April 2025 updates

Simple Commerce Message Protocol (SCMP) Now Requires HTTPS

Merchants integrating via the SCMP API are required to transition their SCMP payment system to send and receive HTTPS transmissions using Simple Order API, Java SCMP Client SDK or REST API.

Further information is available by visiting the VISA Support Centre., opens in new window

Simple Object Access Protocol (SOAP) Toolkit Update

As part of ongoing security enhancements, NAB Gateway will upgrade SOAP authentication to use a compliant P12 certificate. This upgrade is currently available for Java, C#, C++, and PHP. If your SOAP integration uses a different programming environment.

Further information is available by visiting the VISA Support Centre., opens in new window

Flex Microform and Unified Checkout Updates

Flex Microform and Unified Checkout now supports eight-digit card number prefixes. A new optional REST API field “transientTokenResponseOptions.includeCardPrefix” enables users to select whether the Capture Context returns a six-digit, eight-digit, or no card number prefix.

To select the type of card number prefix:

  • No field included: A six-digit prefix is returned (default).
  • true: An eight-digit prefix is returned.
  • false: No prefix is returned.

The following conditions apply:

  • Eight-digit card number prefixes apply only to Mastercard, Visa and JCB brands with 16-digit card numbers or more.
  • Any card with fewer than 16 digits returns a six-digit prefix even when the REST API field “transientTokenResponseOptions.includeCardPrefix”  field is set to true.
  • Amex returns a six-digit prefix even when the REST API field  “transientTokenResponseOptions.includeCardPrefix is set to true.
  • If any card brand is co-branded with Mastercard, Visa and JCB, an eight-digit prefix is returned if the REST API Field “transientTokenResponseOptions.includeCardPrefix”is set to true.

Further information is available by visiting the PCI Website, opens in new window

Enhanced Search Capability for Key Management

The search functionality on the “Key Management” page available in the NAB Gateway Menu is being enhanced.

These search enhancements will allow merchants additional search filters with which to find security keys.

The following search filters will be added:

  • Key Type lists all the key types that are supported and searchable for the user.
  • Key ID is an open text field to search for keys by their ID.
  • Created At contains set date ranges and an option for custom date range selection to search for keys created within a given timeframe.
  • Expires In contains set date ranges and an option for custom date range selection to search for keys expiring within a given timeframe.
  • Key Status determines whether the key is active or inactive.
  • Sort Order: Choose the order in which you want the key results displayed.
  • Records Per Page: Results per page can be changed.

Previous updates

Flex Microform PCI Compliance

Microform v2 is being upgraded to comply with the new Payment Card Industry Data Security Standard guidelines (PCI DSS 4.0.1) Specifically, requirement 6.4.3. PCI DSS is a widely accepted set of standards for the security of credit, debit and cash card transactions. This update is designed to improve security for transactions, by safeguarding sensitive information, maintaining trust in electronic payment systems and reducing the likelihood of a data breach.

What action is required?

If you are using Microform v1 or v0.11, to comply with the standards, you must upgrade to Microform v2 before 1 April 2025.

Microform v1 and lower will reach end of life by 1 July 2025. 

Further information is available by visiting the VISA Support Centre, opens in new window.

REST API best practices mandate

There is a new REST API best practices mandate which comes into effect on 1 May 2025. Merchants who are using the http signature authentication need to pass all the required security parameters to NAB Gateway. 

Further information is available by visiting the NAB Gateway Developer centre, opens in new window.

Unified Checkout Integration updates

Unified Checkout is being upgraded to comply with the new Payment Card Industry Data Security Standard guidelines (PCI DSS 4.0.1). Merchants need to upgrade their Unified Checkout integrations to use the “clientLibrary” and “clientLibraryIntegrity” values to create their script tags. To implement this change, Merchants need to decrypt Capture Context to retrieve “clientLibrary” and “clientLibraryIntegrity” values which they pass dynamically into the checkout.html page.

Further information is available by visiting the NAB Gateway Developer centre, opens in new window.

Change to cybersource Customer Support email notifications

Some notifications previously sent from donotreply@support.cybersource.com will be sent from donotreply@notifications.visaacceptance.com. Your administrator may need to add this domain to your ‘allow’ list to ensure you continue to receive certain notifications.

Fraud Management Essentials (FME) changes

Review Status

Updates are being made to FME removing “Review” as an option to the Fraud Management rules. Valid settings will continue to be “Disable, Monitor or Reject”.

Merchants with FME rules set to “Review” will continue to be able to review transactions however once rules are updated review will no long appear as an option.

Declined transactions

Updates will be made to Fraud Management Essentials in May to include a status of "Declined." This will apply to all transactions that results in a decline or error, including authorisation declines. This status is final and cannot be subsequently updated.

Previously, transactions affected by declines were not visible in FME, although they could be viewed in Transaction Details as billable transactions without risk-related data (e.g., score, info codes). This will provide more transparency around FME’s processing of these transactions.

FME users will find it easier to detect and respond to fraud attacks. An unusually high number of declined transactions reported on the FMS dashboard may be an indication of a fraud attack. Viewing declined transactions in the FME dashboard enabling quicker investigation and resolution.

Additional information for merchants

Stay updated with the latest information on changes to rates, fees, and charges, or read the NAB Merchant Agreement.

Contact us

Talk to a Transactional Banking Specialist

Let us help with your business banking needs, Monday to Friday, 8:00am to 6:00pm (AEST/AEDT)

1300 338 767

24/7 Terminal support

Call us for terminal support 24/7.

1300 369 852

eCommerce and Online support

Call us for NAB Transact support Monday to Friday, 8:00am to 8:00pm (AEST/AEDT)

Call us for NAB Gateway support Monday to Friday, 8:00am to 6:00pm (AEST/AEDT).

1300 369 852

Important information