In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Apr 18, 2025 - 12:00 EDT
Apr 18, 2025 - 12:00 EDT
Scheduled - Starting on May 16, 2025, the VCAS Portal will transition its sign-in process to Visa Access (formerly Visa Online) for all external users, completing by May 19, 2025. Post-migration, all VCAS users will access VCAS through the Visa Access URL: https://www.visaonline.com/login. This change is driven by our commitment to maintaining the highest standards of security and compliance. With the new PCI 4.0 requirements going into effect in 2025, we are required to implement multifactor authentication (MFA) to remain PCI compliant and retain our PCI certification. By transitioning to Visa Access, we are not only meeting these compliance requirements but also enhancing your login experience with improved security and convenience.
We are dedicated to ensuring a smooth transition with minimal disruption to your operations. Find below the key steps you need to take to prepare for the migration and resources available to help you navigate this change seamlessly.
Key Things to Know:
Update VCAS User Credentials: Users must ensure that their usernames and corporate email addresses are updated by their Admin in the VCAS Portal by the following deadlines:
NEW DATE: Staging environment: April 18, 2025 by no later than 20:00 UTC
NEW DATE: Production environment: May 2, 2025 by no later than 20:00 UTC
User Creation Freeze Periods: During the migration period, no new users can be edited or created. Freeze dates as follows:
NEW DATES: Staging environment: Starting on 20:00 UTC April 18, 2025 - May 2, 2025
NEW DATES: Production environment: Starting on 20:00 UTC May 2, 2025 - May 18, 2025
Usernames meet the minimum length requirement of 10 characters.
A valid corporate email is loaded for each user being migrated (personal email addresses like @gmail.com are not acceptable).
Impact to SFTP Reports: For customers receiving our VCAS SFTP reports today, please note the below reports will be impacted due to this migration:
User Access Report (UAR): The classifications related to a user's account status will be changed. The following new statuses will be reflected in the UAR: Pending, Active, Disabled, and Delete_Pending
Violation Report: This report will be unavailable for a period of time due to a limitation in the data that is currently sent in that report. We are working with the Visa Access team to evaluate when this report can be supported in the future. The current timeline is FY26.
First Time Login to VCAS Post-Migration:
The first-time login experience will depend on how your user account was migrated. If you already had an active Visa Access account at the time of migration, you would log in at https://www.visaonline.com/login using your existing Visa Access account information. If not already set up, you will be prompted to set up your multi-factor authentication (MFA) preferences and security questions, and all users will be prompted to change their password. Once login is complete, VCAS portal will be accessible in the My Services dashboard. Please see document VCAS Portal User Login Flows on Visa Access for more details on first time login.
If you did not have a Visa Access account at the time of migration, you will log in at https://www.visaonline.com/login using your current VCAS portal username and password. The VCAS username will become your Visa Access username. After entering your credentials, you will be prompted to complete the setup your MFA preferences, security questions, and change your password. Once login is complete, VCAS portal will be accessible in the My Services dashboard. Please see document VCAS Portal User Login Flows on Visa Access for more details on first time login.
Note: Current Federated SSO VCAS issuers will maintain their current login process with Visa Access.
For more details on the migration, please refer to the FAQs page (https://visa.highspot.com/items/67d897cc62dd4456eb238110) or do not hesitate to contact your Local VISA support if you have any questions or concerns.
VISA Local Support Channels by Region:
Global and LAC: VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP: Isupport@visa.com
CEMEA: csupport@visa.com
EU: customersupport@visa.com
NA: esupport@visa.com
Apr 18, 2025 12:00 - May 19, 2025 08:00 EDT
We are dedicated to ensuring a smooth transition with minimal disruption to your operations. Find below the key steps you need to take to prepare for the migration and resources available to help you navigate this change seamlessly.
Key Things to Know:
Update VCAS User Credentials: Users must ensure that their usernames and corporate email addresses are updated by their Admin in the VCAS Portal by the following deadlines:
NEW DATE: Staging environment: April 18, 2025 by no later than 20:00 UTC
NEW DATE: Production environment: May 2, 2025 by no later than 20:00 UTC
User Creation Freeze Periods: During the migration period, no new users can be edited or created. Freeze dates as follows:
NEW DATES: Staging environment: Starting on 20:00 UTC April 18, 2025 - May 2, 2025
NEW DATES: Production environment: Starting on 20:00 UTC May 2, 2025 - May 18, 2025
Usernames meet the minimum length requirement of 10 characters.
