Payment card networks like Visa, Mastercard, Elo, and RuPay have mandates — rules, requirements, and deadlines that govern how banks, merchants, processors, and service providers must operate in their payment ecosystems.

These mandates cover security, technology upgrades, compliance, data handling, and fraud prevention — and are usually required if you want to remain in good standing with the network.

Card network mandates apply to:

• Issuers (banks that issue cards)
• Acquirers (merchant banks)
• Merchants (retailers, e-commerce platforms)
• Payment processors and gateways
• Third-party service providers
• ATM operators and fintechs (Pismo)

Card network mandate categories

Here are the most common mandate categories.

Security and fraud prevention

• EMV chip adoption—Mandates the move from magstripe to Europay, Mastercard and Visa (EMV) chip cards to reduce counterfeit fraud.
• Payment Card Industry Data Security Standard (PCI DSS) compliance—Mandates secure storage and handling of cardholder data.
• Tokenization—Requirements for replacing Primary Account Numbers (PAN)s with tokens in mobile wallets (like Apple Pay, Google Pay).
• 3D Secure (3DS 2.x)—Mandates support for advanced cardholder authentication.
• Real-time fraud monitoring— Requirements to have systems that can detect and stop fraud instantly.

Authentication

• Strong customer authentication (SCA) (in Europe)—Payment Services Directive (PSD2) mandated, but enforced via Visa/Mastercard mandates.
• 3DS 2.2+ mandate deadlines—Card networks have set deadlines for issuers/acquirers to support 3DS 2.2 and 2.3 for frictionless and biometric flows.

Transaction routing and processing

• Contactless routing rules—Require support for dual-network contactless cards (e.g., Visa and local network).
• Debit routing mandates (e.g., in US)—Require merchants to support routing debit transactions over multiple networks to increase competition and reduce fees.
• Real-time clearing—Mandates for faster or same-day settlement in certain markets.

Dispute and chargeback handling

• Compelling evidence rules (Visa CE 3.0)—New requirements for merchants to provide specific data in fraud-related disputes.
• Shorter response timelines—Mandated shorter windows to respond to chargebacks or disputes.

Technology modernization

• BIN expansion—Transition from 6-digit to 8-digit BINs (Visa and Mastercard mandates).
• Account updater mandates—Require issuers to support services that keep stored credentials up to date (for subscriptions, recurring payments).
• Support for digital wallets and Click to Pay—Card networks are increasingly requiring or promoting support for Click to Pay and mobile wallets.

Geographic or regional mandates

Networks issue mandates that apply specifically to:

• Europe (PSD2, SCA)
• India (Tokenization, Reserve Bank of India (RBI) rules)
• Brazil (Pix , local acquirer mandates)
• US (Durbin Amendment compliance, contactless routing)

Why mandates matter

• Compliance—Required to avoid fees, fines, or being cut off from the network.
• Security—Help reduce fraud (e.g., EMV cut down counterfeit fraud dramatically).
• Authentication—Mandates (like 3DS) improve liability shift and reduce chargebacks.
• Processing— Modernize and unify the payments infrastructure globally.
• Consumer protection— Prevent fraud and ensure secure, seamless transactions.
• Innovation enablement—Help the ecosystem adopt new tech (e.g., biometrics, tokenization).
• Fair competition—Encourage network neutrality and support for domestic schemes in emerging markets.
• Operational standardization—Ensures consistency across thousands of issuers, acquirers, and merchants.

Pismo and mandates FAQ

What are Pismo’s responsibilities for Zero/Full balance mandate compliance?

Pismo has a commitment to implement all new changes for all regions and platform models. Our implementation covers all card network announced requirements.

Full balance clients—Pismo assumes complete responsibility for complying with card network mandates. Pismo handles any network-required changes or updates.

Zero balance clients—Pismo only intermediates the authorization process. The client, therefore, is responsible for monitoring, evaluating, and implementing card-network mandated changes. Zero balance clients must ensure their systems are prepared to comply with any updates that affect the network authorization flow.

How does Pismo stay updated on card network mandates?

Pismo is notified from a subscribed list about any new card network mandate changes. We also regularly check all card network portal web pages that list all documentation including the Manual, release changes, maintenance dates, and so on.

How does Pismo evaluate and prioritize new mandates? Does Pismo implement only mandatory ones, or also the optional ones?

Pismo has three release types:

• Mandatory
• Conditional
• Optional

Pismo implements all mandatory ones and conditionals when the customer has the product.

In case the customer wants to implement a change that we are not covering, they need to contact the Customer Success team and open a project requesting that our team analyze and see if we can implement it according to customer requirements. Once this is implemented for the customer, Pismo then implements it for the whole platform.

Does Pismo have a dedicated team or process for tracking and implementing mandates?

Yes, Pismo has a Network Brands team responsible for analyzing all new mandates and release announcements and their impact on customer business. Once the team decides what to implement, they communicate to the internal developer teams about what needs to be done.

Real mandate examples

Key active mandates