At first glance, conversations about Mastercard rules and VBV or VBV meaning might seem to be two different topics—and they are! However, both are crucially important for merchants, especially online merchants. As a merchant, your knowledge of Mastercard rules and VBV meaning impacts virtually every aspect of ecommerce.
What exactly do these rules govern? What does the VBV mean? As a merchant, you need to understand how these two topics impact you and your operations. This guide will discuss both Mastercard rules and the meaning of VBV (an older term that merchants still use, even though it relates to the Visa Secure program) in greater detail.
Why Merchants Still Use “VBV” in 2026
Many merchants still use the language of older names for their payment technologies. One of the best examples of this is the payment technology now called Visa Secure. According to Visa’s consumer support website, the name “Verified by Visa” is no longer used by the organization. However, the technology is said to be in place for Visa readers and has been enhanced over time to provide better security and a better user experience for those who use Visa card brands.
Who Needs This
People who will find this information most useful are those who have some level of ecommerce volume, specifically:
- online retailers
- subscription businesses
- SaaS companies
- digital goods merchants
- marketplaces and platforms
- finance teams
- product teams
If you do not take card-not-present orders, do not store cards, and do not care about fraud, then this topic will not be of great concern to you. However, teams responsible for processing card payments for ecommerce stores will address at least some aspects of Mastercard’s VBV policy.
Mastercard Rules and VBV Terms Compared
| Term | What It Actually Means | Network / Brand | Why Merchants Care |
|---|---|---|---|
| Mastercard Rules | Mastercard’s official rulebooks and related operating documents | Mastercard | Shapes dispute handling, transaction processing, merchant categories, and compliance expectations |
| Security Rules and Procedures | Mastercard merchant-facing security standards manual | Mastercard | Affects merchant security controls, stored data rules, and compliance expectations |
| VBV | “Verified by Visa,” the older name for Visa’s 3-D Secure program | Visa | Still appears in search and legacy payment terminology |
| Visa Secure | Visa’s current global EMV 3-D Secure program | Visa | Affects ecommerce authentication, friction, and fraud prevention |
| EMV 3-D Secure | The underlying authentication protocol used across brands | Multi-brand / EMVCo | Helps issuers authenticate cardholders and reduce card-not-present fraud |
Many merchants often mix up the network rulebook, the brand program, and the protocol underneath them. In practice, a merchant may be subject to Mastercard transaction and dispute standards while also running Visa Secure authentication and EMV 3DS flows on the same checkout.
What Do Mastercard Rules Usually Affect for Merchants?
For most merchants, Mastercard rules impact the following four areas:
- chargebacks and disputes
- transaction processing
- security requirements
- recurring billing
Therefore, even if merchants have never read the Mastercard rulebooks, the rules are still incorporated into the processes of the merchants’ acquiring companies and payment gateways.
What Makes Implementation Harder in 2026?
The difficulty in 2026 is not the newness of the ideas behind tokenization and authentication. Instead, many merchants run a mix of modern and legacy languages in their operations. They may offer multiple brands and use multiple billing models in their operations. Their teams may discuss VBV protocols, but implement both Visa Secure and Mastercard Identity Check through the same server. Most notably, they may depend upon documentation from the acquiring bank to resolve billing and dispute issues with the card networks.
One potential issue for merchants is treating authentication as an on/off toggle rather than a checkout program. If the 3DS Method URL requested by the card issuing company is not run through the merchant’s website, EMVCo states there will be more instances of higher step-up rates and authentication failures. This indicates that, despite the new protocols, the details of their implementation remain important to merchants.
How to Use 3-D Secure Without Hurting Conversion in 2026
The best way to integrate 3-D Secure is to consider it within a fraud and approval strategy. If the website supports the protocol and the fraud detection software works with 3-D Secure, the protocol will help reduce fraud while making authentication easier for customers.
Within the organization, teams need to ensure they use the appropriate language. While VBV is still a helpful search term for support agents and managers, referring to the protocol as Visa Secure, Mastercard Identity Check, or EMV 3DS will make communication with vendors and providers clearer and less likely to cause confusion.
How Much Does 3-D Secure Usually Cost Merchants?
There is no single public network price for merchants to point to as the cost of 3-D Secure. 3-D Secure costs are generally included within the pricing structures of the gateways, acquirers, fraud software providers, or authentication vendors.
The question of whether 3-D Secure is worth the cost to a merchant is a better question than what that cost is.
Common Mastercard and VBV Mistakes Merchants Make
The most common mistake is that people go searching for VBV, 3DS, or 3DS2, and then try to deal with it at a level that reflects the old technology and terminology.
The second big mistake, however, is that people do not understand that the rule books only come into play when there is a dispute. That is not the case. The rule books will impact how things get done from a processing and security standpoint all the time. It’s just that merchants may only notice it when something goes wrong.
