• The Recipes section has been updated to include the following example requests in cURL, JavaScript in Python

• Reminder: Country and Card Type Restrictions Now Applied to All Transactions

  Previously, TabaPay's country and card type restrictions applied only to raw PANs, and not to cards tokenized in mobile wallets like Apple Pay and Google Pay. Due to network rule changes, these restrictions now apply to all transactions, including mobile wallet tokens. Clients may see a slight increase in 422 Source Disabled errors as a result.

  For questions or support needed to implement these updates, please reach out to your TabaPay representative or [email protected].

• Visa

  • Visa is implementing changes to reduce incorrect response codes from issuers. Starting April 25, 2026, reclassified response codes will count toward the issuer's generic response code total, which is used to calculate the Generic Response Codes System Integrity Fee. TabaPay clients may see changes in the response codes they receive.

    Updated Response Codes

    
    

    Response Code	New Description	Old Description
    46*	Deactivated token was used	Closed Account. Do not reattempt with the same PAN or token. (Visa). Use for accounts closed by the Issuer or the cardholder for any reason.
    R0	Recurring transactions only. Stop this Payment: merchant-level one time stop payment.	Fraudulent transaction prior to embossed valid date (future). Stop Payment Order
    R1	Recurring transactions only. Stop all Future Payments: merchant or MCC level recurring stop payment.	Credit not Received (future). Revocation of Authorization Order
    R3	Recurring transactions only. Stop all Merchants: PAN-level stop payment on VSPS eligible transactions.	Approved with overdraft protection. Revocation of all Authorizations order
    78*	Used for suspended or deactivated pseudo Accounts. Blocked, first used or special condition (new cardholder not activated, or card is temporarily blocked).	Customer not eligible for POS (Star SM) OR. Blocked, First Used (Visa). New card that has not been activated -or- card has been temporarily blocked due to a special condition

    *Previously deactivated tokens received a 05 response code.

• Updated 3DS Transactions descriptions regarding ECI and version fields in Create Transaction API.

  • The 3DS Authenticate API returns values in a different format than Create Transaction API requires. Reformat the following before submitting:

    ECI — strip the leading zero. 05 → 5
    version — use the first digit (integer only). 2.2.0 → 2

• The TabaPay Portal has been updated to include more enhanced data on the Transactions page. The following sections have been updated:
  • Transactions
  • Viewing Transaction Details
  • Viewing Chargeback Details
  • Viewing Adjustment Details
  • Viewing AVS Details
• The following reports are now available for download under the reporting and invoice pages in portal:
  • Real-Time Monitoring Report (if merchant is enabled for RTM)
  • AVS Invoice
• You can now view Network Bulletins from TabaPay Portal Help center.

• Sample Reports have been updated for the following
  • AML Summary
  • Config
  • RTP Send
  • Partial Authorization
  
  

• TabaPay Reporting pages have been updated with example reports available for download
  • Chargebacks Example Report
  • Reported Fraud Example Report
  • Real-Time Monitoring and Blocking Example Report
  • Summary Example Report
  • Transactions Example Report

Mastercard

• Mastercard introduced the CCP to reduce declines caused by outdated cardholder credentials. A significant portion of recurring transactions using outdated credentials are declined. When updated credentials have been available for an extended period but the merchant continues using the old ones, Mastercard applies a fee.

Visa

• Starting March 10, Banque de France will begin declining Visa non-3DS CIT transactions with US merchants when a cardholder exceeds a cumulative spending threshold at the same merchant within a 24-hour window since their last authentication.

• codeUCAF Response Field documentation has been updated including Visa, Mastercard, and Discover (Coming Soon) descriptions. For different networks refer to the following:

  • Visa CAVV
  • Mastercard AAV
  • Discover CAVV

• The TabaPay Developers Postman Collection is now live. Existing clients with access to Sandbox can now fork the Postman Collection and get started with testing their use cases with different examples. For an introduction to Postman, refer to Test Your Use Case with Postman.

  • Download the TabaPay Postman Collection

• The Starter Guide has been published to guide new clients and prospects with an intro to payments and TabaPay topics to help get started.

• Multiple bulletins has been posted regarding Visa and Mastercard updates. Refer to the following network bulletins for more information.

  Mastercard

• Mastercard fees for authorizations declines due to insufficient funds. For clients accepting Mastercard payments or subscriptions, refer to Mastercard Authorization Optimizer Service Fee.

• Mastercard is launching a pilot for the Identity Check Approved Merchant List impacting liability shift for Mastercard 3DS transactions to help detect and block "ghost" merchants and fraud.

  Visa

• Commercial Enhanced Data Program 2026 Update to promote enhanced data integrity for Product 3 (Level 3) transactions.

• Updates to OCT Data Requirements including Purpose of Payment, Data of Birth and Sender Address.

• New Visa Plus Infinite Plus Credit Product in Canada.

• Visa is expanding Visa Flexible Credential (VFC) transactions from domestic-only transactions to now include cross-border transactions

• $0 authorization messages are now subject to the Visa Stop Payment Service (VSPS) Repeat Authorization Decline Fee

• Visa will no longer issue new Visa+ paynames (tags) moving forward. PayPal and Venmo will discontinue Peer-to-Peer (P2P) transfers between their platforms using Visa+ paynames, however this does not affect your ability to originate payouts to these wallets. Due to this strategic shift, TabaPay will discontinue onboarding new clients to the legacy Visa+ solution.

