Moneris

November 2025: Interac Double-Length Key Requirements

Effective Date: November 2022 and November 2025

Description: Interac introduced changes to Security Regulations requiring the use of Triple Data Encryption Algorithm (TDEA) double-length keys to process Interac Debit transactions.

Impact: The Interac rules require the following:

As of November 1, 2022, all newly purchased PIN Entry Device (PEDs) or Terminals must be injected with and using TDEA double-length keys or Advanced Encryption Standard (AES) (with minimum 128-bit keys).
As of November 1, 2025, all PEDs or Terminals deployed and used in market for Interac Debit must use TDEA double-length keys or AES (with minimum 128-bit keys). Terminals using single-length keys must be removed.

Merchants who rent their PEDs or terminals from Moneris may be contacted to migrate their devices to comply with the Interac mandate. Merchants who rent or own third party PEDs or terminals, will need to ensure their devices meet the Interac double-length key requirements.

August 2024 - Visa Secure Program Updates

Effective Date: August 12th,2024

Description: Visa is announcing changes to the Visa Secure data field mandate, originally communicated in the August 31st, 2023 edition of the Visa Business News. The effective date has been updated to August 12th, 2024 (previously February 12th, 2024) and the number of required data fields has been reduced from twelve to five.

Impact: Visa has reduced the number of required data fields from twelve to five for browser transactions. For in-app transactions, the number of fields required will remain as originally communicated.

Updated Minimum Data Requirements for Visa Secure EMV 3-D Secure (3DS) Authentication Requests:

• Five data elements have been recategorized from “required conditional” to “required” in the Visa Secure Program Guide. The remaining seven fields of the twelve originally communicated as being required will be reverted to “required conditional” with the next Visa Secure Program Guide publication.

• The Visa Secure Program Guide will be amended to only require authorization for Visa Secure Visa Resolve Online logic effective August 12th, 2024.

Application: The following are the required data fields per Device Channel:

The 5 Required Data Fields - Browser:

· Browser IP Address

· Browser Screen Height

· Browser Screen Width

· Cardholder Phone Number OR Cardholder Email Address

· Cardholder Name

The 3 Required Data Fields - In-App/Software Development Kit (SDK):

· Common Device Identification Parameters (Device IP Address)

· Cardholder Phone Number OR Cardholder Email Address

· Cardholder Name

Changes to your API integration may be required. Merchants are encouraged to look out for updates to the API specs and/or Developer Portal.

Merchants must provide complete and accurate transaction data in their authentication requests.

For more information, please consult your Account Executive or contact us at Moneris.com/support.

Interac PCI PTS Device Retirement Mandate

Merchants that own their payment terminals should work their device supplier to understand the PCI PTS version to which their devices are approved and plan the required upgrades.

Merchants that rent payment terminals from Moneris will be contacted directly if an upgrade is required. No action is required.

Description: Interac announced changes to the Interac operating regulations as it relates to the use of payment devices with expired Payment Card Industry (“PCI”) PIN Transaction Security (“PTS”) approvals.

Impact: The update will impact merchants that process Interac transactions.

Application: The table below lists the expiry date of each version of the PCI PTS standard set by the PCI Security Standards Council (“PCI SSC”), the expiry date of payment devices approved to each version of the PCI PTS standard set by the PCI SSC, and the new retirement dates introduced by Interac for payment devices approved to each version of the PCI PTS standard:

PCI PTS Standard Version	PCI PTS Standard Expiry Date	Device Expiry Date	Device Retirement Date
Version 1.x PCI PED or EPP Security Requirements	April 30, 2008	April 30, 2014	November 30, 2024
Version 1.x of PCI UPT Security Requirements	April 30, 2011	April 30, 2017	April 30, 2027
Version 2.x of PCI PED or EPP Security Requirements	April 30, 2011	April 30, 2017	April 30, 2027
Version 3.x of PCI PTS POI Security Requirements	April 30, 2014	April 30, 2020	April 30, 2030
Version 4.x of PCI PTS POI Security Requirements	April 30, 2017	April 30, 2024	April 30, 2034
Version 5.x of PCI PTS POI Security Requirements	April 30, 2020	April 30, 2026	April 30, 2036

The use and deployment of any payment devices with an expired PCI PTS approval that was purchased and in inventory prior to their Device Expiry date is permitted up until the Device Retirement Date.

Merchants accepting payment transactions are required to comply with the applicable data security standards set out by Interac, other applicable payment card networks and the PCI SSC.

Mastercard – New Merchant Advice Codes

Mastercard has introduced Merchant Advice Codes (MAC) to support merchants with additional information on the cause of authorization declines. Merchants can now choose to receive the MAC values and Moneris has made the necessary changes to pass the MAC values to the merchants.

MAC codes provide direction on how to resolve the cause of an authorization decline, such as

The reason for approving or declining a transaction.
The actions merchants can take to continue to serve their customers.

