In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Aug 29, 2025 - 10:00 EDT
Scheduled - As originally communicated in our February 2025 Visa Business News (VBN-AI14914), VCAS Status Page, and VCAS Updates email, VCAS will be migrating to the Visa U.S. data centers.
This notice informed customers that, to prepare for the migration, they should either connect to the Visa File Exchange Service (VFES) or allow the new IP addresses, depending on their VCAS solution. In a subsequent customer webinar in April 2025, we reviewed the entire migration plan from readiness to completion, providing details on each action and the overall strategy for migrating customers.
Important Update
The target start date for the data center migration has been moved to July 1st, 2026, with the revised target end date set for September 1st, 2027.
Previously, our last communication advised that the migration would begin October 1st, 2025 and conclude by June 30, 2026. These adjustments have been made to allow more time for customer readiness and technical preparations.
We believe the revised timelines will give customers and technology teams enough time to ensure everyone is ready and the migration happens as smoothly as possible. With a migration of this size and nature, it is imperative that we focus on moving our customer’s traffic with no disruption.
Client Impact
As we are still in the Readiness Phase, the revised timeline is not expected to impact customers. Any planning or work that has already been completed remains valid to meet the new date.
Action Required
The requirements around connecting to VFES and/or trusting the new IP addresses must happen regardless of when the target migration start date is. For customers that have completed these actions, you are ready for the migration. For customers that haven’t, please act as soon as possible so we can ensure your readiness prior to the start date.
Directory Server Update (Cutover #1)
In the April 2025 customer webinar, we explained the need to update each network Directory Server with a new VCAS ACS URL and Method URL as a way for us to have more control when it comes time to migrate data centers. Having more control allows us to have increased speed, flexibility, and the ability to reduce risk.
For most networks, we’ve gained their agreement to work with us to migrate the ACS URL and Method URL on behalf of our customers so there is no additional customer action needed. For a couple of networks, there will be customer action as the network requires the customer to make the request, but this will be communicated at a later date.
We will start with updating the Visa Directory Server (DS) for Europe in September 2025, ahead of the holiday season. A separate communication will be sent to EU customers with further details. For all other regions, the Visa DS update is scheduled to begin after the New Year. We will share specific dates and rollout plans in January to ensure adequate time to prepare.
For the other non-Visa networks, we will begin scheduling these after the Visa DS has been fully updated with the new VCAS ACS URL and Method URL. Further communication will follow with specifics for each network.
Action Reminders from the previous notification
Trust IP Ranges VCAS users that have integrated Real-time Data Exchange (RDX) or Authentication Data Exchange (ADX) APIs will need to:
Trust the following IP subnet ranges (preferred): o 198.241.177.0/24 o 198.241.169.0/24 If the full IP ranges cannot be trusted, the below IPs should be trusted (minimum requirement): o 198.241.177.108 o 198.241.177.109 o 198.241.169.24 o 198.241.169.34
Continue to trust current IP addresses until the migration is complete. VCAS will be conducting tests throughout the Readiness and Migration phases to ensure our customer are trusting the new IPs. Please do not block the IPs if you see connectivity trusts.
Request a Project
VCAS users that use file transfer services (Secure File Transfer Protocol [SFTP] Reporting, File Processor or Bulk Confirmed Marking) will need to request a project using the Visa Support Hub (https://visasupporthub.visaonline.com/) via Visa Access (formerly Visa Online) or their Customer Success Manager (CSM).
The objective of this project is to establish connectivity between the user’s system and the Visa File Exchange Service (VFES). A secondary project will be needed to complete the actual data center migration; this secondary project will include testing the files before sending traffic to the Visa data center.
Sign Up for Future Data Center Migration Updates
Visa will use the following channels to communicate data center migration updates and strongly recommends VCAS users subscribe to ensure receipt of migration-related communications and notifications.
• VCAS Status Page / CardinalCommerce Status: This status page is primarily used to communicate planned and unplanned events that may impact operational status. (https://cardinalcommercecorporation.statuspage.io/) • The Visa.com Opt-in to VCAS updates today page (https://globalclient.visa.com/Opt-inToVCASUpdatesToday): This is primarily for new VCAS product information, updates and educational opportunities. Visa will also use this channel to communicate data center migration updates via email.
