Release notes: Banking.Live 2.10
Visa mandate: COF and recurring transaction validation enhancements
New configurable validations have been added to validate received COF and recurring transactions. These improvements help in supporting the Visa Secure Digital Authentication Framework program for standing instruction merchant-initiated transactions. Standing instruction merchant-initiated transactions are transactions that involve standing instructions provided by the customer in the original customer-initiated transaction. They need to meet the same criteria as customer-initiated transactions to qualify for fraud dispute protection.
Client impact
By default, clients are not affected, and these transactions are processed as normal.
The introduced validation conditions to validate received COF and recurring transactions are set at client-level and/or product-level and include:
- By default, COF and Recurring transaction validation will be bypassed.
- Check the previously approved transaction for that PAN having Card Acceptor Identification Code
DE42value same as the current COF or Recurring transaction. If it does not exist, decline the transaction. - Check the previously approved Account Verification transaction
DE25=51for that PAN having Card Acceptor Identification CodeDE42value the same as the current COF or Recurring transaction. If it does not exist, decline the transaction. - Check the previously approved transaction having transaction identifier (DE62[2]) same as the current value of the Original Transaction Identifier (DE125[03].03) and the transaction should either match Merchant ID i.e. DE42 or Merchant Name i.e. DE43[1] with previous approved transaction. If it does not exist, decline the transaction.
- Check the previously approved transaction Merchant Name (DE43_1) with the current transaction Merchant Name (DE43_1). If it does not exist, decline the transaction.
Condition 1 is the default. If you need to change the validation to a different condition, you can raise a request through the Customer Support Platform.
Visa mandate (0029985): CVV2 is no longer required for Visa Secure transactions in Europe
Before PSD2 SCA, the purpose of validating CVV2 was to validate the possession of the card. However, since the release and implementation of PSD2 SCA in Europe, the additional validation of CVV2 is not required.
As of April 2024, Acquirers are no longer required to provide the CVV2 in the authorization message for transactions authenticated using Visa Secure in Europe.
Due to this change in requirement, Issuers must not decline a Visa Secure transaction in Europe based solely on a missing CVV2 value.
Client impact
Visa Secure transactions in Europe will not be declined based solely on a missing CVV2 value.
You can refer to the below table for use case examples for eCommerce transactions:
Approve transactions as CAVV is valid when:
- Transaction is in EEA country
- CAVV is valid
- CVV2 is missing, invalid or valid
Approve transactions as CAVV validated by Visa when:
- In EEA country
- CAVV validated by Visa
- CVV2 is missing, invalid or valid
Decline the transaction as CVV2 was invalid or missing when:
- Not in EEA country
- CAVV valid
- CVV2 is missing or invalid
Mastercard mandate (AN8498):CVC2complaince requirements on CNP tokenized and authenticated transactions for issuers and merchants in Asia/Pacific region
As part of the mandate, Banking.Live will not decline an authorization request solely due to a lack of CVC2 data for authenticated transactions, including those originating with tokenized credentials.
This is because tokenized transactions are more secure because they contain additional security features such as the token, token expiry, and Digital Secure Remote Payment (DSRP) cryptogram.
Client impact
A domestic authorization will not be declined solely due to lack of CVC2 for authenticated transactions, including those originating with tokenized credentials.
You can refer to the below table for use case examples:
Given | When | Then |
|---|---|---|
An eCommerce CNP domestic transaction is initiated | The transaction is authenticated and EMV 3DS is available and CVC2 is not available | Approve the |
A tokenized CNP domestic transaction is initiated | CVC2 is not available | Approve the |
An eCommerce CNP domestic transaction is initiated | The transaction is authenticated and EMV 3DS is available and CVC2 is available | Approve the |
A tokenized CNP domestic transaction is initiated | The transaction is authenticated and EMV 3DS is available and CVC2 is available | Approve the |
Mastercard mandate (AN7102): Introduction of Mastercard TLID
Mastercard is introducing a new Data Element (DE) 105 (Multi-Use Transaction Identification Data), sub element 001 (Transaction Link ID LID]) ) that is designed to carry a new Mastercard-generated identifier which will be used identically across the Authorization, Clearing and Single Message System platforms and all message specifications.
This transaction identifier generated by Mastercard is designed to help promote an improved and consistent linking of life cycle activity occurring after the original transaction and other related transactions.
Client impact
Clients using FAST are impacted in two ways:
- For FAST authorization messages you can choose to receive this
TLIDin“DE105”in the ISO node of the FAST authorization message.
FAST authorization messageMessage_Type’s impacted are:- All: if you do wish to receive this
TLIDin the FAST authorization message, you can request this through the Customer Support Platform.
- All: if you do wish to receive this
- For FAST clearing messages you will receive this
TLIDin“DE105”in the ISO node of the FAST clearing message.
FAST clearing messageMessage_Type’s impacted are:- 1240 – First Presentments
Mada mandate: Support for Mada DS based authentication tags for SPG transactions
As part of our rollout for MADA SPG (Saudi Pay Gateway) mandate, we have implemented support for MADA DS based transactions.