If you connect to Moneris Gateway via API, the below links provide more information,

Under the title “Transaction Response Fields- Advice Code” on our developer portal https://developer.moneris.com/Response_Fields.
List of MAC Codes and MAC Description- Scroll to “Merchant Advice Codes” https://developer.moneris.com/More/Testing/Response%20Codes

To review the API specs please visit https://github.com/Moneris.

If you are a Moneris Check-Out merchant and choose to opt-in, these MAC codes will be available in Merchant Resource Center MRC/Reports/Checkout Transactions

If you are interested in enabling these MAC codes, please contact us at https://www.moneris.com/en/support.

April 2024 – Authorization Processing Time Frames Update

Effective Date: April 13, 2024 (Transactions submitted for clearing and settlement on April 12, 2024, will also be subject to the new time frames).

Description: Visa is making updates to the existing authorization-to-clearing time frame.

Impact: The update will impact merchants and accounts that process Visa credit and debit transactions.

Application: Visa will simplify and optimize the existing authorization-to-clearing structure and offer a new optional Extended Authorization service with a new fee.

Refer to the following table for the updated Authorization-to-Clearing Time Frames:

Transaction Type	New Maximum Time Frame
CNP (cardholder-initiated) transactions	10 Calendar Days
CNP (cardholder-initiated) transactions with extended authorization indicator	30 Calendar Days
Transactions with an estimated authorization indicator for any of the following merchants: Cruise line Lodging Vehicle rental	30 Calendar Days
Transactions with an estimated authorization indicator for any of the following merchants: Aircraft rental Bicycle rental, including electric scooters Boat rental Clothing and costume rental DVD and video rental Equipment and tool rental Furniture rental Motor home rental Motorcycle rental Trailer parks and campgrounds	10 Calendar Days
All other CP transactions	5 Calendar Days
All merchant-initiated transactions	5 Calendar Days

New Optional Extended Authorization Service

Visa will introduce a new Extended Authorization Service fee for the amount on any approved CNP (cardholder-initiated) authorization request:

Transaction Type	Fee	Effective Date
CNP (cardholder-initiated) transactions with extended authorization indicator	0.08%	April 13^th, 2024

Moneris currently does not support this feature. Further information will be provided at a later date on Moneris providing feature support of extended authorizations.

February 2024 – Visa Secure Program Updates

To support the payments ecosystem in realizing the full benefits of Visa Secure EMV® 3-D Secure (3DS) authentication, the Visa Secure Program will be updated with the following changes:
Twelve data elements have been recategorized from “required conditional” to “required”. This change will be effective February 12th, 2024.
Changes to your API integration may be required. Merchants are encouraged to look out for updates to the API specs and/or Developer Portal.
Merchants must provide complete and accurate transaction data in their authentication requests.

12 Required data fields:

• Browser IP Address
• Browser Screen Height
• Browser Screen Width
• Cardholder Billing Address City
• Cardholder Billing Address Country
• Cardholder Billing Address Line
• Cardholder Billing Address Postal Code
• Cardholder Billing Address State
• Cardholder Email Address
• Cardholder Name
• Cardholder Phone Number (Work / Home / Mobile) (At least one of these fields must be provided)
• Common Device Identification Parameters (Device IP Address)
For more information, please consult your Account Executive or contact us at Moneris.com/support.

New Decline Response Codes coming July 2023

Effective July 2023, Moneris will be implementing new decline response codes for Mastercard card-not-present recurring credit transactions.
Please note that Mastercard will introduce an associated fee for the new response codes. To avoid related fees in the future, merchants should follow the appropriate action if a transaction is declined with one of the following response codes and messages. If indicated timelines for retries are not followed, additional fees will be incurred.

New Code	Message
493	Declined Retry after 1 hour
494	Declined Retry after 24 hours
495	Declined Retry after 2 days
496	Declined Retry after 4 days
497	Declined Retry after 6 days
498	Declined Retry after 8 days
499	Declined Retry after 10 days

As communicated to you in May 2023, Mastercard will introduce a new fee effective October 9th, 2023, for all card-not-present recurring declined authorizations. Although Mastercard is introducing the fee October 9th, 2023, Moneris is delaying the implementation of this fee and will provide merchants with 90-day notification prior to passing the fee to merchants.

These changes may impact how merchants currently process transactions and may require system development. Please see the full response codes table on the Moneris Developer Portal for further details.

Fee

Please note that Mastercard will introduce a fee for the new response codes. This fee will not be effective until October 9^th, 2023, and will be communicated to impacted merchants in July 2023.

March 2023 – Merchant Surcharging Update

Moneris continues to evaluate developing a full-service surcharging solution, which will be available no earlier than 2024. We continue to listen to our merchants to understand their needs and how we can best support their business. As a result, Moneris remains focused on delivering value-added services that help businesses improve their customer experience and revenue opportunities.

Updates on surcharging will be provided as they become available.

