft Data TCR 0 record.
Table 31-6 Populating Amount Fields in V.I.P. and BASE II Transactions for Scenario 1
Visa Performed
System Populated by Acquirer Populated by Visa Calculation
V.I.P. Field 4 000000100000 Field 6 Amount in U.S. • DB–1 rule:
dollars Non-USD to
USD: Source
Field 49 Numeric value Field 51 840
amount x buy
for currency code
rate of source
ABC
currency
BASE II Positions 77–88 000000100000 Positions 62–73 Amount in U.S. - As applied
dollars to the
transaction:
Positions 89–91 Numeric value Positions 74–76 840
ABC
for currency code
1,000.00 x
ABC
Buy–A =
USD TADC
Scenario 2
An original purchase transaction is submitted to VisaNet for a purchase made by an XYZ
cardholder at a USD merchant. The purchase amount of the transaction is USD$400.00.
The relationship between the originator of the transaction and the type of currency in the
transaction is as follows:
• Source = USD = Base currency
• Destination = XYZ = Counter currency
Because the currency of the source amount is USD, only the sell rate is applied to the
transaction. VisaNet converts the source amount to the TADC using the:
• USD-based rate pairing of XYZ/USD
• DB–2 rule: USD to non-USD formula: source amount ÷ sell rate of destination currency
As applied to this transaction, the calculation is:
USD 400.00
XYZ TADC
Table 31-7 shows how the USD-based rate is displayed in a currency entry segment
of the TC 56 record.
Table 31-7 Currency Entry for USD-Based Rate in TC 56 Record for Scenario 2
Table 31-8 shows the content of the source amount and TADC fields and corresponding
currency code fields in V.I.P. original purchase and BASE II sales draft transactions. For
BASE II transactions, all positions referenced are carried in the Draft Data TCR 0 record.
Table 31-8 Populating Amount Fields in V.I.P. and BASE II Transactions for Scenario 2
VisaNet
Performed
System Populated by Acquirer Populated by VisaNet Calculation
V.I.P. Field 4 000000040000 Field 6 Amount in XYZ • DB–2 rule: USD
currency to non-USD
currency:
Field 49 840 Field 51 Numeric value for
- Source
currency code XYZ
amount ÷
sell rate of
destination
BASE II Positions 77–88 000000040000 Positions 62–73 Amount in XYZ
currency
currency
• As applied to
Positions 89–91 840 Positions 74–76 Numeric value for the transaction:
currency code XYZ - USD 400.00
÷ Sell–B =
XYZ TADC
Scenario 3
An original purchase transaction is submitted to VisaNet for a purchase made by an XYZ
cardholder at an ABC merchant. The purchase amount of the transaction is ABC 1,000.00.
The relationship between the originator of the transaction and the type of currency in the
transaction is as follows:
• Source = ABC = Counter currency
• Destination = XYZ = Counter currency
In this scenario, the source currency and the TADC are both counter currencies to the U.S.
dollar. However, the rate file does not contain a non-USD-based rate pair that matches the
currencies in the transaction, so USD-based rate pairs are used for the conversion. Because
the source currency and the TADC are in currencies other than USD, both buy and sell
rates are applied to this transaction. To convert the source amount to the TADC, VisaNet
performs two calculations converting the currencies through the U.S. dollar using the:
• USD-based rate pairing of ABC/USD
• USD-based rate pairing of XYZ/USD
• DB–4 rule: Non-USD to other non-USD-formula:
- Source amount x buy rate of source currency
- USD amount ÷ sell rate of destination currency
Table 31-9 shows how the USD-based rate is displayed in a currency entry segment
of the TC 56 record.
Table 31-9 Currency Entry for USD-Based Rate in TC 56 Record for Scenario 3
Table 31-10 shows the content of the source amount and TADC fields and corresponding
currency code fields in V.I.P. original purchase and BASE II sales draft transactions. For
BASE II transactions, all positions referenced are carried in the Draft Data TCR 0 record.
Table 31-10 Populating Amount Fields in V.I.P. and BASE II Transactions for Scenario 3
VisaNet
Performed
System Populated by Acquirer Populated by VisaNet Calculation
V.I.P. Field 4 000000100000 Field 6 Amount in XYZ • DB–4 rule:
currency Non-USD to
other non USD:
Field 49 Numeric value Field 51 Numeric value for
- Source
for currency code currency code XYZ
amount x
ABC
buy rate
of source
BASE II Positions 77–88 000000100000 Positions 62–73 Amount in XYZ
currency
currency
- USD
Positions 89–91 Numeric value Positions 74–76 Numeric value for amount ÷
for currency code currency code XYZ sell rate of
ABC destination
currency
• As applied to
the transaction:
- ABC
1,000.00
x Buy–A
= USD
amount
- USD
amount ÷
Sell–B =
XYZ TADC
Non-USD-based rates are also used to calculate settlement amounts under the following
conditions:
• A non-USD-based rate was used to calculate the TADC.
• A non-USD-based rate exists that matches the currencies of the source amount and the
specified settlement amount, either source settlement amount or destination settlement
amount.
USD-based rates are applied to all other amounts in the transaction.
VisaNet uses the source amount submitted in the transaction to calculate the TADC.
Table 31-11 shows the processing rules that are applied to determine the TADC using
non-USD-based rates. The information in the Exchange Direction column indicates a
grouping of transaction types to which the currency conversion processing rules apply.
NOTE
For a listing of the transaction types that map to each exchange direction, refer to the following tables:
• Table 31-17
• Table 31-18
The information in the Rule column is provided to indicate which rule was applied to a
transaction in the scenarios that follow. The information in the Currency Combination
column indicates the type of conversion required.
Exchange Currency
Direction From Field To Field Rule1 Combination Processing Rule
Buy–Sell Source Amount TADC NDB–1 Counter currency Source amount x
to base currency buy rate of source
currency
Figure 31-3 shows the flow of the transaction and money for original purchase
transactions.
Purchase Transaction
Non-USD-Based Currency
Merchant Cardholder
VisaNet
Authorization &
Source Clearing System Destination
Acquirer Issuer
Settlement System
Legend
= Transaction Flow
= Money Flow
Table 31-12 lists the non-USD-based rate pairings and rates that are used to calculate the
TADC in the scenarios that follow.
The following scenarios are provided to illustrate how VisaNet applies the non-USD-based
rates in original purchase transactions to calculate the TADC. The calculated TADC only
reflects the conversion from the amount submitted in the source amount field and does
not include any service assessments or charges.
Scenario 4
An original purchase transaction is submitted to VisaNet for a purchase made by an MNO
cardholder at an XYZ merchant. The purchase amount of the transaction is XYZ 700.00.
The relationship between the originator of the transaction and the type of currency in the
transaction is as follows:
• Source = XYZ = Counter currency
• Destination = MNO = Counter currency
Because the currency of the TADC is the same as the base currency, only the buy rate is
applied to this transaction. VisaNet converts the source amount to the TADC using the:
• Non-USD-based rate pairing of XYZ/MNO
• NDB–1 rule: Counter currency to base currency formula: source amount x buy rate
of source currency
As applied to this transaction, the calculation is:
XYZ 700.00
MNO = TADC
Table 31-13 shows how the non-USD-based rate is displayed in a currency entry segment
of the TC 56 record.
Table 31-13 Currency Entry for Non-USD-Based Rate in TC 56 Record for Scenario 4
Table 31-14 shows the content of the source amount and TADC fields and corresponding
currency code fields in V.I.P. original purchase and BASE II sales draft transactions. For
BASE II transactions, all positions referenced are carried in the Draft Data TCR 0 record.
Table 31-14 Populating Amount Fields in V.I.P. and BASE II Transactions for Scenario 4
VisaNet Performed
System Populated by Acquirer Populated by VisaNet Calculation
V.I.P. Field 4 000000070000 Field 6 Amount in MNO • NDB–1 rule: Counter
currency currency to base
currency
Field 49 Numeric value Field 51 Numeric value for
- Source amount
for currency code currency code MNO
x buy rate of
XYZ
source currency
BASE II
• As applied to the
Positions 77–88 000000070000 Positions 62–73 Amount in MNO –
transaction:
Source amount x buy
- XYZ 700.00 x
rate of source currency
Buy–C = MNO
TADC
Positions 89–91 Numeric value Positions 74–76 Numeric value for
for currency code currency code MNO
XYZ
Scenario 5
An original purchase transaction is submitted to VisaNet for a purchase made by an MNO
cardholder at an ABC merchant. The purchase amount of the transaction is ABC 500.00.
The relationship between the originator of the transaction and the type of currency in the
transaction is as follows:
• Source = ABC = Base currency
• Destination = MNO = Counter currency
Because the currency of the source amount is the same as the base currency, only the
sell rate is applied to the transaction. VisaNet converts the source amount to the TADC
using the:
• Non-USD-based rate pairing of MNO/ABC
• NBD–2 rule: Base currency to counter currency formula: source amount ÷ sell rate
of destination currency
As applied to this transaction, the calculation is:
ABC 500.00
÷ Sell–D (Sell rate)
MNO = TADC
Table 31-15 shows how the non-USD-based rate is displayed in a currency entry segment
of the TC 56 record.
Table 31-15 Currency Entry for Non-USD-Based Rate in TC 56 Record for Scenario 5
Table 31-16 shows the content of the source amount and TADC fields and corresponding
currency code fields in V.I.P. original purchase and BASE II sales draft transactions. For
BASE II transactions, all positions referenced are carried in the Draft Data TCR 0 record.
Table 31-16 Populating Amount Fields in V.I.P. and BASE II Transactions for Scenario 5
VisaNet
Performed
System Populated by Acquirer Populated by VisaNet Calculation
V.I.P. Field 4 000000050000 Field 6 Amount in MNO • NDB–2 rule:
currency Base currency
to counter
Field 49 Numeric value Field 51 Numeric value
currency:
for currency code for currency code
- Source
ABC MNO
amount ÷
sell rate of
BASE II Positions 77–88 000000050000 Positions 62–73 Amount in MNO
destination
currency
currency
Positions 89–91 Numeric value Positions 74–76 Numeric value • As applied to
for currency code for currency code the transaction:
ABC MNO - ABC 500.00
÷ Sell–D =
MNO TADC
—> = Indicates that the flow is from the acquirer to the issuer.
<— = Indicates that the flow is from the issuer to the acquirer.
• Acquirer to issuer
• Issuer to acquirer
Money
Processing Transaction Flow
System Type of Transactions Code Value Flow Acq–Iss Acq–Iss
V.I.P. 01xx/02xx /04xx for the following types of transactions: – —> n/a
• Authorizations
• Authorization Reversals
• Preauthorizations
02xx originals and adjustments for the following types of 00, 01, 02, 10, —> <—
transactions: or 11
• Purchases
• Preauthorization Completions
• Cash Disbursements1
• ATM Debit Adjustments
• Debit Adjustments
• Quasi-Cash
04xx reversals for the following types of transactions: 00, 01, 02, 10, —> —>
• Purchases or 11
• Preauthorization Completions
• Cash Disbursements1
• ATM Debit Adjustments
• Debit Adjustments
• Quasi-Cash
0422/0432 chargebacks for the following types of 00, 01, 02, 10, <— —>
transactions: or 11
• Purchases
NOTE:
• Cash Disbursements Field 25
• ATM Debit Adjustments must contain
• Debit Adjustments code 17.
• Quasi-Cash
0422 chargeback reversals for the following types of 22 <— <—
transactions:
NOTE:
• Purchases Field 25
• Cash Disbursements must contain
• Debit Adjustments code 54.
• Quasi-Cash
0220/0422—Fee Collections 19 <-> <->
Money
Processing Transaction Flow
System Type of Transactions Code Value Flow Acq–Iss Acq–Iss
BASE II TC 05—Sales Drafts n/a —> <—
TC 25—Sales Draft Reversals n/a —> —>
TC 15—Sales Draft Chargebacks n/a <— —>
Money
Processing Transaction Flow
System Type of Transactions Code Value Flow Acq–Iss Acq–Iss
V.I.P. 02xx for the following types of transactions: 20, 22, or 26 —> —>
• Merchandise Returns
• Credit Adjustments
• Original Credits
• ATM Credit Adjustments1
04xx reversals for the following types of transactions: 20, 22, or 26 —> <—
• Merchandise Returns
• Credit Adjustments
• Original Credits
• ATM Credit Adjustments1
0422—Chargebacks for the following types of transactions: 20, 22, or 26 <— <—
• Merchandise Returns
NOTE:
• Credit Adjustments Field 25
• Original Credits must contain
• ATM Credit Adjustments1 code 17.
NOTE:
ATM credit adjustments only that originated in SMS.
NOTE:
ATM credit adjustments only that originated in SMS.
values for transaction, settlement, and cardholder amounts. These values override the
number of minor units in the Currency Rate Table.
NOTE
For non-participants, VisaNet always uses the values in the Currency Rate Table.
Incoming Message
Currency = Pa’anga
Amount = 12345
Decimal Positions = 02
Visa Currency Table
Currency = Pa’anga
Amount = 123450
Decimal Positions = 03
EXAMPLE
An acquirer sends a transaction amount 12340 with a value of 03 in positions 1 and 2 of field 63.13.
The Currency Rate Table, however, indicates that the acquirer's currency has two decimal positions.
The issuer receives the transaction amount 1234. A participating issuer also receives a value of 02 in position 1
and 2 of field 63.13. Non-participating issuers receive transaction amount 1234; however, the request has no
decimal positions indicator. The settlement amount is based on 1234. All reports and raw data reflect 1234.
The following figure shows an example of decimal position conversion for two decimal positions.
Incoming Message
Currency = Pa’anga
Amount = 12340
Decimal Positions = 03
Visa Currency Table
Currency = Pa’anga
Amount = 1234
Decimal Positions = 02
Non-participating clients that migrate to the Multicurrency Service have the advantage of
using the additional information.
Field = field
Amt. = amount
Bal. = balance
Acct. = account
Trans = transaction
NOTE
Multicurrency fields appear only for output referral responses (when field 39 contains code 01 or 02).