A valid corporate email is loaded for each user being migrated (personal email addresses like @gmail.com are not acceptable).
Impact to SFTP Reports: For customers receiving our VCAS SFTP reports today, please note the below reports will be impacted due to this migration:
User Access Report (UAR): The classifications related to a user's account status will be changed. The following new statuses will be reflected in the UAR: Pending, Active, Disabled, and Delete_Pending
Violation Report: This report will be unavailable for a period of time due to a limitation in the data that is currently sent in that report. We are working with the Visa Access team to evaluate when this report can be supported in the future. The current timeline is FY26.
First Time Login to VCAS Post-Migration:
The first-time login experience will depend on how your user account was migrated. If you already had an active Visa Access account at the time of migration, you would log in at https://www.visaonline.com/login using your existing Visa Access account information. If not already set up, you will be prompted to set up your multi-factor authentication (MFA) preferences and security questions, and all users will be prompted to change their password. Once login is complete, VCAS portal will be accessible in the My Services dashboard. Please see document VCAS Portal User Login Flows on Visa Access for more details on first time login.
If you did not have a Visa Access account at the time of migration, you will log in at https://www.visaonline.com/login using your current VCAS portal username and password. The VCAS username will become your Visa Access username. After entering your credentials, you will be prompted to complete the setup your MFA preferences, security questions, and change your password. Once login is complete, VCAS portal will be accessible in the My Services dashboard. Please see document VCAS Portal User Login Flows on Visa Access for more details on first time login.
Note: Current Federated SSO VCAS issuers will maintain their current login process with Visa Access.
For more details on the migration, please refer to the FAQs page (https://visa.highspot.com/items/67d897cc62dd4456eb238110) or do not hesitate to contact your Local VISA support if you have any questions or concerns.
VISA Local Support Channels by Region:
Global and LAC: VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP: Isupport@visa.com
CEMEA: csupport@visa.com
EU: customersupport@visa.com
NA: esupport@visa.com
Apr 18, 2025 12:00 - May 19, 2025 08:00 EDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Apr 09, 2025 - 18:00 EDT
Apr 09, 2025 - 18:00 EDT
Scheduled - Target Audience - Only applicable to clients processing UPI transactions on VCAS.
We're excited to let you know that VCAS will soon support Union Pay International’s EMV 3DS v2.2.0 before it phases out. This transition aims to enhance your experience and ensure seamless transactions. UnionPay 3-D Secure Program (UP3DS) is a secure e-commerce payment solution designed for Issuers and Merchants who want to reduce the risk of fraudulent transactions. UP3DS divides the online payment process into separate authentication and authorization flows.
Union Pay International released a product bulletin on November 30, 2023, with the following requirements:
1. All new components used in UPI 3DS products must be certified under the EMV Co. v2.2.0 standards starting January 1, 2024.
2. Issuers and acquirers must support EMV 3DS v2.2.0 by October 31, 2024.
UPI will soon release its sunset plan for UP3DS v2.1.
Key Date:
• May 14, 2025: VCAS will collaborate with UPI to update Issuer BIN ranges to support v2.2.
These requirements apply to participants in all regions globally, including EU, AP, LAC, NA, and CEMEA. VCAS is fully certified for UPI v2.2.0 and ready to support issuers. Outside of issuers in the EEA supporting PSD2, customers do not need any configurations in VCAS to support it. To support UPI 2.2, all BIN ranges on the UPI Directory Server need to be loaded with a "Protocol" of 2.2.0.
To eliminate the large manual effort for both VCAS issuer services teams and VCAS issuers, VCAS teams have coordinated with UPI to programmatically update all VCAS registered BIN ranges at the DS to End Protocol 2.2.0 on a coordinated date. The UPI team will enable ranges and set “ACS Protocol Version” and “ACS URLs” to VCAS to “2.2.0”.
The target implementation date for this migration is May 14, 2025, however, notifications will be sent out to issuers prior if this date changes.
If you prefer to opt out of this mass update, please work with your Visa Account Manager (or Support Center) to open a project by April 23, 2025. Your assigned VCAS Implementation Manager will work with you and the UPI team to enable your ranges in the UPI Directory server.