MADA DS based 3DS cardholder-initiated transactions made using the physical card credentials will have additional tags in DE47 for authentication value verifications.
Client impact
Once certified, clients will receive these additional tags in the ISO node of the FAST message of these types of transactions.
Mada clients will receive additional communication from Paymentology with further details as part of the SPG Service – Mada implementation rollout.
Filter/Search for transactions using Digital Token or Device ID
PayControl users can now search for transactions by Digital Token or Device ID.
TIPA device may have multiple digital tokens linked to it, but a digital token can only be linked to one device
Client impact
Clients can choose to use this additional functionality at any stage.
You can do this by:
- Once logged in to PayControl, navigate to the transactions screen. For example: https://uat.banking.live/paycontrol/transactions
- In the Filter By dropdown menu, you will now find Digital Token and Device ID under the Advanced heading. Click on the method you wish to filter/search by.
- Proceed to type in the Digital Token or Device ID you are searching for.
- Click the search icon button.
- The transaction screen will now populate with transactions based on your filter input.
Highlighting triggered rules in rules detail screen despite error
Rules that are triggered but not executed due to errors will still be marked as Triggered, and highlighted.
Client impact
Minor change to the Rules Detail screen on PayControl.
Now a triggered rule where an error was present will be reflected in two ways on the Rules Detail screen in PayControl:
- Rule triggered: Err-Yes
- The rule will be highlighted in green
You can see this screen by:
- Once logged in to PayControl, navigate to the transactions screen. For example: https://uat.banking.live/paycontrol/transactions
- Right click on the specific transaction and proceed to View Transaction > View Txn Details
- On the Transaction Detail screen, click on the Rules Detail tab.
| CLR-307 | Make auto triggering of Settlement Fast feed tasks configurable |
|---|---|
| Summary | The order in which the client receives Settlement Active fast feeds for Mambu and passive feed (Iso) can be configured from job level |
| Impact on Clients | It’s a configurable change. The existing behaviour is set as the default one. It can overridden by changing the configuration, clients will have to request the configuration changes thru customer executive. |
| PECR-135 | VAU Certification Support for All BINs |
|---|---|
| Summary | We've enhanced our Visa Account Updater (VAU) file submission process for multi-issuer clients to ensure full compliance with Visa's specifications. This enhancement addresses a mandatory regulatory requirement to ensure our clients customers card details are automatically updated with merchants, minimizing disruptions in recurring payments |
| MCCP-42 | Improve Close Operational Day function performance |
|---|---|
| Summary | Introduction of multi-threading on some ofthe jobs within Close Operational Day |
| DEC-111 | Usage of MasterCard Fraud Score Fields in Fraud Rule |
|---|---|
| Summary | Introduction of Parsing DE48 SE 75 and DE48 SE 76 so that they can be consumed by Rule Engine for Decision Making |
| AUTH-434 | Change default error code on FAST failure |
|---|---|
| Summary | Currently, Banking.Live returns a generic response code, 05, in cases where FAST messages fail. With this improvement, we will be able to return a more accurate response code to the networks depending on the type of failure of the FAST message |
| DEFECT-177 | Transaction list API occasionally failing |
|---|---|
| Defect Condition | Transaction search would occasionally timeout on PayControl Screen |
| Defect Fix | Search Querry Optimization by using index field, creation of partition on huge tables and using partitioned fields for search |
| DEFECT-558 | Incorrect Parsing of DE63 for VISA |
|---|---|
| Defect Condition | DE63 sub-element 0 which indicates presence of other sub elements was the sub element 1 and hence the whole parsing was affected. |
| Defect Fix | The correct parsing implemented as per VISA specifications |
DEFECT-576 | MC 3DS AAV OBS Wrong indicator |
|---|---|
Defect Condition | The approved transactions by Paymentology have a wrong "3DS_Check" indicator of "FAIL" for 3Ds due to bypassed conditions (iav_validated_by_mastercard OR valid_on_behalf_service_mastercard_aav_verification, |
Defect Fix | Paymentology has introduced new approved reason codes to indicate that a transaction is approved due to 3D secure bypassed conditions. "iav_validated_by_mastercard" or "valid_on_behalf_service_mastercard_aav_verification" will have reason code 240, "skip_aav_validation_mc_generated" will have reason code 241, and "bypass_aav_on_merchant_risk" will have reason code 242. |
| AUTH-481 | Apple Pay MDES Certification with MC |
|---|---|
| Defect Condition | Mastercard Rejected 0410 message due to extra fields inDe 48 SE 23, 30, 34 and 71 |
| Defect Fix | The additional unexpected fields were removed |
| DEFECT-443 | Mastercard DTAS Bypass IAV validation |
|---|---|
| Defect Condition | If in a given TransactionDE-48-26 = 327 andDE-48-71-61-02 = V then we would Bypass AAV validation results and approve the transactions as DTAS would have authenticated the transaction. However, some of the clients wanted such transactions to be declined. |
| Defect Fix | Introduction of Feature Flag to decline the transactions as per client’s request. The clients would have to request for Feature Flag to be enabled through theirCustomer Executives/ account Managers |