Guides
Log into Sandbox

Card Network Mandates

Suggest Edits

Card networks, such as Mastercard, Visa, Discover, STAR, and Pulse, publish mandates for issuers, processors, and acquirers to enable secure, efficient, and standardized card transaction handling. These directives cover critical areas like data security, transaction processing, and fraud prevention, fostering a trusted operational environment for everyone involved in the payment ecosystem.

Card networks communicate these mandates through technical newsletters four times a year. Galileo reviews these mandates and updates its systems and documentation to align with them.

This guide explains the 2025 card network mandates from Visa and Mastercard announced to date that impact Galileo and Galileo clients. (Pulse, STAR, and Discover have also released mandates in 2025, but those mandates do not impact Galileo or Galileo clients.)

Mastercard

GLB 10437.1 — Assigning new leading indicators to the account holder authentication value for smart authentication direct services

Effective April 11, 2025, Mastercard assigns these leading indicators to the account holder authentication validation (AAV): (AAV):

  • kJ for Smart Authentication Direct
  • kU for Smart Authentication Direct Acquirer Exemption (SADAE)

Impact to Galileo: Galileo passes these values in the aav_indicator. Precise authentication data can improve approval rates.

GLB 10432.1 — Enhancing data fields and name validation request

Effective June 3, 2025, Mastercard enhanced data fields for Mastercard MoneySend and Funding Transactions Program to allow capturing and processing of the full middle name of the account holder. Mastercard also enhanced the Name Validation Service so it can be used independently of an Account Status Inquiry (ASI) request.

Impact to Galileo: Additional validation helps in fraud prevention for transactions Galileo processes. You can see the results of an account name inquiry in the match_results field of the auth event.

GLB 10401.1 — Introducing decline response code values

Effective June 3, 2025, Mastercard uses decline response code values to more efficiently track and monitor closed accounts and accounts not yet activated.

Impact to Galileo: This mandate improves operational efficiency for Galileo as an issuer processor. See Authorization Response Codes for details.

GLB 10411.1 — Enhancing the digitization of issuer-generated consumer virtual card numbers

Effective June 3, 2025, Mastercard enables issuers to provide an associated primary account number (PAN) to enhance the processing of issuer-generated Virtual Card Numbers (VCNs).

Impact to Galileo: This change improves fraud monitoring, operational support, and reporting based on the relationship between the VCN and the primary account.

LAC 10468.1 — Enhancing transaction specifications for Brazil

Effective April 11, 2025, Mastercard enhanced data elements and introduced a subfield to comply with current Central Bank of Brazil regulations, which require cardholder, acceptor name, and tax ID for intracountry transactions in Brazil.

Impact to Galileo: Galileo uses these fields to remain compliant with Brazil’s regulations.

LAC 10545.1 — Enhancing the processing of issuer-generated virtual card numbers in Brazil

Effective April 11, 2025, Effective April 11, 2025, Mastercard enables issuers to provide an associated primary account number (PAN) to enhance the processing of issuer-generated Virtual Card Numbers (VCNs) in Brazil.

Impact to Galileo: This change improves fraud monitoring, operational support, and reporting based on the relationship between the VCN and the primary account.

Visa

2.2 — Mandatory changes to Visa Resolve Online

Effective April 11, 2025, Visa Resolve Online (VROL) supports the Compelling Evidence 3.0 dispute code enhancement, which includes Visa Data Only transactions. Transactions processed with Visa Data Only and which include the Compelling Evidence 3.0 data elements will be eligible for fraud liability shift.

Impact to Galileo: This improves the chargeback process by including compelling evidence.

2.4 — Changes to merchant category codes

Effective April 11, 2025, Visa introduced a new merchant category code (MCC) in the airline category: 3169, for Riyadh Air.

Impact to Galileo: New MCCs improve authorization decisions, data analysis, market research, and dispute resolution. For details, see Merchant Category Codes.

2.6 — Changes to currency code for Curaçao and Sint Maarten

Effective April 1, 2025, the currency code of Curaçao and Sint Maarten changed from ANG/532 (Netherlands Antilles Guilder) to XCG/532 (Caribbean Guilder).

Impact to Galileo: Galileo supports these currency codes in its events and endpoints. For example, these codes can be passed as the currency_code in the response for the Get Balance endpoint.

2.11 — Changes to authorization response codes

Effective April 11, 2025, Visa introduced two new authorization response codes and changes to response code processing:

  • 5C — Transaction not supported or blocked by issuer
  • 9G — Transaction blocked by cardholder or contact cardholder

Impact to Galileo: More granular response codes help improve authorizations. See Authorization Response Codes for details. Although Visa added the 9G code, Galileo clients shouldn't expect to see it.

3.3 — Changes to Visa Token Service device binding for issuers

Effective April 11, 2025, notifications sent to the issuer upon device binding include additional device information fields. Also, the Visa Token Service was updated to support device binding using Fast Identity Online (FIDO™) authentication.

Impact to Galileo: This mandate helps Galileo and their clients by providing more comprehensive device data and streamlined processing for FIDO authentication and implicit approvals, which in turn offers their clients enhanced security and a smoother user experience for token-to-device binding.

3.5 — Changes to merchant-initiated account funding transaction processing

Effective April 11, 2025, Visa implemented changes to add account-funding transactions (AFTs) to the merchant-initiated transaction framework. This enables the initial cardholder-initiated AFTs to identify when the credential is being stored for future merchant-initiated transactions and to identify AFTs that are merchant-initiated using the stored credential.

Impact to Galileo: This mandate streamlines operations and improves the accuracy of transaction handling by receiving clearly differentiated and standardized data, whether initiated by a cardholder or a merchant.

3.8 — Requirements to support enhanced data sharing from third party data providers for card-not-present transactions

Effective April 11, 2025, Visa implemented a new VisaNET Integrated Payment (VIP) System processing rule for card-not-present (CNP) transactions. During authorization, this rule shares enhanced third-party data with issuers using the Visa Intelligent Data Exchange (IDX).

Impact to Galileo: This change improves decision-making on authorizations.

4.5 — Changes to the Visa token service to support increased token counts

Visa implemented changes to increase the length of three existing token status count tags in token transactions.

Impact to Galileo: This mandate improves the risk management of token transactions for Galileo.

Updated 2 days ago

© Galileo Financial Technologies, LLC 2025    Privacy Disclosure

All documentation, including but not limited to text, graphics, images, and any other content, are the exclusive property of Galileo Financial Technologies, LLC and are protected by copyright laws. These materials may not be reproduced, distributed, transmitted, displayed, or otherwise used without the prior written permission of Galileo Financial Technologies, LLC. Any unauthorized use or reproduction of these materials are expressly prohibited.