Information regarding the Mastercard and Visa surcharging rules are outlined below. In summary, surcharging:

Will require merchant registration directly with Mastercard and with 30 days’ written notice to Moneris. Registration with Visa is no longer required as of September 2022.
Will be allowed on all credit products (debit and prepaid excluded)
Will be allowed for all merchant category codes (MCCs)
Will be allowed in all acceptance channels (card-present & card-not-present)
Will not be allowed if a convenience fee or service fee is also applied
Must not be charged by third party agents on behalf of the merchant
Amount must be the lesser of the Effective Merchant Discount Rate or maximum of 2.4%
Must be appropriately disclosed at point-of-entry, point-of-interaction and on the cardholder receipt
The total amount of the transaction submitted must be inclusive of the surcharge amount
The surcharge amount must be included in the corresponding sub-data field in the transaction
Will not be allowed in jurisdictions where surcharging is legally prohibited

April 2023 – Visa Fraud Monitoring Program (VFMP) Enhancements

Effective Date: April 1, 2023, Visa will enhance and expand the VFMP by implementing the Visa Digital Goods Merchant Fraud Monitoring Program to help encourage payment best practices and reduce fraud. The program will apply to fraudulent transactions in the following merchant category codes (MCCs):

• MCC 5735—Record Stores
• MCC 5815—Digital Goods Media—Books, Movies, Digital artwork/images, Music
• MCC 5816—Digital Goods—Games
• MCC 5817—Digital Goods—Applications (Excludes Games)
• MCC 5818—Digital Goods—Large Digital Goods Merchant

For a comprehensive set of Visa acceptance rules, please visit, Visa Core Rules and Visa Product and Service Rules.

How do these enhancements impact merchants?

The volume of online fraud continues to increase year-over-year, negatively impacting merchants in a variety of ways. The Visa Digital Goods Merchant Fraud Monitoring Program will include specific thresholds for fraud amounts and fraud counts, as well as a six-month advisory period which will be implemented before non-compliance assessments are levied.

April 2023 – Visa Non-compliance Assessment Schedules for General Violations

Effective April 15, 2023, Visa will update the non-compliance assessment (NCA) schedules in the Visa Rules for general violations. In addition, Visa will combine the significant and willful violation schedules into one.

Examples of Visa Rules that may result in a NCA include (but are not limited to):

Honour All Cards (Rule: 0008591)
Prohibition of Maximum or Minimum Transaction Amount (Rule: 0026405)
Surcharges (Rules: 0006948, 0027539)

For a comprehensive set of Visa acceptance rules, please visit, Visa Core Rules and Visa Product and Service Rules.

Key NCA Considerations:

Once a potential non-compliance is identified Visa will notify Moneris, who will then send a letter to the merchant requesting investigation. If a non-compliance is confirmed, an immediate remediation or the submission of a remediation plan detailing the date by which the merchant can resolve the issue is required.
Once the rule violation has been confirmed, a new non-refundable NCA of $1,000 USD will be assessed. If Visa determines the merchant is compliant, the $1,000 USD NCA will not be assessed.
Thereafter should either the response date pass for receiving the remediation plan or the non-compliance continues, the NCA will increase by $25,000 USD each month for violations under Tier 1.
- Non-compliance assessment amount is cumulative to include any previous amounts levied (for example: where 90 days have passed since a response is due the total amount equates to USD $251,000, plus initial fee)
For violations under Tier 2, the NCA will increase by $10,000 USD each month.
- Non-compliance assessment amount is cumulative to include any previous amounts levied (for example: where 90 days have passed since response is due the total amount equates to USD $66,000, plus initial fee)

How do these revisions impact merchants?

There are no expected changes to merchants’ business operations. These updated requirements only apply if there are non-compliance issues with Visa acceptance.

March 2024 – PCI DSS Version 4.0

On March 31, 2024, version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) will be published and come into effect. Please note, PCI DSS version 3.2.1 validations dated March 31, 2024, or prior will continue to be accepted.

Development of PCI DSS version 4.0 was driven by industry feedback to further protect payment data and introduce new controls to address sophisticated cyber attacks.

In summary, PCI DSS version 4.0:

Will continue to meet the security needs of the payment industry
Will promote security as a continuous process
Will add flexibility for different methodologies
Enhance validation methods

Additional information from the PCI Security Standards Council on PCI DSS version 4.0 can be found on here.

April 2023 - Visa Dispute Rule Updates on Compelling Evidence

Effective April 15, 2023, Visa is introducing changes to its dispute rules, which will apply to disputes processed on or after the effective date, unless otherwise specified.

