Guides
Log into Sandbox

Card Network Mandates

Suggest Edits

Card networks, such as Mastercard, Visa, Discover, STAR, and Pulse, publish mandates for issuers, processors, and acquirers to enable secure, efficient, and standardized card transaction handling. These directives cover critical areas like data security, transaction processing, and fraud prevention, fostering a trusted operational environment for everyone involved in the payment ecosystem.

Card networks communicate these mandates through technical newsletters four times a year. Galileo reviews these mandates and updates its systems and documentation to align with them.

This guide explains the 2025 card network mandates from Visa and Mastercard announced to date that impact Galileo and Galileo clients. (Pulse, STAR, and Discover have also released mandates in 2025, but those mandates do not impact Galileo or Galileo clients.)

Mastercard

GLB 8701.1 — Enhancing Mastercard Transaction Link Identifier

Effective 17 Oct 2025, Mastercard introduced subelements and subfields to support multiuse transaction identification data and provide information on updated Transaction Link Identifier (TLID) usage.

Impact to Galileo: Multiuse transaction identification data, such as TLID, helps provide a consistent and sustainable transaction identification methodology. These TLID enhancements enable:

  • Globally unique transaction identification
  • Improved ability to detect unauthorized or fraudulent activity
  • Reduced need to use personally identifiable information (PII), including Primary Account Number (PAN) data, when researching historical transaction data
  • Matching and linking of all messages across the entire lifecycle of a transaction

The tlid field appears in authorization events for Mastercard only and contains DE105SF1.

GLB 11283.1 — Providing relay resistance protocol information to Mastercard Digital Enablement Service issuers

Effective 4 Nov 2025, Mastercard introduced new valid on-behalf service (OBS) values in
authorization messages for contactless transactions using device wallets to provide relay resistance protocol (RRP) information.

Impact to Galileo: The new OBS values provide additional information for the fraud systems to evaluate and indicate signs of a potential relay attack. A relay attack is a technique criminals use to transmit data from a terminal to a remote location to make unauthorized purchases.

For additional information on RRP, refer to the Auth API documentation.

GLB 11276.1 — Introducing Mastercard Transaction Insights: Authorization Match

Effective 17 Oct 2025, Mastercard introduced Transaction Insights: Authorization Match, which provides clearing-to-authorization matching outcomes in original first presentment messages.

Impact to Galileo: By receiving clearing-to-authorization matching outcomes in Mastercard's Dual Message Clearing System messages, Galileo benefits from:

  • Streamlined reconciliation, back-office matching, and posting
  • Reduction in authorization hold times associated with unmatched transactions
  • Operational cost efficiencies associated with clearing-to authorization matching and resolving consumer disputes

GLB 11248.1 — Enhancing digital commerce solutions indicators

Effective 4 Nov 2025, Mastercard enhanced its digital commerce solutions indicators to provide more detail about digital commerce transactions and support new programs.

Impact to Galileo: More information about digital commerce transactions enables Galileo to more effectively identify:

  • New programs
  • Transactions belonging to multiple programs
  • Future program values as they are introduced

GLB 11243.1 — Introducing support for Tap to More transactions

Effective 4 Nov 2025, Mastercard introduced modifications to support the commercialization of Tap to More transactions. Tap to More offers a variety of contactless payment options that improve transaction security and convenience.

Impact to Galileo: Tap to More support may promote higher card usage and customer satisfaction while reducing fraud risks. Tap to More is parsed from the DE061 data element, subfield 10, value 8, for both Dual Message Authorization System messages and Single Message System messages.

LAC 11225.1 — Enhancing Mexico intracountry processing

Effective 17 Oct 2025, Mastercard enhanced the Dual Message Clearing System processing for Mexico intracountry to support Annex 29 regulation and future changes to Value Added Tax (VAT) settlement and reporting.

Impact to Galileo: Galileo now receives additional data to help identify acquiring institutions associated with local clearing houses. Galileo and acquirers participating in Mexico intracountry processing who use the Integrated Product Message (IPM) Mastercard Parameter Extract (MPE) receive details on new private data subelements (PDSs) for upcoming VAT jurisprudence regulation.

GLB 10437.1 — Assigning new leading indicators to the account holder authentication value for smart authentication direct services

Effective 11 Apr 2025, Mastercard assigns these leading indicators to the account holder authentication validation (AAV): (AAV):

  • kJ for Smart Authentication Direct
  • kU for Smart Authentication Direct Acquirer Exemption (SADAE)

Impact to Galileo: Galileo passes these values in the aav_indicator. Precise authentication data can improve approval rates.

GLB 10432.1 — Enhancing data fields and name validation request

Effective 3 June 2025, Mastercard enhanced data fields for Mastercard MoneySend and Funding Transactions Program to allow capturing and processing of the full middle name of the account holder. Mastercard also enhanced the Name Validation Service so it can be used independently of an Account Status Inquiry (ASI) request.

Impact to Galileo: Additional validation helps in fraud prevention for transactions Galileo processes. You can see the results of an account name inquiry in the match_results field of the auth event.

