In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Feb 24, 2026 - 16:00 EST
Feb 24, 2026 - 16:00 EST
Scheduled - This notice is to inform you of an upcoming security certificate update for certain CardinalTrusted API endpoints.
This update includes a change to the certificate trust chain (root and intermediate certificates), not just a routine certificate renewal. As a result, some customers may need to take action to ensure uninterrupted connectivity.
What is changing:
• The TLS certificate chain used by select CardinalTrusted endpoints is being updated.
• The root and intermediate certificate authorities will change as part of this update.
What you may need to do:
• If your systems validate certificates using a custom trust store (for example, pinning or explicitly trusting certificate authorities), you may need to:
• Add the new root and intermediate certificates to your trust store before the change takes effect.
If you rely on standard operating system or JVM trust stores, no action is typically required.
What is not changing:
• There are no API behavior changes.
• There are no endpoint URL changes.
• This notice is separate from other certificate expiration or renewal messages you may have received.
Timing:/
The certificate update will be deployed in stages:
• Staging: Tuesday, March 31, 2026
• Production: Thursday, April 3, 2026 at 10:00 AM ET
Need help or unsure if you are impacted?
If you are uncertain whether this change affects your integration, or if you require clarification for your specific configuration, please open a Support ticket. Our team will work directly with you to ensure a smooth transition.
EXPIRING CERTIFICATES:
STAG:
Common Name (CN): cas.mtls.api.cardinaltrusted.com
Serial Number: 06:97:e8:7f:18:d5:12:c2:cf:e3:9b:99:3f:3e:75:43
Date of Replacement: 03/31/2026
Date of Expiry: 04/14/2026
Common Name (CN): cas.api.cardinaltrusted.com
Serial Name: 0c:1f:9b:be:08:ea:3e:4e:0c:d2:bf:98:58:f2:bd:a2
Date of Replacement: 03/31/2026
Date of Expiry: 04/14/2026
PROD:
Common Name (CN): mtls.api.cardinaltrusted.com
Serial Number: 05:62:c2:17:d1:c8:cf:cd:a0:ec:6c:e5:1b:ea:c8:d5
Date of Replacement: 04/03/2026
Date of Expiry: 04/14/2026
Common Name (CN): api.cardinaltrusted.com
Serial Number: 0b:22:a2:7f:2b:78:22:7f:a4:e0:9a:9d:29:99:6b:6d
Date of Replacement: 04/03/2026
Date of Expiry: 04/14/2026
Intermediate CA:
Common Name (CN): DigiCert SHA2 Secure Server CA
Serial Number: 02:74:2e:aa:17:ca:8e:21:c7:17:bb:1f:fc:fd:0c:a0
ROOT CA:
Common Name (CN): DigiCert Global Root CA
Serial Number: 08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
NEW CERTIFICATES:
STAG:
Common Name (CN): cas.mtls.api.cardinaltrusted.com
Serial Number: 0e:b9:f0:c0:86:41:5d:c5:8e:0d:62:3f:27:ff:3d:27
Date of Replacement: 03/31/2026
Date of Expiry: 01/27/2027
Common Name (CN): cas.api.cardinaltrusted.com
Serial Number: 0e:f5:f4:6e:29:d4:06:92:38:02:c6:60:fd:86:69:8d
Date of Replacement: 03/31/2026
Date of Expiry: 01/26/2027
PROD:
Common Name (CN): mtls.api.cardinaltrusted.com
Serial Number: 0e:27:57:03:5c:8a:ae:96:c6:99:c9:6c:f2:80:a1:0e
Date of Replacement: 04/03/2026
Date of Expiry: 02/08/2027
Common Name (CN): api.cardinaltrusted.com
Serial Number: 0b:be:7b:52:df:89:52:c2:03:2e:56:d6:fd:79:9a:97
Date of Replacement: 04/03/2026
Date of Expiry: 02/08/2027
Intermediate CA:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root CA:
Common Name: DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Should you have any questions or concerns regarding this notice, please reach out to our support team at Support@cardinalcommerce.com.