Additional Support and Recommendations:
Message Version Field (RDX): For issuers integrated to the VCAS RDX API, we recommend confirming that you do not have any validation logic on the Message Version field as this could cause issues when the new 2.2.0 value passes through in RDX.
- Ensure any hard-coding logic in place for the ‘messageversion’ field is removed, if present. For instance, if a 2.2.0 message is sent and the messageversion field populates 2.1.0 as a hard-coded field by the issuer, the system will throw an error and result in authentication failure.
- In principle, avoid hard-coding values in the ‘messageversion’ field.
VCAS recommends all issuers monitor their VCAS authentication traffic and authorization traffic to ensure there are no unexpected errors or issues after the update to 2.2. Internal support teams have been made aware of the upcoming UPI 2.2 boarding activities by issuers and will be vigilant during this time to any issues related to UPI 2.2.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Apr 9, 2025 18:00 - May 15, 2025 08:00 EDT
We're excited to let you know that VCAS will soon support Union Pay International’s EMV 3DS v2.2.0 before it phases out. This transition aims to enhance your experience and ensure seamless transactions. UnionPay 3-D Secure Program (UP3DS) is a secure e-commerce payment solution designed for Issuers and Merchants who want to reduce the risk of fraudulent transactions. UP3DS divides the online payment process into separate authentication and authorization flows.
Union Pay International released a product bulletin on November 30, 2023, with the following requirements:
1. All new components used in UPI 3DS products must be certified under the EMV Co. v2.2.0 standards starting January 1, 2024.
2. Issuers and acquirers must support EMV 3DS v2.2.0 by October 31, 2024.
UPI will soon release its sunset plan for UP3DS v2.1.
Key Date:
• May 14, 2025: VCAS will collaborate with UPI to update Issuer BIN ranges to support v2.2.
These requirements apply to participants in all regions globally, including EU, AP, LAC, NA, and CEMEA. VCAS is fully certified for UPI v2.2.0 and ready to support issuers. Outside of issuers in the EEA supporting PSD2, customers do not need any configurations in VCAS to support it. To support UPI 2.2, all BIN ranges on the UPI Directory Server need to be loaded with a "Protocol" of 2.2.0.
To eliminate the large manual effort for both VCAS issuer services teams and VCAS issuers, VCAS teams have coordinated with UPI to programmatically update all VCAS registered BIN ranges at the DS to End Protocol 2.2.0 on a coordinated date. The UPI team will enable ranges and set “ACS Protocol Version” and “ACS URLs” to VCAS to “2.2.0”.
The target implementation date for this migration is May 14, 2025, however, notifications will be sent out to issuers prior if this date changes.
If you prefer to opt out of this mass update, please work with your Visa Account Manager (or Support Center) to open a project by April 23, 2025. Your assigned VCAS Implementation Manager will work with you and the UPI team to enable your ranges in the UPI Directory server.
Additional Support and Recommendations:
Message Version Field (RDX): For issuers integrated to the VCAS RDX API, we recommend confirming that you do not have any validation logic on the Message Version field as this could cause issues when the new 2.2.0 value passes through in RDX.
- Ensure any hard-coding logic in place for the ‘messageversion’ field is removed, if present. For instance, if a 2.2.0 message is sent and the messageversion field populates 2.1.0 as a hard-coded field by the issuer, the system will throw an error and result in authentication failure.
- In principle, avoid hard-coding values in the ‘messageversion’ field.
VCAS recommends all issuers monitor their VCAS authentication traffic and authorization traffic to ensure there are no unexpected errors or issues after the update to 2.2. Internal support teams have been made aware of the upcoming UPI 2.2 boarding activities by issuers and will be vigilant during this time to any issues related to UPI 2.2.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Apr 9, 2025 18:00 - May 15, 2025 08:00 EDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Mar 07, 2025 - 16:11 EST
Mar 07, 2025 - 16:11 EST
Scheduled - Visa will be updating a set of staging and production leaf certificates that are set to expire on May 02, 2025. To prevent disruption to services, we ask that you review your configuration immediately.
The Leaf certificates that are expiring may be in use by VCAS to your endpoint as part of the mutual TLS (MTLS) handshake for RDX, ADX, or Oauth connections.
Please review the certs below to see if they are in use with your VCAS connection.
