From GARS to VARS: Adapting to Visa’s New Acquirer Risk Standards

As the landscape of merchant payment acceptance continues to evolve with the growth of digital channels and intermediaries, the complexity of payment systems has increased. Acquirers now play a central role in ensuring secure transactions while managing the risks associated with facilitating access to global card payment networks. 

With this increased complexity comes the responsibility to comply with evolving risk control frameworks, such as the Visa Acceptance Risk Standards (VARS). VARS, which replaces the previous Visa Global Acquirer Risk Standards (GARS), is designed to safeguard the Visa payment system by outlining the responsibilities of participants and helping Acquirers manage the risks in this dynamic environment.

What is VARS?

The Visa Acceptance Risk Standards (VARS) is a comprehensive risk control framework that aims to protect the integrity of the Visa payment system. VARS has evolved from the Visa Global Acquirer Risk Standards (GARS), expanding its scope to address a broader range of risks and payment acceptance models. It sets the requirements for all participants within the Visa ecosystem, including direct participants such as Acquiring Entities and Money Movement Entities, and indirect participants like Third-Party Agents (TPAs), Merchants, and Third-Party Reviewers.

VARS provides a set of guidelines to help these stakeholders understand their responsibilities, manage risk events, and maintain the integrity of the payment system. Compliance with VARS ensures that businesses can continue to innovate while maintaining a secure environment for transactions.

Acquirer Responsibilities Under VARS

VARS offers a detailed framework that helps Acquirers manage and mitigate the risks associated with the payment system. Acquirers are required to:

• Understand their obligations: Acquirers must comprehend their responsibilities to the Visa payment system and ensure that necessary controls are in place.
• Implement required and recommended controls: VARS outlines the essential controls that Acquirers need to adopt to safeguard the system. Where applicable, they are encouraged to implement additional recommended controls.
• Manage relationships with Merchants and Third-Party Agents (TPAs): Acquirers must carefully manage these relationships to ensure that risks are minimised. This is especially important for third-party agents who play a key role in onboarding and managing merchants.
• Mitigate payment security risks: A key focus of VARS is on managing risks related to payment security, such as fraud, and ensuring system integrity.

Expanded Risk Assessment Framework

VARS provides a robust risk assessment framework that addresses a wide range of payment processing models. It includes acquirers processing for:

• Merchants only
• Third-Party Agents (TPAs)
• High-Risk Transaction Merchants
• ATMs
• Visa Direct transactions

This expanded scope ensures that all types of acquirers, including those working with high-risk merchants or third-party agents, have the necessary tools to manage their portfolios effectively. VARS also emphasizes compliance with Visa’s regulations, ensuring that any risks identified are addressed through appropriate remediation.

Comparison with GARS

While GARS focused more heavily on the third-party agent model, VARS broadens its approach to encompass all payment processing models within the Visa ecosystem. The introduction of VARS reflects Visa’s commitment to addressing evolving risks across a diverse range of payment acceptance methods, providing a more comprehensive risk control framework. The focus on acquirer responsibility remains central, but VARS expands to cover a wider range of business, operational, and legal risks that affect the overall integrity of the payment system.

Conclusion

Visa’s VARS framework plays a crucial role in ensuring the security and integrity of the payment system, protecting both financial and reputational interests. By adhering to VARS, acquirers, merchants, and third-party agents can effectively manage risk, safeguard customer trust, and foster a secure environment for payment transactions. As payment models become more diverse, VARS provides the necessary tools to navigate the evolving landscape of payment security, ensuring compliance with Visa’s standards and reducing the risk of financial and operational disruption.

How AJC Can Help

AJC has been selected to pilot the first VARS review next year, reflecting our expertise in examining and evaluating risk mitigation approaches. We guide acquirers and third-party agents through their risk remediation journey with an unbiased view, offering realistic and proportionate recommendations tailored to the specific risks involved. Whether you need to assess your compliance with VARS or require support in implementing necessary controls, AJC is here to help ensure the security and integrity of your payment processing operations. Find out more.

Please contact us on 020 7101 4861 if you think we can help.

Image accreditation: Kaboompics.com (August 2020) on Pixels.com. Last accesses on 11th December 2024. Available at: https://www.pexels.com/photo/a-person-paying-cashless-using-credit-card-5239818/