Feb 24, 2026 16:00 - Apr 14, 2026 10:00 EDT
This update includes a change to the certificate trust chain (root and intermediate certificates), not just a routine certificate renewal. As a result, some customers may need to take action to ensure uninterrupted connectivity.
What is changing:
• The TLS certificate chain used by select CardinalTrusted endpoints is being updated.
• The root and intermediate certificate authorities will change as part of this update.
What you may need to do:
• If your systems validate certificates using a custom trust store (for example, pinning or explicitly trusting certificate authorities), you may need to:
• Add the new root and intermediate certificates to your trust store before the change takes effect.
If you rely on standard operating system or JVM trust stores, no action is typically required.
What is not changing:
• There are no API behavior changes.
• There are no endpoint URL changes.
• This notice is separate from other certificate expiration or renewal messages you may have received.
Timing:/
The certificate update will be deployed in stages:
• Staging: Tuesday, March 31, 2026
• Production: Thursday, April 3, 2026 at 10:00 AM ET
Need help or unsure if you are impacted?
If you are uncertain whether this change affects your integration, or if you require clarification for your specific configuration, please open a Support ticket. Our team will work directly with you to ensure a smooth transition.
EXPIRING CERTIFICATES:
STAG:
Common Name (CN): cas.mtls.api.cardinaltrusted.com
Serial Number: 06:97:e8:7f:18:d5:12:c2:cf:e3:9b:99:3f:3e:75:43
Date of Replacement: 03/31/2026
Date of Expiry: 04/14/2026
Common Name (CN): cas.api.cardinaltrusted.com
Serial Name: 0c:1f:9b:be:08:ea:3e:4e:0c:d2:bf:98:58:f2:bd:a2
Date of Replacement: 03/31/2026
Date of Expiry: 04/14/2026
PROD:
Common Name (CN): mtls.api.cardinaltrusted.com
Serial Number: 05:62:c2:17:d1:c8:cf:cd:a0:ec:6c:e5:1b:ea:c8:d5
Date of Replacement: 04/03/2026
Date of Expiry: 04/14/2026
Common Name (CN): api.cardinaltrusted.com
Serial Number: 0b:22:a2:7f:2b:78:22:7f:a4:e0:9a:9d:29:99:6b:6d
Date of Replacement: 04/03/2026
Date of Expiry: 04/14/2026
Intermediate CA:
Common Name (CN): DigiCert SHA2 Secure Server CA
Serial Number: 02:74:2e:aa:17:ca:8e:21:c7:17:bb:1f:fc:fd:0c:a0
ROOT CA:
Common Name (CN): DigiCert Global Root CA
Serial Number: 08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
NEW CERTIFICATES:
STAG:
Common Name (CN): cas.mtls.api.cardinaltrusted.com
Serial Number: 0e:b9:f0:c0:86:41:5d:c5:8e:0d:62:3f:27:ff:3d:27
Date of Replacement: 03/31/2026
Date of Expiry: 01/27/2027
Common Name (CN): cas.api.cardinaltrusted.com
Serial Number: 0e:f5:f4:6e:29:d4:06:92:38:02:c6:60:fd:86:69:8d
Date of Replacement: 03/31/2026
Date of Expiry: 01/26/2027
PROD:
Common Name (CN): mtls.api.cardinaltrusted.com
Serial Number: 0e:27:57:03:5c:8a:ae:96:c6:99:c9:6c:f2:80:a1:0e
Date of Replacement: 04/03/2026
Date of Expiry: 02/08/2027
Common Name (CN): api.cardinaltrusted.com
Serial Number: 0b:be:7b:52:df:89:52:c2:03:2e:56:d6:fd:79:9a:97
Date of Replacement: 04/03/2026
Date of Expiry: 02/08/2027
Intermediate CA:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root CA:
Common Name: DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Should you have any questions or concerns regarding this notice, please reach out to our support team at Support@cardinalcommerce.com.
Feb 24, 2026 16:00 - Apr 14, 2026 10:00 EDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jan 28, 2026 - 12:00 EST
Jan 28, 2026 - 12:00 EST
Update - We will be undergoing scheduled maintenance during this time.
