What's Changed

Added R0, R1 and R3 response codes to support VISA subscription management. See PRN-284.

Added processing coverage for Mexico and LATAM.

Removed support for CVV2 result codes C, D, K, and L to align with Visa’s updated Field 44.10 CVV2 response code mandate.

Added the character "ă" to the TAG card manufacturer's approved character list.

Added new example messages for Chargeback, Non-Credit Chargeback, Chargeback Reversal, and Second Presentment. All examples are for Mastercard.

Added new Merchant Category Codes (MCCs) as part of Visa and Mastercard updates to comply with ISO standards. See PRN-272

Added a note to the DeclineAndBlockG5 tag.

Added process flow diagram to Fraud Login Event endpoint documentation.

Removed references to the suppressAlert and suppressTag features.

Renamed the 105 webhook from 'Customer Alert to Potential Scam' to 'Payment review outcome notification'.

Amended amount sign examples to ensure correct credit and debit information appears in the table.

New API Hub endpoints created to support Mastercard's Open Banking solution.

New Open Banking Event Type (117) added to webhooks.

Added new Scopes appendix, which describes each of the different scopes returned from the DCR Endpoint.

Clarified the Base URLs for the different endpoints available in the API Hub.

API Hub: Added new Fraud Login Event endpoint for the API Hub.

Added support for Tokenization Authentication Framework (TAF) as an entry for the Cardholder Authentication Method. See PRN-281.

Get Card Limits and Set Card Limits endpoints added to Core API and API Hub.

Updated the supported characters for the card manufacturer Placard VPS.

21/11/2025

Included a description of Mastercard Provisioning Velocity Limits.

Added Acquiring Country Field to the Non-Clearing and Clearing report schemas. Include description on the Acquiring Country Sub-element. Added entry to the tables for CardAuthorisation, CardOnlineFinancial, and CardFinancial files. See Downloads and PRN-270.

Added a new Action Code 598, which is returned in response to a request to delete a 3D Secure Credential, where no entry exists in the 3D Secure tables.

Included a description of Mastercard Provisioning Velocity Limits.

Added Acquiring Country Field to the Non-Clearing and Clearing report schemas. Include description on the Acquiring Country Sub-element. Added entry to the tables for CardAuthorisation, CardOnlineFinancial, and CardFinancial files. See Downloads and PRN-270.

Added a new Action Code 598, which is returned in response to a request to delete a 3D Secure Credential, where no entry exists in the 3D Secure tables.

Clearing XSD schema now states that DE94_Txn_Orig_ID has a maximum character length of 16. See Downloads page and PRN-249.

Added clarification related to how Additional_Data_DE48 field is passed through for scheme transaction risk scores.

Added new question to FAQs related to Visa Advanced Authorisation (VAA) and Authorisation IQ (AIQ) score behaviour.

The maximum length of phone number fields Mobile, Tel, Mobtel and Worktel have been updated to 15 digits and new phone number validation rules have been applied. See PRN-262.

Add a new appendix with details of amount and phone number validation rules.

Added clarity to the Introduction to the Fraud Alert Service page, including adding a section on how to test the service and a new Fraud Alert Service FAQs.

Empty values allowed for the following elements in the ACCOUNT field of the XSD schemas: CURRCODE, ACCTYPE, FINAMT, BLKAMT, AMTAVL. See Downloads page and PRN-241.

Include Network Fees section in the FAQs to clarify how Acquirer fees are reported and how this affects card authorisation and balance updates. Added request and presentment examples for ATM cash withdrawals (JSON guide only).

Updates to 02, 04, 05, 54, 62, 70, 72, 99, G2, G4, G6, and G8 response codes for Visa Refund Responses where response code 57 was previously used. See PRN-220.

The status codes 04, 14, 33, 36, 37, 38, 46, 67, 98, 99, and G9 have been changed to irreversible, to comply with a recent Card Scheme mandate. See PRN-232.

Added a new optional parameter <Update3DSRecords> to the Update Cardholder Details (V2) (Ws_Update_Cardholder_Details_V2) web service, which can be used to update the 3D Secure email address and mobile number linked to the card. See PRN-256.