The expiring STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Serial Number: 0a86c117a3fef467682b740deef86f1c
Date of Replacement: March 18, 2025 10:00 EDT
Date of Expiry: May 02, 2025 18:59:59 EDT
The new STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Serial Number: 0dd1c3f351d61449b0702f5ec0d14a47
Date of Replacement: March 18, 2025 10:00 EDT
Date of Expiry: March 28, 2026 18:59:50 EDT
The expiring PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 07ec4a5fc0d1c1049a1590b7d4788719
Date of Replacement: April 22, 2025 10:00 EDT
Date of Expiry: May 02, 2025 18:59:59 EDT
The new PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 0ead8d09102f51d80fb614eec175f0a1
Date of Replacement: April 22, 2025 10:00 EDT
Date of Expiry: April 3, 2026 18:59:59 EDT
The Intermediate CA and Root CA will remain the same:
Intermediate Certificate Details:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0cf5bd062b5602f47ab8502c23ccf066
Root Certificate Details:
Common Name (CN): DigiCert Global Root G2
Serial Number: 033af1e6a711a9a0bb2864b11d09fae5
Customer Responsibilities:
-If you trust on the leaf certificate, we will have to coordinate the switchover with your connection. Please contact your local VCAS support and/or account manager to coordinate this change.
-If you require coordination, we will schedule a time to switch over the leaf certificate. It is imperative that the migration occur before certificate expiration, otherwise RDX services will be impacted.
Testing – How can I test these changes?
Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal endpoints receiving a connection timeout or certificate error response.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns. Please refer to the knowledge article titled "DigiCert MTLS RDX Certificate Update" for the full cert chain. You may also contact support or your account manager if you require the full Cert Chain.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Mar 7, 2025 16:11 - May 3, 2025 16:11 EDT
The Leaf certificates that are expiring may be in use by VCAS to your endpoint as part of the mutual TLS (MTLS) handshake for RDX, ADX, or Oauth connections.
Please review the certs below to see if they are in use with your VCAS connection.
The expiring STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Serial Number: 0a86c117a3fef467682b740deef86f1c
Date of Replacement: March 18, 2025 10:00 EDT
Date of Expiry: May 02, 2025 18:59:59 EDT
The new STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Serial Number: 0dd1c3f351d61449b0702f5ec0d14a47
Date of Replacement: March 18, 2025 10:00 EDT
Date of Expiry: March 28, 2026 18:59:50 EDT
The expiring PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 07ec4a5fc0d1c1049a1590b7d4788719
Date of Replacement: April 22, 2025 10:00 EDT
Date of Expiry: May 02, 2025 18:59:59 EDT
The new PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 0ead8d09102f51d80fb614eec175f0a1
Date of Replacement: April 22, 2025 10:00 EDT
Date of Expiry: April 3, 2026 18:59:59 EDT
The Intermediate CA and Root CA will remain the same:
Intermediate Certificate Details:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0cf5bd062b5602f47ab8502c23ccf066
Root Certificate Details:
Common Name (CN): DigiCert Global Root G2
Serial Number: 033af1e6a711a9a0bb2864b11d09fae5
Customer Responsibilities:
-If you trust on the leaf certificate, we will have to coordinate the switchover with your connection. Please contact your local VCAS support and/or account manager to coordinate this change.
-If you require coordination, we will schedule a time to switch over the leaf certificate. It is imperative that the migration occur before certificate expiration, otherwise RDX services will be impacted.
Testing – How can I test these changes?
Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal endpoints receiving a connection timeout or certificate error response.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns. Please refer to the knowledge article titled "DigiCert MTLS RDX Certificate Update" for the full cert chain. You may also contact support or your account manager if you require the full Cert Chain.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Mar 7, 2025 16:11 - May 3, 2025 16:11 EDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Feb 06, 2025 - 11:30 EST
Feb 06, 2025 - 11:30 EST
Scheduled - The Visa Consumer Authentication Service (VCAS) will be migrated to Visa data centers in a phased approach beginning 1 July 2025 and ending 31 March 2026. VCAS users will need to take specific actions to complete the migration depending on the VCAS features and functionality they use today.
Visa will begin a phased migration of VCAS to Visa data centers beginning 1 July 2025 and ending 31 March 2026 to improve security, performance and resiliency by maximizing Visa's global scale and infrastructure.
The specific actions needed to complete the migration will depend on which VCAS features and functionality are being used today. See the Client Impact and Required Actions section below for a summary of the current actions required based on the VCAS solution being used.
