Guides
Log into Sandbox

Card Network Mandates

Suggest Edits

Card networks, such as Mastercard, Visa, Discover, STAR, and Pulse, publish mandates for issuers, processors, and acquirers to enable secure, efficient, and standardized card transaction handling. These directives cover critical areas like data security, transaction processing, and fraud prevention, fostering a trusted operational environment for everyone involved in the payment ecosystem.

Card networks communicate these mandates through technical newsletters four times a year. Galileo reviews these mandates and updates its systems and documentation to align with them.

This guide explains recent card network mandates from Visa and Mastercard announced to date that impact Galileo and Galileo clients. (Pulse, STAR, and Discover have also released mandates in 2025 and 2026, but those mandates do not impact Galileo or Galileo clients.)

2026

Mastercard

LAC 11728.4 — Enhancing intracountry processing to support Value Added Tax (VAT) jurisprudence in Mexico

Effective May 5, 2026, Mastercard enhanced the Dual Message Clearing System and settlement to support customers in adhering to the intracountry Value Added Tax (VAT) jurisprudence changes in Mexico.

Impact to Galileo: For Galileo clients in Mexico, this enhances traceability for payments sent or received for intracurrency settlement purposes. This also enables greater transparency between the cardholder transaction amounts and fees not eligible for VAT compared to the fees that are eligible for VAT, such as interchange fees and the VAT itself.

GLB 8701.3 — Enhancing Mastercard Transaction Link Identifier

Effective June 2, 2026, Mastercard is enhancing Mastercard Transaction Link Identifier (TLID) by introducing subelements and subfields to support multi-use transaction identification data and providing information on updated TLID usage.

Impact to Galileo: Multiuse transaction identification data, such as TLID, helps provide a consistent and sustainable transaction identification methodology. These enhancements may promote an improved and consistent linking of lifecycle activity occurring after the original message and other subsequent messages or related transactions.

GLB 11737.1 — Enhancing Participant Data for Mastercard Send transactions

Effective June 2, 2026, Mastercard is enhancing the Mastercard Send transaction data elements available to capture information about participants involved in a transaction.

Impact to Galileo: These changes will further assist Galileo and their clients with fraud detection and prevention, facilitating the provision of enhanced information about the participants in a transaction.

GLB 11738.1 — Introducing age verification capability

Effective June 2, 2026, Mastercard is introducing near real-time age verification to help enable merchants to request whether a cardholder meets one or more age thresholds.

Impact to Galileo: Clients of Galileo may benefit from the age-verification capability when supporting merchants that are seeking to verify age thresholds for scenarios where age verification is necessary (e.g., purchasing age-restricted goods or services through e-commerce).

GLB 12204.1 — Enhancing Mastercard Agent Pay program

Effective April 17, 2026, Mastercard is enhancing the Mastercard Agent Pay program to provide additional visibility into the agent commerce aspects of a transaction by adding new values to existing fields. Inside the digital_commerce_data object in the Auth API, program_id: 08 indicates an Agent Pay transaction.

Impact to Galileo: Galileo and your issuers may benefit from:

  • The ability to uniquely identify agent-initiated e-commerce transactions during authorization
  • The ability to identify the agent or wallet that facilitated a tokenized transaction.

GLB 12251.1 — Introducing crypto card identifiers

Effective June 2, 2026, Mastercard is introducing identifiers of crypto card transactions and account ranges.

Impact to Galileo: Galileo and you may benefit from the Mastercard Crypto Card program by retaining and attracting new customers, and accessing growing consumer cryptocurrency spending.

GLB 12253.1 — Expanding X-Code Processing to support Mastercard Digital Enablement Service (MDES) tokenized transactions

Effective June 2, 2026, Mastercard is expanding X-Code Processing to support Mastercard Digital Enablement Service (MDES) tokenized transactions.

Impact to Galileo: This key enhancement to Mastercard Network fallback decisioning may improve business continuity in case of outage scenarios, allowing the flow of commerce for digital transactions when the issuer or stand-in is unable to perform authorization decisioning.

GLB 12286.1 — Enhancing account-level management for payment and refund transaction processing

Effective June 2, 2026, Mastercard is enhancing Account Level Management (ALM) to include the processing of payment transactions globally and refund transactions in the U.S. region.