Jan 28, 2026 12:00 - Apr 3, 2026 20:00 EDT
Jan 28, 2026 12:00 - Apr 3, 2026 20:00 EDT
Scheduled - Visa will be updating a set of staging and production Leaf certificates that are set to expire on March 28, 2026 and April 3, 2026. To prevent disruption to services, we ask that you review your configuration immediately.
The Leaf certificates that are expiring are the client certificates sent by VISA to your endpoint as part of the mutual TLS (MTLS) handshake for RDX, ADX, or Oauth connections.
Please review the certs below to see if they are in use with your VCAS connection.
The expiring STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Serial Number: 0d:d1:c3:f3:51:d6:14:49:b0:70:2f:5e:c0:d1:4a:47
Date of Replacement: February 26, 2026 10:00 EDT
Date of Expiry: March 28, 2026 18:59:50 EDT
The new STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Date of Replacement: February 26, 2026 10:00 EDT
Date of Expiry: February 20, 2027 6:59:59 EDT
The expiring PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 0e:ad:8d:09:10:2f:51:d8:0f:b6:14:ee:c1:75:f0:a1
Date of Replacement: March 5, 2026 10:00 EDT
Date of Expiry: April 3, 2026 18:59:59 EDT
The new PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 02:95:85:5b:19:01:d1:1c:db:f3:15:60:6d:d9:f4:99
Date of Replacement: March 5, 2026 10:00 EDT
Date of Expiry: February 22, 2027 6:59:59 EDT
The Intermediate CA and Root CA will remain the same:
Intermediate Certificate Details:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root Certificate Details:
Common Name (CN): DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Customer Responsibilities:
If you trust on the leaf certificate, we will have to coordinate the switchover with your connection. Please contact your local VCAS support and/or account manager to coordinate this change.
If you require coordination, we will schedule a time to switch over the leaf certificate. It is imperative that the migration occur before certificate expiration, otherwise RDX services will be impacted.
If you do not require coordination, we will be performing the switchover to the new client certificates on the dates specified above.
If you trust on the Intermediate and Root CA certificate, you do not need to make any modifications. If you do not require coordination, we will be performing the switchover to the new client certificates on the above dates.
Testing – How can I test these changes?
Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal endpoints receiving a connection timeout or certificate error response.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns. Please refer to the knowledge article titled "DigiCert MTLS RDX Certificate Update 2026" for the full certificate chain on the Visa Support Hub. A login is required to access the article: https://visasupporthub.visaonline.com/en-US/knowledgearticle/?code=KA-09914#t=All. You may also contact support or your account manager if you require the full Cert Chain.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Jan 28, 2026 12:00 - Apr 3, 2026 20:00 EDT
The Leaf certificates that are expiring are the client certificates sent by VISA to your endpoint as part of the mutual TLS (MTLS) handshake for RDX, ADX, or Oauth connections.
Please review the certs below to see if they are in use with your VCAS connection.
The expiring STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Serial Number: 0d:d1:c3:f3:51:d6:14:49:b0:70:2f:5e:c0:d1:4a:47
Date of Replacement: February 26, 2026 10:00 EDT
Date of Expiry: March 28, 2026 18:59:50 EDT
The new STAGING leaf certificate details:
Common Name (CN): rdxstag.cardinalcommerce.com
Date of Replacement: February 26, 2026 10:00 EDT
Date of Expiry: February 20, 2027 6:59:59 EDT
The expiring PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 0e:ad:8d:09:10:2f:51:d8:0f:b6:14:ee:c1:75:f0:a1
Date of Replacement: March 5, 2026 10:00 EDT
Date of Expiry: April 3, 2026 18:59:59 EDT
The new PRODUCTION leaf certificate details:
Common Name (CN): rdx.cardinalcommerce.com
Serial Number: 02:95:85:5b:19:01:d1:1c:db:f3:15:60:6d:d9:f4:99
Date of Replacement: March 5, 2026 10:00 EDT
Date of Expiry: February 22, 2027 6:59:59 EDT
The Intermediate CA and Root CA will remain the same:
Intermediate Certificate Details:
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root Certificate Details:
Common Name (CN): DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Customer Responsibilities:
If you trust on the leaf certificate, we will have to coordinate the switchover with your connection. Please contact your local VCAS support and/or account manager to coordinate this change.