Visa rule revisions will apply to the following dispute-related areas:

Dispute Condition 10.4: Other Fraud – Card-Absent Environment (Acquirer)
Dispute Condition 13.2: Cancelled Recurring Transaction (Issuer)

Dispute Condition 10.4: Other Fraud – Card-Absent Environment

To provide for an efficient and timely adjudication of fraud disputes, a new dispute remedy will allow the acquirer to support the issuer’s dispute by providing all the following:

Documented proof that merchandise is in the cardholder’s possession or proof services were provided.
Evidence the same payment credential was used in two previous undisputed transactions the issuer had not reported as fraud activity to Visa and were processed more than 120 calendar days before the dispute processing date.
Evidence the undisputed and disputed transactions share the same device ID, device fingerprint or the IP address, and any additional one or more of the following as applicable:
- Customer account/login ID
- Delivery address
- Device ID/Device fingerprint
- IP address

For example: The undisputed and the disputed transactions have either the same device ID and delivery address, the same IP address and login ID or the same device fingerprint and IP address.

If proper evidence is provided by the merchant, the issuer will not be allowed to continue the dispute.

Dispute Condition 13.2: Cancelled Recurring Transaction – Evidence of a Prior Undisputed Transaction

Visa has seen an increase in the use of Dispute Condition 13.2: Cancelled Recurring Transaction with growth in the digital realm and subscription services. Dispute Condition 13.2 must be used only when a cardholder has cancelled the payment method (i.e., they have advised the merchant to stop charging the payment credential). It is not to be used when the cardholder has cancelled the services/merchandise with the merchant.

How do these revisions impact me?

The changes are being implemented to improve chargeback processing times. Should a chargeback arise, you will be notified of specific steps to remedy the dispute.

October 2022 – Revised Mastercard Recurring Billing Requirements

Effective October 11, 2022, Mastercard has revised the Recurring Billing Requirements to make the email receipt optional for merchants, unless they are identified for four months or more on a Chargeback or Fraud Program.

Merchant segments excluded from the below requirements are as follows: Insurance policies, Repayment of existing debt, Telecommunications, and Utilities.

Not-For-Profit/Charity merchants are also excluded from the below requirements unless they are identified on a Chargeback and/or Fraud program for a period of four months or more.

Corresponding requirements have been outlined below:

Billing Type

Requirements

Recurring and Negative option

An email confirmation (or other electronic message) must be sent at time of enrollment outlining subscriptions terms (price, frequency of billing, and applicable trial period details), instructions for account management capabilities, as well as subscription cancelation instructions (revoking consent for further recurring payments).
An electronic cancellation option must be provided.
For plans that bill less frequently than 6 months (180 days), a notification must be sent no less than three days and no more than seven days before the billing date and include subscription terms and cancelation instructions.
Subscription terms (price, frequency of billing, and trial period details) must be disclosed at payment.
Customer acceptance of the terms must be obtained.
For ecommerce merchants, disclosure must be done on the checkout page directly. Re-directing to a separate page will not satisfy the requirement.

Optional:
An email receipt (or other electronic message) is a best practice recommendation to be sent after each billing (amount and billing reason) and include account management along with cancelation instructions.
- Merchants who are identified for four months or more on a Chargeback or Fraud Program will be required to implement this standard as Mandatory per the Mastercard recurring payment plan standards.

Negative option

A reminder notice must be sent no less than three days and no more than seven days before the end of trial period to inform the customer that the full subscription plan will apply if they do not cancel. The notice must include the subscription terms, account management capabilities and cancelation instructions.
Trial period terms must be disclosed including any initial charges and length of trial.

October 2022 - American Express Authorization on Credit

Effective October 14, 2022, American Express® (AMEX) will introduce a new Authorization on Credit functionality that affects how merchants process refunds. This Authorization on Credit will provide the option for Issuers to immediately notify Cardmembers of pending credits. Merchants will have the option to send refund requests to American Express Issuers for authorization. Currently, Moneris authorizes refunds on behalf of the American Express Issuers.

The new return authorization process will enable issuers to update cardholders’ online banking statements in real time. This process will help enhance cardholder confidence in the payments system, as the information they receive on purchase returns will better align with what they see on purchases.

This will offer several key benefits for merchants:

Help reduce or minimize related chargebacks
Provide real-time issuer account validation
Fewer customer service inquiries due to a lack of real-time information

There is a possibility that merchants may see declined refund transactions due to the following reasons:

Expired card
Blocked card (due to fraud, breach, etc.)
Invalid PIN
Invalid card #
Original card used for purchase was a prepaid card that has been discarded

Merchants should closely examine their business processes to ensure that a cardholder can be reached should a refund transaction be declined.

In the event of a declined refund, merchants have three options to pursue in the following order:

The refund on another card (of the same brand)
Offer the cardholder a store credit/gift card
Offer the cardholder refund in another format (cash, cheque)

All options are contingent on a declined refund and should be used at the discretion of the merchant based on existing refund policies and risk tolerance for their business. Moneris recommends that merchants avoid refunding to a card (of a different brand) to reduce the risk of fraud.