Key Dates
• 1 July 2025: Start of phased VCAS customer migration
• 31 March 2026: End of phased VCAS customer migration
VCAS Background
Visa acquired CardinalCommerce in 2017, and since then has built VCAS into a robust, state-of-the-art authentication solution.
The VCAS team is committed to handling the majority of the requirements in order to reduce the effort and resources needed for VCAS users to complete the migration. Visa will provide additional details in future communications on the migration plan and how VCAS users will be migrated in the most efficient and effective way possible.
Client Impact and Required Actions:
Trust new IP Ranges
Continue to trust current IP addresses until the migration is complete
VCAS users that have integrated Real-time Data Exchange (RDX) or Authentication Data Exchange (ADX) APIs will need to trust new IP ranges. Please visit the Visa Support Hub (https://visasupporthub.visaonline.com/) and reference the Knowledge Article titled "VCAS Customer Data Center Migration" for the IP's and additional information.
Request a Project
VCAS users that utilize file transfer services (Secure File Transfer Protocol [SFTP] Reporting, File Processor or Bulk Confirmed Marking) will need to open a case using the Visa Support Hub under VCAS (https://visasupporthub.visaonline.com) via Visa Access (formerly Visa Online) or engage their Customer Success Manager (CSM) by 1 July 2025.
The objective of this project is to establish connectivity between the user’s system and the Visa File Exchange Service (VFES). A secondary project will be needed to complete the actual data center migration; this secondary project will include testing the files before sending traffic to the Visa data center. Prior to requesting a project, users should have the information listed below, as it is required to create a new Visa Access ID for VFES.
Account Owner (the person responsible for file transfer services in the user’s organization) and Manager (backup contact):
o Organization Name
o Visa Business Identification (BID) number
o Full Name (file delivery contact)
o Job Title
o Email Address
o Business Address
o Phone Number
Secure Shell (SSH) Keys:
o VFES requires SSH keys for authentication and securing communication.
o If VCAS currently hosts the SFTP folders, users will need to create a public and private key pair per environment (Staging and Production).
o If you currently host the SFTP folders, Visa will provide the SSH public key during your project.
Sign Up for Future Data Center Migration Updates
Visa will use the following channels to communicate data center migration updates, and strongly recommends VCAS users subscribe to ensure receipt of migration-related communications and notifications.
VCAS Status Page / CardinalCommerce Status (https://cardinalcommercecorporation.statuspage.io): This status page is primarily used to communicate planned and unplanned events that may impact operational status.
Subscribe for updates to one or more of the following based on your VCAS solution:
-VCAS Issuer Services
-The Real-time Data Exchange (RDX)
-File Processor
-Authentication Data Exchange (ADX)
-Reporting Extract
-VCAS Portal
The visa.com Opt-in to VCAS updates today page (https://globalclient.visa.com/Opt-inToVCASUpdatesToday). This is primarily for new VCAS product information, updates and educational opportunities. Visa will also use this channel to communicate data center migration updates via email.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Feb 6, 2025 11:30 - Jul 1, 2025 09:30 EDT
Visa will begin a phased migration of VCAS to Visa data centers beginning 1 July 2025 and ending 31 March 2026 to improve security, performance and resiliency by maximizing Visa's global scale and infrastructure.
The specific actions needed to complete the migration will depend on which VCAS features and functionality are being used today. See the Client Impact and Required Actions section below for a summary of the current actions required based on the VCAS solution being used.
Key Dates
• 1 July 2025: Start of phased VCAS customer migration
• 31 March 2026: End of phased VCAS customer migration
VCAS Background
Visa acquired CardinalCommerce in 2017, and since then has built VCAS into a robust, state-of-the-art authentication solution.
The VCAS team is committed to handling the majority of the requirements in order to reduce the effort and resources needed for VCAS users to complete the migration. Visa will provide additional details in future communications on the migration plan and how VCAS users will be migrated in the most efficient and effective way possible.
Client Impact and Required Actions:
Trust new IP Ranges
Continue to trust current IP addresses until the migration is complete
VCAS users that have integrated Real-time Data Exchange (RDX) or Authentication Data Exchange (ADX) APIs will need to trust new IP ranges. Please visit the Visa Support Hub (https://visasupporthub.visaonline.com/) and reference the Knowledge Article titled "VCAS Customer Data Center Migration" for the IP's and additional information.