If you require coordination, we will schedule a time to switch over the leaf certificate. It is imperative that the migration occur before certificate expiration, otherwise RDX services will be impacted.
If you do not require coordination, we will be performing the switchover to the new client certificates on the dates specified above.
If you trust on the Intermediate and Root CA certificate, you do not need to make any modifications. If you do not require coordination, we will be performing the switchover to the new client certificates on the above dates.
Testing – How can I test these changes?
Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal endpoints receiving a connection timeout or certificate error response.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns. Please refer to the knowledge article titled "DigiCert MTLS RDX Certificate Update 2026" for the full certificate chain on the Visa Support Hub. A login is required to access the article: https://visasupporthub.visaonline.com/en-US/knowledgearticle/?code=KA-09914#t=All. You may also contact support or your account manager if you require the full Cert Chain.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Jan 28, 2026 12:00 - Apr 3, 2026 20:00 EDT
Update - Scheduled maintenance is still in progress. We will provide updates as necessary.
Jan 27, 2026 - 16:48 EST
Jan 27, 2026 - 16:48 EST
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jan 27, 2026 - 16:00 EST
Jan 27, 2026 - 16:00 EST
Scheduled - CardinalCommerce will be updating a certificate that is set to expire on March 24, 2026. The leaf certificate will be updated on March 10, 2026.
The certificate that is expiring is the wildcard server certificate used on most of Cardinal’s externally facing sites.
The expiring certificate details:
Common Name (CN): *.cardinalcommerce.com
Serial Number: 0e:fe:06:35:d2:9c:9f:d5:6d:eb:af:2c:63:6d:84:b9
Date of Expiry: 03/24/2026
The new leaf certificate is:
Common Name (CN): *.cardinalcommerce.com
Serial Number: 05:6a:e3:77:86:ef:f2:bf:09:b3:13:22:f2:0d:ef:6c
Date of Expiry: 02/21/2027
*Please request chain from our support team if needed
Intermediate Certificate Details (remain the same):
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root Certificate Details (remain the same):
Common Name (CN): DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Customer Responsibilities:
If you trust on the leaf certificate, you need to ensure the new server certificate is loaded in your trust store prior to March 10, 2026.
It is imperative that we perform the testing and or migration before certificate expiration on March 24, 2026, otherwise services may be impacted.
When do these changes take place?
The new certificate will be updated in our production environment on Tuesday, March 10, 2026 at 10:00 AM EST.
Testing – How can I test these changes?
Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal endpoints receiving a connection timeout or certificate error response.
Contact Information:
Should you have any questions or concerns regarding this notice, please reach out to our support team at Support@cardinalcommerce.com.
We sincerely appreciate your attention to this matter and your continued trust in our services.
Jan 27, 2026 16:00 - Mar 24, 2026 21:00 EDT
The certificate that is expiring is the wildcard server certificate used on most of Cardinal’s externally facing sites.
The expiring certificate details:
Common Name (CN): *.cardinalcommerce.com
Serial Number: 0e:fe:06:35:d2:9c:9f:d5:6d:eb:af:2c:63:6d:84:b9
Date of Expiry: 03/24/2026
The new leaf certificate is:
Common Name (CN): *.cardinalcommerce.com
Serial Number: 05:6a:e3:77:86:ef:f2:bf:09:b3:13:22:f2:0d:ef:6c
Date of Expiry: 02/21/2027
*Please request chain from our support team if needed
Intermediate Certificate Details (remain the same):
Common Name (CN): DigiCert Global G2 TLS RSA SHA256 2020 CA1
Serial Number: 0c:f5:bd:06:2b:56:02:f4:7a:b8:50:2c:23:cc:f0:66
Root Certificate Details (remain the same):
Common Name (CN): DigiCert Global Root G2
Serial Number: 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
Customer Responsibilities:
If you trust on the leaf certificate, you need to ensure the new server certificate is loaded in your trust store prior to March 10, 2026.
