Blog

Guide to Visa's New Data Sharing Requirements

Written by Praxis Team | Apr 8, 2024 1:22:44 PM

Understanding Visa's Updated Secure Data Field Requirements

Introduction to Visa's Data Sharing Updates

As part of our commitment to keeping our merchants informed and compliant, we at Praxis Tech want to provide a clear and comprehensive guide to the recent changes in Visa’s Secure Data Field requirements. This update, announced in the August 2023 edition of the Visa Business New magazine and included within a Supplemental Requirements document, AI13277,  is crucial for merchants using our services for card processing, specifically those utilizing the Praxis API with Visa Secure EMV 3DSv2.

Key Changes - What You Need to Know

Visa's updates are aimed at enhancing transaction security while simplifying data-sharing requirements. The significant change is the reduction of mandatory data fields from 12 to 5, with a focus on including more end-customer contact data. From 12 August 2024, Visa will mandate the provision of your end customer's valid phone number and/or email address.

Please note that the phone number and email address of the end-user will be validated and it is therefore essential to provide genuine client information that has been verified by your internal KYC processes. Failure to share this real data, or sharing dummy values, may result in a significant increase in declined transactions.

Mandatory Data Fields

The revised list includes the following essential fields:

The details you provide from your CRM or platform are forwarded as-is to the Payment Service Provider (PSP) by Praxis Tech.

Adherence and the Benefits

Deadline for Updates

Visa’s mandate will be strictly enforced from August 12, 2024. If you are working with Praxis Tech, please refer to our Atlas announcement for the next steps to ensure compliance. 

Expected Benefits

  • An increase in authentication success rate by +4%
  • A boost in approval rate by +6%, mitigating unnecessary transaction declines

Understanding the Technical Details

While the core changes are straightforward, there are additional technical details that merchants should be aware of for comprehensive compliance:

  • Recommended Fields: Besides the mandatory fields, there are ‘Recommended’ fields for the 3DS EMV authentication. These may become essential for specific transaction types, such as ‘AFT’, ‘OCT’, etc.
  • Requirements of PSPs: Some Payment Service Providers (PSPs) might demand these fields regardless of Visa’s requirements. We recommend sending all fields when feasible, in accordance with applicable data protection laws.
  • Device Data Object: In 'Direct API' requests, the device_data object is essential. For the Praxis Cashier API, this data is gathered from the end user's session during their interaction with the Praxis frontend application. More on device data.

Key Takeaways and Support

Adhering to these updated requirements will not only keep you compliant with Visa's mandates but also help to enhance the security and efficiency of your transactions.

For any queries or further clarification, our dedicated Support Team at Praxis Tech is always ready to assist you.