Impact to Galileo: This enhancement allows Galileo to receive ALM service data of the registered PAN on payment and refund transactions. Issuers participating in ALM may use ALM technology and services on their payment and refund transactions and benefit from:

  • Sophisticated and segmented delivery of card-related offers
  • Seamless migration across card programs
  • Competitive value based on account or portfolio spending
  • Competitive reward value at the card level

GLB 12516.1 — Introducing a Transaction Type Identifier for specialty merchants

Effective June 2, 2026, Mastercard is populating a new Transaction Type Identifier (TTI) value on behalf of an acquirer in authorization request and clearing messages to issuers, for transactions submitted with specialty merchants registered in Mastercard’s Specialty Merchant Registration Program.

Impact to Galileo: This increases transparency and visibility for specialty merchant transactions. This identification signifies that the acquirer and, if applicable, the payment facilitator sponsoring the specialty merchant are held to high standards and controls and are subject to Mastercard’s Specialty Merchant Registration Program framework. This identifier will appear in the transaction_type field of the Auth API.

LAC 12202.1 — Introducing an amount type in Colombia

Effective June 2, 2026, Mastercard is introducing an amount type to support intracountry regulations in Colombia.

Impact to Galileo: The enhancement helps ensure Galileo and Galileo clients are in compliance with intracountry regulations related to airline transactions. This information will surface in DE054.

AP/LAC 12505.1 — Enhancing intracurrency settlement process in Asia Pacific, Latin America, and Caribbean regions

Effective April 17, 2026, Mastercard is enhancing the settlement process for Single Message intracurrency activity in the Asia/Pacific, Latin America, and Caribbean regions.

Impact to Galileo: The enhanced settlement process for Single Message intracurrency activity helps ensure an easier and more consistent reconciliation process.

Visa

H1 1.1 — Mandate to support the Digital Commerce Authentication Program for domestic and cross-border transactions

Effective April 17, 2026, Visa introduced the Digital Commerce Authentication Program (DCAP) indicator for all issuers and acquirers in Europe, the U.S., and certain regions of Asia Pacific. Visa clients can see this information in the vdcap_info object in the Auth API. The information is derived from Field 34, Dataset 01, Tag C0.

Impact to Galileo: DCAP conveys the presence of certain key data elements and the eligible methods used to share authentication data. This program aims to improve authorization rates, reduce fraud, and provide a better customer experience.

H1 2.1 — Changes to merchant category codes

Effective April 17, 2026, Visa introduced new merchant category codes (MCC) in the hotel category.

Impact to Galileo: Adding these MCCs improves authorization decisions, data analysis, market research, and dispute resolution. Visa includes MCCs in Field 111.

H1 2.5 — Mandatory changes to Visa Resolve Online (VROL)

Effective April 17, 2026, VROL introduced the expansion of Doc Analyzer and Compelling Evidence 3.0 with new features. The VROL AI Doc Analyzer summarizes supporting documentation included with a dispute, dispute resolution, and prearbitration.

Impact to Galileo: This improves chargeback processing speed and accuracy for Galileo.

H1 2.14 — Changes to the Digital Commerce Authentication Program (DCAP) to support token passkeys and account-funding transactions (AFTs)

Effective April 17, 2026, Galileo supports AFT and token transactions that qualify for DCAP. Galileo sends the ECI value to you in the ecommerce object of the Auth API.

Impact to Galileo: The DCAP information helps Galileo and you improve security and performance of card-not-present (CNP) transactions by using advanced data-sharing and authentication solutions. It also enables token requestors to provide enhanced authentication data directly to issuers, improving fraud and risk prevention.

H1 2.16 — Changes to support PIN processing for account-verification transactions

Effective April 17, 2026, Visa implemented changes to support PIN verification during the account-verification processes.

Impact to Galileo: Galileo supports these regulatory changes for PSD2 in Europe, which has been rolled out globally.

H1 2.18 — Changes to the CVV2 service

Effective April 17, 2026, Visa implemented changes to the Card Verification Value 2 (CVV2) data presence indicator values and CVV2 result codes to enhance CVV2 processing in card-not-present (CNP) transactions.