Figure 31-7 illustrates the message flow for a BASE I POS transaction with cashback and
an ATM partial dispense requested. The acquirer sends V.I.P. the 0100 message. V.I.P.
performs BASE I processing and forwards the request to the issuer. The issuer sends an
0110 response. For partial approval, if the original transaction amount is not present in
field 54, V.I.P. inserts the amount in field 54 and then forwards the 0110 response to the
acquirer.
NOTE
Multicurrency fields appear only for output referral responses (when field 39 contains code 01 or 02).
Figure 31-7 Message Flow—BASE I POS ATM Transactions, Cashback, and ATM Partial Dispenses
• Figure 31-13
• Figure 31-14
NOTE
Billing amounts may differ from the purchase amount because of issuer optional charges being deducted. For
more information, clients can contact their Visa representatives.
Figure 31-8 illustrates the message flow for an SMS POS or Visa Electron authorization
transaction. The acquirer sends V.I.P. the 0100 request. V.I.P. performs SMS processing and
forwards the request to the issuer. The issuer sends an 0110 or 0130 response.
NOTE
An 0130 advice response does not contain field 4 or field 49.
Figure 31-9 illustrates the message flow for an SMS POS or Visa Electron purchase
transaction. The acquirer sends V.I.P. the 0200 request or the 0220 advice. V.I.P. performs
SMS processing and forwards the request to the issuer. The issuer sends an 0210 or
0230 response.
NOTE
An 0230 advice does not contain field 4 or field 49.
Figure 31-10 illustrates the message flow for an SMS POS adjustment transaction. The
acquirer sends V.I.P. the 0220 advice. V.I.P. performs SMS processing and forwards the
advice to the issuer. The issuer sends an 0230 response.
NOTE
An 0230 advice response does not contain field 4 or field 49.
Figure 31-11 illustrates the message flow for an SMS POS representment transaction. The
acquirer sends V.I.P. the 0220 advice. V.I.P. performs SMS processing and forwards the
advice to the issuer. The issuer sends an 0230 response.
NOTE
An 0230 advice response does not contain field 4 or field 49.
Figure 31-12 illustrates the message flow for an SMS POS reversal transaction. The
acquirer sends V.I.P. the 0400 request or 0420 advice. V.I.P. performs SMS processing and
forwards the request to the issuer. The issuer sends an 0410 or 0430 response.
NOTE
An 0430 advice response does not contain field 4 or field 49.
Under normal circumstances, the acquirer sends an 0420 request to the issuer.
Because pre-existing acquirers can also generate 0400 requests, issuers respond with
0410 messages that include field 4 and field 49.
Figure 31-13 illustrates the message flow for an SMS POS chargeback and chargeback
reversal transaction. The issuer sends V.I.P. the 0422 advice. V.I.P. performs SMS processing
and forwards the advice to the acquirer. The acquirer sends an 0432 response.
Figure 31-14 illustrates the message flow for an SMS POS merchandise return transaction.
The acquirer sends V.I.P. the 0200 request. V.I.P. performs SMS processing and forwards
the request to the issuer. The issuer sends an 0210 or 0230 response.
NOTE
An 0230 advice response does not contain field 4 or field 49.
• Figure 31-19
• Figure 31-20
Figure 31-15 illustrates the message flow for an SMS Visa/Plus ATM cash disbursement
transaction, with balance information requested. The acquirer sends V.I.P. the 0200 request.
V.I.P. performs SMS processing and forwards the request to the issuer. The issuer sends
an 0210 or 0230 response.
The issuer can send Field 54—Additional Amount in 0210 cash disbursement responses
if they do not support balance Inquiries.
NOTE
An 0230 advice response does not contain field 4 or field 49.
Figure 31-15 Message Flow—SMS Visa/Plus ATM Cash Disbursement With Balance Information
Figure 31-16 illustrates the message flow for an SMS Visa or Plus adjustment transaction.
The acquirer sends V.I.P. the 0220 advice. V.I.P. performs SMS processing and forwards the
advice to the issuer. The issuer sends an 0230 response.
NOTE
An 0230 advice response does not contain field 4 or field 49.
Figure 31-17 illustrates the message flow for an SMS Visa/Plus representment transaction.
The acquirer sends V.I.P. the 0220 advice. V.I.P. performs SMS processing and forwards the
advice to the issuer. The issuer sends an 0230 response.
NOTE
An 0230 advice response does not contain field 4 or field 49.
Figure 31-18 illustrates the message flow for an SMS Visa or Plus balance inquiry
transaction. The acquirer sends V.I.P. the 0200 request. V.I.P. performs SMS processing and
forwards the request to the issuer. The issuer sends an 0210 response.
Field 54B is optional. If V.I.P. does not provide field 54B in the response, the acquirer
receives this field zero-filled and does not receive field 54B-converted. If SMS issuers do
not support balance inquiries, they can send Field 54—Additional Amount in 0210 cash
disbursement responses.
Figure 31-19 illustrates the message flow for an SMS Visa or Plus reversal transaction. The
acquirer sends V.I.P. the 0400 request or 0420 advice. V.I.P. performs SMS processing and
forwards the request to the issuer. The issuer sends an 0410 or 0430 response.
NOTE
Some acquirers may send an 0400 request, which issuers must be able to receive. The issuer's 0410 response
contains fields 4 and 49. (An 0430 advice response does not contain these fields.)
Figure 31-20 illustrates the message flow for an SMS Visa/Plus chargeback transaction.
The issuer sends V.I.P. the 0422 advice. V.I.P. performs SMS processing and forwards the
advice to the acquirer. The acquirer sends an 0432 response.
NOTE
The issuer provides the chargeback amount in the cardholder billing currency the same way it was received in
field 6 of the original request or advice.
• Preauthorization (0100)
- Figure 31-21
- Figure 31-22
• Financial Transactions (0200 and 0220)
- Figure 31-23
- Figure 31-24
- Figure 31-25
- Figure 31-26
- Figure 31-27
• Reversal Transactions (0400 and 0420)
- Figure 31-28
• Chargeback (0422)
- Figure 31-29
- Figure 31-30
- Figure 31-31
Figure 31-21 illustrates the message flow for an Interlink preauthorization full approval
transaction. The acquirer sends V.I.P. the 0100 request. V.I.P. performs SMS processing and
forwards the request to the issuer. The issuer sends an 0110 or 0130 response.
NOTE
An 0120 advice contains the same fields usually received by the issuer in the 0100 request. An 0130 message
does not contain field 4 or field 49 because it is an advice.
Figure 31-22 illustrates the message flow for an Interlink preauthorization partial approval
transaction. The acquirer sends V.I.P. the 0100 request. V.I.P. performs SMS processing and
forwards the request to the issuer. The issuer sends an 0110 or 0130 response.
NOTE
An 0130 advice response does not contain field 4 or field 49.
Figure 31-23 illustrates the message flow for an Interlink preauthorization completion
transaction. The acquirer sends V.I.P. the 0220 request. V.I.P. performs SMS processing
and forwards the request to the issuer. The issuer sends an 0210 or 0230 response.
Preauthorization completion messages cannot include PIN data (field 52 and field 53 must
not be included); otherwise, V.I.P. rejects them.
NOTE
If the acquirer sends an 0200 preauthorization completion message, V.I.P. rejects it with Reject
Code 0599—Consistency Error/Transaction Not Defined.
NOTE
An 0230 advice response does not contain field 4 or field 49.
Figure 31-24 illustrates the message flow for an Interlink purchase transaction. The
acquirer sends V.I.P. the 0200 request. V.I.P. performs SMS processing and forwards the
request to the issuer. The issuer sends an 0210 or 0230 response.
NOTE
An 0230 advice response does not contain field 4 or field 49.
Figure 31-25 illustrates the message flow for an Interlink adjustment transaction. The
acquirer sends V.I.P. the 0220 advice. V.I.P. performs SMS processing and forwards the
advice to the issuer. The issuer sends an 0230 response.
NOTE
Field 61.1 is used when the amount from the original transaction is different from the adjusted amount.
(An 0230 advice response does not contain field 4 or field 49.)
Figure 31-26 illustrates the message flow for an Interlink representment transaction. The
acquirer sends V.I.P. the 0220 advice. V.I.P. performs SMS processing and forwards the
advice to the issuer. The issuer sends an 0230 response.
Figure 31-27 illustrates the message flow for an Interlink balance inquiry transaction. The
acquirer sends V.I.P. the 0200 request. V.I.P. performs SMS processing and forwards the
request to the issuer. The issuer sends an 0210 response.
Figure 31-28 illustrates the message flow for an Interlink reversal transaction. The acquirer
sends V.I.P. the 0400 request or 0420 advice. V.I.P. performs SMS processing and forwards
the request to the issuer. The issuer sends an 0410 or 0430 response.
NOTE
An 0430 advice response does not contain field 4 or field 49.
Under normal conditions, the acquirer sends an 0420 advice to the issuer, and the issuer
responds with an 0430 response. Some acquirers continue to use 0400 requests and
issuers need to be able to receive them. If the acquirer sends an 0400 request to the issuer,
the issuer responds with an 0410 response. However, Visa recommends 0420 advices.
Figure 31-29 illustrates the message flow for an Interlink chargeback transaction for the
full amount. The issuer sends V.I.P. the 0422 advice to the acquirer. V.I.P. performs SMS
processing and forwards the advice to the acquirer. The acquirer sends an 0432 response.
Figure 31-30 illustrates the message flow for an Interlink chargeback transaction for a
partial amount. The issuer sends V.I.P. the 0422 advice. V.I.P. performs SMS processing and
forwards the advice to the acquirer. The acquirer sends an 0432 response.
Figure 31-31 illustrates the message flow for an Interlink merchandise credit transaction.
The acquirer sends V.I.P. the 0200 request to the issuer. V.I.P. performs SMS processing and
forwards the request to the issuer. The issuer sends an 0210 or 0230 response.
• Field 4—Transaction Amount: For multicurrency issuers, this field must contain the
original amount from the request. For issuers that do not participate in the Multicurrency
Service, the field must contain the partially approved amount. The acquirer always
receives the partially approved amount in this field.
• Field 6—Cardholder Billing Amount: For multicurrency participating issuers, the request
contains field 6, which contains the field 4 amount in the cardholder billing currency.
The multicurrency participating issuer must insert the approved partial amount in field 6.
• Field 39—Response Code: Must contain code 10 for partial approvals.
• Field 49—Transaction Currency Code: Must identify the currency of the amount in field 4.
• Field 54—Additional Amounts: This field must contain amount in field 4 from the 0100
authorization or 0200 financial request. Field 54 has the capacity for six “sets” of amount
data; for instance, the field could contain the original amount in field 4 followed by an
account balance. Each set comprises position 1 through position 20; set two begins with
position 21, and so on. There is no required order of information for populating field 54
with POS services. (ATM balance inquiries still require the current defined order.) Issuers
must populate the field beginning with the first available set; for instance, position 1,
position 21, and so on. The field positions for partial approvals are:
- Positions 1–2—Account Type: Must contain code 00.
- Positions 3–4—Amount Type: Must contain code 57 (for original amount).
- Positions 5–7—Currency Code: Must contain the currency code from field 49.
- Position 8—Amount Sign: Must contain C (positive balance) or D (negative balance).
- Positions 9–20—Amount: Must contain the amount from field 4 in the request.
NOTE
V.I.P. drops field 54 from the response message before forwarding it to the acquirer if the acquirer does
not participate in POS balance services.
The Optional Issuer Fee (OIF) rates for partial approval card transactions involving
multicurrency processing may vary between the time a transaction is authorized and
the time it is settled. If the OIF rates between authorization and settlement differ,
the settlement amount of the transaction may not be the same as the authorized amount.
Multicurrency Service participating issuers should first deduct the OIF from the balance
amount before sending the balance to the acquirer. V.I.P. does not deduct the OIF from
the balance amount when it converts the balance from the cardholder billing currency to
the transaction currency.
• Field 54 set—Contains the original transaction amount in the cardholder billing currency.
If the issuer approves a partial amount and does not support multicurrency processing,
it should return the following values in the response:
• Field 4—Contains the authorized partial amount in the cardholder billing currency.
• Field 49—Contains the cardholder billing currency code.
• Field 54 set—Contains the original transaction amount in the cardholder billing currency.
The examples illustrate the message flows for the following combinations of parameters:
• From an acquirer to a non-multicurrency issuer with the same currencies.
• From an acquirer to a multicurrency issuer with different currencies.
• From an acquirer to a non-multicurrency issuer with different currencies.
Figure 31-32 Acquirer and Non-Multicurrency Issuer With the Same Currency
This field identifies the transaction type and balance inquiry account type.
This field contains the transaction amount in the acquirer's transaction currency.
Multicurrency issuers receive the transaction amount submitted by the acquirer.
This field contains the field 4 amount converted to the issuer's settlement currency. It
does not include the optional issuer service assessment.
This field contains the transaction amount (field 4 value) converted to the cardholder
billing currency. It includes the TADC and the optional issuer-specified conversion
charge.
This field contains the currency exchange rate used to convert the field 4 amount to
the field 5 amount.
Field 10 contains a calculated value that represents a factor that may be applied to the
field 4 amount to obtain the field 6 amount. It is not the rate that VisaNet actually
uses for currency conversion.
V.I.P. converts the transaction amount using the current conversion buy-sell rate for the
applicable currencies. The system applies optional issuer service assessments to the
converted field 4 amount to yield the field 6 amount.
After the conversion process, V.I.P. then calculates the conversion rate in field 10 from
the field 4 amount and the field 6 amount. The resulting field 10 value may differ from
published conversion rates because it reflects conversion charges and differences
resulting from rounding.
This field contains the effective date of the field 4-to-field 5 currency conversion. It
appears only if field 5 is present.
This field contains the request's approval or decline code. Field 39 appears in partial
approvals involving multicurrency.
This field contains the code that identifies the field 4 currency and the field 61.1
currency.