_{AMERICAN EXPRESS is a registered trademark of American Express Company. All other marks or registered trademarks appearing on this page are the property of their respective owners.}

October 2022 - Visa & Mastercard: Revised Standards for Merchant Surcharging at the Point-of-Interaction in the Canada Region

Effective October 6, 2022, Visa and Mastercard will revise acceptance rules to allow merchants in Canada to include an extra fee (surcharge) for credit card transactions. Under the revised standards, merchants in Canada may apply a surcharge on consumer or commercial Visa and Mastercard credit card transactions, which will be paid by the cardholder. In summary, surcharging:

Will require merchant registration with Visa and Mastercard with 30 days’ written notice to Moneris
Will be allowed on all credit products (debit and prepaid excluded)
Will be allowed for all merchant category codes (MCCs)
Will be allowed in all acceptance channels (card-present & card-not-present)
Will not be allowed if a convenience fee or service fee is also applied
Must not be charged by third party agents on behalf of the merchant
Amount must be the lesser of the Effective Merchant Discount Rate or maximum of 2.4%
Must be appropriately disclosed at point-of-entry, point-of-interaction and on the cardholder receipt
The total amount of the transaction submitted must be inclusive of the surcharge amount
The surcharge amount must be included in the corresponding sub-data field in the transaction
Will not be allowed in jurisdictions where surcharging is legally prohibited

More information about enabling surcharging for Visa and Mastercard will be provided as it becomes available.

October 2022 - Visa: Revised Effective Date for Removing Merchant and Terminal Identification Numbers from Transaction Receipts

In October 2020, Visa amended its rules to prohibit printing of the full merchant identification numbers (MIDs), terminal identification numbers (TIDs) and card acceptor identification numbers (CAIDs) on cardholder receipts. Printing of all MIDs, TIDs and CAIDs must be limited to the last four digits. Due to the effort required to comply with this mandate, Visa has issued amended dates for this requirement.

The amended effective dates are as follows:

On October 15, 2022, the amendment will apply to newly deployed devices. Please note, this date does not apply to devices currently in use in market.
On October 15, 2027, the amendment will apply to all devices deployed and in use in market.

September 2022 - Mastercard Recurring Billing Requirements

Mastercard is introducing new requirements for merchants who charge customers via recurring billing (such as monthly subscription) or negative option billing (a subscription that begins with a free or low-cost trial period).

The new requirements are being implemented by Mastercard to help merchants reduce potential disputes or chargebacks and drive a more positive customer experience.

Effective dates and corresponding requirements have been outlined below:

Effective Date	Billing Type	Requirements
September 22, 2022	Recurring and negative option	An email confirmation (or other electronic message) must be sent at time of enrollment outlining subscriptions terms (price, frequency of billing, and applicable trial period details), as well as cancel instructions. An email receipt (or other electronic message) must be sent after each billing and include cancelation instructions. An electronic cancellation option must be provided. For plans that bill less frequently than 6 months (180 days), a notification must be sent no less than three days and no more than seven days before the billing date, and include subscription terms and cancelation instructions. Subscription terms (price, frequency of billing, and trial period details) must be disclosed at payment. Customer acceptance of the terms must be obtained. For ecommerce merchants, disclosure must be done on the checkout page directly. Re-directing to a separate page will not satisfy the requirement.
September 22, 2022	Negative option	A reminder notice must be sent no less than three days and no more than seven days before the end of trial period to inform the customer that the full subscription plan will apply if they do not cancel. The notice must include the subscription terms and cancelation instructions. Trial period terms must be disclosed including any initial charges and length of trial.

April 2022 - 8 Digit BIN

Effective April 2022, 8-digit Bank Identification Numbers (BIN) will be used for newly issued Mastercard, Visa, Discover, and Amex cards.

Why are we moving to 8-digit BIN?

Today, a 6-digit BIN for debit and credit cards is the standard but as the payment card industry continues to grow and more cards are being issued, the number of unique 6-digit BIN available are being depleted. To accommodate further growth, the International Organization for Standardization and payments industry are introducing 8-digit BIN for new cards effective April 2022. Moving to 8-digits allows for millions of additional new accounts to be introduced in the years to come.

How does this impact Moneris systems?

The move to 8-digit BIN will not have any impact on how payments are processed today. However, there may be implications for reporting that is tied to the current 6-digit BIN format. Moneris is looking further into the matter and will be in touch with impacted merchants if any actions are required on their part.

What do merchants need to do?

Before 8-digit BINs are introduced, merchants should look at their existing systems and contact their partners (if applicable) to determine if any processes currently rely on 6-digit BINs. For example, custom reporting logic based on the 6-digit BINs will need to be updated.

To minimize disruption to your business we recommend that you update any 6-digit BIN dependencies in your technical environment as soon as possible. You may need to contact your integration partner or a web developer if you do not have dedicated technical support.

February 2022 - New Decline Codes

Visa and Mastercard have introduced new response codes which will appear during declined transactions. Moneris will be implementing the below decline codes and messages on February 22, 2022.

If a transaction is declined with one of the following response codes and decline messages, please follow the appropriate action noted below or a fee may apply. More details are provided below.