It is imperative that we perform the testing and or migration before certificate expiration on March 24, 2026, otherwise services may be impacted.
When do these changes take place?
The new certificate will be updated in our production environment on Tuesday, March 10, 2026 at 10:00 AM EST.
Testing – How can I test these changes?
Customers are encouraged to work with their network teams to ensure they can support the updated certificates.
No new parameters or fields are required for these changes. If you do not trust the new certificate, you will be unable to connect to Cardinal endpoints receiving a connection timeout or certificate error response.
Contact Information:
Should you have any questions or concerns regarding this notice, please reach out to our support team at Support@cardinalcommerce.com.
We sincerely appreciate your attention to this matter and your continued trust in our services.
Jan 27, 2026 16:00 - Mar 24, 2026 21:00 EDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jan 08, 2026 - 00:00 EST
Jan 08, 2026 - 00:00 EST
Scheduled - Dear Customer,
This is a critical service reminder from CardinalCommerce/Visa for Cardinal Consumer Authentication (CCA). You must migrate to the new CCA endpoints or trust new IPs to avoid service disruption.
Key Dates & Impact
NOVEMBER 14, 2025 - Effective this date, all CCA API keys have been mapped to support their use against the new Visa transaction endpoints. Please note this applies to both Staging/CAS and Production endpoints (".cardinaltrusted.com"). Clients will need to initiate migration as soon as possible to avoid key expiry.
JANUARY 07, 2026 – STAGING (Test) Environment Cutover will begin.
As previously communicated all legacy Cardinal endpoints are changing (https://developer.cardinaltrusted.com/docs/pilot-migration-program). All customers using trust listings for outbound traffic will need to include the following IP addresses:
--New for both STAG/PROD:
198.217.251.250
198.217.251.251
198.241.173.0/24
198.241.176.0/24
--Current/Legacy:
198.217.252.0/24 (East-Coast) - 198.217.252.23
198.217.253.0/24 (Mid-West) - 198.217.253.23
--Transaction processing in STAGING will break if migration to new endpoints is not completed.
MARCH 02, 2026 – PRODUCTION Environment Cutover
--Shortly after legacy STAGING is decommissioned, Legacy Cardinal Production endpoints will be decommissioned
--Contact Cardinal Support for assistance in configuring your Production account with us.
--You must complete migration in advance to avoid production customer transaction failures.
Immediate Next Steps
1. Email or call your CCA Implementation Manager or contact Support.
2. Schedule your migration and testing in STAGING now.
3. Confirm with CCA Implementation or Support when testing is complete so Production enablement can be performed.
Potential Consequences of Delaying Action
--Service disruption
--Inability to process transactions
--Potential business impact to your payment operations
Please act immediately — migration work can be done now, and our team is ready to assist. Update your transaction endpoints well ahead of the 2026 deadline to limit any risk of unintended disruption.
Please contact support@cardinalcommerce.com or our support site (https://support.cardinalcommerce.com) if you have any questions or concerns.
Jan 8, 2026 00:00 - Mar 9, 2026 01:00 EDT
This is a critical service reminder from CardinalCommerce/Visa for Cardinal Consumer Authentication (CCA). You must migrate to the new CCA endpoints or trust new IPs to avoid service disruption.
Key Dates & Impact
NOVEMBER 14, 2025 - Effective this date, all CCA API keys have been mapped to support their use against the new Visa transaction endpoints. Please note this applies to both Staging/CAS and Production endpoints (".cardinaltrusted.com"). Clients will need to initiate migration as soon as possible to avoid key expiry.
JANUARY 07, 2026 – STAGING (Test) Environment Cutover will begin.
As previously communicated all legacy Cardinal endpoints are changing (https://developer.cardinaltrusted.com/docs/pilot-migration-program). All customers using trust listings for outbound traffic will need to include the following IP addresses:
--New for both STAG/PROD:
198.217.251.250
198.217.251.251
198.241.173.0/24
198.241.176.0/24
--Current/Legacy:
198.217.252.0/24 (East-Coast) - 198.217.252.23
198.217.253.0/24 (Mid-West) - 198.217.253.23
--Transaction processing in STAGING will break if migration to new endpoints is not completed.