Request a Project
VCAS users that utilize file transfer services (Secure File Transfer Protocol [SFTP] Reporting, File Processor or Bulk Confirmed Marking) will need to open a case using the Visa Support Hub under VCAS (https://visasupporthub.visaonline.com) via Visa Access (formerly Visa Online) or engage their Customer Success Manager (CSM) by 1 July 2025.
The objective of this project is to establish connectivity between the user’s system and the Visa File Exchange Service (VFES). A secondary project will be needed to complete the actual data center migration; this secondary project will include testing the files before sending traffic to the Visa data center. Prior to requesting a project, users should have the information listed below, as it is required to create a new Visa Access ID for VFES.
Account Owner (the person responsible for file transfer services in the user’s organization) and Manager (backup contact):
o Organization Name
o Visa Business Identification (BID) number
o Full Name (file delivery contact)
o Job Title
o Email Address
o Business Address
o Phone Number
Secure Shell (SSH) Keys:
o VFES requires SSH keys for authentication and securing communication.
o If VCAS currently hosts the SFTP folders, users will need to create a public and private key pair per environment (Staging and Production).
o If you currently host the SFTP folders, Visa will provide the SSH public key during your project.
Sign Up for Future Data Center Migration Updates
Visa will use the following channels to communicate data center migration updates, and strongly recommends VCAS users subscribe to ensure receipt of migration-related communications and notifications.
VCAS Status Page / CardinalCommerce Status (https://cardinalcommercecorporation.statuspage.io): This status page is primarily used to communicate planned and unplanned events that may impact operational status.
Subscribe for updates to one or more of the following based on your VCAS solution:
-VCAS Issuer Services
-The Real-time Data Exchange (RDX)
-File Processor
-Authentication Data Exchange (ADX)
-Reporting Extract
-VCAS Portal
The visa.com Opt-in to VCAS updates today page (https://globalclient.visa.com/Opt-inToVCASUpdatesToday). This is primarily for new VCAS product information, updates and educational opportunities. Visa will also use this channel to communicate data center migration updates via email.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Feb 6, 2025 11:30 - Jul 1, 2025 09:30 EDT
About This Site
Welcome to the CardinalCommerce status page. We use this page to communicate any issues with our products including planned and unplanned outages.
Securing your transactions is our top priority.
Cardinal Consumer Authentication (3DS)
?
Operational
Cardinal API
?
Operational
Cardinal Hybrid API
?
Operational
Merchant Portal
?
Operational
VCAS Issuer Services
?
Operational
The Real-time Data Exchange (RDX)
?
Operational
File Processor
?
Operational
Authentication Data Exchange (ADX)
?
Operational
Reporting Extract
?
Operational
VCAS Portal
?
Under Maintenance
PayPal
Operational
Status Page
?
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Scheduled Maintenance
Cardinal introduces our new developer documentation site! Jan 7, 2025 15:00 - Jan 18, 2025 09:00 EST
We are excited to announce the launch of a newly redesigned website for Cardinal Consumer Authentication (CCA) Implementation guides! This update brings a more streamlined, user-friendly experience, offering a central hub for all our CCA product offerings & specifications. You can expect a more intuitive navigation, better filtering for CMPI messages, and easy access to critical resources like technical specifications and integration guides.
As part of this update, we’ve combined all of our CCA product offerings into one consolidated website, making it easier than ever to access the latest information about our products and services.
https://developer.cardinaltrusted.com/docs/welcome
With the link above, expect to see a new Cardinal Consumer Authentication Integration guide, better filtering for our CMPI messages, and a new look and feel across the site.
You can now access technical specifications in our new API Reference section (https://developer.cardinaltrusted.com/reference/data-exchange-api-reference) or go through detailed integration guides like Visa Payment Passkey (https://developer.cardinaltrusted.com/docs/fido-integration-guide).
This new site will be replacing our old site completely as of January 17, 2025. Cardinal recommends bookmarking the new URLs in the table below to get the most up to date information about our products and services.
