Digital Transactions Authoritative, insightful and timely information for payments professionals
There’s tighter data rules from Visa applying to more merchants. Here’s what to expect—and how to cope.
In payments, data has always been the fulcrum that processing balances on. The quality of any transaction response utterly depends on the quality of the request. With its Commercial Enhanced Data Program (CEDP) and Product 3, Visa has both increased the quality requirements for transaction data and imposed these rules on a wider merchant community.
Beyond basic transaction information, which is treated as Level I, Level II and III data sets add business context. Level II data describes critical aspects of the transaction, including customer reference codes (who bought what from whom), tax indicators, business name and details, and more. Level III data, sometimes referred to as line-item detail, is just that—the details of each item/service purchased, such as item price and count and SKU/UPC.
Enhanced data sets are defined by Visa and Mastercard specifically to address the complex risk factors that come with business-to-business payment processing.
Previously relegated to more elite and selective industries, CEDP and the new Product 3 interchange levels extend data requirements to traditional industries unaccustomed to that level of intelligence, while tightening quality controls.
For businesses that accept a meaningful volume of commercial cards, the new rules will quickly move the financial needle as noncompliance results in higher interchange rates through downgrades. Meeting the new data requirements, however, enables lower interchange rates that have long been associated with business commerce.
In the past, commercial card compliance didn’t move the needle enough to matter to many merchants, which suffered some occasional downgrades for noncompliance. As many are already discovering, it now matters a whole lot more.
Here are the key mechanics and dates:
- Participation fees began in April of this year; all enhanced data transactions incur a 0.05% participation fee;
- Merchants are categorized as Verified or Non-Verified, based on data quality over time;
- As of Oct. 17, only verified merchants can achieve reduced Product 3 interchange rates;
- In April 2026, legacy small business/commercial Level 2 interchange programs will be retired (except for fuel and fleet MCCs).
The Network Sees Everything
CEDP is far more than an operational tweak. Artificial intelligence thrives on big data, and that’s something Visa has a whole lot of. In that context, it’s easy to understand how a network can go mainstream with what has long been a niche sector of processing.
Visa isn’t simply validating tax indicators and PO numbers. AI and machine-learning systems can now inspect all this data at scale, in near real time. Everything Visa has learned from decades of processing Level II/III data is the training that makes their AI models so effective.
At its core, CEDP is Visa upgrading its plumbing. More than ever, networks like Visa are as focused on moving information as they are on moving money. Every field transmitted in a transaction, every code describing a sale, becomes an input into an ever-evolving model of how commerce behaves.
Where previous initiatives emphasized encryption, tokenization, and other security layers, CEDP shifts the focus to data integrity itself. Accuracy, completeness, and context are today’s compliance discussion.
One reason is simple: because they can. Visa can now inspect and react to data at scale and with improved precision not previously possible. Mountains of historical data and the power of AI let the network easily distinguish valid business data from filler. No more dummy tax fields or generic PO numbers. With lots of trustable data, Visa can price risk more precisely. CEDP has codified that reality into policy.
Level III data used to be the domain of defense contractors, airlines, and enterprise procurement systems, verticals describing businesses buying from businesses. Now, CEDP’s Product 3 structure brings that expectation to everyone else.
As with many new policies, CEDP is a nudge followed promptly by a shove. Larger enterprises with better technology and more dollars at stake are able to react to the nudge. Not so small businesses, which are reliant on third parties to meet the new regulations. Because commercial card compliance has not been on the minds of retailers, it has not been on the radar of their POS providers—meaning small businesses are especially vulnerable, as Product 3 noncompliance could erase already thin profit margins.
Merchant Priorities
First and foremost, merchants must understand CEDP and how it impacts their payment streams. Acquirers and technology providers should be providing informational guides to their merchants to ensure proper compliance.
Ensure monthly acquiring statements are being monitored for data-quality alerts from the acquirer or Visa. These can be in the form of highlighted sections of the statement, or downgraded transactions increasing interchange costs.
If alerts are preventing merchants being verified for Product 3 compliance, they should be having careful conversations with their acquirers, ensuring all parties are on the same page when it comes to CEDP compliance. All parties involved—from processors to gateways and POS technology providers—must capture, transmit, and flag the required enhanced data fields correctly.
Push for technical upgrades to meet compliance requirements. Because data validation is over time, merchants don’t need to be perfect on day one. Plan incremental compliance investments, starting with must-have Product 3 fields (e.g., PO number, tax amount) before expanding to full line-item detail.
Knowledge is Power
Knowledge truly is power, and CEDP shows that it’s a two-way street. Visa satisfies its thirst for processing knowledge, while knowledgeable merchants leverage the right data for lower acceptance costs.
Sounds like a win for everybody.
—Cliff Gray is principal at Gray Consulting.