MARCH 02, 2026 – PRODUCTION Environment Cutover
--Shortly after legacy STAGING is decommissioned, Legacy Cardinal Production endpoints will be decommissioned
--Contact Cardinal Support for assistance in configuring your Production account with us.
--You must complete migration in advance to avoid production customer transaction failures.
Immediate Next Steps
1. Email or call your CCA Implementation Manager or contact Support.
2. Schedule your migration and testing in STAGING now.
3. Confirm with CCA Implementation or Support when testing is complete so Production enablement can be performed.
Potential Consequences of Delaying Action
--Service disruption
--Inability to process transactions
--Potential business impact to your payment operations
Please act immediately — migration work can be done now, and our team is ready to assist. Update your transaction endpoints well ahead of the 2026 deadline to limit any risk of unintended disruption.
Please contact support@cardinalcommerce.com or our support site (https://support.cardinalcommerce.com) if you have any questions or concerns.
Jan 8, 2026 00:00 - Mar 9, 2026 01:00 EDT
Visa Consumer Authentication Service (VCAS) Customer Data Center Migration | Visa Directory Server Cutover Notification
Subscribe
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jan 07, 2026 - 11:30 EST
Jan 07, 2026 - 11:30 EST
Scheduled - As communicated in our February 6, 2025 Visa Business News (VBN-AI14914), VCAS Status Page, and VCAS Updates email, VCAS will be migrating to the Visa U.S. data centers. The next milestone of this migration is to update the Visa Directory Server on behalf of our customers with a new ACS URL and Method URL. The new VCAS ACS URL and Method URL will start sending authentication requests through the Visa data center to the CardinalCommerce data center. Since authentication requests will still be processed at the Cardinal data center as they are today, there will be no change to your connection to VCAS. This first cutover will allow us to have more control, speed, flexibility, and reduce the risk of the actual data center migration for our customers later this year.
There will be additional communications on the other networks we support: Mastercard, Discover, ELO, eftpos, UPI, American Express, and JCB.
There is no action you need to take for the Visa Directory Server update.
After the Visa Directory Server cutover (dates listed below), instead of your cardholder’s authentication requests going directly to the CardinalCommerce data center, they will first go through the Visa data center (see diagram below). There is no impact on how you are integrated with VCAS today. The adjustments will take place between the Visa Directory Server and VCAS, changing the way transactions are initially routed to VCAS.
We are notifying you, our customer, so you can mark the date based on your region and perform additional monitoring, if you would like. The Visa and VCAS Teams will be monitoring each of these cutovers to ensure a smooth transition. We do not expect there to be any downtime during this change. If there are any concerns, we will use our status page to communicate.
Visa Directory Server Update Dates
LAC:
February 3rd, 2026
February 5th, 2026
AP:
February 10th, 2026
February 12th, 2026
CEMEA:
February 17th, 2026
NA:
February 24th, 2026
All (any remaining ranges not cutover yet):
March 5th, 2026
Visa will use the following channels to communicate data center migration updates and strongly recommends VCAS users subscribe to ensure receipt of migration-related communications and notifications.
•VCAS Status Page / CardinalCommerce Status (https://cardinalcommercecorporation.statuspage.io): This status page is primarily used to communicate planned and unplanned events that may impact operational status.
•The Visa.com Opt-in to VCAS updates page (https://globalclient.visa.com/Opt-inToVCASUpdatesToday): This is primarily for new VCAS product information, updates and educational opportunities. Visa will also use this channel to communicate data center migration updates via email.
Reminder: Two Possible Readiness Actions Based on Your VCAS Solution
As a reminder, based on your VCAS solution, there are two potential readiness actions you need to take prior to July 1st, 2026.
Trust IP Ranges
VCAS users that have integrated Real-time Data Exchange (RDX) or Authentication Data Exchange (ADX) APIs will need to:
•Trust the following IP subnet ranges (preferred):
198.241.177.0/24
198.241.169.0/24
•If the full IP ranges cannot be trusted, the below IPs should be trusted (minimum requirement):
198.241.177.108
198.241.177.109
198.241.169.24
198.241.169.34
•Continue to trust current IP addresses until the migration is complete
198.217.252.0/24
198.217.253.0/24
•VCAS will be conducting tests throughout the Readiness and Migration Phases to ensure our customers are trusting the new IPs. Please do not block the IPs if you see connectivity trusts.