Response Code	Decline Message	Action	Related Fee(s)
416	Declined Use updated card	Verify card information provided is correct or request a different payment method.	· Mastercard Decline Reason Code Service · Mastercard Credential Continuity Fee
421	Card Declined Do Not Retry	Do not retry transaction. Request a different payment method from the cardholder.	· Visa Category 1 Decline Fee · Mastercard Decline Reason Code Service · Mastercard Merchant Advice Code Fee
422	Stop Payment Do Not Retry	Do not retry transaction. Request a different payment method from the cardholder.	· Visa Repeat Authorization Decline Fee · Mastercard Merchant Advice Code Fee
423	Decline Verif Failed	Applicable to Visa Direct transactions only. Cardholder verification has failed, revalidate cardholder information.	· No fees currently applicable

Developer Specifications

If your development or IT support team need to update the response codes in your technical environment, please see the new updated response code table on our Developer Portal for further details.

Please visit our Payment Card Network Fee Updates page for more details on the above Card Brand related fees.

October 2021 - 3DS 1.0 End of Support

As of October 2021, a majority of issuers will no longer support 3DS 1.0 due to following upcoming changes to card brand mandates.

Moneris is committed to supporting the payment industry’s transition from 3DS 1.0 to 3DS 2.0. Moneris Checkout is fully integrated with 3DS 2.0 and 3DS 2.0 API specifications are available. Please see our 3DS 2.0 Integration Guides on our Developer Portal for more details.

Effective October 15, 2022, Moneris will retire 3DS 1.0 and any 3DS 1.0 authentications submitted will receive an error response.

3DS 1.0 End of Support Timeline:

Visa

October 16, 2021: Visa will continue to support 3DS 1.0 transaction processing but will stop support of the 3DS 1.0 Attempts Server for non-participating issuers. Visa will respond with a Verify Enrollment Response (VERes) = N to all authentication requests when the issuer does not support 3DS 1.0.
October 15, 2022: Visa will decommission their 3DS 1.0 platform and will no longer process any 3DS 1.0 transactions for cardholder authentication. Merchants will receive error responses if they attempt to send authentication requests to the 3DS 1.0 Directory Server.

Mastercard

October 1, 2021: Mastercard will no longer generate attempts transactions from the Mastercard 3DS 1.0 network, however 3DS 1.0 fully authenticated transactions will continue to be supported.
April 30, 2022: Mastercard will no longer allow 3DS 1.0 account range or Merchant ID enrollments.
October 14, 2022: Mastercard will decommission their 3DS 1.0 platform. Mastercard will no longer process any 3DS 1.0 transactions for cardholder authentication and the merchant will receive error responses if they attempt to send authentication requests to the MC 3DS 1.0 Directory Server.

American Express

October 14, 2022: Authentication requests for SafeKey 1.0 will no longer be supported by American Express.
Support for AMEX SafeKey 2.0: Moneris does not currently support SafeKey 2.0. In the interim, we recommend you send 3DS 1.0 requests for AMEX authentications only.

October 15, 2022: Moneris will retire 3DS 1.0. This means any 3DS 1.0 authentications submitted will receive an error response.

June 2021 - Visa Purchase Return Authorization Mandate

Visa has introduced a new Purchase Return Authorization Mandate that affects how all merchants process customer refunds. Effective October 15, 2021, Moneris will be required to send all refund requests to the Visa card issuer for approval. Currently, Moneris authorizes refunds on behalf of the card issuer.

To make this transition as smooth as possible, we will begin applying the new process in June 2021. This will give businesses time to get familiar with the changes prior to the busy holiday shopping season. No action on the merchant’s part is required.

With this new process, there are several benefits to the merchant and cardholder:

Real-time updates to cardholders’ online banking statements when receiving refunds
Direct account validation with issuer reducing potential for fraud
Helps reduce or minimize related chargebacks

Merchants will not see a change in the way they process refunds on a terminal or via Moneris Gateway. However, there is a possibility that merchants may see declined refund transactions due to the following reasons:

Expired card
Blocked card (due to fraud, breach, etc.)
Invalid PIN
Invalid card #
Original card used for purchase was a prepaid card that has been discarded

Merchants should closely examine their business processes to ensure that a cardholder can be reached should a refund transaction be declined. In the event of a declined refund, merchants have three options to pursue:

Offer the cardholder a store credit/gift card

Offer the cardholder refund in another format (cash, cheque)

Put the refund on another card (of the same brand)

All options are contingent on a declined refund and should be used at the discretion of the merchant based on existing refund policies and risk tolerance for their business. Moneris recommends that merchants avoid refunding to a card (of a different brand) to reduce the risk of fraud.

December 2020 - Mastercard Contactless Specification (MCL 3.0)

In November of 2014, Mastercard announced a new mandate that required all contactless readers support the Contactless Terminal Specification version 3.0 (MCL 3.0). As part of this, all readers were required to be compliant by January 1, 2019.

