• Updated 3DS Transactions descriptions regarding ECI and version fields in Create Transaction API.

  • The 3DS Authenticate API returns values in a different format than Create Transaction API requires. Reformat the following before submitting:

    ECI — strip the leading zero. 05 → 5
    version — use the first digit (integer only). 2.2.0 → 2

• The TabaPay Portal has been updated to include more enhanced data on the Transactions page. The following sections have been updated:
  • Transactions
  • Viewing Transaction Details
  • Viewing Chargeback Details
  • Viewing Adjustment Details
  • Viewing AVS Details
• The following reports are now available for download under the reporting and invoice pages in portal:
  • Real-Time Monitoring Report (if merchant is enabled for RTM)
  • AVS Invoice
• You can now view Network Bulletins from TabaPay Portal Help center.

• Sample Reports have been updated for the following
  • AML Summary
  • Config
  • RTP Send
  • Partial Authorization
  
  

• TabaPay Reporting pages have been updated with example reports available for download
  • Chargebacks Example Report
  • Reported Fraud Example Report
  • Real-Time Monitoring and Blocking Example Report
  • Summary Example Report
  • Transactions Example Report

Mastercard

• Mastercard introduced the CCP to reduce declines caused by outdated cardholder credentials. A significant portion of recurring transactions using outdated credentials are declined. When updated credentials have been available for an extended period but the merchant continues using the old ones, Mastercard applies a fee.

Visa

• Starting March 10, Banque de France will begin declining Visa non-3DS CIT transactions with US merchants when a cardholder exceeds a cumulative spending threshold at the same merchant within a 24-hour window since their last authentication.

• codeUCAF Response Field documentation has been updated including Visa, Mastercard, and Discover (Coming Soon) descriptions. For different networks refer to the following:

  • Visa CAVV
  • Mastercard AAV
  • Discover CAVV

• The TabaPay Developers Postman Collection is now live. Existing clients with access to Sandbox can now fork the Postman Collection and get started with testing their use cases with different examples. For an introduction to Postman, refer to Test Your Use Case with Postman.

  • Download the TabaPay Postman Collection

• The Starter Guide has been published to guide new clients and prospects with an intro to payments and TabaPay topics to help get started.

• Multiple bulletins has been posted regarding Visa and Mastercard updates. Refer to the following network bulletins for more information.

  Mastercard

• Mastercard fees for authorizations declines due to insufficient funds. For clients accepting Mastercard payments or subscriptions, refer to Mastercard Authorization Optimizer Service Fee.

• Mastercard is launching a pilot for the Identity Check Approved Merchant List impacting liability shift for Mastercard 3DS transactions to help detect and block "ghost" merchants and fraud.

  Visa

• Commercial Enhanced Data Program 2026 Update to promote enhanced data integrity for Product 3 (Level 3) transactions.

• Updates to OCT Data Requirements including Purpose of Payment, Data of Birth and Sender Address.

• New Visa Plus Infinite Plus Credit Product in Canada.

• Visa is expanding Visa Flexible Credential (VFC) transactions from domestic-only transactions to now include cross-border transactions

• $0 authorization messages are now subject to the Visa Stop Payment Service (VSPS) Repeat Authorization Decline Fee

• Visa will no longer issue new Visa+ paynames (tags) moving forward. PayPal and Venmo will discontinue Peer-to-Peer (P2P) transfers between their platforms using Visa+ paynames, however this does not affect your ability to originate payouts to these wallets. Due to this strategic shift, TabaPay will discontinue onboarding new clients to the legacy Visa+ solution.

• Create Transaction has been updating to include the following response fields for Real Time Monitoring & Blocking.
  • RTM.status: Current status of the RTM transaction.
    • REJECTED: Transaction has been rejected
    • IN_REVIEW: Transaction is currently in review (Shadow mode only)
    • ACCEPTED: Transaction has been accepted and is passed through.
  • ruleIDs: A array of unique IDs for all rules applying to this transaction.
• The Recipes section has been updated to include the following example requests in cURL, JavaScript in Python

• As a reminder, the end of year (Christmas and New Year's) holiday freeze schedule includes the following:
  • Soft Freeze: Monday, Dec 22 – Tuesday, Dec 23
  • Hard Freeze: Wednesday, Dec 24 – Sunday, Jan 4 (Current)

• Query Bank has been updated to now include the RTPAttributes object for additional network details of the Routing Number. Previously the Query Bank response only included RTP is true or false.

• The TabaPay Portal has been updated to now include Balances. For questions, contact TabaPay Support, or email [email protected].

• API Reference and product guide descriptions have been updated for codeUCAF field in Create Transaction API.

• codeUCAF string UCAF Response Info. Value depends on the network of the transaction.

  Visa CAVV results code.

  • 0: No-Match. No Liability Shift
  • 1: No-Match. No Liability Shift
  • 2: Match. Fully authenticated transaction.
    
    

  MasterCard/MastercardDual UCAF Downgrade Reason:

  • 0: Missing UCAF
  • 1: Invalid UCAF

• Note: When codeUCAF is absent for Mastercard, the authentication did not have an issue.