GLB 10401.1 — Introducing decline response code values

Effective 3 June 2025, Mastercard uses decline response code values to more efficiently track and monitor closed accounts and accounts not yet activated.

Impact to Galileo: This mandate improves operational efficiency for Galileo as an issuer processor. See Authorization Response Codes for details.

GLB 10411.1 — Enhancing the digitization of issuer-generated consumer virtual card numbers

Effective 3 June 2025, Mastercard enables issuers to provide an associated primary account number (PAN) to enhance the processing of issuer-generated Virtual Card Numbers (VCNs).

Impact to Galileo: This change improves fraud monitoring, operational support, and reporting based on the relationship between the VCN and the primary account.

LAC 10468.1 — Enhancing transaction specifications for Brazil

Effective 11 Apr 2025, Mastercard enhanced data elements and introduced a subfield to comply with current Central Bank of Brazil regulations, which require cardholder, acceptor name, and tax ID for intracountry transactions in Brazil.

Impact to Galileo: Galileo uses these fields to remain compliant with Brazil’s regulations.

LAC 10545.1 — Enhancing the processing of issuer-generated virtual card numbers in Brazil

Effective 11 Apr 2025, Mastercard enables issuers to provide an associated primary account number (PAN) to enhance the processing of issuer-generated Virtual Card Numbers (VCNs) in Brazil.

Impact to Galileo: This change improves fraud monitoring, operational support, and reporting based on the relationship between the VCN and the primary account.

Visa

H2 2.4 — Changes to merchant category codes

Effective 17 Oct 2025, Visa introduced 14 new Merchant Category Codes (MCCs) in the Hotel and Airline group.

Impact to Galileo: New MCCs improve authorization decisions, data analysis, market research, and dispute resolution. These MCCs are available in Field 111.

H2 2.6 — Changes to support Visa Digital Commerce Authentication Program for domestic and cross-border transactions

Effective 17 Oct 2025, Visa expanded support of the Visa Digital Commerce Authentication Program (VDCAP) indicator to all regions for domestic and cross-border card-not-present transactions.

Impact to Galileo:VDCAP conveys the presence of certain key data elements and the eligible method used to share authentication data. This program aims to improve authorization rates, reduce fraud, and provide a better customer experience.

This change will be available in Field 111.

H2 2.7 — Changes to support Visa Digital Commerce Authentication Program for token transactions

Effective 17 Oct 2025, Visa enables additional authentication data to be sent to issuers that support Visa Digital Commerce Authentication Program (VDCAP) for card-not-present token transactions.

VDCAP includes enhanced risk data elements and a program qualification indicator in authorization messages to issuers and acquirers, informing them when a card-not-present token transaction has met the program criteria.

Impact to Galileo: Galileo benefits from additional risk data in authorization requests, enabling better decision-making and potentially reducing fraud.

This data is parsed from Field 34 (Acceptance Environment Data, TLV Format), Dataset 06 (Device Platform Data),Tag 86 (Device IFD).

H2 2.9 — Updates to Visa Commercial Choice Travel Products

Effective 17 Oct 2025, Visa implemented changes to allow transactions with non-travel MCCs to be processed as Visa Commercial Choice Travel transactions.

Visa Commercial Choice Travel (VCC Travel) enables online travel agencies, travel service providers, and other travel payment providers to use interchange reimbursement fee (IRF) virtual accounts for B2B payments to travel inventory suppliers.

Impact to Galileo: Removing the MCC limitation for VCC Travel may benefit issuers by increasing Galileo's operational efficiency.

H2 2.10 — New indicator to identify advance payment transactions

Effective 17 Oct 2025, Visa implemented a new indicator to identify advance payment.

Impact to Galileo: Galileo benefits from increased visibility into advance payment transactions. The advance payment indicator is parsed from Field 126.13.

H2 2.11 — Changes to response code processing

Effective 17 Oct 2025, Visa introduced changes in the response codes by reserving response code 57 (Transaction not permitted to cardholder) for use by Visa.

Impact to Galileo: In place of 57, Galileo uses the response code 5C wherever applicable. See Authorization Response Codes for details.

H2 3.2 — Regional support for the Visa Account Attack Intelligence Score

Effective 17 Oct 2025, Visa implemented changes to support the Visa Account Attack Intelligence Score in the LAC and Canada regions.

The Visa Account Attack Intelligence Score is a risk score Visa provides to help with fraud assessment. It was developed to identify enumeration attacks, commonly known as brute force attacks or account testing.

Impact to Galileo: Visa's support for Visa Account Attack Intelligence Score in more regions means more clients and customers can access this benefit through Galileo. The risk score is contained in the account_attack_intelligence_score field. The value is parsed from Field 104, usage 2.

H2 3.6 — Support for domestic and cross-border account funding transactions and original credit transactions

Effective 17 Oct 2025, Visa implemented changes to validate sender data for existing fields in both domestic and cross-border account funding transactions (AFTs) and original credit transactions (OCTs) for all business application identifiers (BAIs).

