NAB Gateway Support Centre updates

Address Verification Service (AVS)

Address Verification Service (AVS) is a tool used to check the accuracy of a customer's address by comparing the information provided with the billing address listed with the issuing bank. This helps confirm that the address exists and matches the details on file, reducing the risk of fraud while ensuring the successful delivery of goods or services.

When processing $0 authorisations, some issuing banks enforce Account Name and Address Verification (AVS). When placeholder (“dummy”) details are submitted, the issuer declines the transaction.

Given broader AVS mandates by the schemes; Visa and Mastercard; more issuing banks are starting to enforce these checks on transactions that include address fields. Our recommendation is to submit accurate cardholder name and billing addresses to avoid declines.

Apple Pay can now be configured in Unfied Checkout

NAB Gateway Merchants can now configure Apple Pay in Unified Checkout enabling them to accept Apple Pay payments via the Unified Checkout in addition to existing options.

Learn more about unified checkout in NAB Gateway.

Dynamic Card Acceptor requests

Dynamic Card Acceptor (DCA) is now available for NAB Gateway Merchants to request. DCA allows merchants to update the description provided to the issuer bank, from the merchant’s legal entity name to a trading name. The trading name is then populated on customer’s statement to reduce the risk of chargebacks. 

Moving name details in Unified Checkout

Updates have been made to Unified Checkout. When a customer checks out with Unified Checkout, the entry fields for first and last name will be available within the Card Details section of the form instead of within the Billing Details section.

By moving the cardholder’s name to the Card Details area, customers can enter their names on the same page as the card number.

If customers choose the automated cardholder details lookup feature, the customer details page will not appear, reducing the number of clicks required. 

Transaction verification based on anticipated amounts for Virtual Terminal

Merchants who use Virtual Terminal can now verify their transactions by using an anticipated amount. This new feature will streamline the transaction process by verifying that the customer’s card has sufficient funds to accept the relevant purchases.

When the transaction amount is “zero” on the “Virtual Terminal One-Time Payment” page, a checkbox with the following label ‘Use the Anticipated Amount to pre-authorise transactions’ will appear. When this checkbox is selected, the amount that is entered in the Amount field will be added to the payment request and sent for authorisation. For clarity, this step is established mainly for payment authorisation purposes and the customer will not be charged for the amount.

This feature will be especially useful for trial subscriptions, reservation services, and loyalty programs to ensure that a customer’s card has the funds to cover the anticipated costs. The customer will not be charged for the amount and their card would only be validated for the anticipated payment.

Recurring billing will no longer require a zero-amount authorisation

A zero-amount authorisation will no longer be required prior to using the Subscription API.

Merchants will be able to create subscriptions using the Subscription API after a customer-initiated transaction has been completed and authorisation obtained without a follow-up zero-amount authorisation. This will allow customers to create subscription services when using processors that do not allow zero-amount authorisations for eCommerce recurring billing transactions.

Rule-based routing to be enabled for Simple Object Access Protocol (SOAP)

Rule-based routing will be available for merchants who use the Visa Acceptance Solutions SOAP Toolkit. Merchants will be able to define up to 15 routing configurations and route them by priority.

Routing configurations can include the following conditions:

• Card brand
• Solution type
• Funding source
• Issuer country
• Merchant country
• Domestic or cross-border
• Currency
• Card verification
• Issuer BIN
• Issuer name

Rule-based routing will enable merchants using multiple processors to set up a rule-based routing scheme. The scheme will specify automatically which processor to send a payment through.

Token Management System (TMS) REST API transactions to be included in Transaction Search

REST API transactions that use the Token Management System (TMS) will be available in Transaction Search to improve visibility for merchants.

This update will allow merchants to troubleshoot transactions, audit transaction history more effectively and track key TMS operations, including:

• Create: Instrument Identifier, Payment Instrument, Customer
• Retrieve: Instrument Identifier, Payment Instrument, Customer
• Update: Instrument Identifier, Payment Instrument, Customer
• Delete: Instrument Identifier, Payment Instrument, Customer.

Flex Microform PCI Compliance

Microform v2 is being upgraded to comply with the new Payment Card Industry Data Security Standard guidelines (PCI DSS 4.0.1) Specifically, requirement 6.4.3. PCI DSS is a widely accepted set of standards for the security of credit, debit and cash card transactions. This update is designed to improve security for transactions, by safeguarding sensitive information, maintaining trust in electronic payment systems and reducing the likelihood of a data breach.

What action is required?