Impact to Galileo: These updates eliminate ambiguous processing codes, ensuring greater verification consistency and improving authorization outcomes for card-not-present transactions.

H1 3.3 — Changes to Visa Token Service (VTS) device binding for issuers

Effective April 17, 2026, Visa implemented two message reason codes for use with Visa payment passkey device binding. VTS issuers in all regions are required to test device-binding messages for Visa payment passkeys.

Impact to Galileo: This enhances Galileo's existing offerings to provide stronger cardholder identification and verification (ID&V) for credential-on-file and e-commerce tokens.

H1 3.5 — Changes to VTS to support multi-device provisioning

Effective April 17, 2026, Visa implemented new processing rules and added a new value in an existing field to support token provisioning on multiple devices.

Impact to Galileo: This results in an increase in token provisioning requests, and as a result, you may see an increase in token transactions.

H1 3.7 — Changes to support Token Assurance Method (TAM)

Effective April 17, 2026, Visa implemented changes to update the Token Assurance Method (TAM) value for card-on-file and e-commerce enabler token types in certain conditions for Tap to Add Card transactions.

Impact to Galileo: This provides more efficiency in token transactions, especially when it comes to Tap to Add Card type of transactions.

H1 3.10 — Changes to support partial reversals of card-not-present preauthorization transactions on Interlink

Effective April 17, 2026, Visa implemented changes to allow partial reversals of card-not-present (CNP) preauthorization transactions on Interlink in the U.S. and U.S. territories. This enhancement is applicable only to non-Visa-branded and proprietary debit and prepaid cards on Interlink.

Impact to Galileo: This enhancement improves transparency for hold management, allowing you to more accurately manage holds on cardholder funds for approved CNP preauthorization transactions. This ensures better handling of dynamic e-commerce scenarios, such as when merchants need to process split shipments or partial cancellations.

H1 3.11 — Changes to support Interlink and Plus for Visa Accept

Effective April 17, 2026, Visa is implementing changes to support Interlink and Plus for the Visa Accept solution.

Impact to Galileo: This enhancement improves transparency for hold management, allowing them to more accurately manage holds on cardholder funds for approved card-not-present preauthorization transactions.

H1 11.2.4 — Mandate to support U.S. domestic original credit transactions (OCTs) on the Plus network for non-Visa-branded proprietary card products

Effective April 17, 2026, Visa requires U.S. issuers of non-Visa-branded proprietary card products to support domestic OCTs on network 0004.

Impact to Galileo: This supports the increased reach of Visa Direct for U.S. issuers. Visa requires issuers to receive domestic OCTs and fast funds on the Plus network for non-Visa-branded proprietary card products.

2025

Mastercard

GLB 8701.1 — Enhancing Mastercard Transaction Link Identifier

Effective 17 Oct 2025, Mastercard introduced subelements and subfields to support multiuse transaction identification data and provide information on updated Transaction Link Identifier (TLID) usage.

Impact to Galileo: Multiuse transaction identification data, such as TLID, helps provide a consistent and sustainable transaction identification methodology. These TLID enhancements enable:

  • Globally unique transaction identification
  • Improved ability to detect unauthorized or fraudulent activity
  • Reduced need to use personally identifiable information (PII), including Primary Account Number (PAN) data, when researching historical transaction data
  • Matching and linking of all messages across the entire lifecycle of a transaction

The tlid field appears in authorization events for Mastercard only and contains DE105SF1.

GLB 11283.1 — Providing relay resistance protocol information to Mastercard Digital Enablement Service issuers

Effective 4 Nov 2025, Mastercard introduced new valid on-behalf service (OBS) values in
authorization messages for contactless transactions using device wallets to provide relay resistance protocol (RRP) information.

Impact to Galileo: The new OBS values provide additional information for the fraud systems to evaluate and indicate signs of a potential relay attack. A relay attack is a technique criminals use to transmit data from a terminal to a remote location to make unauthorized purchases.

For additional information on RRP, refer to the Auth API documentation.

GLB 11276.1 — Introducing Mastercard Transaction Insights: Authorization Match

Effective 17 Oct 2025, Mastercard introduced Transaction Insights: Authorization Match, which provides clearing-to-authorization matching outcomes in original first presentment messages.