EHI version 5.1 now released for general availability. New schema added which includes the following fields: SchemeTransactionIdentifier, TokenUniqueReference, and PaymentTokenPan. See Downloads page and PRN-244.

Our Fraud Transaction Monitoring Guides can now be found on our Secure Documentation Portal.

Added support for Samsung Pay to In-App Provisioning.

Updates to usage of response code 57 Refund Declines on Mastercard networks.

The Visa Alias Directory Service is now available on the Thredd platform.

Added support for Authentication using Delegated OTP in our Cardinal 3DS solution.

Clarification on the Byte value for the Visa Cryptogram Version Number Part of ‘9F10’ tag. See Visa Contact VIS and EMV Settings.

Updated Event Notifications to include information on how to use webhooks for event notifications.

Added new NCLR and CLR schemas where maskedPAN is now required. Specified maskedPAN as required in the Card element (PRN-237). See Downloads.

Updated screenshots throughout the guide.

Added appendix describing the tags available in Fraud Transaction Monitoring Portal.

Added details to the Use Case Scenarios section on Updating a Card Status to Lost, Stolen or Destroyed.

Updates to the descriptions of the Processing Codes for PIN Change and PIN Unblock to clarify use of these codes.

The status code 41 (Lost) has been changed to irreversible, to comply with a recent Card Scheme mandate. See PRN-240.

Added a new <UseAsDirectDebit> parameter to the Make External Payment (Ws_Banking_TransferFunds) web service. See PRN-239.

Added clarification on rules for response codes 04, 07, 14, 41, 43, and 46, which should only be used for listing permanently closed or invalid accounts. See Decline Code Rules. The response code 41 (Lost) has been changed to irreversible and results in a permanent block on the card.

Added a note to clarify support for Master Virtual Cards (MVCs) on EHI Cooperative Processing (mode 2) with approve with load.

Added mTLS environment links to System Requirements.

Added section on onboarding to the Automated Back Office.

Removed EHI mode 5, which has been decommissioned, from EHI Guides. Other guides that referenced mode 5 have also been updated.

Added dynamicInterchange field to Create Card endpoint to support virtual cards for the Mastercard Wholesale Program.

Updated the card status codes pages to indicate that Card Status Codes G5 and G6 (temporary blocks) can also be set by Fraud Transaction Monitoring (FTM) service.

Removed the Payment Token Create (Ws_Payment_Token_Create) web service and all references to it from the guide, including removing action codes that were specific to the web service.

Added additional information to the Transaction Matching section on matching for incremental authorisations and revised the FAQ on incremental authorisations and how to identify them.

Clarified the deadline for making amendments to the card file and how to change the frequency of the card file generation.

Updated the example for POS_Date_DE13. Provided more details of how traceid_lifecycle is constructed.

Updated the maximum length of the THERMAL_LINE1 field to 120 characters.

Updated the maximum length of the THERMAL_LINE2 field to 70 characters for the Create Card endpoint.

Added further details on the use of the MerchantAdvice field and usage of Merchant Advice Code 03.

New Thredd Portal Training, including video demonstrations, now available for viewing on the Docs Portal.

Added a section on creating, editing, and publishing draft risk profiles. Included descriptions on backtesting.

Updated the maximum length of the THERMAL_LINE2 field to 70 characters.

Updated the FAQ section.

Added note to API Usage Fees to clarify API Usage Fees are only available for Thredd’s SOAP web services. See PRN-231.

Added Mastercard Reason Codes 7680 and 7681. See PRN-234.

Updated the Tokenisation Configuration page, including updating guidance on Payment Token groups, removing the Visa/Mastercard Rules section, updating references on the Mastercard Portal, and adding new device binding logic.

