Visa Secure Release Updates

August 2021 Release Notes

Version 1.0

June 2021
Visa Confidential
Important Information on Confidentiality and Copyright

© 2021 Visa. All Rights Reserved.

Notice: This information is proprietary and CONFIDENTIAL to Visa. It is distributed to Visa participants
for use exclusively in managing their Visa programs. It must not be duplicated, published, distributed or
disclosed, in whole or in part, to merchants, cardholders or any other person without prior written
permission from Visa.
The Visa Confidential label signifies that the information in this document is confidential and
proprietary to Visa and is intended for use only by Visa Clients subject to the confidentiality
restrictions in the Visa Core Rules and Visa Product and Service Rules (the “Visa Rules”), and other third
parties that have a current participation agreement, including confidentiality provisions, or other non-
disclosure agreement with Visa that covers disclosure and use of the information contained herein.

This document is protected by copyright restricting its use, copying, distribution, and decompilation.
No part of this document may be reproduced in any form by any means without prior written
authorization of Visa.The trademarks, logos, trade names and service marks, whether registered or
unregistered (collectively the “Trademarks”) are Trademarks owned by Visa. All other trademarks not
attributed to Visa are the property of their respective owners.

Note: This document is not part of the Visa Rules. In the event of any conflict between any content in this
document, any document referenced herein, any exhibit to this document, or any communications
concerning this document, and any content in the Visa Rules, the Visa Rules shall govern and control.

THIS DOCUMENT IS PROVIDED ON AN “AS IS, WHERE IS” BASIS, “WITH ALL FAULTS” KNOWN AND
UNKNOWN. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL
ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN: THESE CHANGES
WILL BE INCORPORATED IN NEW EDITIONS OF THE DOCUMENT. VISA MAY MAKE IMPROVEMENTS
AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT
AT ANY TIME. WHERE POTENTIAL FUTURE FUNCTIONALITY IS HIGHLIGHTED, VISA DOES NOT
PROVIDE ANY WARRANTY ON WHETHER SUCH FUNCTIONALITY WILL BE AVAILABLE OR IF IT WILL BE
DELIVERED IN ANY PARTICULAR TIME. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,
VISA EXPLICITLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE
INFORMATION CONTAINED HEREIN, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

If you have technical questions or questions regarding a Visa service or questions about this
document, please contact your Visa representative.

June 2021 Visa Confidential ii

June 2021 Visa Confidential iii
 Visa Installments Release Notes V1.0, August Release

Contents
1 Release Notes O verview............................................................................................................................................. 5
1.1 What’s New to Visa 3-D Secure 1.0.2...................................................................................................................... 5
1 .1 .1 Reenabling CRReq (Card Range Request) and CRRes (Card Range Response) message
pair for Visa 3DS 1.0 .2 Directory Server ....................................................................................................... 5
1.2 What’s N ew to EMV 3-D Secure 2.x ..................................................................................................................... 6
1 .2 .1 Inc lusion of the token ranges in the PRes message........................................................................ 6
1 .2 .2 Changes to support of Visa Trusted Listing program .................................................................... 7
1 .2 .3 Support for ISO Country Codes................................................................................................................... 8
1 .3 Additional Resourc es ................................................................................................................................................ 9

June 2021 Visa Confidential iv

 Visa Installments Release Notes V1.0, August Release

1 Release Notes Overview

Visa’s 3-D Secure (3DS) Platform is establishing a formal bi-annual release schedule and intends to publish
an external release announcement prior to each release date in order to prepare the Directory Server (DS)
endpoints on any potential client impacts and/or changes that would be required. This document
describes the features, changes, and enhancements of the August 2021 Release on the 3DS 1.0.2 and
EMV 3DS 2.x Directory Servers. Features and enhancements identified in Version 1.0 of the Release Notes
may be changed or removed by Visa in its sole discretion.
Note: All features, changes, enhancements, and scheduling of product releases are subject to change
at Visa’s discretion.

1.1 What’s New to Visa 3-D Secure 1.0.2

1.1.1 Reenabling CRReq (Card Range Request) and CRRes (Card Range Response)
message pair for Visa 3DS 1.0.2 Directory Server

New Features ( ) Changes to Existing Features ( ) Enhancement ( ✓ )

Impact Region MPI Providers ACS Providers

Merchant Server Plug-in (MPI) providers will need to AP ✓
account for the changes to format and send the CRReq ✓
CEMEA
message to the 3DS 1.0.2 DS as well as to receive and
parse the contents of the CRRes message to update the EU ✓
cache accordingly.
LAC ✓
This is an optional change for MPI providers.
NA ✓

The CRReq message is sent from the MPI to the DS to request the list of participating 3DS 1.0.2 card
ranges in order to update the MPI’s internal cache information and the CRRes is sent from the DS to the
MPI in response to a CRReq messages. CRRes is used to provide the list of participating 3DS 1.0.2 card
ranges in order to update the MPI’s internal cache information.

MPI providers are advised to refer the 3DS 1.x specification 3-D Secure Protocol Specification Core
Functions Version 1.0.2 for additional details with respect to the contents of these messages, validation
requirements, edit criteria and the processing of the message pair. The DS will also support the partial

June 2021 Visa Confidential 5

 Visa Installments Release Notes V1.0, August Release

cache updates as noted in the specification (MPI has to include the serial number from the most recently
processed CRRes message and the DS will share the changes since the previous CRRes message).