Impact to Galileo: By receiving clearing-to-authorization matching outcomes in Mastercard's Dual Message Clearing System messages, Galileo benefits from:

  • Streamlined reconciliation, back-office matching, and posting
  • Reduction in authorization hold times associated with unmatched transactions
  • Operational cost efficiencies associated with clearing-to authorization matching and resolving consumer disputes

GLB 11248.1 — Enhancing digital commerce solutions indicators

Effective 4 Nov 2025, Mastercard enhanced its digital commerce solutions indicators to provide more detail about digital commerce transactions and support new programs.

Impact to Galileo: More information about digital commerce transactions enables Galileo to more effectively identify:

  • New programs
  • Transactions belonging to multiple programs
  • Future program values as they are introduced

GLB 11243.1 — Introducing support for Tap to More transactions

Effective 4 Nov 2025, Mastercard introduced modifications to support the commercialization of Tap to More transactions. Tap to More offers a variety of contactless payment options that improve transaction security and convenience.

Impact to Galileo: Tap to More support may promote higher card usage and customer satisfaction while reducing fraud risks. Tap to More is parsed from the DE061 data element, subfield 10, value 8, for both Dual Message Authorization System messages and Single Message System messages.

LAC 11225.1 — Enhancing Mexico intracountry processing

Effective 17 Oct 2025, Mastercard enhanced the Dual Message Clearing System processing for Mexico intracountry to support Annex 29 regulation and future changes to Value Added Tax (VAT) settlement and reporting.

Impact to Galileo: Galileo now receives additional data to help identify acquiring institutions associated with local clearing houses. Galileo and acquirers participating in Mexico intracountry processing who use the Integrated Product Message (IPM) Mastercard Parameter Extract (MPE) receive details on new private data subelements (PDSs) for upcoming VAT jurisprudence regulation.

GLB 10437.1 — Assigning new leading indicators to the account holder authentication value for smart authentication direct services

Effective 11 Apr 2025, Mastercard assigns these leading indicators to the account holder authentication validation (AAV): (AAV):

  • kJ for Smart Authentication Direct
  • kU for Smart Authentication Direct Acquirer Exemption (SADAE)

Impact to Galileo: Galileo passes these values in the aav_indicator. Precise authentication data can improve approval rates.

GLB 10432.1 — Enhancing data fields and name validation request

Effective 3 June 2025, Mastercard enhanced data fields for Mastercard MoneySend and Funding Transactions Program to allow capturing and processing of the full middle name of the account holder. Mastercard also enhanced the Name Validation Service so it can be used independently of an Account Status Inquiry (ASI) request.

Impact to Galileo: Additional validation helps in fraud prevention for transactions Galileo processes. You can see the results of an account name inquiry in the match_results field of the auth event.

GLB 10401.1 — Introducing decline response code values

Effective 3 June 2025, Mastercard uses decline response code values to more efficiently track and monitor closed accounts and accounts not yet activated.

Impact to Galileo: This mandate improves operational efficiency for Galileo as an issuer processor. See Authorization Response Codes for details.

GLB 10411.1 — Enhancing the digitization of issuer-generated consumer virtual card numbers

Effective 3 June 2025, Mastercard enables issuers to provide an associated primary account number (PAN) to enhance the processing of issuer-generated Virtual Card Numbers (VCNs).

Impact to Galileo: This change improves fraud monitoring, operational support, and reporting based on the relationship between the VCN and the primary account.

LAC 10468.1 — Enhancing transaction specifications for Brazil

Effective 11 Apr 2025, Mastercard enhanced data elements and introduced a subfield to comply with current Central Bank of Brazil regulations, which require cardholder, acceptor name, and tax ID for intracountry transactions in Brazil.

Impact to Galileo: Galileo uses these fields to remain compliant with Brazil’s regulations.

LAC 10545.1 — Enhancing the processing of issuer-generated virtual card numbers in Brazil

Effective 11 Apr 2025, Mastercard enables issuers to provide an associated primary account number (PAN) to enhance the processing of issuer-generated Virtual Card Numbers (VCNs) in Brazil.

Impact to Galileo: This change improves fraud monitoring, operational support, and reporting based on the relationship between the VCN and the primary account.

