Skip to the main content.
Contact
Contact

2 min read

If You Take Credit Cards By Phone or Mail - You Need to Read About Visa's October Mandate

If You Take Credit Cards By Phone or Mail - You Need to Read About Visa's October Mandate

PCI Rules Aren't the Only Ones You Need to Comply With

Most organizations concerned with payment compliance are focused on the PCI Data Security Standard (DSS), but PCI is only part of the story. Every card brand and payment association has their own operating rules and regulations that also need to be followed. Many of these rules and regulations fly below the radar of most people and organizations. However, sometimes these rule changes have far reaching impacts.

These rule changes most commonly impact card Issuers, Acquirers, and Processors.  These organizations need to understand, evaluate, and implement new requirements. In many cases,  the changes are nearly transparent to merchants and cardholders. This article looks at a few recent of the requirements that will impact merchants and cardholders.

October's Mandates

Visa is introducing a number of changes starting this October that will affect all merchants that take mail order and telephone (MOTO) transactions. This currently affects Canadian merchants but will also expand to other markets. Specifically, the rule changes when you need to include (or not include) the CVV2 security codes when processing transactions.  Failure to follow the new rules may result in declined transactions.

For many merchants this will mean changes inside call centers and mail order operations. For example:

  • For call centers, existing systems may not allow for collection of CVV2. This will require changes to support CVV2 collection and could increase your scope, compliance footprint, and costs.
  • For mail order, the collection of CVV2 will be prohibited. This may require changes to forms and systems.
  • And in both cases, your systems will need to provide more information about the type of transaction being processed. This may also require system changes.

If you are looking for more information on any of these additional requirements, we've provided some links for further reading below.

We recommend that you reach out to your acquirer or assessor for assistance in understanding how this regulation will affect you. Or you can give us a call, we’d be happy to help.

Further Reading

Visa Canada

Visa International

General PCI Guidance

Visa 8-Digit BINs are Just Around the Corner and Many Questions Remain

6 min read

Visa 8-Digit BINs are Just Around the Corner and Many Questions Remain

If your business processes or stores the full-BIN, you need to know if you will be impacted by Visa's Numerics Initiative (i.e., the 8-Digit BIN...

Read More
Another Way 8-Digit Bins Complicate PCI Compliance: It's Not Just Data-at-Rest

Another Way 8-Digit Bins Complicate PCI Compliance: It's Not Just Data-at-Rest

The adoption of 8-digit BINs in 2022 has already created many transitional challenges for organizations needing access to the full BIN numbers (see...

Read More
8-Digit BINs and the Great PCI Truncation Reset

8-Digit BINs and the Great PCI Truncation Reset

Visa, MasterCard, Discover, JCB, and Union Pay hit ‘reset’ on the PCI DSS truncation rules in December 2021 and January 2022 providing an...

Read More