The Visa Merchant Business News Digest provides a summary of recent Visa Business News publications that highlight key merchant-related publications. Updated monthly.
Visa Merchant Business News Digest
March 30, 2023
Digital Wallet Companion Guide
With the increased growth of e-commerce and particularly digital wallets, it is important that Visa continues to foster innovation and support new payments experiences across the ecosystem.
PDF 545 KB
March 21, 2022
Visa Network Merchant-Initiated Transaction Service
Is an optional service to support Visa merchants and acquirers to manage the transaction identifier lifecycle for merchant-initiated transactions.
PDF 77 KB
December 21, 2020
Beyond the Acquirer: Additional Visa Acceptance Entities
The Visa acceptance ecosystem covers all commerce types, including the face-to-face, unattended, mobile and e-commerce environments; it helps to increase electronic payment acceptance for sellers, allowing a variety of ways to connect to Visa either directly, through an acquirer or via a third-party.
PDF 476 KB
May 1, 2020
Processing Split-Shipment Card-Absent Transactions
To foster growth in the card-absent environment and help merchants meet their evolving business needs, Visa continues to provide strategic merchant solutions that support greater processing efficiencies.
PDF 684 KB
April 1, 2020
Visa Authorization and Reversal Processing Guide
The best practices in this document allow merchants to maximize the financial benefits of this authorization processing capability, while creating the best experience for the customer.
PDF 610 KB
March 1, 2020
5 Important Visa Rules That Every Merchant Should Know
This flyer informs merchants about key card acceptance procedures that will help them avoid being out of compliance with Visa rules.
PDF 601 KB
March 16, 2023
Compelling Evidence 3.0 Merchant Readiness
Visa’s guidance for Merchants preparing for the April 15th, 2023 update to Dispute Condition Code 10.4 for Compelling Evidence 3.0. This document outlines criteria needed to qualify for the Compelling Evidence 3.0 update. We’ve also outlined options for pre and post dispute submissions, as well as descriptor setup and transaction matching considerations to lead discussion with merchant acquirers.
March 16, 2023
Updated Evolution of Compelling Evidence Merchant FAQs (March 2023)
In this document, you will find an updated list of frequently asked questions about the new Compelling Evidence rules.
June 15, 2022
Evolution of Compelling Evidence FAQs
Here you will find a list of commonly asked questions and answers about the updated Compelling Evidence rules.
Mar 21, 2019
Visa Merchant Dispute Resolution Best Practices
This document is designed to help merchants properly handle transactions that have been charged back to their business by their acquiring bank. Here you will find best practices targeted to the needs of both card-present and card-absent merchants.
PDF 576 KB
April 9, 2018
Online Dispute Guide for Merchants
Smaller merchants often ask for help with responding to transaction disputes. Visa developed an online guide for merchants to assist these smaller merchants with their disputes.
April 9, 2018
Dispute Management Guidelines for Visa Merchants
Managing disputes, copy requests, and dispute conditions
PDF 2.1 MB
Security and Risk
March 24, 2023
PFD Biannual Threats Report (Jun - Nov 2022)
This report provides an overview of the top payment ecosystem threats within the past six-month period (June 2022 – November 2022) as identified by Visa Payment Fraud Disruption (PFD). Over the course of this period, threat actors continued to target payments ecosystem organizations with a variety of longstanding as well as novel methodologies. Threat actors innovated upon established methodologies to improve the effectiveness of fraud schemes and continued to develop new tactics for targeting the payments ecosystem.
August 17, 2021
PFD Biannual Threats Report
This report utilizes Visa Payment Fraud Disruption (PFD) team’s first-hand operational experience to describe the most significant developments in the payments threat landscape over the past six months, as well as the adapted tactics employed by threat actors.
PFD incorporates a fast-paced, multi-faceted approach in the fight against attacks targeting the global payment ecosystem. Compromised of five primary functions, the team utilizes best-in-class cyber and fraud capabilities and personnel to preserve the integrity of Visa’s payment system and support global growth.
PDF 1.2 MB
April 6, 2021
Threat Actors Increasingly Use Web Shells in eSkimming Campaigns
Throughout 2020, Visa Payment Fraud Disruption (PFD) identified a trend whereby many eSkimming attacks used web shells to establish a command and control (C2) during the attacks. Web shells are tools used by threat actors to establish and maintain access to compromised servers, deploy additional malicious files/payloads, facilitate lateral movement within a victims network, and remotely execute commands. Actors employ numerous methods to deploy web shells, but often use application plugins and PHP code.