Visa

H2 2.4 — Changes to merchant category codes

Effective 17 Oct 2025, Visa introduced 14 new Merchant Category Codes (MCCs) in the Hotel and Airline group.

Impact to Galileo: New MCCs improve authorization decisions, data analysis, market research, and dispute resolution. These MCCs are available in Field 111.

H2 2.6 — Changes to support Visa Digital Commerce Authentication Program for domestic and cross-border transactions

Effective 17 Oct 2025, Visa expanded support of the Visa Digital Commerce Authentication Program (VDCAP) indicator to all regions for domestic and cross-border card-not-present transactions.

Impact to Galileo:VDCAP conveys the presence of certain key data elements and the eligible method used to share authentication data. This program aims to improve authorization rates, reduce fraud, and provide a better customer experience.

This change will be available in Field 111.

H2 2.7 — Changes to support Visa Digital Commerce Authentication Program for token transactions

Effective 17 Oct 2025, Visa enables additional authentication data to be sent to issuers that support Visa Digital Commerce Authentication Program (VDCAP) for card-not-present token transactions.

VDCAP includes enhanced risk data elements and a program qualification indicator in authorization messages to issuers and acquirers, informing them when a card-not-present token transaction has met the program criteria.

Impact to Galileo: Galileo benefits from additional risk data in authorization requests, enabling better decision-making and potentially reducing fraud.

This data is parsed from Field 34 (Acceptance Environment Data, TLV Format), Dataset 06 (Device Platform Data),Tag 86 (Device IFD).

H2 2.9 — Updates to Visa Commercial Choice Travel Products

Effective 17 Oct 2025, Visa implemented changes to allow transactions with non-travel MCCs to be processed as Visa Commercial Choice Travel transactions.

Visa Commercial Choice Travel (VCC Travel) enables online travel agencies, travel service providers, and other travel payment providers to use interchange reimbursement fee (IRF) virtual accounts for B2B payments to travel inventory suppliers.

Impact to Galileo: Removing the MCC limitation for VCC Travel may benefit issuers by increasing Galileo's operational efficiency.

H2 2.10 — New indicator to identify advance payment transactions

Effective 17 Oct 2025, Visa implemented a new indicator to identify advance payment.

Impact to Galileo: Galileo benefits from increased visibility into advance payment transactions. The advance payment indicator is parsed from Field 126.13.

H2 2.11 — Changes to response code processing

Effective 17 Oct 2025, Visa introduced changes in the response codes by reserving response code 57 (Transaction not permitted to cardholder) for use by Visa.

Impact to Galileo: In place of 57, Galileo uses the response code 5C wherever applicable. See Authorization Response Codes for details.

H2 3.2 — Regional support for the Visa Account Attack Intelligence Score

Effective 17 Oct 2025, Visa implemented changes to support the Visa Account Attack Intelligence Score in the LAC and Canada regions.

The Visa Account Attack Intelligence Score is a risk score Visa provides to help with fraud assessment. It was developed to identify enumeration attacks, commonly known as brute force attacks or account testing.

Impact to Galileo: Visa's support for Visa Account Attack Intelligence Score in more regions means more clients and customers can access this benefit through Galileo. The risk score is contained in the account_attack_intelligence_score field. The value is parsed from Field 104, usage 2.

H2 3.6 — Support for domestic and cross-border account funding transactions and original credit transactions

Effective 17 Oct 2025, Visa implemented changes to validate sender data for existing fields in both domestic and cross-border account funding transactions (AFTs) and original credit transactions (OCTs) for all business application identifiers (BAIs).

Impact to Galileo: Galileo benefits from improved overall acceptance by enabling regulatory compliance in the regions clients operate in.

H2 3.7 — Support for Visa Direct in-person tap transactions

Effective 17 Oct 2025, Visa implemented a new indicator for Visa Direct in-person tap transactions in account funding transactions (AFTs) and original credit transactions (OCTs).

Impact to Galileo: This enhancement differentiates NFC-initiated money movement transactions on consumer devices and improves processing integrity and security with new data supported by the Visa Tap Kernel. Available through VisaNET Integrated Payment (VIP) message requests, this data is derived from Field 34 (Acceptance Environment Data, TLV Format), Dataset 02 (Acceptance Environment Additional Data), Tag 89.