Added the MiddleName parameter to the following web services: Create Card (Ws_CreateCard), Create Card with Agency Banking (Ws_CreateCard_v2), Card Bulk Creation (Ws_BulkCreation), Wallet Create (Ws_CreateWallet), Wallet Bulk Creation (Ws_BulkWalletCreation), Update Cardholder Details v2 (Ws_Update_Cardholder_Details_V2), Cardholder Details Enquiry (Ws_CardHolder_Details_Enquiry. Included the dlvMiddleName parameter for card deliveries in Update Cardholder and Cardholder Details Enquiry. See PRN-233

Global Reporting, Transaction and Balance XML guides include a new schema where country and currency code lists have been removed. Removed country and currency codes in the reference sections of the guides. Added new schemas to the Downloads page. See PRN-230

Updates to Network Reference field naming for Transaction fields.

Added a note to indicate that card status changes prior to 2022 are no longer retrievable to relevant guides and API endpoint descriptions. See PRN-229.

Revised the description of the response parameter PaymentTokenUsageGroup as used in the following web services: Card Enquiry (Ws_Enquiry) and Customer Enquiry (Ws_Customer_Enquiry and Ws_Customer_Enquiry_V2).

23/05/2025

New version of the API documentation published, supporting our new API Hub solution.

23/05/2025

Quarterly Release Notes Summary - now available for viewing on the Documentation Portal.

Added appendix on Notes field values.

Updated the FAQs with additional information on incremental authorisations and how to identify them.

Added EHI response codes 12 and 15 to the EHI Response Codes page. Revised the description of response code 57. Removed card status code 57 from the Card Status Codes page.

Added EHI response codes 12 and 15 to the Response Status Values page. Revised the description of response code 57. Removed card status code 57 from the Card Status Codes page.

Removed card status code 57 from the Card Status Codes page.

Removed references to the 0120 A message type, as this is not supported. The appropriate message type to process is the 1240 A (for Mastercard) or 05 A, 06 A and 07 A (For Visa).

The Matching_Txn_ID field in EHI is now populated with data for the following types of transactions: Presentments, Authorisation Reversals, Incremental Authorisation and Incremental Authorisation Reversals. See GetTransaction Message Fields.

Added Click to Pay to the Tokenisation Guide.

Updates to the Country Support map on the Documentation Portal.

Added MaskedPAN to the Card subelement. Updated schemas and all examples to include MaskedPAN. New XSD Files available in the Downloads page for the Global Reports. See PRN-222.

Updated the description of the Settlement_Date field.

Updated the description of the SchemeSettlementDate element.

Added new transaction types available for transactions processed on the STAR Network via Mastercard Network Exchange (MNE). See Additional Transaction Types for MNE.

Updated Card Status Response Code Mappings for Mastercard for a new code: 72.

Added new example to How to handle processing errors due to invalid question mark character in Troubleshooting FAQs.

Added the following codes for device binding that supports FIDO: 3749 and 3760.

PRN-212 is now set to April 28th 2025.

Added digital asset categories, for example Central Bank Digital Currency (CBDC) or tokenized deposits, to the list of POS codes.

Added Response Code 72 and 46 for Mastercard to the Response Status Values and the Resp_Code_DE39 pages.

Added Response Code 72 and 46 and the Card Status Codes and the EHI Response Codes page.

Added two new Visa response codes: 5C - Transaction not supported or blocked by issuer and 9G - Blocked by cardholder, contact cardholder.

Added new countries for ANI support as per 25Q2VI BER Article 1.2 Requirements

Added currency code for the Caribbean Guilder currency (XCG) for Curacao and Sint Maarten in ISO Currency Code. Added currency code for the Caribbean Guilder currency (XCG) for Curacao and Sint Maartens that replaces Netherlands Antillean guilder. Added Curacao and Sint Maartens to the currency list for this new currency.

Updated the schemas in the Downloads page. The effective date is for the 11th of April.

New Connecting to Thredd Guide available, describing Thredd's Secure Connectivity Framework and how to connect securely to Thredd. A product sheet for Connecting to Thredd is also available in the Products Sheet section.

Updated the maximum length of the TITLE field to 4 characters, and the SNAME field to 20 characters.