What Merchants Need to Know About Mastercard Rules and VBV in 2026
Mastercard Rules Are Network Rules, Not Simple Merchant Terms
Mastercard publishes a variety of official rule documents to govern and detail the various Mastercard transactions. These include the Mastercard Rules, Transaction Processing Rules, the Chargeback Guide, Security Rules and Procedures, and a Subscription and Negative Option Billing summary. While merchants may interact with these documents through their acquiring bank, payment processor, or payment gateway, these are the official documents that Mastercard publishes and govern the transaction network. Merchants that are concerned with Mastercard rules tend to be unaware that these are much more than a simple set of terms that the merchants must read and accept. These rules impact everything from transactions to chargebacks and security, and they exist as part of Mastercard’s operational structure as a payment network.
VBV Means “Verified by Visa”
The acronym VBV stands for “Verified by Visa.” This was the former brand name for what is now known as 3-D Secure by Visa. According to the official support pages for Visa, the brand name “Verified by Visa” is no longer in use. For merchants, this means that while the technology and authentication systems may be understood as VBV, the brand name that they should be using instead is Visa Secure. This distinction may be required when merchants and service providers attempt to configure and describe the functionality to third parties.
VBV Is Now Visa Secure
Visa indicates on its official support site that Visa Secure is its global EMV 3-D Secure program. According to the publication, the program was established as the next generation of the EMV 3-D Secure protocol. Thus, the current authentication protocol by Visa is not one that is to be implemented into existing websites by merchants; instead, merchants should be implementing support for the EMV 3DS protocol in general.
Mastercard’s Equivalent Is Identity Check
Mastercard’s current program is Identity Check. According to the developer documentation for Mastercard’s platforms, Identity Check is a means of providing secure authentication for customers during the transaction process. Furthermore, Mastercard also states that Identity Check is Mastercard’s EMV 3-D Secure solution. Thus, Mastercard and Visa programs are to be understood not in terms of the more archaic and somewhat confusing “VBV” and “SecureCode” terms, but in terms of Visa Secure and Mastercard Identity Check instead
3-D Secure Helps Prevent Visa Card Fraud
According to its official site, EMVCo is the organization that created the EMV 3-D Secure protocol. The company states that the protocol is designed to enable the exchange of data between the merchant and the issuing bank for the Visa card to authenticate the customer and approve the transaction. While the authentication process reduces the instance of fraudulent transactions, it is not a complete solution for preventing such actions. Merchants are still required to implement secure websites, support correct descriptors on their products, use correct recurring billing formats, and manage their transactions properly after they are created.
Better Authentication Programs Increase Mastercard Approvals
According to both Mastercard and EMVCo, the purpose of establishing Identity Check and EMV 3-D Secure (3DS) protocols is to provide more security for the Mastercard and Visa transaction network, but also to enable Mastercard to increase the number of approved transactions. In other words, the authentication systems are not only established as a means of reducing fraudulent transactions, but also as a means of reducing the reasons for merchants and customers to abandon their shopping carts after beginning to transact online.
FAQs
Q: What are Mastercard’s rules?
A: The Mastercard rules refer to Mastercard’s operating documents, including the Mastercard Rules, the Transaction Processing Rules, the Chargeback Guide, and the Security Rules and Procedures. These are usually encountered by merchants through their card processing acquirer, processor, or gateway.
Q: What does VBV mean?
A: VBV stands for “Verified by Visa.” However, Visa has stated that the Verified by Visa name is no longer in use.
Q: Is VBV still used in 2026?
A: The term is used in relation to Visa’s current programs in search results and support tickets. However, the current live program is called Visa Secure.
Q: Is Mastercard’s version of VBV called Identity Check?
A: Yes. Mastercard’s current program is called Identity Check. However, this is not the same as VBV.
Q: Do Mastercard rules directly bind merchants?
A: No. Merchants encounter Mastercard rules through their card processing company. Mastercard, however, publishes rulebooks and manuals for merchants.
Q: Does 3-D Secure help with transaction approvals as well as with fraud prevention?
A: According to the Payment Card Industry (PCI) Security Standards Organization EMVCo, EMV 3-D Secure was designed by its member payment card issuers to allow for the authentication of the consumers conducting the transactions and the approval of those transactions. Mastercard also states that its current Identity Check and EMV 3-D Secure programs are designed to provide enhanced security and enhanced approval rates.
Conclusion
The best way to understand this in 2026 is that Mastercard rules govern how transactions occur on the network, while VBV is the Visa authentication protocol, now called Visa Secure. Merchants do not need to understand the rules of the networks, but do need to understand how each impacts their stores.
If you are struggling to understand the terminology of 3DS, ecommerce authentication, and the rules of the networks, the folks at Payment Nerds can help you understand the rulebooks and how they can impact your store’s checkout performance. It’s not about understanding the VBV, but about creating a checkout that is easy to use and easy to protect.
Sources
- Mastercard. “Rules and Compliance Programs.” Accessed March 2026.
- Mastercard. “Security Rules and Procedures – Merchant Edition.” Accessed March 2026.
- Visa. “Visa Secure EMV 3-D Secure for Merchants.” Accessed March 2026.
- Visa. “Secure Online Shopping.” Accessed March 2026.
- EMVCo. “EMV 3-D Secure.” Accessed March 2026.