• As a reminder, upcoming freeze dates will appear in November and December.
  • Soft Freeze: Monday, Nov 24 – Wednesday, Nov 26
  • Hard Freeze: Thursday, Nov 27 – Friday, Nov 28
  • Soft Freeze: Monday, Dec 22 – Tuesday, Dec 23
  • Hard Freeze: Wednesday, Dec 24 – Sunday, Jan 4

• Account Name Inquiry (ANI) for Mastercard is now live with via the Query Card API request. Refer to the recipe for an example request in cURL, JavaScript in Python:

• For MC ANI response codes, refer to ANI Response Codes.
• As a reminder, please note the Holiday Freeze Schedule in effect starting Monday, November 24th 2025.

• Delete Transaction API has been updated to now allow Multiple Reversals. Use the query parameter ?reversal and include the currency and amount of the partial reversal in the request body.
  • Permissions must be enabled for clients performing multiple reversals.
  • Clients should ensure to track the total reversal amounts to not exceed the total.

curl -X DELETE 'https://FQDN/v1/clients/ClientID/transactions/TransactionID?reversal' 
-H 'Authorization: Bearer *token*' 
-H 'Content-Type: application/json' 
-d '{"currency": "840", "amount": "0.20"}'

• Note: When performing an Auth & Capture void, and you receive a decline, you can retry a void with the query parameter ?void without request body parameters.

• The Recipes section has been updated to include the following example requests in cURL, JavaScript in Python.

• The TabaPay Portal has been updated to display multiple partial reversals based on permissions enabled.

• Bulletins
  • Bulletins are posted and sent directly to clients to communicate any upcoming network announcements or system changes.
  • PDF downloadable files have been added to each row on the bulletins table.
• Mastercard

  • Effective November 3, 2025 Mastercard is implementing a uniform pricing structure for Digital Enablement Fees currently assessed to Mastercard Card-Not-Present (CNP) transactions in Canada.

  • The changes are as follows:

    • Cap Removal: The $0.20 fee cap on transactions ≥ $1,000 will be removed. Updated Pricing Structure

• Visa

  • As of April 25, 2026 Visa will increase System Integrity Fees (SIF) from USD 0.15 to USD 0.25 for noncompliant international authorization reattempts in the US and Canada.

    If a merchant reattempts a transaction after receiving a Category 1, 2, 3, or 4 response code, the fee will be charged per reattempt.

    As a reminder, here are the response code descriptions:

    • Category 1—Issuer Will Never Approve response code
    • Category 2—Issuer Cannot Approve At This Time
    • Category 3—Data Quality, Revalidate Payment Information
    • Category 4—Generic Response Codes This increase augments Visa’s existing programs that aim to limit reattempts, with a specific international-focused fee increase.

    Learn more about Visa Category Fees at Transaction Integrity - Network Fees.

• Holiday Freeze Schedule

• ACH API Cutt-off times have been updated to reflect the following new times:

• New Cut-off times:

  ACH Input Type	Same Day	Next Day
  API*	12:00 PM PT	5:30 PM PT

*Files are still processed with ACH API initiated by Create Transaction API.

• Previously ACH API cut-off times were listed at 12:00 PM PT (Same window).

• The Recipes section has been updated to include the following example requests in cURL, JavaScript in Python

• To learn the differences between a Void and Reversal, refer to the Glossary, or the Auth & Capture FAQs.

• The TabaPay System Status and Reports Status pages now include a daily status update with the System Status page reflecting the ongoing SLA of 99.999% uptime.
• Network Mandates
  • Network Mandates will now be posted on the Bulletins section. Bulletins are sent out to TabaPay clients and subscribers. Relevant mandates will still be posted in under each network and announced in the changelog as applicable. Be sure to check the bulletins to get the latest updates. For questions, reach out to TabaPay Support or email [email protected].
• Mastercard
  • Effective July 14, 2025, Mastercard is implementing a uniform pricing structure for certain fees currently assessed to Mastercard Card-Not-Present (CNP) transactions.
    • Cap Removal: The $0.40 fee cap on transactions ≥ $1,000 will be removed.
    • Expanded Fee Applicability: The MDEF will now apply to CNP authorizations declined due to insufficient funds (DE 39 = 51), which are currently excluded.
    • For all network fees, refer to the Network Fee Guide.
• Visa
  • Effective October 25, 2025, Visa will decline transactions that do not meet the following criteria specified for the in-scope fields and transaction types, with response code 64 (Transaction does not fulfill AML requirement).
    • Minimum 3 non-space characters in combined first and last name fields
    • Must not contain:
      • Special characters, including but not limited to: ?, #, =, $, !, &, :, ~, |, _, +, comma (,), /
      • Only digits (cannot be entirely numeric)
      • Only spaces
  • Effective October 18, 2025 Visa is making changes to its commercial card interchange programs for enhanced data. These changes are designed to improve data quality and streamline interchange incentives for level 2 and level 3 transaction types (now referred to as “product 2” and “product 3” transactions). Visa’s existing Level 3 program will be replaced with the new Commercial Enhanced Data Program (CEDP) and new Product 3 interchange rates.
    • Note: your ability to qualify for the most favorable rates will depend on the quality of the data you submit.
    • For current Level 2 and Level 3 descriptions, refer to Level 2 and Level 3 Data.