NAB Gateway Support Centre updates

Flex Microform PCI Compliance

Microform v2 is being upgraded to comply with the new Payment Card Industry Data Security Standard guidelines (PCI DSS 4.0.1) Specifically, requirement 6.4.3. PCI DSS is a widely accepted set of standards for the security of credit, debit and cash card transactions. This update is designed to improve security for transactions, by safeguarding sensitive information, maintaining trust in electronic payment systems and reducing the likelihood of a data breach.

What action is required?

If you are using Microform v1 or v0.11, to comply with the standards, you must upgrade to Microform v2 before 1 April 2025.

Microform v1 and lower will reach end of life by 1 July 2025. 

Further information is available by visiting the VISA Support Centre, opens in new window.

REST API best practices mandate

There is a new REST API best practices mandate which comes into effect on 1 May 2025. Merchants who are using the http signature authentication need to pass all the required security parameters to NAB Gateway. 

Further information is available by visiting the NAB Gateway Developer centre, opens in new window.

Unified Checkout Integration updates

Unified Checkout is being upgraded to comply with the new Payment Card Industry Data Security Standard guidelines (PCI DSS 4.0.1). Merchants need to upgrade their Unified Checkout integrations to use the “clientLibrary” and “clientLibraryIntegrity” values to create their script tags. To implement this change, Merchants need to decrypt Capture Context to retrieve “clientLibrary” and “clientLibraryIntegrity” values which they pass dynamically into the checkout.html page.

Further information is available by visiting the NAB Gateway Developer centre, opens in new window.

Change to cybersource Customer Support email notifications

Some notifications previously sent from donotreply@support.cybersource.com will be sent from donotreply@notifications.visaacceptance.com. Your administrator may need to add this domain to your ‘allow’ list to ensure you continue to receive certain notifications.

Fraud Management Essentials (FME) changes

Review Status

Updates are being made to FME removing “Review” as an option to the Fraud Management rules. Valid settings will continue to be “Disable, Monitor or Reject”.

Merchants with FME rules set to “Review” will continue to be able to review transactions however once rules are updated review will no long appear as an option.

Declined transactions

Updates will be made to Fraud Management Essentials in May to include a status of "Declined." This will apply to all transactions that results in a decline or error, including authorisation declines. This status is final and cannot be subsequently updated.

Previously, transactions affected by declines were not visible in FME, although they could be viewed in Transaction Details as billable transactions without risk-related data (e.g., score, info codes). This will provide more transparency around FME’s processing of these transactions.

FME users will find it easier to detect and respond to fraud attacks. An unusually high number of declined transactions reported on the FMS dashboard may be an indication of a fraud attack. Viewing declined transactions in the FME dashboard enabling quicker investigation and resolution.