1.2 What’s New to EMV 3-D Secure 2.x

1.2.1 Inclusion of the token ranges in the PRes message

New Features ( ) Changes to Existing Features ( ✓ ) Enhancement ( )

Impact Region 3DSS Providers ACS Providers

3DS Server providers will need to account for the AP ✓
changes to update the cache accordingly for the ✓
CEMEA
additional ranges (token ranges) shared by the DS.
✓
Visa recommends the 3DS Server providers to utilize EU
this change to update their cache accordingly in a timely LAC ✓
manner.
NA ✓

To align with the evolving need to support token transactions and to support the various regional
requirements seamlessly, the DS will include the token ranges in the EMV 3DS 2.x PRes message. Starting
August 2021, token ranges corresponding to Issuers from all the regions will be included in the PRes
message. These token ranges will carry all the relevant card range data elements as noted in the EMV
3DS specifications1.

3DS Servers are advised to plan for this change in advance to account for increase in the card ranges
shared by the DS2. This change will only impact the EMV 3DS card range data, the 3DS 1.x card range
data will not be impacted by this change.

1
This will be transparent to the 3DS Servers and the DS will not carry any specific flag to note these as token ranges. The
format of the message and the card range data elements will be as per the EMV 3DS specifications.
2
As a result of this change, the expectation is for the PRes file size to increase from 90 MB to a size between 180 MB (100%
increase) and 220 MB (150% increase). 3DS Servers are advised to plan accordingly and to note the increase in size as an
approximate figure, the exact increase in the size is expected to vary.

June 2021 Visa Confidential 6

 Visa Installments Release Notes V1.0, August Release

1.2.2 Changes in support of Visa Trusted Listing program

New Features ( ) Changes to Existing Features ( ✓ ) Enhancement ( )

Impact Region 3DSS Providers ACS Providers

This is an informational notice for the 3DSS and ACS AP
Providers from the EU region advising them of the
CEMEA
changes to the Visa Trusted Listing (VTL) program.
EU ✓ ✓

LAC

NA

Visa announced changes to the support of the Visa Trusted Listing (VTL) program in March 2021. As a
result of this announcement, modifications will be made to Directory Server to remove the specific
program requirement validations associated previously with the VTL program – these include relaxing
the usage of specific merchant identifiers (Visa Merchant IDs) for these transactions as merchants are
no longer required to complete an enrollment form with Visa and Visa will also not store/maintain the
trusted beneficiary list on behalf of the Issuers.

The DS will still support the whitelisting features and associated fields/values noted in the EMV 3D S 2.2
specification as well as the validations noted in the specification for these fields 3. Refer Changes to the
Visa Trusted Listing Program Visa Business News article for additional details regarding the
announcement and its impact.

3
The DS will still check for the Issuer’s participation in the whitelisting program and will share an error with 3DS Server
providers for such requests associated to non-participating ranges (3DS Server providers are advised to refer the PRes
message to verify participation).

June 2021 Visa Confidential 7

 Visa Installments Release Notes V1.0, August Release

1.2.3 Support for ISO Country Codes

New Features ( ) Changes to Existing Features ( ✓ ) Enhancement ( )

Impact Region 3DSS Providers ACS Providers

3DS Server Providers and ACS Providers need to use the AP ✓ ✓
latest ISO code/country versions for authentication
CEMEA ✓ ✓
requests.
EU ✓ ✓
This is a mandatory requirement for the end points to
adhere to the edition of the ISO 3166-2 utilized by Visa LAC ✓ ✓
DS.
NA ✓ ✓

The Directory Server will apply the ISO-3166-2 Fourth Edition (2020 August) specifications as it pertains
to the country and its subdivision codes.

1.2.4 Update to Directory Server IP Addresses

New Features ( ) Changes to Existing Features ( ✓ ) Enhancement ( )

Impact Region 3DSS Providers ACS Providers

3DS Server Providers and ACS Providers should always AP ✓ ✓
do a DNS lookup to determine the Visa Direcitory Server ✓ ✓
CEMEA
IP Addresses.4
EU ✓ ✓
This is an informational notice for the 3DSS and ACS
Providers LAC ✓ ✓

NA ✓ ✓

To continually make the Visa Secure ecosystem more secure, Visa will be updating the IP Addresses of
the EMV 3DS (2.x) Directory Server. This change will not affect the 3DS 1.0.2 Directory Server.

4 If a provider whitelist these IP Address, please rea ch out to your regional support email box to obtain the new IPs

June 2021 Visa Confidential 8

 Visa Installments Release Notes V1.0, August Release

1.3 Additional Resources

Online Resources

Refer to the following documents on the Visa Secure Documentation page at Visa Online:

• Visa Secure Program Guide

• Visa Secure Issuer Implementation Guide for EMV 3-D Secure

• Visa Secure Merchant / Acquirer Implementation Guide for EMV 3-D Secure

• Visa Secure Issuer Implementation Guide for 3-D Secure 1.0.2

• Visa Secure Merchant / Acquirer Implementation Guide for 3-D Secure 1.0.2

Note: For Visa Online resources, you will be prompted to log in.

June 2021 Visa Confidential 9