Request a Project
VCAS users that use file transfer services (Secure File Transfer Protocol [SFTP] Reporting, File Processor or Bulk Confirmed Marking will need to request a project using the Visa Support Hub (https://visasupporthub.visaonline.com) via Visa Access (formerly Visa Online) or their Customer Success Manager (CSM).
The objective of this project is to establish connectivity between the user’s system and the Visa File Exchange Service (VFES). A secondary project will be needed to complete the actual data center migration; this secondary project will include testing the files before sending traffic to the Visa data center.
Visit the Visa Support Hub to search for answers to your questions and create a case, if needed. Otherwise:
• Global and LAC – Visa Support Hub Portal (https://visasupporthub.visaonline.com)
• AP - Isupport@visa.com
• CEMEA - csupport@visa.com
• EU - customersupport@visa.com
• NA - esupport@visa.com
Jan 7, 2026 11:30 - Mar 12, 2026 08:30 EDT
There will be additional communications on the other networks we support: Mastercard, Discover, ELO, eftpos, UPI, American Express, and JCB.
There is no action you need to take for the Visa Directory Server update.
After the Visa Directory Server cutover (dates listed below), instead of your cardholder’s authentication requests going directly to the CardinalCommerce data center, they will first go through the Visa data center (see diagram below). There is no impact on how you are integrated with VCAS today. The adjustments will take place between the Visa Directory Server and VCAS, changing the way transactions are initially routed to VCAS.
We are notifying you, our customer, so you can mark the date based on your region and perform additional monitoring, if you would like. The Visa and VCAS Teams will be monitoring each of these cutovers to ensure a smooth transition. We do not expect there to be any downtime during this change. If there are any concerns, we will use our status page to communicate.
Visa Directory Server Update Dates
LAC:
February 3rd, 2026
February 5th, 2026
AP:
February 10th, 2026
February 12th, 2026
CEMEA:
February 17th, 2026
NA:
February 24th, 2026
All (any remaining ranges not cutover yet):
March 5th, 2026
Visa will use the following channels to communicate data center migration updates and strongly recommends VCAS users subscribe to ensure receipt of migration-related communications and notifications.
•VCAS Status Page / CardinalCommerce Status (https://cardinalcommercecorporation.statuspage.io): This status page is primarily used to communicate planned and unplanned events that may impact operational status.
•The Visa.com Opt-in to VCAS updates page (https://globalclient.visa.com/Opt-inToVCASUpdatesToday): This is primarily for new VCAS product information, updates and educational opportunities. Visa will also use this channel to communicate data center migration updates via email.
Reminder: Two Possible Readiness Actions Based on Your VCAS Solution
As a reminder, based on your VCAS solution, there are two potential readiness actions you need to take prior to July 1st, 2026.
Trust IP Ranges
VCAS users that have integrated Real-time Data Exchange (RDX) or Authentication Data Exchange (ADX) APIs will need to:
•Trust the following IP subnet ranges (preferred):
198.241.177.0/24
198.241.169.0/24
•If the full IP ranges cannot be trusted, the below IPs should be trusted (minimum requirement):
198.241.177.108
198.241.177.109
198.241.169.24
198.241.169.34
•Continue to trust current IP addresses until the migration is complete
198.217.252.0/24
198.217.253.0/24
•VCAS will be conducting tests throughout the Readiness and Migration Phases to ensure our customers are trusting the new IPs. Please do not block the IPs if you see connectivity trusts.
Request a Project
VCAS users that use file transfer services (Secure File Transfer Protocol [SFTP] Reporting, File Processor or Bulk Confirmed Marking will need to request a project using the Visa Support Hub (https://visasupporthub.visaonline.com) via Visa Access (formerly Visa Online) or their Customer Success Manager (CSM).
