In a recent turn of events, the Consumer Financial Protection Bureau (CFPB) revealed plans to rescind its May 2024 interpretive rule that would have classified some Buy Now, Pay Later (BNPL) products under the same regulatory framework as credit cards. This decision has left many in the FinTech and retail sectors wondering about the ramifications for compliance, product design, and consumer experiences.

All Acquirers must satisfy the control requirements under AACQ, irrespective of any additional archetype(s). This fundamental principle ensures that, no matter what the operating model, every Acquirer consistently adheres to the baseline standards needed to safeguard the payments ecosystem. Moreover, Acquirers must also meet the additional control requirements specific to their respective archetypes, reflecting the nuanced risks and obligations each model entails.

As of this writing, there is no finalized “Credit Card Competition Act 2025.” What has existed are various proposals, often referred to under this name, introduced in several congressional sessions. The following points assume a future scenario in which an expanded version of this Act is passed, leading to significant implications for Acquirers.

Ultimately, the new Risk Taxonomy in the Visa Acceptance Risk Standards exemplifies Visa’s proactive stance on protecting the integrity of global commerce. By clearly defining and compartmentalizing risks, this framework encourages a more resilient, cohesive, and forward-thinking payments ecosystem—one where acquirers, issuers, and merchants can operate with greater confidence and agility.

In an era of increasing cyber threats and complex regulatory expectations, understanding the difference between mandatory and recommended controls is pivotal. Compliance with mandatory requirements is non-negotiable, but leveraging recommended controls can elevate a business’s risk management strategy. By integrating both sets of controls, merchants underscore their dedication to a safer transaction environment—ultimately benefiting their brand, their customers, and the broader payments ecosystem. In the future, the payments industry that adopt recommended measures will be better positioned to adapt to evolving threats and maintain trust across the digital commerce landscape. An integrated approach ensures businesses remain resilient in an evolving ecosystem.

Visa’s recent update to require an Acquirer to check the Terminated Merchant File (TMF) before onboarding a new merchant signals a significant change in the payments industry. The TMF contains merchants who have been flagged for violations or fraudulent activity in the past, serving as a safeguard against risky partnerships. By making this check mandatory, Visa aims to foster a more secure ecosystem, reduce financial fraud, and protect both the Acquirer and its broader network.