This field contains the code that identifies the field 5 currency.
This field contains the code that identifies the currency in field 6 and in Field 61.2—
Other Amount, Cardholder Billing.
V.I.P. converts the value (or values) from field 54A and 54B to the acquirer's transaction
currency and applies the value to field 54A-converted and field 54B-converted
(if applicable).
NOTE
If the converted transaction currency amount in field 54 exceeds the 12-character converted amount limit,
the converted currency amount value is 999999999999 (12 nines).
Field 61.1 contains the amount of a partial ATM dispense, applicable to BASE I and
SMS. Fields 61.1 and 61.2 in the request or advice are used for the cashback amount of
a purchase transaction, if any.
This field contains the field 61.1 amount converted into the cardholder billing currency,
and is only present when field 61.1 is present. V.I.P. drops field 61.1 and field 61.3
from a Plus chargeback if the acquirer does not participate in multicurrency, or if the
chargeback relates to an ATM financial transaction. The valid values for all subfields of
field 61.2 are:
Field 63.13 is a three-part field that contains the number of decimal positions for
field 4, field 5, and field 6, if present.
Participants must be capable of sending and receiving field 63.13 in their online
messages. The user of a currency with three decimal positions must place a zero in the
last digit. If a participating client sends a 3 in one of the field 63.13 subfields and the
corresponding amount does not end in a zero, V.I.P. rejects the message for invalid
amount. The reject codes and the conditions under which they occur are as follows:
V.I.P. also sends reject messages if a client participating in the Currency Precision
Service fails to include field 63.13 or sends an invalid value. The reject codes are:
0468 = field 63.13 missing, and 0157 = invalid field 63.13.
This field contains a value that indicates whether the merchant performed dynamic
currency conversion (DCC). DCC occurs when a registered merchant performs currency
conversion locally, and then submits the transaction in the cardholder's billing currency.
Acquirers must provide field 126.19 in all non-ATM, authorization, and full-financial
original transactions when the merchant performs currency conversion at the point of
sale. V.I.P. logs this field, but does not send it to issuers.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32-3
32.1 In Brief
The PIN Verification Service (PVS) is a V.I.P. service that provides fulltime or stand-in
verification of personal identification numbers (PINs) used for Visa and Plus ATM
transactions, Visa point of service (POS), Visa POS Electron, and Interlink POS transactions,
and Visa Smart Debit/Smart Credit (VSDC) transactions. A personal identification number
is a secret code that identifies a cardholder at an ATM or terminal. A PIN serves as an
electronic substitute for a cardholder's signature.
At the issuer's option, the V.I.P. System can verify PINs on behalf of the issuer center,
at all times or only when the center is unavailable. When V.I.P. verifies PINs, it intercepts
all authorization requests containing PINs, verifies the PINs, and passes the requests to
the issuers or to the V.I.P. stand-in processor (STIP), as appropriate, for authorization
processing.
NOTE
The functions that PVS performs are in addition to the basic PIN translation that V.I.P. performs on all incoming
PIN-based authorization and financial requests regardless of whether the issuer participates in PVS.
BASE I
SMS
Participation in PVS is optional for Visa issuers, Plus issuers, Interlink issuers,
I and VSDC issuers.
NOTE:
VisaNet must perform PIN translation for Interlink issuers. However, Interlink issuers
Issuer can perform PIN verification or have VisaNet provide this service at the issuer’s option.
PINs are required for all ATM and automated dispensing machine (ADM) cash
disbursements and for an increasing number of point-of-service (POS) and unattended
cardholder-acceptance (UCAT) transactions at merchant locations. Card issuers are
responsible for verifying their cardholders' PINs. Issuers or their agents can perform PIN
verification on either a permanent or a stand-in arrangement.
In addition to verifying the PIN, PVS checks to prevent trial-and-error entry of a PIN.
V.I.P. records each incorrect PIN entry and accumulates the total in the Activity File in the
Cardholder Database. Refer to Chapter 16, Cardholder Database Overview, for information
about the Activity File.
Depending on issuer service elections, if the number of unsuccessful PIN entries exceeds
the issuer-set limit, V.I.P. declines the transaction even when the correct PIN is finally
entered.
• If the PIN is correct but too many incorrect PIN entry attempts have accrued
(issuer-defined limits exceeded), STIP assigns interim response code 75 (allowable
PIN-entry tries exceeded), converts it to 05, but forwards response code 75 in field 39
to the issuer in the 0120 advice. If the issuer returns response code 75, V.I.P. forwards
it unchanged to the acquirer. Otherwise, STIP declines the transaction with response
code 05 in field 39 of the 0110 response to the acquirer.
• If the PIN is incorrect and the number of incorrect PIN-entry attempts is below issuer-set
limits, V.I.P. increments the retry counter by one, returns an invalid PIN response code to
the acquirer, and creates an advice for the issuer.
• If the PIN is incorrect and too many incorrect PIN-entry attempts have accrued
(issuer-defined limits exceeded), STIP assigns interim response code 75 (allowable
PIN-entry tries exceeded), converts it to 05, but forwards response code 75 in field 39
to the issuer in the 0120 advice. If the issuer returns response code 75, V.I.P. forwards
it unchanged to the acquirer. Otherwise, STIP declines the transaction with response
code 05 in field 39 of the 0110 response to the acquirer.
NOTE
VisaNet does not send MasterCard PIN-based ATM transactions to MasterCard issuers connected to Banknet.
However, VisaNet does send MasterCard PIN-based transactions to VisaNet-connected issuers that participate
in the PIN/No-PIN Split Routing Service or in the Visa Shortest Online Path (VSOP) Service.
For successful BASE I and V.I.P. authorization-only PIN verification transactions, that is,
when no error is detected, VisaNet drops fields 52 and 53 before it forwards the message
to available Issuers. For V.I.P. SMS full financial messages, in the case of successful PIN
verifications, VisaNet forwards field 52 and field 53 to the available issuer; however,
field 52 is zero-filled in the outgoing message to the Issuer. If PIN verification fails,
V.I.P. declines the message in STIP with the applicable response code as determined
during STIP processing.
Once PIN verification is complete, the issuer or STIP approves or declines the transaction
and returns a response to the acquirer. Issuers can instruct the POS or the ATM to retain
the card if the number of unsuccessful PIN-entry attempts exceeds specified limits. See
Chapter 2, V.I.P. System Fundamentals, in Volume 1, for basic information about STIP
processing.
On the issuer's behalf, PVS can optionally maintain an issuer's PIN Verification Value (PVV)
database or IBM Offset database at the VisaNet Interchange Center (VIC).
NOTE
The Pin Verification Service and the VSDC PIN Management Service are different. The VSDC PIN Management
Service allows VSDC cardholders to change or unblock their PINs. Refer to Chapter 15, Visa Smart Debit/Smart
Credit (VSDC) Service, in Volume 1, for information about this service.
Fulltime PIN Verification—If an issuer's processing center cannot or does not want to
verify PINs in incoming interchange messages, it can have PVS verify PINs fulltime. When
the issuer selects this option, V.I.P. intercepts any request containing a PIN and forwards
it to the Visa Security Module for PIN verification. V.I.P. then forwards the request to
STIP for a PIN-entry activity check.
• When the PIN is correct and PIN retry activity is below the limit, V.I.P.:
- Removes PIN-related fields from a BASE I message or zero-fills the fields in an SMS
message.
- Routes the request to the issuer or to STIP as though it did not have a PIN.
• If the PIN is incorrect or the PIN is correct but too many unsuccessful PIN-entry attempts
have occurred, V.I.P. forwards the request to STIP for a decline or pick-up response.
Stand-In PIN Verification—When an issuer prefers to verify its own PINs, it can choose
to use STIP for backup when the issuer's processing center is not available. STIP can
perform PIN verification and check the exception file for special processing requirements.
Refer to the Cardholder Database Overview chapter in this manual, for information about
the exception file.
If the issuer is unavailable, STIP can approve or decline on the issuer's behalf depending
on the issuer's system parameters.
Issuers have two options for supplying PIN information. Issuers can:
• Encode the offset or PVV for a given card on that card's magnetic stripe or, for chip
cards, on the chip image. For Visa Gold® cards, PVVs are encoded both on Track 1
and on Track 2.
• Store the PVV or offset for each account in VisaNet's Cardholder Database. Refer to
“Planning and Implementation” in this chapter for information about this storage option.
In either case, the issuer's PIN Verification Keys, which are used to calculate the PVVs
or offsets, must be loaded by Visa and the client. “Planning and Implementation” in
this chapter contains guidelines for encrypting, sending, and receiving these keys.
The Payment Technology Standards Manual contains full instructions.
Refer to the Cardholder Database Overview chapter in this manual, for information about
the PIN Verification File and the Cardholder Database.
If the issuer verifies its own PINs, VisaNet currently supports the following methods
for calculating encrypted PINs:
• Visa PIN Verification Value (PVV)
• IBM PIN Offset
NOTE
Under certain specific conditions, issuers can verify their own PINs using Atalla Technovations encryption
systems. Refer to the Payment Technology Standards Manual for more information.
Acquirers must use the zone encryption scheme to ensure PIN secrecy as requests pass
from acquirers through VisaNet to issuers. When V.I.P. receives a transaction containing a
PIN, V.I.P. uses the Acquirer Working Key (AWK) to decrypt the PIN. When V.I.P. transmits
the PIN to the issuer, the Visa Security Module encrypts the PIN with the Issuer Working
Key (IWK). The issuer uses the IWK to decrypt the PIN.
Each card issuer must use unique PIN Verification Keys for STIP verification. Issuers must
maintain these keys using the same principles for safekeeping as for all other encryption
keys used to provide PIN security. PIN Verification Keys must be unique and must not
be related to any other encryption key except by chance. Refer to “How PIN Verification
Service Works” in this chapter for information about key management.
32.4.1 Testing
Testing for PVS is optional; however, PINs are required in ATM and Plus transactions as
well as in POS authorization and financial requests originating from other unattended
terminals (for instance, gasoline/petrol pumps). Issuers are responsible for verifying their
cardholders' PINs.
• PINs must be encrypted when they are beyond the protection of POS terminals or
hardware security modules (for instance, ATMs and PIN pads).
• PINs, including encrypted versions, must never be logged.
Acquirers must only use AWKs to provide cryptographic security between the acquirer
and Visa. When an acquirer stores an AWK outside a physically secure machine, it must
encrypt the AWK using a master key.
Acquirers can send the keys to Visa through the mail, encrypted under the ZCMK.
Issuer Prerequisites—Issuers must generate at least one IWK or instruct Visa to create
IWKs on their behalf. Issuers can create two IWKs to enable them to more quickly change
working keys. Visa recommends that issuers generate the keys in a random process in a
physically secure machine using all security precautions.
Issuers must create at least one pair of PIN Verification Keys (a PVK pair) and convey
those keys to Visa. Issuers can create up to six pairs. At the issuer's request, V.I.P. can
create these keys.
Issuers can send the keys to Visa through the mail, encrypted under the ZCMK.
Issuers that generate PVVs must follow the steps in Figure 32-1.
Visa must have access to the issuer-generated PVVs at the VIC. An issuer provides PVVs
in either or both of the following ways:
• The issuer encodes PVVs and related PIN Verification Key Indexes (PVKIs) in the magnetic
stripe or on the chip image as specified in the Payment Technology Standards Manual.
• The issuer stores PVVs and related PVKIs in the PIN Verification File located at the VIC.
Refer to the Cardholder Database Overview chapter in this manual , for information
about this file.
For PVVs, the PVKI is a 1-digit value that points to a pair of PIN Verification Keys stored
at the VIC. These keys are the same as those used by the issuer to generate the PVV in
the record. Because the issuer can store up to six pairs of PIN Verification Keys at the
VIC, the PVKI can be any value between 1 and 6. If the issuer uses the IBM PIN Offset
method, the issuer does not use the PVKI.
NOTE
Clients should use the PVKI only for transactions using the PVV verification method. If transactions use the IBM
Offset method, V.I.P. does not check the PVKI to verify the PIN.
A PVKI of 0 indicates that the PIN cannot be verified through PVS. If the issuer uses
PVS for a specific account range and an individual card has a PVKI of 0, V.I.P. declines
transactions with PINs for that card.
If PVVs and PVKIs appear both in the magnetic stripe or chip image and in the PIN
Verification File, the data in the PIN Verification File overrides the data in the magnetic
stripe or chip image.
IMPORTANT
Visa requires that the issuer not use the same verification keys for the PVV that it uses for the Card Verification
Value (CVV) with the Card Verification Value Service. If the common keys were compromised, it would affect
both the issuer's PVVs and CVVs.
Refer to the Card Verification Value (CVV) Service chapter in this manual for information
about this service.
Figure 32-1 illustrates the PVV generation process. This process occurs within a secure
environment outside VisaNet. Clients convey the keys using a security module.
DES Encrypt
With Key A
Cipher Text A
DES Decrypt
With Key B
Cipher Text B
DES Encrypt
With Key A
Cipher Text C
Decimalization
0963
Secure Environment
If the issuer chooses to have V.I.P. verify all or some of its PINs using the IBM PIN Offset
method, it must supply Visa with the following data elements:
• Account number length
• Number of account number digits to be used in the verification process
• Displacement of the digits
NOTE
V.I.P. uses the data elements (above) to build a block of verification data from the request message.
Decimalization Table
Decimalization
0123456789012345
Match
3589 ?
PIN Check Number
Refer to Chapter 2, V.I.P. System Fundamentals, in Volume 1 for information about PIN
encryption. Refer to the Card Verification Value (CVV) Service chapter in this manual,
for more information about CVV placement and the influence of PVS. Refer to the
Dynamic Key Exchange (DKE) Service chapter in this manual, for details on this optional
service that enables clients to manage some keys online.
0120: Advice—This advice notifies issuers that V.I.P. performed PIN verification,
authorization, or both, on their behalf.
