Update on Visa’s new Standards for Third Party Compliance

Visa’s retirement of the Global Acquiring Risk Standards (GARS) and introduction of the new Visa Acceptance Risk Standards (VARS) signals a significant shift in how acquiring banks, payment facilitators, and other stakeholders manage risk and ensure compliance. The overarching goal remains to protect the payments ecosystem from fraud and reputational harm, but VARS introduces a more dynamic framework that places a stronger emphasis on third-party oversight.

Under GARS, acquirers were responsible for establishing measures to mitigate excessive risk from their merchant portfolios, but the guidelines did not always provide in-depth direction for monitoring third-party relationships. VARS, on the other hand, outlines a more comprehensive set of responsibilities for acquirers and their partners. This updated approach addresses the growing complexity of e-commerce and the diverse range of third parties—such as payment facilitators, marketplaces, and software providers—that play an increasingly integral role in processing transactions.

For third-party compliance, the changes mean enhanced due diligence processes, ongoing monitoring, and clearly documented accountability. Acquirers must now demonstrate robust controls and regularly assess third-party policies, procedures, and operational integrity. In turn, third parties must be prepared to meet higher standards, including rigorous security protocols, clear transaction disclosures, and stronger fraud-prevention measures.

These changes reflect Visa’s commitment to reducing risk across the entire payment’s ecosystem. The VARS framework empowers acquirers to more effectively manage evolving threats while ensuring that third parties remain compliant with rising regulatory and consumer expectations. In today’s interconnected payments landscape, proactive and transparent third-party compliance is not merely best practice, it’s essential for sustainable growth.