Card schemes: Visa, Mastercard, Mir

1) Role of card schemes in the payment chain

• authorization/clearing formats, reason codes, dispute windows;
• 3-D Secure, COF/MIT tag requirements, network tokenization
• tariffs (interchange at the issuer and scheme fees at the network);
• MCC restrictions (in iGaming, the key one is MCC 7995).

Short profile

Visa - global coverage, advanced VTS tokenization, Visa Direct (OCT) payments, Visa Secure authentication.
Mastercard - globally, MDES tokenization, Mastercard Send (OCT) payments, Mastercard Identity Check authentication.
Mir (NSPK) is primarily an internal Russian network; tokenization/wallet (Mir Pay/NSPK Tokenization), Mir Accept authentication; acceptance strictly in accordance with local NSPK rules and applicable restrictions/coverage.

2) Reception in iGaming: what is important for each scheme

2. 1 Visa

3DS: Visa Secure (EMV 3DS 2. x).
Tokenization: VTS; support for network tokens with auto-update of details (card lifecycle).
Payouts: Visa Direct/OCT (Original Credit Transaction) - transfers to cards, available with custom permissions/countries.
Card Updater: VAU (Visa Account Updater) - update cards in COF.

2. 2 Mastercard

3DS: Mastercard Identity Check (EMV 3DS 2. x).
Tokenization: MDES (с device/merchant binding).
Payouts: Mastercard Send/OCT - outgoing card credits.
Card Updater: ABU (Automatic Billing Updater).

2. 3 "The World"

3DS: Mir Accept (compatible with EMV 3DS 2. x).
Tokenization: NSPK tokenization (used in Mir Pay and processor partners).
Payouts: C2B/P2P and returns within NSPK rules; Check the availability of specific scenarios at the acquirer.
Features: strict regionality, local compliance and content requirements.

3) MCC 7995, Constraints and Geopolitics

Gaming operations are under MCC 7995 (Betting/Casino). Some issuers and countries block 7995 on policy/regulation.
Correct transaction marks (CIT/MIT/COF), e-commerce flags, and 3DS results are required.
Mandatory limits, increased risk scoring and documentary KYC/AML checks are possible for individual markets.

4) 3-D Secure and SCA - brands and flags

Visa Secure, Mastercard Identity Check, Mir Accept - EMV 3DS 2 implementations. x.
Strive for frictionless through rich device/account data; at soft-decline repeat with 3DS.
For subscriptions/repeats: MIT (Merchant-Initiated) with reference to the initial CIT with SCA.

5) Network tokenization и COF

Visa VTS/Mastercard MDES/NSPK Tokenization reduce fraud, increase AR and automatically update PAN when reissued.
Store only tokens, PAN will not get into your contour (PAN-safe).
For multi-PSP, check in advance which providers accept network tokens (otherwise keep the fallback via vault-token).

6) Payments to cards (OCT/Direct/Send)

Visa Direct (OCT) and Mastercard Send (OCT) - outgoing loans to the card (withdrawal of winnings, payments to affiliates).
Require use-case coordination with the acquirer/processor, limits, scoring and fraud monitoring.
Check availability by country/issuer and compatibility with iGaming-MCC.
For Mir, focus on NSPK rules and the capabilities of your acquiring bank.

7) Disputes and chargebacks (in general terms)

Timing and reasons differ between schemes; for iGaming, the branches "fraud/no authorization," "service not provided/restrictions" are typical.

• Visa: group "10. x Fraud" (e.g. 10. 4 «Other fraud – card-absent»), «13. x Consumer disputes».
• Mastercard: 48xx codes (e.g. 4837 "No Cardholder Authorization," 4853 "Cardholder Dispute" in old notation/mappings).
• Liability shift is valid if 3DS is successful (not in all cases - details according to the rules of the scheme).
• Keep a complete set of artifacts: ECI, CAVV/AVV, dsTransID, 3DS magazine, evidence of service.

8) Smart-routing by BIN/scheme/region

The idea: Direct a transaction where approval is more likely and value is lower.

BIN tables: define the scheme, country, card type (debit/credit/prepaid), issuing bank.
Rules: 'IF BIN. country in {X} THEN PSP_A (Visa)`, `IF issuer in {список} THEN PSP_B (Mastercard)` и т. д.
3DS channel accounting: if PSP-A has ACS degradation in some issuers, temporarily send via PSP-B.
A/B tests: Compare AR, risk and cost by scheme/PSP/region.

9) Cost: what is it made of

Interchange (goes to the issuer) - depends on the country, type of card, channel, MCC.
Scheme fees - depending on volume and profile.
PSP-commission - fix/%, additional payment for 3DS/OCT/anti-fraud is possible.
In iGaming interchange is often elevated; put it in unit economics and consider alternative methods (A2A, local wallets) by market.

10) Compliance and Data Policy

PCI DSS v4. 0: aim for SAQ A/A-EP via hosted-fields (PAN-safe); or to SAQ D/ROC if you have your own waltz/processing.
EMV 3DS 2. x: correct CIT/MIT/COF flags and artifact storage.
GDPR/DSR: delete tokens at the request of users; You do not have a PAN.
Logs/trails: no PAN/CVV; masking and DLP gates in CI/CD.

11) Technical reference: minimal integration stack

Hosted fields/SDK provider → you get token (VTS/MDES/NSPK/vault).
3DS server (PSP or yours) + web/mobile SDK.
Orchestrator: routing rules, idempotency, retray, soft-decline → 3DS retray.
BIN service: current tables by schemes and regions.
Card Updater: VAU/ABU; for "World" - update mechanisms through NSPK/acquirer.
Payouts: OCT (Visa Direct/Mastercard Send) - where allowed.

12) Metrics (KPI) by schemes

Approval Rate (AR) by Visa/Mastercard/" World" (by country/BIN/PSP).
Frictionless% and Challenge success% (by scheme/issuer).
Chargeback rate and the share of disputes won.
OCT success rate (payments), average T + hours before enrollment.
Cost per approved txn: (interchange + scheme + PSP )/approved.
Token adoption% and auto-update rate (how many cards were updated automatically).

13) Anti-patterns

Force all transactions to "one PSP/one scheme."

PAN/CVV storage in logs/dumps.
No MIT reference to initial CIT → repeated SCA and/or increased controversy.
Ignoring issuer BIN policies and geo-constraints.
OCT payments without detailed availability check by country/issuer.

14) Checklist of start-up according to schemes

• Hosted-fields and network tokens (VTS/MDES/NSPK) + vault-fallback implemented.
• A 3DS server (Visa Secure/Identity Check/Mir Accept) is connected, soft-decline retrays are configured.
• Implemented smart routing by BIN/country/PSP; dashboards AR and cost.
• VAU/ABU enabled; for Mir - update mechanisms are agreed.
• Checked the availability of TSO/similar payments in the markets; there are limits and fraud controls.
• PCI DSS artifacts and processes (SAQ/ROC, logs without PAN, DLP) are ready.
• MCC 7995 policies have been worked out (geo-filters, limits, risk scoring).
• Chargeback reporting and escalation/dispute playbooks are configured.

15) Summary

For iGaming, maximum efficiency is achieved by a combination of PAN-safe streams, network tokenization (VTS/MDES/NSPK), competent 3DS and smart-routing by BIN/country/scheme/PSP. Visa and Mastercard provide global coverage and advanced OCT payments; "World" - local reception and tokenization within the NSPK rules. Build metrics according to schemes, keep up-to-date BIN tables, comply with PCI DSS and agree on OCT scenarios in advance - this way you will get sustainable conversion, controlled cost and managed risk.