If V.I.P. verifies the PINs, it first checks the PVVs or IBM Offsets in the PIN Verification File
in the Cardholder Database. If they are not in the file, V.I.P. checks the magnetic stripe or
the chip image for the PIN data. For PVS participants, V.I.P. also checks the account activity
in the Activity File and checks the account number to determine if the account is listed in
the Exception File. These files reside in the Cardholder Database. Refer to the Cardholder
Database Overview chapter in this manual, for information about the database and its files.
to using the account number and the cardholder PIN, the algorithm incorporates a PIN
Verification Key Index (PVKI) value and a pair of PIN Verification Key (PVK) values. Issuers
store the PVV (plus its 1-digit PVKI that appears on the card's magnetic stripe or chip
image) in a PIN database at the VIC, or within their systems. This stored PVV is called the
reference PVV for comparison purposes.
To verify a cardholder's PIN entry, the issuer or V.I.P. generates a transaction PVV using:
• The encrypted PIN entered at the terminal by the cardholder.
• A portion of the primary account number.
• The past PVKI.
V.I.P. compares the reference PVV to the transaction PVV using a validation process that
occurs in a physically secure, dedicated hardware security module. If the transaction PVV
and the reference PVV match, the PIN and the cardholder are considered validated.
Figure 32-3 shows a typical PIN-based authorization request using the PVV scheme
traveling from the cardholder and acquirer through VisaNet to the issuer. It illustrates
encryption working key management zones.
ATM
Acquirer’s Zone Issuer’s Zone
As illustrated in Figure 32-4, the zone encryption scheme uses pairs of zone working keys
in the key replacement process: one pair for the acquirer-VIC connection, and another
pair for the VIC-issuer connection.
PIN PIN
device's unique key to encipherment under an AWK shared with Visa. Acquirers then send
the PINs, which are now enciphered under the AWK, to VisaNet.
If the IWK is disclosed, PINs encrypted with that IWK are at risk, but the security of
other issuer keys is unaffected.
Visa clients and client processors began moving to TDES in October 2005. The migration
included important milestones for each region.
V.I.P.
Acquirer Issuer
PIN
Verification
File
The acquirer sends V.I.P. a V.I.P. verifies the PIN and The issuer receives the
request with an encrypted sends the request to the request.
PIN. issuer.
For PVS participants, STIP continues PIN processing after the PIN is decrypted and verified
by V.I.P. If a PIN is invalid, STIP checks to determine if the limit for unsuccessful PIN-entry
attempts has been exceeded. STIP maintains a count of consecutive unsuccessful
PIN-entry attempts made on the current day for a given account number.
STIP performs processing based on the current unsuccessful PIN-entry attempt count,
as described below.
• The count (not including the current attempt) does not exceed the limit:
- If the PIN is valid, STIP clears the count to zero.
- If the PIN is invalid, STIP increases the count by one. STIP then compares the updated
count to the limit. If the updated count now exceeds the limit, STIP updates the
count and assigns the interim response code 75 (allowable number of PIN entry tries
exceeded) to the request. STIP changes the code 75 to code 05 but sends the issuer
code 75 in the 0120 advice to clarify the reason for the decline.
• STIP then checks the exception file for a negative code. If STIP does not find a
negative code, and if the issuer has not sent an 0110 response with code 75 in
field 39, STIP declines the transaction using response code 05 in the response to
the acquirer.
• The count (not including the current attempt) exceeds the limit:
- STIP assigns response code 75 (allowable number of PIN entry tries exceeded) and
does not update the count.
- Once a count exceeds the limit, STIP continues to assign response code 75 to all
subsequent requests for the rest of the day. The cardholder is not able to complete
any more transactions requiring a PIN for the rest of the day. The cardholder can retry
the next day after STIP clears PIN counts at the end of the current day.
Issuers control PIN-retry activity by selecting the limit for the number of consecutive
unsuccessful PIN-entries attempts allowed in a day. Refer to V.I.P. System BASE I Processing
Specifications, V.I.P. System International SMS ATM Processing Specifications, and V.I.P.
System International SMS POS (Visa & Visa Electron) Processing Specifications for more
information about STIP processing and how PIN attempts accumulate in the activity file.
Refer also to the V.I.P. System Overview for an overview of STIP processing.
IMPORTANT
For Visa transactions, V.I.P. declines the transaction but does not request card pick-up. Some clients, however,
have reciprocal agreements to pick-up the cards after the specified number of unsuccessful PIN-entry attempts
has occurred.
PIN
Verification
File
NOTE
V.I.P. always forwards field 52 and field 53 to available issuers when PINs are translated (decrypted). V.I.P. will
decline the message in STIP when unsuccessful PIN verification occurs. V.I.P. drops field 52 and field 53 from
Base I and Authorization only request messages when PIN verifications are successful. V.I.P. retains field 52 and
field 53 for V.I.P. full financial request messages, however, field 52 is zero filled for successful PIN verification.
Positions:
1–2 3 4
PAN and date entry mode PIN-entry capability Fill
Positions 1 and 2, PAN and Date Entry Mode—This subfield contains a 2-digit code
that identifies the method used to enter the cardholder account number and the card
expiration date. This code specifies whether the entire magnetic stripe is included
in an authorization or financial request.
A value of 90 or 91 in positions 1 and 2 indicates that the acquirer has included the
complete, unaltered magnetic stripe contents in the message. For reversals, V.I.P.
accepts a value of 90 in field 22 but does not require the magnetic stripe content.
V.I.P. rejects authorization requests with code 0142 if the value in field 22 is 90 or 91,
but no magnetic stripe data appears in field 35 or in field 45.
V.I.P. rejects authorization requests with code 0019 if the value in field 22 is 90, but the
acquirer has not successfully completed testing to transmit a value of 90.
If issuers have not successfully complted testing for PVS participation, V.I.P. replaces a
value of 90 submitted by a participating acquirer with a value of 02 before it forwards
the request to available issuers.
Position 3, PlN Entry Capability—This subfield contains a 1-digit code that identifies
the capability of the terminal to capture PINs. This code does not necessarily mean
that a PIN was entered or that it is included in the message.
EXAMPLE
Using a value of 1 does not imply the presence of a PIN in the message. If the value is 2 or 8, however, it
is reasonable to assume that a PIN is not present.
IMPORTANT
If a BASE I 0100 authorization or balance inquiry message contains the value 2 and field 52 is present,
BASE I rejects the message with reject reason code 0592 (field present when not allowed).
The coding in this field relates to position 2 of Field 60—Additional POS Information
that describes the capability of the terminal used. Values used in field 22 affect other
fields (fields 25, 35, 45, and 52) in SMS messages. Refer to the appropriate V.I.P. System
technical specifications manuals for details.
This field is used in all customer transaction-related 01xx and 04xx messages. The code
in the original request appears in all subsequent messages.
Refer to the Payment Technology Standards Manual for complete format specifications
for Track 2.
When the authorization message requests PVS PIN verification, V.I.P. places response
code 00 (approved) in field 39 to inform the issuer that the PIN in the message
is correct.
If the PIN is incorrect, V.I.P. places response code 55 (incorrect PIN) in field 39.
If V.I.P. encounters PIN block errors during normal message processing, it returns
response code 81 (PIN cryptographic error found) in the 0110, 0210, or 0810 response
message. V.I.P. then initiates an automatic acquirer key change. If the issuer encounters
a PIN block error during verification, it returns response code 81 in the 0110, 0210,
or 0810 response.
Refer to the Payment Technology Standards Manual for complete format specifications
for Track 1.
The format of this field in an outgoing request must be that indicated by the PIN
Block Format Code in Field 53—Security-Related Control Information of the request.
In an incoming request or advice, the format conforms to the PIN block format of
the issuer as specified to Visa.
The personal identification data type subfield within field 53 indicates whether this
field contains a PIN or a password.
The Visa Security Module edits the contents of this field during PIN translation and
PIN verification. If there is an error (most commonly an acquirer key problem), V.I.P.
does not reject the request message. Instead, V.I.P. sets the response code in field 39
of the 0110 or 0210 response to 81 or 86.
For PIN translations, fields 52 and 53 and their contents remain with the message when
VisaNet forwards it to available issuers or to STIP on the issuer's behalf for the approval
or decline decision. The fields are not included in responses to acquirers or in advices.
For successful BASE I PIN and V.I.P. authorization-only verification transactions, that
is, when no error is detected, VisaNet drops fields 52 and 53 before it forwards the
message to available issuers. For V.I.P. SMS full financial messages, in the case of
successful PIN verifications, VisaNet forwards field 52 and field 53 to the available
issuer; however, V.I.P. zero-fills field 52 in the outgoing message to the issuer. If PIN
verification fails, V.I.P. declines the message in STIP with the applicable response code
as determined during STIP processing.
Positions:
1–2 3–4 5–6 7–8 9–10 11–16
PIN Data
Security Algorithm ID PIN Block Zone Key Type, Not Not
Format Format Index Applicable Applicable
Positions 1–2, Security Format Code—The code in field 53.1 defines the security
technique used. The code in positions 1–2 must be 20.
Positions 3–4, PIN Encryption Algorithm Identifier—The code in field 53.2 defines
the encryption technique used. Code 01 is the only code allowed in this subfield.
Positions 5–6, PIN Block Format Code—The code in field 53.3 defines the format of
field 52. In acquirer-initiated requests, this code describes the PIN block format used by
the acquirer. In requests received by the issuer, it describes the PIN block format used
by that issuer. If V.I.P. validates the PIN as part of PVS processing, this field contains the
original code inserted by the acquirer. Positions 5–6 must contain code 01, 02, or 03.
Positions 7–8, Zone Key Index—The index in field 53.4 indicates which key was used
to encrypt the PIN. In dynamic key exchange messages, this subfield is used to indicate
which key is being changed. If the PIN in field 52 is zeroed-out before the request
reaches the issuer, this code is the original for the acquirer's key. Positions 7–8 must
contain code 01 or 02.
The code in field 53 indicates which of the possible encryption keys is to be changed:
Positions 9–10, PIN Data Type—The code in this subfield code defines the
personal ID data type (PIN or password) contained in field 52. Positions 9–16 must
contain zeros in outgoing requests.
Positions 9–16 are reserved for BASE I use at the VIC. They must be zero-filled by the
acquirer.
Code Definition
Positions 1–2: Security Format Code
20 Zone encryption
Positions 3–4: PIN Encryption Algorithm Identifier
01 ANSI DES
Positions 5–6: PIN Block Format Code
01 Visa recommends this format. The format is based on the PIN, the PIN
length, selected rightmost digits of the account number, and the pad
characters 0 and F, combined through an exclusive-OR operation.
Code Definition
02 The format is based on the PIN, the PIN length, and a user-specified
numeric pad character.
03 The format is based on the PIN and the F pad character.
Positions 7–8: PIN Zone Key Index
00 Reserved for future use.
01 Working Key 1 is to be changed or used.
02 Working Key 2 is to be changed or used.
For PIN translations, fields 52 and 53 and their contents remain with the message when
VisaNet forwards it to available issuers or to STIP on the issuer's behalf for the approval
or decline decision. The fields are not included in responses to acquirers or in advices.
For successful BASE I and V.I.P. authorization-only PIN verification transactions, that
is, when no error is detected, VisaNet drops fields 52 and 53 before it forwards the
message to available issuers. For V.I.P. SMS full financial messages, in the case of
successful PIN verifications, VisaNet forwards field 52 and field 53 to the available
issuer; however, V.I.P. zero-fills field 52 in the outgoing message to the issuer. If PIN
verification fails, V.I.P. declines the message in STIP with the applicable response code
as determined during STIP processing.
V.I.P. rejects the message with reject code 0753 if this field is present in advices,
completions, reversals (full and partial), representments, adjustments, and their
responses.
• V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications, Volume 1 and
Volume 2
• IBM 3624 Consumer Transaction Facility Programmer's Reference and Component
Descriptions
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33-3
33.1 In Brief
The POS Check Service offers merchants the ability to accept consumer and business
checks as source documents and to convert the paper checks to electronic transactions
at the point of sale, and from mail, telephone, or electronic commerce merchants.
As electronic transactions, converted checks can be cleared and settled quickly and
efficiently. Merchants using this service can realize the benefits of cost and risk reduction
for check payments. Participating drawee financial institutions, serving as online
authorizing agents for their customers' checks, can clear and settle electronic debits
quickly, increasing revenue opportunities and reducing check processing costs.
BASE I
SMS The POS Check Service is available to Single Message System (SMS) users.
SMS only
A Participation in the POS Check Service is optional for U.S. acquirers, processors,
and their merchants. It is also optional for participating drawee financial
institutions in the U.S. region or for their authorized third-party agents.
Acquirer
captures checking account information from the Magnetic Ink Character Recognition
(MICR) line of data encoded on a customer's check. Merchants can also receive
key-entered checking account information through an Internet connection or through a
telephone or mail order device.
If the customer asks that the check not be converted, the sales clerk follows the
merchant's standard paper check-handling procedures. If the customer agrees to the
check conversion, the merchant initiates a POS check transaction. The POS Check Service:
• Validates that the check can be processed electronically.
• Enables the merchant to return the voided check to the customer.
• Creates an 0200 full financial transaction that automatically transfers the check amount
from the customer's checking account to the merchant's bank account through VisaNet
or through the Automated Clearing House (ACH).
• Handles exception items for VisaNet- and ACH-settled transactions.
• Processes fee collection and funds disbursement transactions, which route funds
between participants to settle obligations between them, and which disburse funds to
(or collect funds from) them, for VisaNet-settled transactions.
• Provides reports—for instance, settlement reports and exception item reports.
NOTE
The POS Check Service does not support electronic transactions for Internet gambling.
Option Description
Conversion Only The authorization request message is routed to the participating drawee
financial institution or to a third-party authorizing agent, which approves
or declines the transaction by checking the status of the account. The
merchant retains the risk of loss.
Verification With The authorization request message is routed to the participating drawee
Conversion financial institution or to a third-party authorizing agent for verification
of the probability that the transaction will be paid by the customer.
