GH GambleHub

Card schemes: Visa, Mastercard, Mir

1) Role of card schemes in the payment chain

The card network is the rules + messaging network between the acquiring bank and the issuing bank. Schemes define:
  • authorization/clearing formats, reason codes, dispute windows;
  • 3-D Secure, COF/MIT tag requirements, network tokenization
  • tariffs (interchange at the issuer and scheme fees at the network);
  • MCC restrictions (in iGaming, the key one is MCC 7995).

Short profile

Visa - global coverage, advanced VTS tokenization, Visa Direct (OCT) payments, Visa Secure authentication.
Mastercard - globally, MDES tokenization, Mastercard Send (OCT) payments, Mastercard Identity Check authentication.
Mir (NSPK) is primarily an internal Russian network; tokenization/wallet (Mir Pay/NSPK Tokenization), Mir Accept authentication; acceptance strictly in accordance with local NSPK rules and applicable restrictions/coverage.

💡 Note: current geographical restrictions and sanctions regimes should be taken into account when planning acceptance/payments; use geofilters and BIN checks.

2) Reception in iGaming: what is important for each scheme

2. 1 Visa

3DS: Visa Secure (EMV 3DS 2. x).
Tokenization: VTS; support for network tokens with auto-update of details (card lifecycle).
Payouts: Visa Direct/OCT (Original Credit Transaction) - transfers to cards, available with custom permissions/countries.
Card Updater: VAU (Visa Account Updater) - update cards in COF.

2. 2 Mastercard

3DS: Mastercard Identity Check (EMV 3DS 2. x).
Tokenization: MDES (с device/merchant binding).
Payouts: Mastercard Send/OCT - outgoing card credits.
Card Updater: ABU (Automatic Billing Updater).

2. 3 "The World"

3DS: Mir Accept (compatible with EMV 3DS 2. x).
Tokenization: NSPK tokenization (used in Mir Pay and processor partners).
Payouts: C2B/P2P and returns within NSPK rules; Check the availability of specific scenarios at the acquirer.
Features: strict regionality, local compliance and content requirements.

3) MCC 7995, Constraints and Geopolitics

Gaming operations are under MCC 7995 (Betting/Casino). Some issuers and countries block 7995 on policy/regulation.
Correct transaction marks (CIT/MIT/COF), e-commerce flags, and 3DS results are required.
Mandatory limits, increased risk scoring and documentary KYC/AML checks are possible for individual markets.

4) 3-D Secure and SCA - brands and flags

Visa Secure, Mastercard Identity Check, Mir Accept - EMV 3DS 2 implementations. x.
Strive for frictionless through rich device/account data; at soft-decline repeat with 3DS.
For subscriptions/repeats: MIT (Merchant-Initiated) with reference to the initial CIT with SCA.

5) Network tokenization и COF

Visa VTS/Mastercard MDES/NSPK Tokenization reduce fraud, increase AR and automatically update PAN when reissued.
Store only tokens, PAN will not get into your contour (PAN-safe).
For multi-PSP, check in advance which providers accept network tokens (otherwise keep the fallback via vault-token).

6) Payments to cards (OCT/Direct/Send)

Visa Direct (OCT) and Mastercard Send (OCT) - outgoing loans to the card (withdrawal of winnings, payments to affiliates).
Require use-case coordination with the acquirer/processor, limits, scoring and fraud monitoring.
Check availability by country/issuer and compatibility with iGaming-MCC.
For Mir, focus on NSPK rules and the capabilities of your acquiring bank.

7) Disputes and chargebacks (in general terms)

Timing and reasons differ between schemes; for iGaming, the branches "fraud/no authorization," "service not provided/restrictions" are typical.

Examples:
  • Visa: group "10. x Fraud" (e.g. 10. 4 «Other fraud – card-absent»), «13. x Consumer disputes».
  • Mastercard: 48xx codes (e.g. 4837 "No Cardholder Authorization," 4853 "Cardholder Dispute" in old notation/mappings).
  • Liability shift is valid if 3DS is successful (not in all cases - details according to the rules of the scheme).
  • Keep a complete set of artifacts: ECI, CAVV/AVV, dsTransID, 3DS magazine, evidence of service.

