Authorize.net Mandate Compliance Overview
000002704
39
04/08/2026 21:05 PM
26.0
Overview
Authorize.net provides product and implementation guidance for payment network mandates and rules issued by card networks and Automated Clearing House (ACH) governing bodies. These mandates define how specific transaction types must be submitted, flagged, or validated to remain compliant with network and regulatory requirements.
This article summarizes the mandates for which Authorize.net provides support and directs you to mandate-specific articles for implementation details and processor support information. Mandates are implemented based on the payment type (card versus ACH/eCheck), the network or governing body, and the processor or banking partner involved.
This article applies to: Merchants processing card and ACH/eCheck transactions through Authorize.net.
This article does not apply to: Payment methods or processors not listed in the mandate summaries below.
How Mandates Are Implemented
Mandate implementation depends on three factors:
- The payment type — card versus ACH/eCheck
- The network or governing body issuing the mandate
- The processor or banking partner involved
Support timelines and requirements may vary by processor or ACH participant. Refer to the individual mandate article and your acquirer for authoritative, processor-specific guidance.
Card Network Mandates
Card network mandates apply to credit and debit card transactions and are issued by the card brands, including Visa, Mastercard, Discover, and American Express. The table below summarizes the supported card mandates, the transaction types they apply to, and the applicable processors.
| Mandate | Status | Applies To | Applicable Processors |
|---|---|---|---|
| Card on File (COF) – Customer Initiated Transaction (CIT) & Merchant Initiated Transaction (MIT) | Available | Stored credential transactions | First Data Nashville (FDC), TSYS, NAB EPX, GPN, Elavon |
| Purchase Returns Authorization (PRA) | Available | Refund transactions | First Data Nashville (FDC), TSYS, GPN, FDCO, Elavon |
| Mastercard Digital Secure Remote Payments (DSRP) Token Cryptogram | Available | Tokenized payments | First Data Nashville (FDC), TSYS, GPN |
| Mastercard EMV AN 5499 | Available | Mastercard EMV via VPOS, mPOS | Varies — see the mandate article; contact Authorize.net Support |
| Level 3 & Visa Commercial Enhanced Data Program (CEDP) | Coming Soon | Commercial card transactions requiring enhanced data | TSYS, FDiGlobal |
| Account Funding Transactions (AFT) | Coming Soon | Account funding flows (network/processor-specific) | TSYS, FDiGlobal |
| Debt Repayment | Coming Soon | Debt repayment transactions | First Data Nashville (FDC), TSYS |
Review each mandate's article for implementation details. Contact Authorize.net Support for processor-specific questions.
ACH (NACHA) Mandates
ACH (eCheck) mandates are governed by the National Automated Clearing House Association (NACHA) and apply to bank account (ACH) transactions, including web-initiated debits. These mandates generally focus on:
- Account ownership validation
- Fraud reduction
- Consumer protection
| Mandate | Applies To | Payment Type |
|---|---|---|
| NACHA Web Debit Account Validation Rule (EVS) | Merchants initiating ACH web debits | eCheck / ACH |
Review the dedicated ACH mandate article for implementation details and merchant requirements. Consult your acquirer or legal counsel for obligations that apply to your business.
Quick Reference: Mandate Field Summary
Use the table below to identify the key API fields required for each mandate scenario when submitting transactions through Authorize.net.
| Scenario | Key Fields Required |
|---|---|
| Level 1 (L1) Only | amount + card |
| Level 2 (L2) / CEDP | tax + shipping + duty + PO number + ZIP/country |
| Level 3 (L3) / CEDP | All L2 fields + full lineItems + purchaseLevel = 3 |
| Account Funding Transactions (AFT) | aftInformation.aftIndicator = true + aftInformation.businessApplicationId + aftInformation.recipientInformation + aftInformation.senderInformation |
| Debt Repayment | debtRepaymentIndicator = true |
| Card on File (COF) — Stored Credentials | processingOptions.isStoredCredentials + one of:isFirstRecurringPayment / isFirstSubsequentAuth / isSubsequentAuthIf subsequent: subsequentAuthInformation.originalNetworkTransId + subsequentAuthInformation.reason + subsequentAuthInformation.originalAuthAmount |
Frequently Asked Questions
- Which card networks are covered by these mandates?
- Authorize.net provides mandate support for Visa, Mastercard, Discover, and American Express card network rules. Each mandate may apply to one or more of these networks depending on the transaction type and processor.
Was this article helpful?