The objective of this project is to establish connectivity between the user’s system and the Visa File Exchange Service (VFES). A secondary project will be needed to complete the actual data center migration; this secondary project will include testing the files before sending traffic to the Visa data center.
Visit the Visa Support Hub to search for answers to your questions and create a case, if needed. Otherwise:
• Global and LAC – Visa Support Hub Portal (https://visasupporthub.visaonline.com)
• AP - Isupport@visa.com
• CEMEA - csupport@visa.com
• EU - customersupport@visa.com
• NA - esupport@visa.com
Jan 7, 2026 11:30 - Mar 12, 2026 08:30 EDT
About This Site
Welcome to the CardinalCommerce status page. We use this page to communicate any issues with our products including planned and unplanned outages.
Securing your transactions is our top priority.
Cardinal Consumer Authentication (3DS)
Operational
Cardinal API
Operational
Cardinal Hybrid API
Operational
Merchant Portal
Operational
VCAS Issuer Services
Operational
The Real-time Data Exchange (RDX)
Operational
File Processor
Operational
Authentication Data Exchange (ADX)
Operational
Reporting Extract
Operational
VCAS Portal
Operational
PayPal
Operational
Status Page
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Scheduled Maintenance
Centinel Standard Network and Database Server Maintenance Mar 9, 2026 08:00 - Mar 12, 2026 20:00 EDT
CardinalCommerce will be performing database system improvements starting at 12:00 UTC on March 9, 2026, through 23:59 UTC on March 12, 2026. During this time, we will apply the most recent network and database patches as well as targeted security enhancements to prevent new exploits from being used against our systems.
We perform monitoring and testing of the updates during Cardinal business hours, while we are fully staffed from a support and network operations standpoint.
This is being performed in a high availability mode and should have no impact to transaction processing. While no transaction impact is anticipated during this maintenance you may experience a few periods of network latency.
We appreciate your partnership as we continue improving the stability and security of our platform. If you have questions or would like support preparing for this change, our team is here to help.
Please do not hesitate to contact support@cardinalcommerce.com or our support site (https://support.cardinalcommerce.com) if you have any questions or concerns.
Posted on Feb 26, 2026 - 17:48 EST
We perform monitoring and testing of the updates during Cardinal business hours, while we are fully staffed from a support and network operations standpoint.
This is being performed in a high availability mode and should have no impact to transaction processing. While no transaction impact is anticipated during this maintenance you may experience a few periods of network latency.
We appreciate your partnership as we continue improving the stability and security of our platform. If you have questions or would like support preparing for this change, our team is here to help.
Please do not hesitate to contact support@cardinalcommerce.com or our support site (https://support.cardinalcommerce.com) if you have any questions or concerns.
Posted on Feb 26, 2026 - 17:48 EST
VCAS/Issuer Services Standard Network and Database Server Maintenance Mar 12, 2026 08:00 - Mar 16, 2026 08:00 EDT
CardinalCommerce will be performing network and database system maintenance starting at 12:00 UTC on March 12, 2026, through 12:00 UTC on March 16, 2026.
During this window we will apply the most recent network and database updates for optimal performance and to prevent new exploits from being used against our VCAS systems.
This is being performed in high availability mode and should have no impact to transaction processing. While no transaction impact is anticipated during this maintenance you may experience a few periods of network latency. During this time, we will be fully staffed from a support and network operations standpoint to perform monitoring and testing.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Posted on Feb 26, 2026 - 17:50 EST
During this window we will apply the most recent network and database updates for optimal performance and to prevent new exploits from being used against our VCAS systems.
This is being performed in high availability mode and should have no impact to transaction processing. While no transaction impact is anticipated during this maintenance you may experience a few periods of network latency. During this time, we will be fully staffed from a support and network operations standpoint to perform monitoring and testing.
Please do not hesitate to contact your Local VISA support if you have any questions or concerns.
VISA Local Support Channels by Region
Global and LAC - VISA Support Hub Portal (https://visasupporthub.visaonline.com)
AP - Isupport@visa.com
CEMEA - csupport@visa.com
EU - customersupport@visa.com
NA - esupport@visa.com
Posted on Feb 26, 2026 - 17:50 EST