The maximum length of the City, Dlv_City and Delv_City parameters have been updated to 50 characters across all web services where these parameters are used.

Added a new appendix, describing the WebServiceResult parameter, which is returned in the response to some web services when the request includes the same WSID as a previously submitted request.

Multiple EHI endpoint functionality discontinued.

Updated descriptions and examples for How to handle processing errors due to invalid characters.

Added extra values 100 and 101 for ‘Message_Why’ field in Appendix A.26 (Response_Source_Why + Message_Why). See PRN-218.

Added references to the Discover network. Also included new elements and sub-elements that are used in the Discover network. Indicated elements that are not applicable to the Discover network.

Updates to the Cards API, including NetworkSharingOptOut being added to the Update Card and Retrieve Card endpoints.

Updated the example request body for Apple In-App Provisioning in the Tokenisation Guide and in the Cards API documentation.

Added details of how to set up multiple EHI endpoints (URLs).

Added references on the Documentation Portal and in our guides to Thredd Portal, our new web application for managing your cards and transactions.

New product sheet and guide for Thredd Portal now available.

Added notes to clarify the effect of passing an empty space as a value in specific fields in the 3D Secure Configuration (Apata) (Ws_ApataCardLevelConfigurations) web service. See Using the Card Configuration API.

Amended the date of PRN-209 to the 26th of March, with future versions of the schemas available on the the Downloads page. See PRN and Downloads pages.

Added new processing codes for Credit Account Status Inquiry (ASI) and Debit ASI to the Processing Codes page in the EHI guide. Created Overview page on Credit and Debit ASIs. See PRN-202

Updated the description of the 9030 reason code in the Visa_STIP_Reason_Code field.

Clarified which fields are used in the Thredd API to populate the Card Purchaser field details in Smart Client.

Clarified use of the Fulfilment object in a Create Card request.

For the Legacy transaction, Non-Clearing Report and Clearing Reports, amended and removed some schema child elements. These includes updates to data types of child elements and removal of elements no longer in use. Updated the Downloads page to indicate upcoming schema versions.

Added a new web service, 3D Secure Get Card Level Configuration (Apata) (Ws_GetApataCardLevelConfigurations) to be used to retrieve the card level configuration for Apata. See PRN-210.

Added a new web service, (Ws_GetApataCardLevelConfigurations) to be used to retrieve the card level configuration for Apata.

New endpoint added to support loading and unloading BIN sponsored cards for issuers.

Updates to the Fees product sheet to include details of Thredd's new advanced fee options for complex country and currency combinations.

New product sheet describing MVCs.

New Appendix H: Card Status Codes — lists card status changes that trigger calls to Token Service Provider (MDES/VDEP).

Added Orange Flow section to How Tokenisation Works page.

Added a new chapter describing Chip Management on the Thredd Platform.

Updated In-App Provisioning endpoints in Cards API.

Updated description of the LocalDateUTC field to explain that this is the date and time of the matching authorisation.

Section describing BIN Attacks added to Analytics page.

New product sheet describing the Thredd Multi-currency settlement service for Visa transactions.

Updated behaviour of Update Card Status endpoint response, where a 200 response is now returned if the new status is the same as the existing card status. See PRN-203.

Reinstated old IP addresses for PRD1 and PRD2 environments.

Added Incremental Authorisation example messages.

For the Status Code for Closed Account (46), updated Mastercard response code from 78 to 14.

Corrections to JSON tokenisation examples: ACN, TCN and TEN messages should have Txn_Type = J. ACN messages should have an MTID = 0120, while TCN and TEN messages have an MTID = 0620.

Updated the Downloads page in line with new reporting release to indicate that global and legacy reporting schemas are now current.

Added descriptions on the REG suffix used in filenames of regenerated reports

New Webhook event, to support notifying a customer when a card status changes, released.

Updated server and URL names to reflect RDX movement to the cloud environment. Removed RDX details on disaster recovery.

Clarified explanations of enrolment and unenrolment. Removed descriptions on Batch to RDX Upgrade in the 3D-Secure Cardinal guide.