Visa has announced a series of mandates updating how banks and fintechs manage transaction data, cardholder controls, and recurring payments. The changes follow similar regulatory steps taken by Mastercard and aim to improve transparency, consumer trust, and digital control in the European payment ecosystem. In short, mandatory requirements include DBA (Doing Business As) merchant name, address, phone number, and official website.
Deadlines: Subscription management and cardholder controls by 18 April 2026; enhanced merchant data by 23 January 2027. Outcome: fewer unrecognised charges, fewer friendly-fraud disputes, and tighter self-service control. Tapix provides production-grade data so banks and fintechs can present compliant, recognisable details at scale across Visa and Mastercard. Follow our guide to know exactly what to do.
Structure You Need to Build
Visa is explicit. First, you must show enhanced merchant data in digital channels: merchant name, the street address for card-present transactions, and the merchant’s primary phone and website where applicable. This applies to card-present and card-not-present transactions, and it must be easy to find inside mobile or web banking.
Excluded countries: Andorra, Austria, Bear Island, Channel Islands, Cyprus, Estonia, Faroe Islands, Gibraltar, Greenland, Iceland, Isle of Man, Israel, Latvia, Liechtenstein, Lithuania, Malta, Monaco, San Marino, Türkiye and Vatican City.
Second, you must implement subscription management. Your UI must identify recurring, installment, and unscheduled credential-on-file transactions. You must let customers place and remove stop instructions against specific merchants and use the correct decline responses when a stop causes a refusal. You must also tell users when contractual cancellation with the merchant is still required.
Included countries: Belgium, Croatia, Czech Republic, France, Hungary, Italy, Luxembourg, Poland, Republic of Ireland, Romania, Slovakia, Slovenia and the United Kingdom.
Third, you must expose cardholder controls. Customers need to freeze and unfreeze cards and temporarily block, unblock, or limit card-present and ATM cash transactions from your app or web interface. It must also be stated that these are user-driven controls, not issuer declines.
Required Data Points at the Glance
A merchant name: The trading-as/DBA name that the cardholder recognises as the public-facing brand, rendered in digital banking for both card-present and card-not-present transactions. This is not an acquirer descriptor, gateway string, or legal entity suffix. Visa requires it to support post-purchase clarity and dispute reduction.
Merchant street address: The physical street address of the merchant location, required for card-present transactions and presented in digital channels so the cardholder can verify place-of-purchase. Not required for card-not-present.
Primary phone number: The merchant’s primary phone number, where applicable, surfaced in digital banking so cardholders can contact the merchant directly. Visa lists this as a required enhanced data element “as applicable” alongside name, address (CP only), and website.
Merchant website: The merchant website, where applicable, exposed in digital channels to help the cardholder confirm the merchant and self-serve tasks like cancellations or returns. Required as part of the enhanced-merchant-data package for both CP and CNP transactions.
Tapix delivers a compliance-ready merchant profile per transaction by canonicalising the merchant name, resolving store-level addresses for card-present events, and attaching verified phone and website details. Where UX demands more than the rule text, Tapix adds high-match logos, category normalisation, and market-specific naming so recognition is immediate in any language. The net effect is a feed that stops “what is this charge?” before it becomes a ticket or a dispute.
Go Beyond the Requirements
The best part? You can use Visa’s rules as the floor, not the ceiling. The mandate fixes minimum clarity; the real gains come from richer context that prevents confusion before it becomes a ticket or a dispute. Specialised transaction enrichment companies like Tapix provide this context through additional data points. See how you can go beyond the requirements if you choose the specialised provider:
- GPS location
- Purchase category (grocery, footwear, restaurant, etc.)
- Payment gateway attribution
- Google Place ID
- CO2 footprint
More payment context means higher transparency, fewer “unrecognised” claims, fewer disputes, better UX and loyalty, and clear economic upside for issuers.
Visa’s enhanced-data, subscription, and control requirements raise the baseline. Meeting them is necessary; exceeding them with richer context is what actually makes a difference.
Subscription Management and What’s Next
Besides the enhanced merchant data, there’s more to come. Next time, we’ll show how to label subscriptions correctly (recurring, installment, subscriptions), keep a clean “entitlement” record so stops hit the right merchant, wire in working contact links for cancellations, and make card controls behave as promised (freeze, in-store, ATM, and wallets).
Visa and Mastercard have moved clarity and control from optional to mandatory. Compliance now means accurate merchant identity and contacts, reliable subscription labelling with precise stops, and deterministic cardholder controls. The real constraint is data quality, not UI. Fix the data at the source, meet the deadlines, cut disputes, and convert post-purchase ambiguity into durable trust and operational efficiency.
For more details on how enrichment solutions can benefit your bank, explore the Tapix offerings.