Merchants are still required to comply with this mandate and ensure that all POS terminals which support Mastercard contactless are able to support MCL 3.0. If merchants are unable to achieve compliance by this date Mastercard may, at their discretion, impose non-compliance assessments of up to $100,000 USD per violation, which Moneris will pass on per the terms of the merchant agreement.

If you work with an integrator or an Independent Software Vendor (ISV), please reach out to them to assist in updating your solution. Should you need further clarification or assistance please contact www.moneris.com/support/contact.

Contactless Terminal Specification version 3.0 mandate details:

Comply with MCL 3.0 or EMV CL Book C-2;
and for POS Terminals only (including MPOS Terminals), be configured to support On-Device Cardholder Verification and the processing of Contactless Transactions that exceed the applicable Cardholder verification method (CVM) limit amount up to the amount that the same POS Terminal supports on its contact interface.

If you are unable to achieve compliance, Mastercard may, at their discretion impose non-compliance assessments. Below please find a summary of Mastercard’s non-compliance assessment schedule:

Compliance Category	Assessment Type	Assessment Description
A	Per violation	Up to USD 25,000 for the first violation Up to USD 50,000 for the second violation within 12 months Up to USD 75,000 for the third violation within 12 months Up to USD 100,000 per violation for the fourth and subsequent violations within 12 months
Variable occurrence (by device or Transaction)	Up to USD 2,500 per occurrence for the first 30 days Up to USD 5,000 per occurrence for days 31–60 Up to USD 10,000 per occurrence for days 61–90 Up to USD 20,000 per occurrence for subsequent violations

Compliance Category

Assessment Type

Assessment Description

A

Per violation

Up to USD 25,000 for the first violation

Up to USD 50,000 for the second violation within 12 months

Up to USD 75,000 for the third violation within 12 months

Up to USD 100,000 per violation for the fourth and subsequent violations within 12 months

Variable occurrence
(by device or Transaction)

Up to USD 2,500 per occurrence for the
first 30 days

Up to USD 5,000 per occurrence for days
31–60

Up to USD 10,000 per occurrence for days
61–90

Up to USD 20,000 per occurrence for
subsequent violations

September 2020 - INTERAC Transaction Limit Reminder for ISVs and Integrated Merchants

Between September 10, 2020 and September 16, 2020, all ISVs and integrated merchants will receive the following reminder from Moneris regarding transaction limits for both contact and contactless INTERAC transactions.

Under INTERAC Debit Regulations, both ISVs and integrated merchants are not permitted to set a per transaction limit on devices. As a result, we have asked them to check and ensure no transaction size limits are set for INTERAC transactions on the POS solutions they either use or provide.

An altered transaction limit on a POS solution may prevent merchants from taking advantage of any increased limits for contactless transactions INTERAC may set in the future. If the INTERAC transaction limit has been altered, we have requested the ISV reset the limit as soon as possible.

July 2020 & Oct 2021 (Revised from April 2020) - Purchase Return Authorization Mandate

Visa, Mastercard, and Discover are introducing a new purchase return authorization mandate that will affect all merchants that process customer returns. Currently, Moneris authorizes merchant returns on behalf of the card issuer.

Effective July 17, 2020, Moneris will be required to send Mastercard and Discover return authorization requests to the card issuer for approval.
Effective October 15, 2021, Moneris will be required to send Visa return authorization requests to the card issuer for approval.

The new return authorization process will enable issuers to update cardholders’ online banking statements in real time. This process will help enhance cardholder confidence in the payments system, as the information they receive on purchase returns will better align with what they see on purchases.

This will offer a number of key benefits for merchants:

Help reduce or minimize related chargebacks
Provide real-time issuer account validation
Fewer customer service inquiries due to a lack of real-time information

There is a possibility that merchants may see declined refund transactions due to the following reasons:

Expired card
Blocked card (due to fraud, breach, etc.)
Invalid PIN
Invalid card #
Original card used for purchase was a prepaid card that has been discarded

Merchants should closely examine their business processes to ensure that a cardholder can be reached should a refund transaction be declined.

In the event of a declined refund, merchants have three options to pursue in the following order:

The refund on another card (of the same brand)
Offer the cardholder a store credit/gift card
Offer the cardholder refund in another format (cash, cheque)

All options are contingent on a declined refund and should be used at the discretion of the merchant based on existing refund policies and risk tolerance for their business. Moneris recommends that merchants avoid refunding to a card (of a different brand) to reduce the risk of fraud.

December 2018 – UnionPay BIN Changes

Effective December 31, 2018, UnionPay International (‘UnionPay’) is introducing a new series of Bank Identification Numbers (BINs) that begin with ‘81’ (e.g., 810000-817199), as well as expanding all BINs to eight digits (‘8-digit BINs’). To avoid any disruption to your business, you will need to apply the following updates to your systems.