The participating drawee financial institution makes an approval or
decline decision based on access to the demand deposit account (DDA)
and on information about funds availability at the time of the request.
The third-party authorizing agent makes an approval or decline decision
based on its risk management database. The merchant retains the risk of
loss.
Guarantee With The authorization request message is routed to the participating drawee
Conversion financial institution or to the third-party authorizing agent to guarantee
the transaction. If the transaction is approved, the risk of loss is transferred
to the participating drawee financial institution or to the third-party
authorizing agent, provided that all merchant acceptance criteria have
been met. The guarantor bears the risk of loss.
Term Meaning
Acquirer A bank that has a signed agreement with one or more merchants
participating in the service and submits POS check transactions for clearing
and for settlement through VisaNet or through the ACH.
Automated Clearing A funds transfer system governed by the rules of the National Automated
House Clearing House Association (NACHA). ACH allows financial institutions to
clear interbank entries electronically.
Customer A person who agrees to a transaction for payment to a merchant for
goods, services, and/or cash back.
Drawee Financial A financial institution whose demand deposit account customers may have
Institution POS check transactions processed by the service at the point of sale.
Merchant An entity that accepts consumer POS check transactions as payment for
merchandise or for services, and that processes the transactions through
the POS Check Service.
Originating A depository financial institution that sends entries to the ACH.
Depository Financial
Institution (ODFI)
Processor A client, or a Visa-approved non-client acting as the agent of a client,
providing authorization, clearing, and/or settlement services for clients
and for merchants.
Receiving A depository financial institution that receives transactions from the ACH.
Depository Financial
Institution (RDFI)
Third-Party An entity that authorizes POS check transactions for non-participating
Authorizing Agent banks and creates ACH items that are sent to the ODFIdebtor agent.
VisaNet The data processing systems, networks, and operations used by the service
to support and to deliver authorization, clearing, and settlement services.
Participants may also need to work with ancillary parties, such as point-of-sale integrators,
image repositories, imaging processors, and collection agencies.
A participating acquirer (or its processor) and merchant must support at least one of the
service options. An acquirer needs to establish with each of its participating merchants
which of the service options will be supported and which third-party authorizing agent
will be used for POS check transactions drawn on non-participating banks.
A participating drawee financial institution may support any combination of the three
options.
33.4.1 Testing
All merchants, acquirers, processors, participating drawee financial institutions, and
third-party authorizing agents with a connection to VisaNet for online messages that want
to participate in the POS Check Service must conduct comprehensive testing with Visa to
ensure that POS check transactions can be exchanged correctly among all parties.
POS Check Service testing ensures that acquirers and drawee financial institutions can
send and can receive the correct values in POS Check Service key fields for requests,
reversals, and exception item processing messages. These fields include:
• Field 3—Processing Code
• Field 22—Point-of-Service Entry Mode Code
• Field 25—Point-of-Service Condition Code
• Field 44.11—Original Response Code
• Field 44.12—Check Settlement Code
• Field 48—Additional Data–Private
• Field 60—Additional POS Information
• Field 61.1—Other Amount, Transaction
• Field 62.2—Transaction Identifier
• Field 63.3—Message Reason Code
• Field 63.6—Chargeback Reduction/BASE II Flags (Mail/Telephone or Electronic Commerce
Indicator)
• Field 100—Receiving Institution Identification Code
• Field 125—Supporting Information (MICR Data)
The VisaNet Certification Management Service (VCMS) provides testing assistance for POS
Check Service participants. Participants can contact their Visa representatives to make
the arrangements.
• Maintain a merchant interface system that complies with the technical and operational
standards of V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications,
Volume 1 and Volume 2, including:
- Receiving, reformatting, and forwarding POS check transactions—V.I.P. SMS-connected
acquirers and processors use V.I.P. SMS ISO message formats.
- Processing voids and reversals.
- Selecting and supporting all applicable service options.
• Pre-qualify and have a Merchant Agreement with each of its merchants.
• Provide a unique merchant identifier for each merchant name and location that
originates transactions.
• Select the third-party authorizing agent to be used for transactions drawn on
non-participating banks.
• Establish an ODFI relationship.
• Provide back-office support for exceptions both from VisaNet and from the ACH.
• Support settlement and reconciliation.
• Meet the requirements for participation, as defined in the Visa Rules for the service.
• With its merchant or merchants, be successfully tested by Visa, and ensure that its
merchants comply with the requirements of the Visa Rules for the service.
The acquirer or its processor works with the merchant and with the point-of-sale terminal
vendor to establish an integrated point-of-sale solution.
Using a VisaNet Connection—If an acquirer chooses to send requests from its VisaNet
connection, it must modify its application programs and its host interface to create check
conversion requests that can be sent to V.I.P.
For information about VisaNet connections, refer to “For More Information” in About
This Manual.
• 0422 issuer-generated fee collection, returned check fee, or funds disbursement request,
and 0432 fee collection, returned check fee, or funds disbursement request response
• 0520 reconciliation advices (not applicable for third-party authorizing agents and is
optional for acquirers and for drawee financial institutions)
• 0600 free text messages and 0610 free-text responses
• 0620 funds transfer totals and 0630 funds transfer totals responses (not required by
third-party authorizing agents)
• 0800 network management messages and 0810 network management responses
• 9620 fraud advices and 9630 fraud advice responses
The merchant may also optionally key enter customer identification information, such as
a driver's license number, at the point of sale. The check data, customer identification
data (if present), and the sales amount must be combined with other required data
elements and be formatted into an 0200 financial POS check request message. The
request message is forwarded to VisaNet for processing.
Approved POS check transactions that VisaNet has exchanged with participating drawee
financial institutions are settled daily by the VisaNet payment system. POS Check Service
settlement totals may be combined with settlement totals for other activity processed by
VisaNet if the same BIN is used for activity other than POS check transaction processing.
POS check transactions exchanged by VisaNet and by third-party authorizing agents are
settled by the Automated Clearing House (ACH). All post-settlement exception items
relating to these transactions must be processed according to the ACH rules published by
the National Automated Clearing House Association (NACHA).
Participating
Drawee Financial
Institution
Third Party
1. At the point of sale, the sales clerk identifies the type of check to ensure that it can
be accepted by the service and tells the customer that the check is being used as a
source document for conversion to an electronic item.
Optionally, the sales clerk can key enter the checking account information received
from the customer through an Internet connection or for a telephone order or mail
order transaction.
2. The sales clerk passes the check through a check reader, which electronically captures
the checking account information from the MICR line encoded on the check.
3. The sales clerk enters the amount of the purchase and, optionally, key-enters additional
customer identification information. This information varies, depending on the
requirements of participating merchants, acquirers or their processors, and third-party
authorizing agents—but could include, for instance, the customer's driver's license
number, state, and date of birth.
4. The check reader converts the MICR data into an electronic POS check transaction and
sends it to the acquirer or to its processor.
5. The acquirer or its processor formats the transaction into an authorization request
message (0200 full financial message) and forwards it to VisaNet.
6. V.I.P. edits and validates the transaction, based on the routing information contained in
the message, and routes the transaction:
- To the drawee financial institution if the routing transit number in the authorization
request is that of a participating bank. This transaction is referred to as a participating
transaction.
- To a third-party authorizing agent if the routing transit number in the authorization
request is that of a non-participating bank. This transaction is referred to as a
non-participating transaction.
7. The participating drawee financial institution or the third-party authorizing agent
performs authorization processing (for instance, checking the status of the account,
verifying the account balance, or checking a risk management database) and sends
a response to VisaNet.
8. VisaNet forwards the authorization response to the acquirer or to its processor.
9. The acquirer or its processor forwards the response to the merchant.
10. The sales clerk completes the transaction at the point of sale by voiding the paper
check and printing two copies of the transaction receipt—one for the customer to sign
and the other to be returned to the customer with the voided paper check.
Figure 33-2 shows the settlement process for transactions settled by VisaNet. The flow
shows one transaction, but represents the delivery of batches of POS check transactions to
multiple acquirers or to their processors, and to participating drawee financial institutions.
Participating
Drawee Financial
POS Merchant Acquirer Visa Institution Customer
POS check transactions authorized by third-party authorizing agents are settled by the
ACH as shown in Figure 33-3. All settled transactions and post-settlement exception items
relating to these transactions must be processed according to the NACHA rules.
RDFI Customer
On-Us
Acquirer/
Debtor Agent POS Merchant
For POS check transactions authorized by a third-party authorizing agent, at the end
of the day:
1. The third-party authorizing agent sends its ACH batches to the ODFI.
2. The ODFI processes all on-us transactions and forwards all non-on-us transactions to
the ACH.
VisaNet and authorizing endpoints decline transactions for any check that falls into one of
the following categories:
• Checks drawn on invalid or fraudulent ABA account numbers.
• Checks at the point of sale that do not contain a pre-printed serial number.
• Checks that have been previously negotiated.
• Checks that have been previously voided in connection with another POS check
transaction or with another program according to NACHA check conversion rules.
• Checks not containing an ABA routing and transit number and a demand deposit
account (DDA) number.
• Federal Reserve Bank and Federal Home Loan Bank checks.
• Government checks, including checks drawn on a state or local government.
• Third-party checks.
• U.S. Treasury checks.
• Obligations of a financial institution, such as travelers checks, convenience checks,
cashier checks, official checks, and money orders.
• Checks payable in a currency other than U.S. dollars.
EPC Field
6 6 6 6 6 6 5 5 5 55 5 5 5 5 5 4 4 4 4 4 4 4 4 4 4 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
5 4 3 2 1 0 9 8 7 65 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1
NOTE
Figure 33-4 is not to scale. The proper scale is eight characters per inch.
The MICR data is transmitted in Field 125—Supporting Information of the full financial
message. For information about field 125, see “Key Fields Glossary” in this chapter.
33.7.5 Reporting
VisaNet provides participants with comprehensive activity reports (showing all POS
check transactions processed) and with settlement reports (showing all VisaNet-settled
transactions). In addition, participants may choose to receive daily raw data files of POS
check transactions. For information about raw data, see VisaNet Settlement Service (VSS)
User's Guide, Volume 2, Reports.
The following sections explain the requirements and the processing rules for each of
these exception transactions.
Exception processing for POS check transactions that originally settled through the
Automated Clearing House (ACH) must be handled according to NACHA rules and is
not handled by VisaNet.
VROL can only be used for exception transaction processing by acquirers and by
participating drawee financial institutions for POS check transactions originally settled by
VisaNet, but can be used to submit adjustments.
POS Check Service participants may use VROL for transaction inquiries for all POS check
transactions, both those settled by the VisaNet payment system and those settled by
the ACH.
Before originating an exception transaction, a POS Check Service participant may use
VROL to obtain the original POS check transaction. The participant uses the retrieved
transaction to create the related exception transaction or transactions.
For further information about VROL processing requirements for the POS Check Service,
refer to V.I.P. System SMS POS (Visa & Visa Electron) Technical Specifications, Volume 1
and Volume 2.
If the check is drawn on a participating drawee financial institution, and that bank
supports the requested service option, VisaNet routes the transaction to that bank.
If not, VisaNet routes the transaction to the designated third-party authorizing agent.
For adjustment transactions initiated by the merchant or by the acquirer, field 100
must contain the third-party authorizing agent's BIN ID if the item was originally
settled by the ACH system.
Drawee financial institutions and third-party authorizing agents must parse the raw
MICR, if necessary, to determine the customer's checking account number, perform
authorization processing, and return the parsed MICR back in the response to V.I.P.
Table 33-3 and Table 33-4 provide a detailed description of formatting requirements
for field 125. Unformatted MICR data is only used in POS check request messages.
Parsed MICR data is required in all approved POS check response messages, and may
be used in POS check request messages.
Field
Number/Name Position/Size Data Content Format
125, Supporting 1–255 Contains customer financial institution n/a
Information account information captured from
the MICR line on customers' checks.
Data capture occurs when the MICR
line is read by a terminal at the point
of sale.
Length 1 Contains the length of the data
contents in the entire field.
Field Identifier 2–3 $V Identifies use of the field as “POS
2 check.”
Data Type 4–5 RM Identifies the data contents as
Identifier 2 unformatted MICR information.
Must be present in the request, and
the MICR data that follows must be
unformatted.
Data Length 6–8 999 Indicates the length of the MICR data
Identifier 3 contained in the field.
Table 33-3 POS Check Field 125 Format Requirements—Unformatted MICR (continued)
Field
Number/Name Position/Size Data Content Format
Unformatted MICR 9, variable Must contain the entire unaltered The unformatted MICR data is the exact
Information contents of the MICR line, with spaces MICR line from the check, including
preserved, read from the customer's spaces, except that the MICR symbols
check by a terminal. At a minimum, are replaced as follows (“raw TOAD”
the routing transit number and the format):
customer account number (on-us
field) must be present. The Transit symbol (I) must be replaced
by the letter T either in upper or lower
case.
Field
Number/Name Required Data Format
Field Identifier $V Identifies the use of the field as “POS Check.” The POS
Check Service field identifier must appear in the first two
bytes of the field, exactly as shown.
Following the field identifier, subfields may be in any order within field 125.
NOTE:
Any of the alpha characters sent in this field in the request message (t, o, d) must be stripped out when the field is returned.
Routing Transit The drawee financial institution's routing The routing transit number has a fixed length of 9 numeric
Number transit number (ABA number). characters and must be formatted as follows: AB999dddd,
where AB identifies the subfield, 999 the length of the
data, and dddd the actual data content.
Customer Account The customer deposit account number. The customer deposit account number must be present, be
Number a maximum of 19 characters and be formatted as follows:
AN999dddd, where AN identifies the subfield, 999 the
length of the data, and dddd the actual data content.