Old URLs:
Cardinal Cruise API - Cardinal Cruise - Confluence (https://cardinaldocs.atlassian.net/wiki/spaces/CC/pages/805699644/Cardinal+Cruise+API)
Cardinal Mobile SDK - Confluence
(https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/overview)
Cardinal Centinel - Confluence
(https://cardinaldocs.atlassian.net/wiki/spaces/CCen/overview)
New URLs:
Cardinal Consumer Authentication
(https://developer.cardinaltrusted.com/docs/cruise-integration-guide)
IOS
(https://developer.cardinaltrusted.com/docs/ios-overview-and-release-notes)
Android
(https://developer.cardinaltrusted.com/docs/android-overview-and-release-notes)
Overview of CMPI
(https://developer.cardinaltrusted.com/reference/cmpi-messages)
For more information or if you have questions, contact your Cardinal representative.
Posted on Jan 07, 2025 - 14:09 EST
As part of this update, we’ve combined all of our CCA product offerings into one consolidated website, making it easier than ever to access the latest information about our products and services.
https://developer.cardinaltrusted.com/docs/welcome
With the link above, expect to see a new Cardinal Consumer Authentication Integration guide, better filtering for our CMPI messages, and a new look and feel across the site.
You can now access technical specifications in our new API Reference section (https://developer.cardinaltrusted.com/reference/data-exchange-api-reference) or go through detailed integration guides like Visa Payment Passkey (https://developer.cardinaltrusted.com/docs/fido-integration-guide).
This new site will be replacing our old site completely as of January 17, 2025. Cardinal recommends bookmarking the new URLs in the table below to get the most up to date information about our products and services.
Old URLs:
Cardinal Cruise API - Cardinal Cruise - Confluence (https://cardinaldocs.atlassian.net/wiki/spaces/CC/pages/805699644/Cardinal+Cruise+API)
Cardinal Mobile SDK - Confluence
(https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/overview)
Cardinal Centinel - Confluence
(https://cardinaldocs.atlassian.net/wiki/spaces/CCen/overview)
New URLs:
Cardinal Consumer Authentication
(https://developer.cardinaltrusted.com/docs/cruise-integration-guide)
IOS
(https://developer.cardinaltrusted.com/docs/ios-overview-and-release-notes)
Android
(https://developer.cardinaltrusted.com/docs/android-overview-and-release-notes)
Overview of CMPI
(https://developer.cardinaltrusted.com/reference/cmpi-messages)
For more information or if you have questions, contact your Cardinal representative.
Posted on Jan 07, 2025 - 14:09 EST
VCAS Daily Reporting May 30, 2025 00:00-01:00 EDT
Visa monitoring has identified an issue with VCAS Reporting on challenge transactions that experience timeouts (indicated by ChallengeCancel 04 or ChallengeCancel 05). This does not impact VCAS transaction processing or the merchant business decision on Auth Status results since the API response remains unchanged. These abandoned challenge transactions were previously marked with an authentication status of "MC" (Merchant Cancelled). However, they are now being reported as authentication status "N" (Not Authenticated).
A fix is scheduled to be implemented in staging on Monday, 28 April 2025 and production on Wednesday 30 April 2025. The fix will revert Challenge transactions that time out (challengeCancel 04 or challengeCancel 05) resulting in an Auth Status N (Not Authenticated) back to MC (Merchant Cancelled) in reporting going forward.
Reported Start Time: 18:00 UTC 21 April 2025
Impact: This affects reporting in VCAS Portal, and ReportingExtract TDR Auth Status results. This does not impact any transaction processing or merchant business decision on Auth Status results since API remains unchanged.
Next Update: We will provide an update once the permanent fix to reporting is applied Wednesday 30 April 2025
Please do not hesitate to contact your local Visa support team if you have any questions or concerns.
Visa Local Support Channels by Region
Global and LAC - Visa Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Posted on Apr 25, 2025 - 13:47 EDT
A fix is scheduled to be implemented in staging on Monday, 28 April 2025 and production on Wednesday 30 April 2025. The fix will revert Challenge transactions that time out (challengeCancel 04 or challengeCancel 05) resulting in an Auth Status N (Not Authenticated) back to MC (Merchant Cancelled) in reporting going forward.
Reported Start Time: 18:00 UTC 21 April 2025
Impact: This affects reporting in VCAS Portal, and ReportingExtract TDR Auth Status results. This does not impact any transaction processing or merchant business decision on Auth Status results since API remains unchanged.
Next Update: We will provide an update once the permanent fix to reporting is applied Wednesday 30 April 2025
Please do not hesitate to contact your local Visa support team if you have any questions or concerns.
Visa Local Support Channels by Region
Global and LAC - Visa Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Posted on Apr 25, 2025 - 13:47 EDT