8) Smart-routing by BIN/scheme/region

The idea: Direct a transaction where approval is more likely and value is lower.

BIN tables: define the scheme, country, card type (debit/credit/prepaid), issuing bank.
Rules: 'IF BIN. country in {X} THEN PSP_A (Visa)`, `IF issuer in {список} THEN PSP_B (Mastercard)` и т. д.
3DS channel accounting: if PSP-A has ACS degradation in some issuers, temporarily send via PSP-B.
A/B tests: Compare AR, risk and cost by scheme/PSP/region.

9) Cost: what is it made of

Interchange (goes to the issuer) - depends on the country, type of card, channel, MCC.
Scheme fees - depending on volume and profile.
PSP-commission - fix/%, additional payment for 3DS/OCT/anti-fraud is possible.
In iGaming interchange is often elevated; put it in unit economics and consider alternative methods (A2A, local wallets) by market.

10) Compliance and Data Policy

PCI DSS v4. 0: aim for SAQ A/A-EP via hosted-fields (PAN-safe); or to SAQ D/ROC if you have your own waltz/processing.
EMV 3DS 2. x: correct CIT/MIT/COF flags and artifact storage.
GDPR/DSR: delete tokens at the request of users; You do not have a PAN.
Logs/trails: no PAN/CVV; masking and DLP gates in CI/CD.

11) Technical reference: minimal integration stack

Hosted fields/SDK provider → you get token (VTS/MDES/NSPK/vault).
3DS server (PSP or yours) + web/mobile SDK.
Orchestrator: routing rules, idempotency, retray, soft-decline → 3DS retray.
BIN service: current tables by schemes and regions.
Card Updater: VAU/ABU; for "World" - update mechanisms through NSPK/acquirer.
Payouts: OCT (Visa Direct/Mastercard Send) - where allowed.

12) Metrics (KPI) by schemes

Approval Rate (AR) by Visa/Mastercard/" World" (by country/BIN/PSP).
Frictionless% and Challenge success% (by scheme/issuer).
Chargeback rate and the share of disputes won.
OCT success rate (payments), average T + hours before enrollment.
Cost per approved txn: (interchange + scheme + PSP )/approved.
Token adoption% and auto-update rate (how many cards were updated automatically).

13) Anti-patterns

Force all transactions to "one PSP/one scheme."

PAN/CVV storage in logs/dumps.
No MIT reference to initial CIT → repeated SCA and/or increased controversy.
Ignoring issuer BIN policies and geo-constraints.
OCT payments without detailed availability check by country/issuer.

14) Checklist of start-up according to schemes

  • Hosted-fields and network tokens (VTS/MDES/NSPK) + vault-fallback implemented.
  • A 3DS server (Visa Secure/Identity Check/Mir Accept) is connected, soft-decline retrays are configured.
  • Implemented smart routing by BIN/country/PSP; dashboards AR and cost.
  • VAU/ABU enabled; for Mir - update mechanisms are agreed.
  • Checked the availability of TSO/similar payments in the markets; there are limits and fraud controls.
  • PCI DSS artifacts and processes (SAQ/ROC, logs without PAN, DLP) are ready.
  • MCC 7995 policies have been worked out (geo-filters, limits, risk scoring).
  • Chargeback reporting and escalation/dispute playbooks are configured.

15) Summary

For iGaming, maximum efficiency is achieved by a combination of PAN-safe streams, network tokenization (VTS/MDES/NSPK), competent 3DS and smart-routing by BIN/country/scheme/PSP. Visa and Mastercard provide global coverage and advanced OCT payments; "World" - local reception and tokenization within the NSPK rules. Build metrics according to schemes, keep up-to-date BIN tables, comply with PCI DSS and agree on OCT scenarios in advance - this way you will get sustainable conversion, controlled cost and managed risk.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.