Table 33-4 POS Check Field 125 Format Requirements—Parsed MICR (continued)
Field
Number/Name Required Data Format
Check Serial The check serial number of the check The check serial number, when present, is a maximum of
Number being converted. 15 characters and is formatted as follows: CK999dddd,
where CK identifies the subfield, 999 the length of the
data, and dddd the actual data content. The check serial
number is optional for Internet, mail order, or telephone
order request messages, but must be provided in all
subsequent messages if it is in the original request.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34-3
34.1 In Brief
The Positive Authorization Capacity Management (PACM) Service establishes limits that
route transactions to the issuer or to STIP primarily using an issuer limit as well as a
dynamic limit called the diversion threshold. STIP determines this limit by comparing
transaction volume to issuer capacity.
PACM monitors the issuer's transaction volume every 60 seconds. When the volume of
authorization and financial request messages exceeds the issuer's processing capacity,
PACM routes low-risk transactions to the stand-in processor (STIP) for the next 60 seconds.
PACM continues to balance volume with capacity until the issuer is able to process all
transactions. PACM creates advices with optional PACM indicators.
BASE I
SMS PACM is available both to BASE I users and to SMS users.
When the volume of request messages exceeds the issuer's processing capacity, PACM
routes a calculated number of low-risk transactions to STIP for the next minute. This
diversion to STIP enables issuers to process higher-risk financial transactions, which
reduces overall risk. PACM supports higher levels of customer service by reducing the
frequency of unnecessary declines.
PACM continually checks transaction volume every 60 seconds and adjusts the number of
transactions routed to STIP so that the optimum number of messages can be processed
by the issuer without exceeding the issuer's capacity.
PACM is similar to Positive Cardholder Authorization Service (PCAS) in that both route
low-risk transactions to STIP.
• PCAS routes transactions to the issuer or to STIP using issuer limits.
• PACM routes transactions to the issuer or to STIP using a dynamic limit called the
diversion threshold, which is a sliding dollar amount.
IMPORTANT
This diversion threshold replaces the use of issuer-specified issuer limits when determining whether a
transaction should go to available issuers or to STIP. However, mandatory minimum issuer limits still apply
as an initial issuer-or-STIP decision tool.
PACM transactions with amounts in excess of the amount threshold are sent to the issuer if
available; transactions below the amount threshold are sent to STIP. Mail order/telephone
order (MOTO), risky purchase, and cash transactions are not eligible for PACM and are
always forwarded to issuers when they are available.
Once in STIP, PACM and PCAS use most of the same PCAS parameters.
Visa recommends that issuers review their activity checking parameters and default
response codes before enrolling in PACM to avoid excessive STIP non-approvals or
high-risk exposure.
IMPORTANT
SMS performs activity checking even if the issuer has set the issuer BIN activity count to zero.
For further PCAS information, refer to Chapter 35, Positive Cardholder Authorization
Service (PCAS).
PACM participation is established at the BIN level. PACM diversion to STIP is controlled
at the Processor Control Record (PCR) level. Issuers can specify which BINs are subject
to PACM processing and which are not. Issuer processors with both participating and
non-participating BINs should be aware that although PACM monitors all transaction
traffic, PACM STIP diversion occurs only for PACM-participating BINs.
Visa assigns PACM participants a default capacity rating that is equal to the capacity
of their connection to VisaNet. Issuers must notify their Visa representatives if their
issuer-specified host capacity is less than its assigned default.
IMPORTANT
An issuer-specified capacity cannot exceed the capacity of its VisaNet connection.
STIP creates advices of STIP transactions and holds them for the issuer until V.I.P.
determines that issuer volume is below capacity. When transaction volume drops below
capacity, V.I.P. resumes advice delivery and includes advice volume in overall processor
volume.
Many SMS issuers receive a large volume of advices. Because SMS advices may be
postable to the cardholder's account, they are time-critical and some issuers may choose
to continue receiving advice messages when volume exceeds capacity. Thus, SMS
issuers have the option of specifying that PACM not suspend advice traffic during PACM
diversion. Selecting this option means that STIP processes more real-time authorization
and full-financial requests during high-volume periods. STIP creates advices for these
transactions.
34.4.2 Testing
While participating issuers do not have to test for PACM participation, Visa recommends
testing for new participants. If issuers choose to receive PACM data in 0120 and 0220
advices, they must test for fields 44.6 and 44.7.
$295
PACM generates an advice containing optional PACM indicators for each transaction
processed by STIP.
• Authorization requests under the travel and entertainment (T&E) mandated limits.
• Up to USD$499,999.99 for Visa Signature, Visa Signature Preferred, Visa Infinite, Visa
Signature Business.
• Up to USD$499,999.99 for Visa Business, Visa Corporate, Visa Business Check Card,
Prepaid Commercial, Visa Purchasing, Visa Purchasing with Fleet, Visa Purchasing
GSA, and Visa Purchasing GSA with Fleet, wherein the ARDEF participation flag (large
ticket) is OFF for the card number.
NOTE
If the ARDEF participation flag (large ticket) is ON for the card number, the limit on the transaction
amount is up to US$9,999,999.99.
The diversion level corresponds to the percentage by which transaction volume exceeds
the processor's rated capacity. PACM continuously monitors transaction volume and
capacity to ensure that it is diverting the optimum transaction volume and adjusts the
diversion level accordingly. Figure 34-2 illustrates how PACM calculates a diversion level.
Diversion Table
Diversion Transaction
Target Amount
Volume – Capacity % Diversion-Eligible 0% $0
Diversion-Eligible Volume = Volume to Divert
0 – 5% $7
5 – 10% $12
Example
10 – 15% $17
Issuer capacity is 100 transactions per minute,
volume reaches 118 transactions per minute. 15 – 20% $23
Of these, 80 are eligible for diversion to STIP: 20 – 25% $29
118 – 100 25 – 30% $37
80 = 22.5%
30 – 35% $48
PACM refers exclusively to the applicable diversion table during the initial diversion
minute. During each subsequent diversion minute, PACM monitors how close it has come
to diverting the targeted volume of transactions. PACM factors in this percentage to select
the diversion level for the next minute. This continuous monitoring reduces the effects of
transaction mixes that differ from the percentages in the diversion table.
4 = Asia-Pacific (AP)
Percentage
of Eligible
Diversion Level Transactions BASE I DIVERSION TABLES
Diverted to Dollar Value of Diverted Transactions (Eligible
STIP if Below Listed Amount)
Regions 1
(U.S.), 2 (CAN), Regions 3 (VE),
5 (LAC) 6 (CEMEA) Region 4 (AP)
00 00 0 0 0
01 05 8 14 11
02 10 12 20 14
03 15 14 26 16
04 20 17 31 19
05 25 19 38 22
06 30 22 44 25
07 35 25 52 29
08 40 28 59 33
09 45 31 68 38
10 50 36 76 45
11 55 40 87 54
12 60 46 102 64
13 65 52 118 75
14 70 59 140
15 75 70 160 107
16 80 85 188 131
17 85 105 235 160
18 90 151 314 212
19 95 253 403 321
20 100 All All All
As with the BASE I tables, each region can define its own tables. SMS issuers can also
select the diversion table for the processor. If issuers do not make a selection, PACM uses
established defaults. The “Visa SMS” column lists these defaults.
Percentage
of Eligible
Diversion Level Transactions
Diverted to SMS DIVERSION TABLES
STIP Dollar Value of Diverted Transactions (Eligible
if Below Listed Amount)
SMS and
Visa SMS Interlink Interlink
00 00 0 0 0
01 05 7 6 4
02 10 10 8 5
03 15 13 11 6
04 20 15 13 7
05 25 17 15 8
06 30 18 16 9
07 35 20 18 10
08 40 22 20 11
09 45 24 22 13
10 50 26 24 14
11 55 29 26 16
12 60 32 29 17
13 65 36 33 20
14 70 40 37 22
15 75 47 42 24
16 80 54 50 27
17 85 66 60 33
18 90 90 80 42
19 95 155 135 54
20 100 All All All
Refer to V.I.P. System BASE I Technical Specifications, Volume 1 for more information
about these fields.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35-3
35.1 In Brief
Issuers use the Positive Cardholder Authorization Service (PCAS) to establish routing
parameters such as issuer, advice, and activity limits to route transactions to the issuer
or to STIP using issuer limit dollar amounts.
If V.I.P. routes the transaction to the issuer, the issuer provides the response. If V.I.P.
routes the transaction to STIP, stand-in authorization options and PCAS processing limits
(selected by the issuer), determine the response.
BASE I
SMS PCAS is available to both BASE I and SMS System issuers.
I Participation in PCAS is optional for issuers. PCAS is available for all card
types, including private label cards.
Issuer
Issuer Limit—This limit is the transaction amount that determines whether a transaction
is processed by BASE I STIP or by the issuer processor.
Activity Limit—This limit is the transaction amount that controls accumulated cardholder
spending.
Advice Limit—This limit is the transaction amount that determines whether STIP performs
optional functions when processing transactions that are below the issuer limit.
35.4.1 Testing
Testing is optional for authorization processing. The VisaNet Certification Management
Service (VCMS) provides testing assistance. Clients can contact their Visa representatives
to make the arrangements.
PCAS provides issuers with options to define which transactions VisaNet should forward
and which transactions should be approved in issuer-available or issuer-unavailable
stand-in processing. Transaction characteristics for balancing the cost, risk, and customer
service implications are merchant type, account activity, and cardholder risk. The PCAS
capabilities that can define these characteristics are:
• Merchant Category Groups
• Issuer Limits
• Activity Limits
• Mandatory Limits
• Advice Limits
• Activity Checking and Accumulation
• Cardholder Risk Levels and Individual Limits
• Random Selection Factors
• BIN Blocking and Country Restrictions, including Risky Countries
Along with the transaction type, merchant category, geographical jurisdiction, and issuer
processing center availability, PCAS uses issuer limits to route transactions to the issuer or
to STIP. This routing capability is accomplished by categorizing all authorization requests
into one of the following categories:
For instance, if the issuer sets up the BIN default response code for the Airlines/Travel
MCG with a non-approval response code, such as code 91 (issuer unavailable), STIP does
not perform PCAS activity and the transaction has the chance to bypass the approval
due to PCAS activity processing.
When the issuer processor is not available, transactions with amounts above the issuer
limit are also processed in STIP. STIP declines these transactions under certain conditions.
Rules for specific card programs can override the issuer limit.
IMPORTANT
V.I.P. sends all risky transactions (for instance, electronic commerce online gambling transactions) to the issuer.
If the issuer is unavailable, STIP processes them according to issuer-defined parameters.
Purchase Cash
• Commercial Travel • ATM
• Lodging • Quasi-Cash
• Auto Rental • Other Cash
• Restaurant
• Medical
• Mail Order/Telephone
• Risky Purchase
• Other Purchase
Each MCG has its own set of related merchant category codes (MCCs) that designate a
specific business or service. The MCC appears in the authorization request message, and
V.I.P. uses it, along with the issuer-specified STIP parameters, to determine authorization
routing and processing.
NOTE
If the processing code in field 3 is 01 (cash disbursement) and Field 18—Merchant Type is not ATM (6011),
V.I.P. assigns the transaction to the Other Cash MCG.
V.I.P. uses the issuer limit in the initial switch or STIP decision. V.I.P. routes transactions to
issuer processors for approval or denial decisions when transaction amounts are greater
than or equal to the issuer limit. STIP processes transactions with transaction amounts
less than the issuer limit. When the issuer processor is not available, STIP processes
transactions with amounts above the issuer limit.
Issuers can specify cardholder activity limits in several different areas to customize risk
control and customer service according to varying transaction characteristics. These
areas include:
• Merchant category group
• Total Purchase and Total Cash
• Issuer available and issuer unavailable
• Number of approved transactions for this account (count)
• Total value of approved transactions for this account (amount)
• Activity over one day and over four days (4-day multiplier)
Refer to the “Issuer Specification Requirements for BIN-Level Issuer and Activity Limits”
table in chapter 4 of V.I.P. System BASE I Processing Specifications for the requirements for
establishing issuer limits and activity limits. The table also shows the relationship between
issuer-available and issuer-unavailable activity limits at the BIN level.
Issuer-Available Limits—V.I.P. uses these activity limits when the issuer processor is
available. To be considered available, the issuer must be signed on to the network.
The available limits allow issuers to set normal activity limits for STIP processing.
NOTE
If STIP processes the transaction and the transaction fails an activity limit check, V.I.P. forwards the transaction
to the issuer for approval. If V.I.P. does not receive a response from the issuer, V.I.P. completes STIP processing
using issuer-available PCAS parameters.
Transactions that fail issuer-available STIP are forward-referred (switched) to the issuer.
The advantage of conservative available limits is greater risk control. The consequence is
increased transaction volume at the host for the relatively small number of transactions
that exceed limits. Thus, issuers may choose relatively conservative available limits.
When transactions fail issuer-unavailable activity checking, V.I.P. sends a referral response
to the acquirer (assuming no other STIP test generates a higher priority response).
The advantage of more liberal activity limits is that fewer referrals are sent to the acquirer.
This reduction in traffic results in improved cardholder service and less demand on the
issuer's customer service operations or referral center. The disadvantage is increased credit
and fraud risk. The fraud and credit risk is lessened, however, because issuer-unavailable
transactions should be relatively infrequent and difficult to predict. For these reasons,
issuers may choose more generous issuer-available limits.
1-Day Count Limit—This limit applies to the current day's transactions. The amount can
be any integer value between 0 and 255.
1-Day Amount Limit—This limit applies to the current day's transactions. The amount
can be any U.S. dollar amount between $0.00 and $65,535.00.
4-Day Multiplier—The 1-day count and amount limits are multiplied by the 4-day
multiplier to determine the 4-day count and amount limits. The multiplier can be any
value between 1 and 4, in increments of .05. Fractional results on the calculation of the
count limit are raised to the next higher integer.
EXAMPLE
A 1-day count of 2 times a 4-day multiplier of 2.1 would yield a 4-day count of 4.2, which would be rounded
up to 5.
The issuer may specify T&E limits different from the mandated T&E limits. V.I.P. uses
the higher of the mandated limits or the issuer limits for international transactions.
These limits are defined in V.I.P. System BASE I Processing Specifications.
