3D Secure
Visa Secure Fee Update 2026: New CIT and MIT Authentication Costs Explained
TL;DR
Visa updated its Visa Secure authentication fees on 1 April 2026. The flat €0.02 fee per 3DS request has been replaced by differentiated pricing that splits by transaction type, corridor, and data quality. For standard customer-initiated transactions, costs went up. For 3DS-authenticated merchant-initiated transactions (called 3RI), costs dropped sharply, from €0.02 to between €0.002 and €0.003 per request. If you use 3RI today, this makes that proposition significantly more attractive.
Visa Secure Pricing Changed in April 2026: What Acquirers and Merchants Need to Know
Visa's Secure authentication fees had not changed since they were first introduced in 2019. That changed on 1 April 2026.
The update is part of a broader programme Visa calls Vee, short for Visa E-commerce Experience. The goal is to push the industry toward full tokenization and biometric authentication by 2030. The fee structure is one of the tools Visa is using to get there. Clients that send better data and adopt more secure authentication methods pay less. Those that do not, pay more.
Here is what changed.
The Old Fee
Until April 2026, Visa charged acquirers a flat €0.02 for every 3DS authentication request, regardless of transaction type, size, or corridor. A €50 payment and a €2,000 flight booking both generated the same authentication fee.
What Changed in April 2026
The flat fee was replaced by a pricing structure that varies across three dimensions: whether the transaction is customer-initiated or merchant-initiated, which corridor it falls into, and whether the acquirer meets Visa's data quality mandate.
Group A vs Group B corridors
Group A covers the corridors that make up the bulk of European e-commerce: domestic transactions, intra-EEA, UK to and from EEA, UK to and from Switzerland, and Switzerland to and from EEA.
Group B covers Türkiye, Israel, and any transaction between a merchant in the European region and an issuer outside it.
Cardholder-initiated transactions (CITs)
These are standard online purchases where the customer is actively present at checkout. The fee went up across the board.
If you are in Group A and meet the data quality mandate, the increase is 25%, from €0.02 to €0.025. If you do not meet the mandate, it is 50%. For Group B without the mandate, the fee doubled.
The data quality mandate was announced a while ago. It requires acquirers and their merchants to include a defined set of data fields in every 3DS authentication request. Meeting it has a direct financial benefit.
Merchant-initiated transactions and 3RI
This is where the update gets more interesting.
Merchant-initiated transactions (MITs) are charges the merchant triggers without the customer being present: recurring subscriptions, instalments, unscheduled card-on-file payments. Standard MITs do not involve a 3DS process, so there was no authentication fee attached to them.
The new MIT pricing introduced in April 2026 is specifically for a subset called 3RI, which stands for 3DS Requestor Initiated. A 3RI transaction is an MIT that includes an authentication component. The merchant sends an authentication request via the 3DS rail to gather additional data and signals on the transaction, even though the cardholder is not actively at checkout.
For 3RI, the new fees are:
These fees are a fraction of what a 3RI authentication cost under the old pricing. Previously, any 3DS request, including a 3RI, attracted the flat €0.02 fee. It now costs between €0.002 and €0.003 only.
Why 3RI Matters
A 3RI authentication gives issuers visibility into a recurring charge before it hits the authorisation step. That matters more than it might seem. Without prior authentication history, issuers can and frequently do challenge or decline merchant-initiated charges outright. 3RI solves that by establishing that history, giving issuers the data they need to approve the transaction with confidence.
At €0.002 per request, the cost of adding that authentication layer to an MIT is negligible. For payment platforms that surface 3RI as part of their recurring payment proposition, the economics improved considerably when this change came in. The incremental fee charged for 3RI now sits almost entirely in margin.
What You Should Do Now
Check which corridor the majority of your volume falls into. If you are predominantly Group A, the CIT increase was 25% to 50% depending on data quality. If you have not modelled that against your authentication volumes yet, now is the time.
Then look at the data quality mandate. If you are already sending the required fields, confirm that with your 3DS provider. If you are not, closing that gap is the clearest way to reduce what you pay on CITs going forward. Here you can learn more about the mandatory data fields.
On 3RI: if you handle recurring payments and are not already using 3RI authentication, the new fee structure makes this the right time to revisit it. The authentication cost is low, the fraud and dispute protection it provides is real, and the data it sends to issuers strengthens the case for approving the transaction.
If you want to understand how these fee changes affect your 3DS setup specifically, talk to us. We can look at your current authentication flows and help you work out where the exposure sits.