PDF 219 KB
February 12, 2021
Visa Security Alert (PSI): Biannual Payment Ecosystem Report by Visa Payment Fraud Disruption
Throughout the second half of 2020, the payments threat landscape was largely influenced by the ongoing COVID-19 pandemic. The global pandemic forced the world into an uncertain and constantly adapting environment and fundamentally changed the way the world conducts business. Threat actors similarly adapted to the new environment and remained immensely active in carrying out cyber and fraud threat campaigns. This report utilizes Visa Payment Fraud Disruption (PFD) team’s first-hand operational experience to describe the most significant developments in the payments threat landscape, as well as the adapted tactics employed by threat actors.
PDF 255 KB
October 2, 2020
Anti-Enumeration and Account Testing Best Practices for Merchants
Account Enumeration is a prolific problem that affects issuers, merchants, and acquirers globally. Cybercriminals are taking advantage of big data and artificial intelligence to find and exploit new vulnerabilities. To conduct fraudulent eCommerce transactions, cybercriminals use scalable and programmatic automated testing of common payment fields, a method also known as account enumeration. This guide will provide an overview for merchants on implementing mitigation techniques to help bolster their merchant website and ensure they are not susceptible to these enumeration attacks.
PDF 906 KB
September 25, 2020
Visa Security Alert (PSI): New Malware Samples Identified in Point-Of-Sale Compromises
In May and June 2020, respectively, Visa Payment Fraud Disruption (PFD) analyzed malware samples recovered from the independent compromises of two North American merchants. The recent attacks exemplify threat actors’ continued interest in targeting merchant POS systems to harvest card present payment account data. PFD is providing the analysis of these malware variants and the corresponding indicators of compromise (IOCs) to assist in the identification, prevention, and mitigation of attacks using the malware.
PDF 451 KB
September 15, 2020
Website Security for Ecommerce Merchants
With the recent Magento 1 'end-of-life' support, merchants with online stores deployed on Magento 1 will lose all access to new features, functionality updates, bug fixes, and support from Adobe/Magento. Most importantly, any future vulnerabilities will no longer be addressed with new security patches from the company, leaving the unsupported versions of Magento exposed to security or data compromise incidents.
However, Magento is not the only targeted website platform and so the purpose of this guide is to provide ecommerce merchants with recommendations to keep their websites secure in order to avoid a security or data compromise incident.
PDF 707 KB
August 27, 2020
In February 2020, Visa Payment Fraud Disruption (PFD), using the eCommerce Threat Disruption (eTD) capability, identified a previously unknown ecommerce skimmer, and named the skimmer 'Baka.' PFD identified this unique skimmer on several merchant websites across multiple global regions using Visa’s eTD capability, which analyzes and detects threats targeting eCommerce merchants.
PDF 897 KB
August 20, 2020
Visa Security Alert (PSI): Pandemic Unemployment Assistance Fraud Remains Prolific
Pandemic unemployment assistance (PUA) fraud is a significant consequence of the ongoing COVID-19 pandemic and remains prolific as the pandemic persists. Visa Payment Fraud Disruption (PFD) previously identified the use of mobile payment applications to facilitate PUA fraud. Throughout July 2020, PUA fraud continued, and PFD identified new tactics used by threat actors to conduct this fraud.
PDF 177 KB
July 23, 2020
Visa Security Alert (PSI): New Malware Samples Identified in Point-of-Sale Compromise
Visa Payment Fraud Disruption (PFD) analyzed malware samples recovered from the compromise of a North American merchant. The malware variants were identified as Alina POS, Dexter POS, and TinyLoader. These malware variants were deployed on the merchant network in an effort to harvest track 1 and track 2 magstripe payment card data from the merchant’s point-of-sale (POS) environment. However, the targeted merchant had EMV® Chip enabled point-of-sale terminals. The implementation of secure acceptance technology, such as EMV® Chip, significantly reduced the usability of the payment account data by threat actors as the available data only included personal account number (PAN), integrated circuit card verification value (iCVV) and expiration date. PFD is providing the indicators of compromise for merchant network security purposes.
PDF 247 KB
April 8, 2020
Acquirer Advisory - Magento 1 Support to End After June 2020
Visa is committed to enhancing both the security and quality of payment services available in both card-present and card-not-present environments. This fact sheet provides useful information related to the upcoming end of life for all Magento 1 websites.
PDF 795 KB
April 1, 2019
Costco Members Tap Into Checkout
Tapping to pay is quickly becoming the standard way to pay at checkouts around the world. Driven by a continued focus on improving their member experience, Costco, a global retail leader, implemented contactless technology at the point-of-sale across more than 525 warehouses in the U.S. This case study provides an overview of their decision to make the transition to contactless, key steps they took and the impact they have seen as a result of implementation.
PDF 1.2 MB
September 20, 2018
PCI DSS Validation Best Practice Review
Visa hosted a webinar on September 20, 2018 to cover a brief introduction to PCI SSC and PCI DSS, as well as a discussion on best practice to review PCI DSS validation documents, including samples and examples of PCI DSS documents.
PDF 1.3 MB