NOTE
Activity limits can be overridden by limits stored in the Cardholder Database or in the exception file.
the issuer's behalf. The advice limit is a threshold for performing advice creation and
activity checking. Transactions below this limit receive neither activity checking nor advice
creation. Transactions processed in STIP that are above this limit receive either activity
checking, advice creation, or both, depending on issuer specifications.
Issuers specify a single advice limit for each BIN. Regardless of issuer specifications, an
advice limit of zero is in effect for all Cash and MOTO transactions.
V.I.P. performs activity checking based on the advice limit as described in the previous
section. Accumulators are running totals of transactions approved in STIP. While issuers
specify activity limits at the BIN level, V.I.P. maintains accumulators at the account level.
IMPORTANT
The following description of activity checking and accumulation assumes that the combination of issuer
specifications and transaction characteristics would result in activity checking being performed, and, that the
transaction passed all other STIP tests.
V.I.P. compares the activity accumulators to the appropriate available or unavailable limits,
depending on processing conditions.
NOTE
V.I.P. uses the same set of accumulators for both issuer-available and issuer-unavailable processing.
MOTO and Risky Purchase Activity Checking and Accumulation—When specified, V.I.P.
checks and accumulates MCG-level activity limits. If the issuer has not specified MCG-level
limits, V.I.P. checks and accumulates Total Purchase activity limits.
Total Cash Activity Checking and Accumulation—V.I.P. checks and accumulates Total
Cash activity limits for Quasi-Cash and other Cash transactions. MCG-level activity limits
are not available for these MCGs.
ATM Cash Activity Checking and Accumulation—When limits are specified, V.I.P. checks
and accumulates activity limits at the MCG level.
NOTE
For more information about activity checking and accumulation, refer to V.I.P. System BASE I Processing
Specifications.
Issuers establish the default risk level for the BIN, typically risk level C.
NOTE
Risk level D cannot be used for the BIN default.
Issuers that choose to use risk levels must also specify processing parameters for the
non-default risk levels. Issuers may choose to specify more restrictive parameters for
higher risk accounts (typically risk levels B and D). They may also choose to specify more
generous parameters for their premier accounts (typically risk level A).
Issuers must also assign accounts non-default risk levels by one of two methods:
• By adding the account to the risk level file in the V.I.P. Cardholder Database. See the
Cardholder Database Overview chapter in this manual for basic information about the
risk level file.
• By encoding the risk level on Track 1 of the magnetic stripe.
IMPORTANT
Visa does not recommend the latter option because of a relatively high percentage of transactions that do
not contain Track 1 data.
A risk level specified in the risk level file takes precedence over a risk level encoded on
the magnetic stripe. If a risk level is not specified in either the transaction data or in the
Cardholder Database, V.I.P. uses the default risk level file parameters for the BIN.
Between the Advice Limit and Issuer Limit—Issuers designate a random selection factor
(a certain percentage) for between-limit transactions. STIP then selects that percentage of
the transactions with amounts between the advice limit and the issuer limit and sends
them to the issuer.
If issuers are unavailable, they can have STIP either respond immediately with predefined
response codes (referral or decline), or continue processing according to the issuers'
normal processing parameters. Up to 20 countries can be identified as high-risk in the
Risky Countries Table in the system files. The available risky country response codes are
A (Approval), D (Decline), or R (Referral). V.I.P. translates these codes to 00, 05, and 01,
respectively, before V.I.P. forwards the response to the acquirer.
NOTE
V.I.P. searches the Country Exclusion List before it searches the Risky Countries Table. If a country is listed in
both tables, the country exclusion processing specifications take precedence.
Issuers can block transactions in or between embargoed countries, for instance, between
acquirers in country A and issuers in country B. In addition to using embargo settings
for Visa cards, they can be used for other card products such as American Express
or MasterCard.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36-3
36.1 In Brief
Issuers use the Preauthorized Payment Cancellation Service (PPCS) to stop payments on
preauthorized payment transactions, such as those for recurring or installment payments.
Participating issuers place stop-payment orders in the Portfolio File (PF) in the V.I.P.
Cardholder Database (CDB). When acquirers submit a preauthorized payment transaction,
V.I.P. checks the database, and if it encounters a stop-payment order for that account
number, it declines the request.
PPCS enables clients to meet Federal Reserve Regulation E requirements, which govern
electronic funds transfers and provide Visa U.S. region cardholders with certain dispute
rights for check card transactions. Clients that issue check cards must comply with the
terms of those regulations.
BASE I
SMS PPCS is available both to BASE I System users and to Single Message System
(SMS) users.
I
Participation in PPCS is optional for issuers in all regions.
Issuer
Participation in PPCS is optional for acquirers and for merchants in all regions.
PPCS is not an acquirer service, and acquirers and merchants have no ability
A to determine if their transactions are checked by PPCS. If a merchant deals in
preauthorized-type transactions, then any of those transactions is potentially
eligible for PPCS checking on behalf of participating issuers.
Acquirer
IMPORTANT
All acquirers in all regions must be able to receive PPCS response codes.
Participating issuers place stop payment instructions from their cardholders in the
Portfolio File in the Cardholder Database (CDB) using 0302 file maintenance request
messages. Issuers place an action code in Field 91—File Update Code to indicate the
action V.I.P. is to take with the file record: add, delete, replace, or inquire.
Issuers
BASE I and SMS issuers must successfully complete testing that they can support changes
to 0302 and 0312 message formats for the stop-order codes. The 0302 message contains
information for the CDB about the cardholder, the merchant, and the preauthorized
payment.
Issuers also must successfully complete testing that they can receive the new response
codes in 0120 and 0220 advices. V.I.P. uses these advices to notify issuers that
acquirer-initiated preauthorized payment authorizations were declined.
Acquirers
BASE I and SMS acquirers must modify their systems to recognize the PPCS decline
response codes R0, R1, and R3, in 0110 authorization and 0210 financial response
messages.
36.4.1 Testing
The VisaNet Certification Management Service (VCMS) is available for testing. Clients can
contact their Visa representatives for more information.
0302: File Maintenance Request—Only format 2 0302 file maintenance requests are valid
for accessing or for updating the PPCS format 2 Portfolio File. Field 91—File Update Code
indicates the action required by the issuer: add, delete, replace, or inquire. Field 101—
File Name must be present and must contain the file name PF for PPCS updates.
If V.I.P. does not find a stop-payment code, it continues with normal request processing.
If V.I.P. encounters a stop-payment order, it routes the request to STIP. STIP declines the
request, using the stop-payment code (R0, R1, or R3) from the Portfolio File record
as the response in Field 39—Response Code. A value of 4 in Field 44.1—Response
Source/Reason Code in responses and in issuer advices indicates the STIP action. SMS
0220 advices include the value 9031 in Field 63.4—STIP/Switch Reason Code.
Depending on the action specified in PF update requests, 0302 messages contain the
following information:
• The account number (in field 2)
• A transaction identifier (TID). If no TID is included in the 0302 request, V.I.P. assigns
one, and inserts it in field 62.2 in the 0312 response. See “Key Fields Glossary” in this
chapter for complete message field details.
• The type of stop order (in field 127.PF).
• The acquirer institution country code (in field 19).
• The card acceptor identification code (in field 42), the card acceptor name/location (in
field 43), or the merchant verification value (in field 62.20). The PF record must contain
at least one of these three data elements to sufficiently identify the merchant.
NOTE
V.I.P. uses the first nine characters in field 43 in 0100 and 0200 request messages for message matching.
IMPORTANT
Fields 42, 43, or 62.20 cannot be present in a 0302 add (field 91 contains 1) or replace (field 91 contains 4)
R3 request (revocation of all authorizations order).
• The PF record can optionally include the amount, the cardholder’s name, the merchant’s
name, and the merchant account number.
V.I.P. checks on issuer participation to prevent issuers that are not properly configured for
PPCS from adding PPCS records to the CDB. If the issuer sending in an 0302 maintenance
transaction with code PF in field 101 and code 1 (add), 3 (delete), 4 (replace), or 5 (inquiry)
in field 91, V.I.P. checks CORE to see if the issuer is a participant. If not, V.I.P. declines the
transaction with code 06 (error) in field 39 and inserts error code 0684 (BIN does not
participate in service) in field 48, Usage 1B.
The fields in an 0100 or 0200 request must match the account’s PF record fields except for
field 42, field 43, and field 62.20. Only one of these fields must match the corresponding
field in the authorization or financial request. (V.I.P. only matches field 43 on the first
nine characters.)
Returned in 0312
messages if field 91
= 5 (inquiry) in 0302
request.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37-3
37.1 In Brief
The Status Check Service offers participants the ability to obtain approval on an 0100
authorization request for one unit of currency, such as one U.S. dollar, reducing over-limit
situations. This service can be used to verify a customer's account status when the final
transaction amount is not yet known. This service is available for hotels, automated fuel
dispensers, and other eligible merchants. When the status check request is approved, the
merchant receives chargeback protection up to the floor limit.
A status check transaction provides increased assurance that the account is in good
standing with the issuer, thus reducing merchant risk.
BASE I
SMS The Status Check Service is available both to BASE I System users and to Single
Message System (SMS) users.
BASE I and SMS
I
Participation in the Status Check Service is mandatory for issuers.
Issuer
A
Participation in the Status Check Service is optional for acquirers.
Acquirer
A status check transaction provides increased assurance that the account is in good
standing with the issuer, thus reducing merchant risk.
37.4.1 Testing
Status Check Service testing is mandatory for service participants only when they use
the service with the Custom Payment Service (CPS) Automated Fuel Dispenser Service.
Otherwise, it is optional.
0120: Advice Response—This message contains the status check response when STIP
processes the transaction on the issuer's behalf.
Without the Status Check Service, hotel merchants typically authorize an amount based
on the cardholder's anticipated length of stay. The issuer processes this transaction
and, in most cases, decreases the cardholder's open-to-buy amount for the amount of
the transaction. If the cardholder's actual length of stay is less than anticipated, the
cardholder's open-to-buy amount may still reflect the original, higher authorization
amount. If this happens repeatedly within a short period of time, the cardholder's
open-to-buy amount may be unnecessarily reduced.
If the issuer participates in multicurrency processing, the field 6 value remains one unit
but the currency code in field 51 reflects the billing currency.
Issuers can respond to a status check request with a partial approval. The partial approval
amount is the maximum authorized amount for the purchase. For acquirers to receive
a response with a partial approval, the status check request must contain the values
specified above for fields 3, 4, and 18, along with a value of 1 in field 60.10 to indicate
that a partial authorization can be returned.
Issuers return the partial approval amount in field 4 (or field 6, which is used for
multicurrency transactions), along with field 39 response code 10 to indicate that the
amount in field 4 is a partial authorization. In addition, field 54 contains the original
amount from the 0100 authorization request.
The acquirer sends an V.I.P. routes the request The issuer processes the
authorization or financial to the issuer. request and sends the
request to the issuer. appropriate response
message.
Figure 37-2 illustrates the Status Check Service message flow. (See the format descriptions
for the fields in “Key Fields Glossary” in this chapter.)
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38-3
38.1 In Brief
The VisaNet Cashback Service provides cashback transaction capability for participating
regions. Regions can choose to implement cashback processing capability as either
a domestic-specific solution without VisaNet, or they can participate in the VisaNet
Cashback Service.
A domestic cashback transaction is one for which the merchant, the acquirer, and the issuer
reside in the same country. V.I.P. checks the acquirer and issuer BINS, Field 19—Acquiring
Institution Country Code, and the merchant country code in Field 43—Card Acceptor
Name/Location to determine if the POS cashback transaction is domestic.
Cashback processing is optional for merchants, acquirers, and issuers in all Visa regions.
Participating regions and countries within those regions establish maximum cashback
amounts. Regions that use the VisaNet Cashback Service can control client and country
participation, and can set maximum cashback limits and different pricing options by
country.
NOTE
Only Visa card transactions with chip and proximity payment service codes of 2 or 6 in the first digit, and
acquirer transactions with chip and payWave values in the POS Entry Mode Code (field 22 = 05, 07, 91 or 95)
are eligible for cashback. V.I.P. rejects cashback transactions that do not meet these criteria.
BASE I
SMS The VisaNet Cashback Service is available both to BASE I System users and to
Single Message System (SMS) users.
I
Participation in the VisaNet Cashback Service is optional for issuers.
Issuer
A
Participation in the VisaNet Cashback Service is optional for acquirers.
Acquirer
A Visa region might choose to participate in the VisaNet Cashback Service when it has
one or more countries in which:
• Chargeback protection is provided for below-floor-limit transactions.
• Domestic transactions are authorized or are settled through VisaNet.
• Domestic transactions are settled through a National Net Settlement Service.
• Strong controls over cashback transactions would be appropriate.
The VisaNet Cashback Service is currently being offered in several regions including Visa
Canada (CAN), Asia-Pacific (AP), and Central Europe, Middle East, and Africa (CEMEA).
Acquirers and acquirer processors in the U.S. region, and those in the AP and LAC (Latin
America and Caribbean) regions with merchants in U.S. territories, that process Visa and
Interlink POS transactions with cashback must support partial authorizations.
The following table lists the cashback services currently supported by VisaNet.
IMPORTANT
Specific card products might apply for specific regions. For more information, contact your Visa representative.
Visa Core Rules and Visa Product and Service Rules allow cashback for domestic
transactions only at the option of a region and prohibit international cashback transactions.
Maximum cashback amounts are established by regions and by countries within regions.
Participants establish service options and limits for the VisaNet Cashback Service in the
Customer Online Repository (CORE) at the BIN level, and the region must be activated
for the service in V.I.P. The BIN flag must be set both for issuers and for acquirers. If
the participation flag is not set, V.I.P. declines transactions with a cashback amount in
Field 61.1—Other Amount, Transaction that originate in participating regions.
NOTE
For risk management purposes, Visa recommends a zero-dollar floor limit for all cashback transactions.
38.4.1 Testing
Testing are optional for the VisaNet Cashback Service. Visa recommends that regions
make testing mandatory for clients participating in the VisaNet Cashback Service.