Visit the Visa Support Hub (https://visasupporthub.visaonline.com) to search for answers to your questions and create a case, if needed. Otherwise, please do not hesitate to contact your Local VISA support if you have any questions or concerns.
Completed -
The scheduled maintenance has been completed.
Sep 15, 08:00 EDT
In progress -
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Sep 11, 08:00 EDT
Scheduled -
CardinalCommerce will be performing network and database system maintenance starting at 12:00 UTC on September 11, 2025, through 12:00 UTC on September 15, 2025.
During this window we will apply the most recent network and database updates for optimal performance and to prevent new exploits from being used against our VCAS systems. In addition, CardinalCommerce will be updating the leaf certificate used on our VCAS merchant staging endpoints during this period as well.
Key Details:
What’s changing: The leaf certificate will be replaced on staging endpoints only. What’s not changing: The intermediate and root certificates will remain the same.
Recommended Action: If your systems implement certificate pinning, we strongly recommend pinning only to the intermediate and/or root certificates rather than the leaf certificate. Pinning to the leaf certificate can cause connectivity issues when certificates are rotated as part of standard maintenance.
Intermediate CA: Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1 Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root CA: Common Name (CN):DigiCert Global Root G2 Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Testing – How can I test these changes? Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal staging endpoints receiving a connection timeout or certificate error response.
This is being performed in high availability mode and should have no impact to transaction processing. While no transaction impact is anticipated during this maintenance you may experience a few periods of network latency. During this time, we will be fully staffed from a support and network operations standpoint to perform monitoring and testing.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns.
Completed -
The scheduled maintenance has been completed.
Sep 11, 20:00 EDT
In progress -
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Sep 8, 08:00 EDT
Scheduled -
CardinalCommerce will be performing database system improvements starting at 12:00 UTC on September 8, 2025, through 23:59 UTC on September 11, 2025. During this time, we will apply the most recent network and database patches as well as targeted security enhancements to prevent new exploits from being used against our systems.
We perform monitoring and testing of the updates during Cardinal business hours, while we are fully staffed from a support and network operations standpoint.
This is being performed in a high availability mode and should have no impact to transaction processing. While no transaction impact is anticipated during this maintenance you may experience a few periods of network latency.
Resolved -
This issue has now been fully resolved. Cardinal is conducting an internal review of the event to mitigate against future occurrences.
Reported Start Time: 9 September 2025 at 18:07 GMT Reported End Time: 9 September 2025 at 18:26 GMT
Next Update: No further updates as the issue is resolved.
Please do not hesitate to contact the Cardinal support team if you have any questions or concerns.
Sep 10, 11:37 EDT
Update -
Visa is aware of a service disruption causing intermittent issues processing Visa Consumer Authentication Services - VCAS (3DS) transactions.
The issue has since been mitigated. We are continuing to monitor closely to ensure the issue has been fully resolved.
Reported Start Time: 9 September 2025 at 18:07 GMT
Impact: Issuers may be experiencing downgraded performance when attempting to complete VCAS authentication. Depending on merchant logic post authentication, impacted transactions may not have been authorized or would have been authorized as Attempts or Standard Electronic Commerce transactions.
Next Update: As current status changes.
We regret any inconvenience this may cause for our affected clients and cardholders. We will provide regular updates until the issue is mitigated.
Please do not hesitate to contact your local VISA support team if you have any questions or concerns.
Monitoring -
Visa is aware of a service disruption causing intermittent issues processing Visa Consumer Authentication Services - VCAS (3DS) transactions.
This issue has been mitigated, and we are monitoring closely to ensure the issue is resolved.
Reported Start Time: 9 September 2025 at 18:07 GMT
Impact: Issuers may be experiencing downgraded performance when attempting to complete VCAS authentication. Depending on merchant logic post authentication, impacted transactions may not have been authorized or would have been authorized as Attempts or Standard Electronic Commerce transactions.
Next Update: Within 60 minutes
We regret any inconvenience this may cause for our affected clients and cardholders. We will provide regular updates until the issue is mitigated.
Please do not hesitate to contact your local VISA support team if you have any questions or concerns.