If you are using a Moneris^® standalone payment solution, you are required to:

Activate UnionPay 81 series BIN changes on your POS device(s) by reinitializing your terminal. In the event that you do not re-initialize your device by December 31, 2018, the terminal will prompt you to do so.

If you are using a Moneris^® integrated or ecommerce payment solution, you are required to:

Contact your integration partner, web developer and/or internal IT department to test your payment application and confirm the POS is certified by the December 31, 2018 deadline.
Moneris has made UnionPay 81 series and 8-digit BINs available in the production environment for POS testing.

As per UnionPay card acceptance policies:

All point-of-sale terminals must support the UnionPay 81 series BIN standards.
Both card present and card-not-present POS environments (including hard-coded ecommerce sites) must be equipped to recognize and process 81 series BINs, following the same logic and handling as transactions made with Primary Account Numbers (PAN) in the ‘62’ series today.
Back office reporting systems must be able to recognize 8-digit BINs in all occurrences where the 6-digit BINs used by card brands today are reported.

UnionPay will be monitoring BIN acceptance rates and may impose non-compliance assessment fees to businesses that are unable to accept 81 series and 8-digit BIN cards by the December 31, 2018 deadline.

For businesses using a standalone payment solution, please contact the Moneris Support Center at 1-844-204-8626 with your questions. If you are using an integrated payment solution, please contact your POS integration partner for assistance with re-initializing your payment processing application(s).

April & October 2018 – Visa and Mastercard Payment Security Changes

(UPDATED March 2019)

On April 12, 2018, Visa^® and Mastercard^® implemented policy changes to improve card security and further reduce fraudulent transactions and chargebacks in Canada. This will impact the way merchants accept card present (CP) and card not present (CNP) payments for domestic and international transactions.

Fallback (Visa and Mastercard)
Visa and Mastercard are enacting a ‘no fallback’ policy for CP transactions, which means that merchants will need to request an alternate method of payment if a customer’s Chip & PIN transaction fails, as the card will not ‘fallback’ to the magnetic swipe. These changes took effect April 12, 2018 for domestic transactions on both card brands, and October 12, 2018 for international transactions using Mastercard.

CVV2 (Visa only)
Visa introduced a requirement on October 14, 2018 requiring telephone order and e-commerce merchants to capture CVV2 at checkout and include it in the authorization request. This rule does not apply to (updated March 2019):

A transaction that uses a stored credential
A transaction initiated with a payment token
A transaction in which a paper order form is used
A transaction involving a recurring or installment payment (second and all subsequent transactions)
A transaction conducted through a digital wallet such as Visa Checkout
A transaction originating from an indirect sales channel
A delayed charge transaction
A transaction involving an incremental authorization request
A MO/TO transaction where the CVV2 is captured manually and provided in written format
A transaction that received a decline response and is resubmitted for authorization, as specified in the Visa Rules (ID#: 0006007)

Merchants using the Moneris Gateway are required to make changes to enable CVV2 information capture at payment checkout. Affected services include:

Moneris API
Batch submissions
Hosted Pay Page
Hosted Vault
Virtual Terminal
Merchant Resource Centre
Hosted Tokenization

Moneris has activated Card Validation Digits (CVD) and Address Verification Services (AVS) for all Gateway Merchants effective May 15, 2018 at no additional fees or costs.

For details on required changes, please see: https://www.moneris.com/VisaCVD.

Stored Credential Transaction Framework (Visa and Mastercard)
Visa and Mastercard are updating their security policies for CNP transactions, beginning with the introduction of the Stored Credential Transaction Framework on October 12, 2018, which outlines the requirements for initial storage and subsequent use of payment credentials.

For more information on the respective changes announced by Visa and Mastercard, please visit:

Visa: Moneris.com/VisaSecurity
Mastercard: Moneris.com/MCSecurity

April 2018 - Visa Claims Resolution

Effective April 13 2018, Visa will be implementing the Visa Claims Resolution (VCR) initiative to reduce the number of chargeback disputes and improve the overall efficiency of the dispute resolution process. Information on upcoming changes related to the VCR initiative has been provided below.

Reduced Resolution Timeframes
Chargebacks can typically take anywhere from 46 to 100 days to resolve, depending on their complexity. Visa is streamlining their chargebacks dispute process by eliminating any extra touch points and exchanges of information between parties. Reducing the time and resources it takes to resolve disputes will benefit merchants, issuers and cardholders alike.

Merchants will now be asked to respond to chargeback disputes within seven calendar days from the date of notice.

Changes to Chargeback Reason Codes
The current list of 22 Visa chargeback reason codes will be replaced with new values and grouped into four new categories of disputes: Authorization, Fraud, Processing Errors and Consumer Disputes. For a full list of the new Visa chargeback reason codes and their corresponding dispute categories, please visit the Moneris chargebacks page.

Support

Compliance Notices

Compliance Notifications

Developer Specifications

Visa

Mastercard

American Express

Moneris

Was this page helpful?

Need Additional Help?

Talk to one of our business advisers for additional troubleshooting.