NOTE
Testing is required in the Asia-Pacific (AP) region.
• Cryptogram Amount (field 147)—The field contains the total of the purchase amount
plus the cashback amount.
• Cashback Cryptogram Amount (field 149)—The field contains the cashback amount.
If the transaction involves cashback, field 149 must be present and must be included in
the ARQC algorithm. If the transaction does not involve cashback, this field may be
present and the ARQC calculated with a zero cashback amount.
Refer to the Visa Smart Debit/Visa Smart Credit System Technical Manual for information
about technical specifications for cashback transactions performed with chip cards.
Acquirers must also be able to receive and to act upon these response and reject codes:
• N3—Cash service not available. This response code indicates that the issuer does
not participate in the VisaNet Cashback Service.
• N4—Cash request exceeds issuer limit. This response code indicates that the cardholder
has requested an amount greater than the maximum cash limit for the country or
greater than the limit established between the issuer and the cardholder.
Merchants should advise the cardholder that the transaction may have exceeded their
cashback limit, and that the cardholder either can request a smaller cashback amount
or can re-enter the transaction for the purchase only.
• 106—Invalid value. This reject code is returned when the cashback amount is equal to
or greater than the total transaction amount.
• 57—Transaction not permitted to cardholder. V.I.P. returns this response code when
the issuer does not participate in the U.K. Cashback Service, or the transaction is an
international cashback transaction acquired in the U.K.
• 13—Invalid amount. V.I.P. returns this response code for U.K.-domestic cashback
transactions when the cashback amount is greater than the transaction amount.
NOTE
The cashback amount can equal the transaction amount where permitted for domestic transactions by the
Visa Rules.
NOTE
VisaNet declines cashback transactions destined to non-U.S.issuers from U.S. acquirers with response
code N3 (cash service not available).
• Cryptogram Amount (field 147)—The field contains the total of the purchase amount
plus the cashback amount.
• Cashback Cryptogram Amount (field 149)—The field contains the cashback amount.
If the transaction involves cashback, field 149 must be present and be included in
the Authorization Request Cryptogram (ARQC) algorithm. If the transaction does not
involve cashback, this field may be present and the ARQC may be calculated with a
zero cashback amount.
Refer to the Visa Smart Debit/Visa Smart Credit System Technical Manual for information
about technical specifications for cashback transactions performed with chip cards.
Acquirers submit 0100 authorization or 0200 financial requests with the cashback amount
in Field 61.1—Other Amounts. V.I.P. determines if:
• The transaction is domestic (the merchant, the acquirer, and the issuer are all in the
same country).
• The acquirer and the issuer are participants in the service.
• The cashback amount (in field 61.1) is less than the total transaction amount (in field 4),
except where applicable Visa Rules allow the cashback amount to be equal to the
transaction amount for domestic transactions.
• The cashback amount is less than the country’s maximum cashback limit, if a limit has
been established.
If the transaction is non-domestic, V.I.P. converts the cashback amount in field 61.1 to the
issuer currency and forwards the converted amount in field 61.2 to the issuer.
If any of the remaining conditions are not met, VisaNet returns the authorization message
to the acquirer with the appropriate response code:
• N3—Cash service not available. This response code indicates that the issuer does
not participate in the VisaNet Cashback Service.
• N4—Cash request exceeds issuer limit. This response code indicates that the
cardholder has requested an amount greater than the maximum cash limit for the
country. Cardholders either can request a smaller cashback amount or can re-enter the
transaction for the purchase amount only.
• 106—Invalid value. This reject code is returned when the cashback amount is equal to
or greater than the total transaction amount.
The transaction is then routed to the issuer or to STIP. Depending on the issuer’s
parameters, STIP may generate an authorization response for the acquirer or may send
the transaction to the issuer.
STIP processing applies to the total transaction amount; STIP does not consider the
cashback amount separately. If STIP authorizes the transaction on the issuer’s behalf, it
generates an authorization response and sends it to the acquirer without routing the
transaction to the issuer.
V.I.P. translates the PIN, and, if the issuer participates in the PIN Verification Service (PVS),
also performs PIN verification.
U.S. domestic POS transactions with cashback initiated using Visa debit cards must
contain PIN data; otherwise, V.I.P. declines these transactions with response code 57
(transaction not permitted to cardholder).
Refer to the Visa Smart Debit/Visa Smart Credit System Technical Manual for information
about technical specifications for cashback transactions performed with chip cards.
Clients can contact their Visa regional representatives for maximum cashback amounts
and for other region-specific information.
If the merchant, the acquirer, and the issuer are not all in the U.K., V.I.P. declines
the transaction with response code 57 (transaction not permitted to cardholder).
Clients can contact their Visa regional representatives for maximum cashback amounts
and for other region-specific information.
In Brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39-3
39.1 In Brief
BASE I
SMS The Visa Token Service is available both to BASE I System users and to Single
Message System (SMS) users.
Issuer
Acquirer
of cardholder account data and prevent cross-channel fraud. The Visa Token Service uses
the EMVCo Payment Tokenization Specification–Technical Framework (payment token
framework) published by EMVCo that addresses processing considerations and use of
payment tokens to protect cardholder payment credentials. The payment token framework
describes the data elements and their intended use by the payment ecosystem in order to
support the use of payment tokens in transactions.
Visa supports the payment token framework for Visa (network 0002) and Interlink (network
0003). This allows endpoints to optionally support the designated token fields and enable
payment token processing according to the payment token framework.
Visa supports the payment industry implementation of the payment token framework
by passing token data elements in transaction messages.
The Visa Token Service provides token provisioning, payment processing, and token
lifecycle management for consumer mobile devices. Issuers that support this service
will support payment token processing initiated from consumer devices for NFC Visa
payWave, application-based e-commerce, and card-on-file channels for POS transactions.
The Visa Token Service replaces the original payment credential, the primary account
number (PAN), with a payment token that may be used to initiate, authorize, and settle a
Visa transaction. The Visa Token Service enables consumer devices to be provisioned with
a payment token as the payment credential.
Visa offers token services that are comprised of a number of discrete functions, that
include, but are not limited to:
• Establishment and management of the Visa Token Vault that maintains the token to
PAN mapping.
• Generation and issuance of payment tokens.
• Provisioning of payment tokens.
• Application of security and controls.
• Transaction processing with payment tokens.
• Ongoing operation of the Visa Token Vault to manage lifecycle events.
A Lightweight Implementation Option is available for both SE (Secure Element) and HCE
(Host Card Emulation) mobile devices and eases the implementation process by providing
tools that help enable the functionality for seamless deployment.
NOTE
Contact your regional client support representative for information about onboarding, enrollment,
configuration, and provisioning.
Issuers that choose to implement the Visa Token Service for SE (Secure Element) or
HCE (Host Card Emulation) mobile devices with the lightweight implementation option
must be prepared to process transactions using the Visa Mobile Contactless Payment
Specification (VMCPS).
NOTE
Contact your regional client support representative to obtain the Visa Mobile Contactless Payment Specification
(VMCPS).
Card issuers maintain their current role in terms of owning the account relationship with
the cardholder, as well as owning authorization and ongoing risk management in the
Payment Token ecosystem. The service offers the issuer’s cardholders more innovative
payment methods with a reduced risk of their payment credentials being compromised.
Issuers can provide cardholders visibility into their spending behavior.
The network service provides the same seamless experience to cardholders today and
does not change the cardholder experience. Issuers continue to issue cards to cardholders
just as they do currently. In most cases, cardholders are not expected to know that a
payment token has been issued to represent their account. Optionally, token requestors
can choose to make cardholders aware and can also ask the cardholder to participate
in the identification and verification process for token assurance. Token assurance offers
the advantage of not needing to re-issue physical plastic if the cardholder database
gets compromised.
The structure of a token is very similar to a PAN and there is minimal impact to merchants
and their back-end systems. Tokens offer increased data protection as account numbers
are not being passed around during transaction processing. Merchants also gain the
advantage of a fully authenticated e-commerce transaction when implementing the
network token service.
Acquirers process all transactions in the same manner they do today, including
authorization, capture clearing, and exception processing. Additional fields may be
required to support the specification. The service offers reduced threat of attacks,
breaches and cross channel fraud for the Acquirers.
39.4.1 Testing
Contact your regional client support representative for more information on testing.
• Token Requestor ID—A value that uniquely identifies the pairing of token requestor with
the token domain. Thus, if a given token requestor needs tokens for multiple domains,
it will have multiple token requestor IDs, one for each domain. It is assigned by the
token service provider and is unique within the token vault.
• Token Assurance Level—A value that allows the token service provider to indicate the
confidence level of the payment token to PAN/cardholder binding. It is determined as
a result of the type of identification and verification (ID&V) performed and the entity
that performed it. The token assurance level is set when issuing a payment token and
may be updated if additional ID&V is performed. The token assurance level value
is defined by the token service provider.
• Token Cryptogram—A cryptogram that is uniquely generated by the token service
provider through cryptography to validate authorized use of the token.
A advice file—BASE I
advice retrieval 21-10
Account Verification Service
description 16-8, 21-3
eligibility 19-3
advice file—SMS
fields 19-8 to 19-9
advice retrieval 22-12
message flow 19-6
description 16-8, 22-4
messages
advice limit 35-10
related messages 19-4
advice recovery 21-10
participation requirements 19-4
Advice Retrieval Service—BASE I
process flow 19-6
eligibility 21-3
activity checking and accumulation 35-11
fields 21-11
activity file
message flow 21-11
in PIN Verification Service (PVS) 32-13, 32-19
messages
Activity File 16-5
advice message creation 21-7
description 16-5
processing modes 21-7
file layout 16-3
related messages 21-6
activity limits
participation requirements 21-4
in Positive Cardholder Authorization Service (PCAS) 35-7
process flow
issuer available and unavailable 35-7
during and after VIC switchover 21-10
Address Verification File
offline 21-4
description 16-7, 20-8
online 21-7, 21-9
file layout 16-4
Advice Retrieval Service—SMS
Address Verification Service (AVS)
fields 22-13
address data 20-12
message flow 22-12
data compression 20-15
messages
eligibility 20-4
advice message creation 22-8
fields 20-7, 20-33, 20-36
processing modes 22-9
message flow 20-24, 20-33
related messages 22-6
messages
participation requirements 22-4
related messages 20-6
process flow 22-9
participation requirements 20-5
during and after VIC switchover 22-12
process flow
ATM Format Conversion Service
basic 20-9 to 20-10
eligibility 23-4
variations 20-22 to 20-23
fields 23-12
sample results 20-21
message flow 23-10, 23-12
Advice File
file layout (basic) 16-3
messages
augmentation 23-7
B
BASE I System
related messages 23-6
advice file 21-9 to 21-10
participation requirements 23-5
Exception File 21-6
process flow 23-8
BASE II System
authorization database services
advice delivery 21-4
Automatic Cardholder Database Update (Auto-CDB)
Brazil national market program
Service 17-3, 17-9
Custom Payment Service (CPS)/POS 28-14
Merchant Central File Service (MCFS) 18-3, 18-30
authorization services
Account Verification Service 19-3, 19-10 C
Address Verification Service (AVS) 20-3, 20-36 Card Verification Value (CVV) Service
Advice Retrieval Service—BASE I 21-3, 21-12 eligibility 24-6
Advice Retrieval Service—SMS 22-3, 22-14 emergency replacement 24-23
ATM Format Conversion Service 23-3, 23-13 fields 24-27, 24-29
Card Verification Value (CVV) Service 24-3, 24-30 iCVV description 24-4
Card Verification Value 2 (CVV2) Service 25-24 issuer options
Custom Payment Service (CPS)/ATM 27-3, 27-15 default response codes 24-23
Custom Payment Service (CPS)/POS 28-3, 28-17 receiving results 24-22
Deferred Clearing Advice File (DCAF) Service 29-3, 29-11 messages 24-20
Dynamic Key Exchange (DKE) Service 30-23 participation requirements 24-8, 24-18
Multicurrency Service 31-67 Card Verification Value 2 (CVV2) Service
PIN Verification Service (PVS) 32-26 calculation 25-10
POS Check Service 33-3, 33-19 eligibility 25-4
Positive Authorization Capacity Management (PACM) emergency replacement 25-14
Service 34-3, 34-11 encryption 25-10
Positive Cardholder Authorization Service (PCAS) 35-14 fields 25-20 to 25-21
Preauthorized Payment Cancellation Service (PPCS) 36-10 emergency replacement 25-23
Status Check Service 37-9 messages
Visa Token Service 39-8 message flow 25-18
VisaNet Cashback Service 38-11 related messages 25-9
authorization-related chargeback protection process flow 25-18
Custom Payment Service (CPS)/POS 28-9 processing options
Auto-CDB Service, See Automatic Cardholder Database Update description 25-11
(Auto-CDB) Service stand-in processing (STIP) 25-12
Automatic Cardholder Database Update (Auto-CDB) Service 17-3, variations 25-13
22-5 specifications for card 25-8
eligibility 17-3 Cardholder Authentication Verification Value (CAVV) Verification
fields 17-8 Service 26-3
messages eligibility 26-4
advices 17-5 fields 26-15
message flow 17-7 how the service works 26-8
related messages 17-4 participation requirements 26-5
participation requirements 17-4 related messages 26-7
pick-up action codes 17-6 service monitoring 26-7
process flow 17-6 Cardholder Database
AVS, See Address Verification Service (AVS) activity file
in PIN Verification Service (PVS) 32-13, 32-19
messages
message flow 37-7
related messages 37-5
participation requirements 37-4
process flow 37-6
STIP, See stand-in processing (STIP)
system parameters, See processing, parameters
U
updating
Merchant Central File 18-15
V
validation code
Custom Payment Service (CPS)/POS 28-17
Visa Token Service
eligibility 39-3
process flow 39-6
VisaNet Cashback Service
eligibility 38-4
fields 38-11
messages
related messages 38-8
participation requirements 38-5