If you are using Microform v1 or v0.11, to comply with the standards, you must upgrade to Microform v2 before 1 April 2025.

Microform v1 and lower will reach end of life by 1 July 2025. 

Further information is available by visiting the VISA Support Centre.

REST API best practices mandate

There is a new REST API best practices mandate which comes into effect on 1 May 2025. Merchants who are using the http signature authentication need to pass all the required security parameters to NAB Gateway. 

Further information is available by visiting the NAB Gateway Developer centre.

Unified Checkout Integration updates

Unified Checkout is being upgraded to comply with the new Payment Card Industry Data Security Standard guidelines (PCI DSS 4.0.1). Merchants need to upgrade their Unified Checkout integrations to use the “clientLibrary” and “clientLibraryIntegrity” values to create their script tags. To implement this change, Merchants need to decrypt Capture Context to retrieve “clientLibrary” and “clientLibraryIntegrity” values which they pass dynamically into the checkout.html page.

Further information is available by visiting the NAB Gateway Developer centre.

Change to cybersource Customer Support email notifications

Some notifications previously sent from donotreply@support.cybersource.com will be sent from donotreply@notifications.visaacceptance.com. Your administrator may need to add this domain to your ‘allow’ list to ensure you continue to receive certain notifications.

Fraud Management Essentials (FME) changes

Review Status

Updates are being made to FME removing “Review” as an option to the Fraud Management rules. Valid settings will continue to be “Disable, Monitor or Reject”.

Merchants with FME rules set to “Review” will continue to be able to review transactions however once rules are updated review will no long appear as an option.

Declined transactions

Updates will be made to Fraud Management Essentials in May to include a status of "Declined." This will apply to all transactions that results in a decline or error, including authorisation declines. This status is final and cannot be subsequently updated.

Previously, transactions affected by declines were not visible in FME, although they could be viewed in Transaction Details as billable transactions without risk-related data (e.g., score, info codes). This will provide more transparency around FME’s processing of these transactions.

FME users will find it easier to detect and respond to fraud attacks. An unusually high number of declined transactions reported on the FMS dashboard may be an indication of a fraud attack. Viewing declined transactions in the FME dashboard enabling quicker investigation and resolution.

Simple Commerce Message Protocol (SCMP) Now Requires HTTPS

Merchants integrating via the SCMP API are required to transition their SCMP payment system to send and receive HTTPS transmissions using Simple Order API, Java SCMP Client SDK or REST API.

Further information is available by visiting the VISA Support Centre.

Simple Object Access Protocol (SOAP) Toolkit Update

As part of ongoing security enhancements, NAB Gateway will upgrade SOAP authentication to use a compliant P12 certificate. This upgrade is currently available for Java, C#, C++, and PHP. If your SOAP integration uses a different programming environment.

Further information is available by visiting the VISA Support Centre.

Flex Microform and Unified Checkout Updates

Flex Microform and Unified Checkout now supports eight-digit card number prefixes. A new optional REST API field “transientTokenResponseOptions.includeCardPrefix” enables users to select whether the Capture Context returns a six-digit, eight-digit, or no card number prefix.

To select the type of card number prefix:

• No field included: A six-digit prefix is returned (default).
• true: An eight-digit prefix is returned.
• false: No prefix is returned.

The following conditions apply:

• Eight-digit card number prefixes apply only to Mastercard, Visa and JCB brands with 16-digit card numbers or more.
• Any card with fewer than 16 digits returns a six-digit prefix even when the REST API field “transientTokenResponseOptions.includeCardPrefix” field is set to true.
• Amex returns a six-digit prefix even when the REST API field “transientTokenResponseOptions.includeCardPrefix” is set to true.
• If any card brand is co-branded with Mastercard, Visa and JCB, an eight-digit prefix is returned if the REST API Field “transientTokenResponseOptions.includeCardPrefix”is set to true.

Further information is available by visiting the PCI Website

Enhanced Search Capability for Key Management

The search functionality on the “Key Management” page available in the NAB Gateway Menu is being enhanced.

These search enhancements will allow merchants additional search filters with which to find security keys.

The following search filters will be added:

• Key Type lists all the key types that are supported and searchable for the user.
• Key ID is an open text field to search for keys by their ID.
• Created At contains set date ranges and an option for custom date range selection to search for keys created within a given timeframe.
• Expires In contains set date ranges and an option for custom date range selection to search for keys expiring within a given timeframe.
• Key Status determines whether the key is active or inactive.
• Sort Order: Choose the order in which you want the key results displayed.
• Records Per Page: Results per page can be changed.