H2 3.10 — Changes to Token Activation Request Messages to Support Token Requestor Onboarding Information

Effective 17 Oct 2025, Visa implemented changes to Token Activation Request messages to send issuers information about the onboarding of new token requestors.

Impact to Galileo:Visa Token Service now sends newly onboarded Token Requestor Identifier (TRID) information during real-time token provisioning calls to issuers. This enhancement reduces processing time and improves efficiency for issuers and Token Requestors-Token Service Providers (TR-TSPs).

For current capabilities of our enhanced provisioning rules, refer to Enhanced Provisioning Rules.

H1 2.2 — Mandatory changes to Visa Resolve Online

Effective 11 Apr 2025, Visa Resolve Online (VROL) supports the Compelling Evidence 3.0 dispute code enhancement, which includes Visa Data Only transactions. Transactions processed with Visa Data Only and which include the Compelling Evidence 3.0 data elements will be eligible for fraud liability shift.

Impact to Galileo: This improves the chargeback process by including compelling evidence.

H1 2.4 — Changes to merchant category codes

Effective 11 Apr 2025, Visa introduced a new merchant category code (MCC) in the airline category: 3169, for Riyadh Air.

Impact to Galileo: New MCCs improve authorization decisions, data analysis, market research, and dispute resolution.

H1 2.6 — Changes to currency code for Curaçao and Sint Maarten

Effective 11 Apr 2025, the currency code of Curaçao and Sint Maarten changed from ANG/532 (Netherlands Antilles Guilder) to XCG/532 (Caribbean Guilder).

Impact to Galileo: Galileo supports these currency codes in its events and endpoints. For example, these codes can be passed as the currency_code in the response for the Get Balance endpoint.

H1 2.11 — Changes to authorization response codes

Effective 11 Apr 2025, Visa introduced two new authorization response codes and changes to response code processing:

  • 5C — Transaction not supported or blocked by issuer
  • 9G — Transaction blocked by cardholder or contact cardholder

Impact to Galileo: More granular response codes help improve authorizations. See Authorization Response Codes for details. Although Visa added the 9G code, Galileo clients shouldn't expect to see it.

H1 3.3 — Changes to Visa Token Service device binding for issuers

Effective 11 Apr 2025, notifications sent to the issuer upon device binding include additional device information fields. Also, the Visa Token Service was updated to support device binding using Fast Identity Online (FIDO™) authentication.

Impact to Galileo: This mandate helps Galileo and their clients by providing more comprehensive device data and streamlined processing for FIDO authentication and implicit approvals, which in turn offers their clients enhanced security and a smoother user experience for token-to-device binding.

H1 3.5 — Changes to merchant-initiated account funding transaction processing

Effective 11 April 2025, Visa implemented changes to add account-funding transactions (AFTs) to the merchant-initiated transaction framework. This enables the initial cardholder-initiated AFTs to identify when the credential is being stored for future merchant-initiated transactions and to identify AFTs that are merchant-initiated using the stored credential.

Impact to Galileo: This mandate streamlines operations and improves the accuracy of transaction handling by receiving clearly differentiated and standardized data, whether initiated by a cardholder or a merchant.

H1 3.8 — Requirements to support enhanced data sharing from third party data providers for card-not-present transactions

Effective 11 Apr 2025, Visa implemented a new VisaNET Integrated Payment (VIP) System processing rule for card-not-present (CNP) transactions. During authorization, this rule shares enhanced third-party data with issuers using the Visa Intelligent Data Exchange (IDX).

Impact to Galileo: This change improves decision-making on authorizations.

H1 4.5 — Changes to the Visa token service to support increased token counts

Visa implemented changes to increase the length of three existing token status count tags in token transactions.

Impact to Galileo: This mandate improves the risk management of token transactions for Galileo.

Updated 12 days ago

© Galileo Financial Technologies, LLC 2026    Privacy Disclosure

All documentation, including but not limited to text, graphics, images, and any other content, are the exclusive property of Galileo Financial Technologies, LLC and are protected by copyright laws. These materials may not be reproduced, distributed, transmitted, displayed, or otherwise used without the prior written permission of Galileo Financial Technologies, LLC. Any unauthorized use or reproduction of these materials are expressly prohibited.