Impact to Galileo: Galileo benefits from improved overall acceptance by enabling regulatory compliance in the regions clients operate in.

H2 3.7 — Support for Visa Direct in-person tap transactions

Effective 17 Oct 2025, Visa implemented a new indicator for Visa Direct in-person tap transactions in account funding transactions (AFTs) and original credit transactions (OCTs).

Impact to Galileo: This enhancement differentiates NFC-initiated money movement transactions on consumer devices and improves processing integrity and security with new data supported by the Visa Tap Kernel. Available through VisaNET Integrated Payment (VIP) message requests, this data is derived from Field 34 (Acceptance Environment Data, TLV Format), Dataset 02 (Acceptance Environment Additional Data), Tag 89.

H2 3.10 — Changes to Token Activation Request Messages to Support Token Requestor Onboarding Information

Effective 17 Oct 2025, Visa implemented changes to Token Activation Request messages to send issuers information about the onboarding of new token requestors.

Impact to Galileo:Visa Token Service now sends newly onboarded Token Requestor Identifier (TRID) information during real-time token provisioning calls to issuers. This enhancement reduces processing time and improves efficiency for issuers and Token Requestors-Token Service Providers (TR-TSPs).

For current capabilities of our enhanced provisioning rules, refer to Enhanced Provisioning Rules.

H1 2.2 — Mandatory changes to Visa Resolve Online

Effective 11 Apr 2025, Visa Resolve Online (VROL) supports the Compelling Evidence 3.0 dispute code enhancement, which includes Visa Data Only transactions. Transactions processed with Visa Data Only and which include the Compelling Evidence 3.0 data elements will be eligible for fraud liability shift.

Impact to Galileo: This improves the chargeback process by including compelling evidence.

H1 2.4 — Changes to merchant category codes

Effective 11 Apr 2025, Visa introduced a new merchant category code (MCC) in the airline category: 3169, for Riyadh Air.

Impact to Galileo: New MCCs improve authorization decisions, data analysis, market research, and dispute resolution.

H1 2.6 — Changes to currency code for Curaçao and Sint Maarten

Effective 11 Apr 2025, the currency code of Curaçao and Sint Maarten changed from ANG/532 (Netherlands Antilles Guilder) to XCG/532 (Caribbean Guilder).

Impact to Galileo: Galileo supports these currency codes in its events and endpoints. For example, these codes can be passed as the currency_code in the response for the Get Balance endpoint.

H1 2.11 — Changes to authorization response codes

Effective 11 Apr 2025, Visa introduced two new authorization response codes and changes to response code processing:

  • 5C — Transaction not supported or blocked by issuer
  • 9G — Transaction blocked by cardholder or contact cardholder

Impact to Galileo: More granular response codes help improve authorizations. See Authorization Response Codes for details. Although Visa added the 9G code, Galileo clients shouldn't expect to see it.

H1 3.3 — Changes to Visa Token Service device binding for issuers

Effective 11 Apr 2025, notifications sent to the issuer upon device binding include additional device information fields. Also, the Visa Token Service was updated to support device binding using Fast Identity Online (FIDO™) authentication.

Impact to Galileo: This mandate helps Galileo and their clients by providing more comprehensive device data and streamlined processing for FIDO authentication and implicit approvals, which in turn offers their clients enhanced security and a smoother user experience for token-to-device binding.

H1 3.5 — Changes to merchant-initiated account funding transaction processing

Effective 11 April 2025, Visa implemented changes to add account-funding transactions (AFTs) to the merchant-initiated transaction framework. This enables the initial cardholder-initiated AFTs to identify when the credential is being stored for future merchant-initiated transactions and to identify AFTs that are merchant-initiated using the stored credential.

Impact to Galileo: This mandate streamlines operations and improves the accuracy of transaction handling by receiving clearly differentiated and standardized data, whether initiated by a cardholder or a merchant.

H1 3.8 — Requirements to support enhanced data sharing from third party data providers for card-not-present transactions

Effective 11 Apr 2025, Visa implemented a new VisaNET Integrated Payment (VIP) System processing rule for card-not-present (CNP) transactions. During authorization, this rule shares enhanced third-party data with issuers using the Visa Intelligent Data Exchange (IDX).

Impact to Galileo: This change improves decision-making on authorizations.

H1 4.5 — Changes to the Visa token service to support increased token counts

Visa implemented changes to increase the length of three existing token status count tags in token transactions.

Impact to Galileo: This mandate improves the risk management of token transactions for Galileo.

Updated about 1 month ago

© Galileo Financial Technologies, LLC 2026    Privacy Disclosure

All documentation, including but not limited to text, graphics, images, and any other content, are the exclusive property of Galileo Financial Technologies, LLC and are protected by copyright laws. These materials may not be reproduced, distributed, transmitted, displayed, or otherwise used without the prior written permission of Galileo Financial Technologies, LLC. Any unauthorized use or reproduction of these materials are expressly prohibited.