• Create Transaction has been updating to include the following response fields for Real Time Monitoring & Blocking.
  • RTM.status: Current status of the RTM transaction.
    • REJECTED: Transaction has been rejected
    • IN_REVIEW: Transaction is currently in review (Shadow mode only)
    • ACCEPTED: Transaction has been accepted and is passed through.
  • ruleIDs: A array of unique IDs for all rules applying to this transaction.
• The Recipes section has been updated to include the following example requests in cURL, JavaScript in Python

• As a reminder, the end of year (Christmas and New Year's) holiday freeze schedule includes the following:
  • Soft Freeze: Monday, Dec 22 – Tuesday, Dec 23
  • Hard Freeze: Wednesday, Dec 24 – Sunday, Jan 4 (Current)

• Query Bank has been updated to now include the RTPAttributes object for additional network details of the Routing Number. Previously the Query Bank response only included RTP is true or false.

• The TabaPay Portal has been updated to now include Balances. For questions, contact TabaPay Support, or email [email protected].

• API Reference and product guide descriptions have been updated for codeUCAF field in Create Transaction API.

• codeUCAF string UCAF Response Info. Value depends on the network of the transaction.

  Visa CAVV results code.

  • 0: No-Match. No Liability Shift
  • 1: No-Match. No Liability Shift
  • 2: Match. Fully authenticated transaction.
    
    

  MasterCard/MastercardDual UCAF Downgrade Reason:

  • 0: Missing UCAF
  • 1: Invalid UCAF

• Note: When codeUCAF is absent for Mastercard, the authentication did not have an issue.

• As a reminder, upcoming freeze dates will appear in November and December.
  • Soft Freeze: Monday, Nov 24 – Wednesday, Nov 26
  • Hard Freeze: Thursday, Nov 27 – Friday, Nov 28
  • Soft Freeze: Monday, Dec 22 – Tuesday, Dec 23
  • Hard Freeze: Wednesday, Dec 24 – Sunday, Jan 4

• Account Name Inquiry (ANI) for Mastercard is now live with via the Query Card API request. Refer to the recipe for an example request in cURL, JavaScript in Python:

• For MC ANI response codes, refer to ANI Response Codes.
• As a reminder, please note the Holiday Freeze Schedule in effect starting Monday, November 24th 2025.

• Delete Transaction API has been updated to now allow Multiple Reversals. Use the query parameter ?reversal and include the currency and amount of the partial reversal in the request body.
  • Permissions must be enabled for clients performing multiple reversals.
  • Clients should ensure to track the total reversal amounts to not exceed the total.

curl -X DELETE 'https://FQDN/v1/clients/ClientID/transactions/TransactionID?reversal' 
-H 'Authorization: Bearer *token*' 
-H 'Content-Type: application/json' 
-d '{"currency": "840", "amount": "0.20"}'

• Note: When performing an Auth & Capture void, and you receive a decline, you can retry a void with the query parameter ?void without request body parameters.

• The Recipes section has been updated to include the following example requests in cURL, JavaScript in Python.

• The TabaPay Portal has been updated to display multiple partial reversals based on permissions enabled.

• Bulletins
  • Bulletins are posted and sent directly to clients to communicate any upcoming network announcements or system changes.
  • PDF downloadable files have been added to each row on the bulletins table.
• Mastercard

  • Effective November 3, 2025 Mastercard is implementing a uniform pricing structure for Digital Enablement Fees currently assessed to Mastercard Card-Not-Present (CNP) transactions in Canada.

  • The changes are as follows:

    • Cap Removal: The $0.20 fee cap on transactions ≥ $1,000 will be removed. Updated Pricing Structure

• Visa

  • As of April 25, 2026 Visa will increase System Integrity Fees (SIF) from USD 0.15 to USD 0.25 for noncompliant international authorization reattempts in the US and Canada.

    If a merchant reattempts a transaction after receiving a Category 1, 2, 3, or 4 response code, the fee will be charged per reattempt.

    As a reminder, here are the response code descriptions:

    • Category 1—Issuer Will Never Approve response code
    • Category 2—Issuer Cannot Approve At This Time
    • Category 3—Data Quality, Revalidate Payment Information
    • Category 4—Generic Response Codes This increase augments Visa’s existing programs that aim to limit reattempts, with a specific international-focused fee increase.

    Learn more about Visa Category Fees at Transaction Integrity - Network Fees.

• Holiday Freeze Schedule

• ACH API Cutt-off times have been updated to reflect the following new times:

• New Cut-off times:

  ACH Input Type	Same Day	Next Day
  API*	12:00 PM PT	5:30 PM PT

*Files are still processed with ACH API initiated by Create Transaction API.

• Previously ACH API cut-off times were listed at 12:00 PM PT (Same window).

• The Recipes section has been updated to include the following example requests in cURL, JavaScript in Python

• To learn the differences between a Void and Reversal, refer to the Glossary, or the Auth & Capture FAQs.