The new Visa Integrity Risk Program (VIRP) became effective May 1, 2023, to replace what was previously the Visa Global Brand Protection Program (GBPP). Read more to understand how these programs differ, and what merchant acquirers who operate in high-risk industries or verticals need to know. Then sign up for our upcoming VIRP webinar.
How Does the New Visa Integrity Risk Program (VIRP) Differ From The Visa Global Brand Protection Program (GBPP)?
Visa’s compliance program addressing the reputational risk and potential brand damage associated with acquiring merchants in high-risk verticals or industries, the Visa Global Brand Protection Program (GBPP), is being replaced by the Visa Integrity Risk Program (VIRP).
According to the Visa Integrity Risk Program Guide, “VIRP ensures that Acquirers, and their designated agents, maintain proper controls and oversight processes to deter illegal transactions from entering the Visa Payment System.”
“Visa is updating and enhancing requirements for Acquirers and their agents who sponsor High Integrity Risk Merchants, as a result of the rapidly expanding payment ecosystem.”
Three major changes distinguish GBPP from VIRP — let’s explore those differences.
The Visa Integrity Risk Program Modernized the Language for High-Risk Merchants
Previously, “High-Brand Risk Merchants” were generally classified as types of merchants that posed a high level of brand risk when processing card-not-present transactions.
Now, “Visa designates Merchants as High Integrity Risk when those Merchants operate in business types that are legal, but without proper controls or are at heightened risk of processing transactions for activities that may not be legal. … High Integrity Risk Merchants are classified by business type and the level of risk they pose to the ecosystem.”
Additionally, High Integrity Risk Merchants are required to register into one of three tiers and are subject to control assessments.
Three Tier Levels for High Integrity Risk Merchants
According to the Visa Integrity Risk Program guide, “High Integrity Risk Merchants designated as ‘Tier 1’ are those that operate businesses where there is a higher risk of illegal activity occurring without proper controls and that potential illegal activity could — either directly or by association — cause significant harm to the health, safety and/ or wellbeing of individuals.”
Tier 1 industries include but may not be limited to:
- MCC 5967 (adult content)
- MCC 7273 (dating and escort services)
- MCC 7995 (gambling)
- And MCC 5122, 5912 (pharmacies)
According to Visa, “High Integrity Risk Merchants designated as ‘Tier 2’ are ones that operate businesses where there is a higher risk of illegal activity occurring without proper controls and the potential illegal activity could cause financial or other economic harm to individuals.”
Tier 2 industries include but may not be limited to:
- MCC 6051, 6012, with transactions required to use Special Condition Code 7 (crypto merchants)
- MCC 4816 (cyberlockers and similar remote digital file-sharing services)
- MCC 5816 (card absent, games of skill)
Finally, “High Integrity Risk Merchants designated as ‘Tier 3’ are those that operate businesses outside of Tier 1 and 2, where there is a higher risk for non-compliance with applicable regulations or deceptive marketing practices without appropriate controls.”
Tier 3 industries include but may not be limited to:
- MCC 6211 (card absent, high integrity risk financial trading platforms)
- MCC 5966 (card absent, outbound telemarketing)
- MCC 5968 (card absent, subscription “Negative Option” merchants)
- MCC 5993 (cross border, card absent, tobacco sales)
High Integrity Risk Merchant Acquirers Are Subject to Visa Control Assessments
New Tier 1 and Tier 2 merchant acquirers must undergo a Visa control assessment by a Visa designee who evaluates the business type and the types of merchants they intend to acquire.
According to Visa’s guide, if an acquirer was previously registered under the GBPP and processed payments for merchants within VIRP merchant categories as far back as one year prior — they can continue to acquire for those types of merchants but will also be subjected to a periodic control assessment based on merchant category type.
Register for Our VIRP Webinar to Learn More
Looking to get your questions about VIRP answered? Join us Wednesday, June 28, for a webinar in which we'll review the key differences of this new program and answer common questions about VIRP, such as:
- What’s changing and why does it matter?
- Are there any new content areas to know about?
- What is the new tier structure and how does it work?
- What if I was previously registered under GBPP?
- How has the fine structure changed?
Continue your learning by visiting our Merchant Monitoring Resource Center for the best tools and approaches to mitigating risk in high-risk verticals or industries, and learn about the essential components of demonstrating compliance.
Source: Visa Integrity Risk Program guide dated April 6, 2023
