Jeremy Layton is CEO of Verisave, a consulting firm that reviews merchant accounts to identify unnecessary credit card transaction fees, on behalf of retailers, restaurants and other merchants. He and the firm are based in Salt Lake City, Utah.
I've spent 25 years in credit card processing. Visa’s new Commercial Enhanced Data Program (CEDP) is the biggest change I’ve seen in that time.
With little guidance from Visa, the industry has pulled together to try and meet the new requirements. Unfortunately, some processors and gateways are already trying to game it. That's a mistake and their merchant clients will be the ones who pay.
CEDP, which took effect Oct. 17, overhauled how Visa awards Level 2 and Level 3 interchange discounts. For years, many merchants earned those discounts by submitting transaction data that was, to put it charitably, creative. Gateways auto-filled data fields. Processors passed dummy invoice numbers. Everyone looked the other way because the data satisfied the technical requirements, even if it was fabricated.
Visa’s CEDP intended to slam that door shut. The new rules require legitimate transaction data pulled from actual invoices and ERP systems. And Visa is using AI/ML-powered audits to verify authenticity. Submit the same "invoice number" across thousands of transactions, and you'll get flagged.
Visa has to walk a bit of a tightrope here: they are obligated to protect interchange fee revenue for the banks that issue Visa credit cards; and they are also obligated to keep interchange fees affordable for merchants so as to encourage high levels of acceptance. While some of this may seem self-serving, there are also some good intentions behind CEDP.
Detailed transaction data helps Visa prevent fraud. Credit card fraud is rampant — according to a 2025 AFP survey, 79% of organizations experienced payment fraud attempts last year. Real invoice information, item details, purchase order numbers — these create a verifiable trail that makes fraudulent transactions less likely.
What I find disturbing is that, in spite of the new CEDP data requirements, some processors and gateways are still looking for the easy route by submitting randomized fake data … essentially using a more sophisticated form of “dummy data,” to achieve discounted interchange for their clients. Visa won't tolerate it indefinitely.
Visa has invested billions of dollars in fraud detection and data analysis. Their systems will catch on. Give it a few months, maybe six, and they'll start flagging randomized dummy data the same way they flag repeated or auto-fill values. When that happens, merchants relying on these workarounds will lose their discounts overnight.
The financial hit is significant. I recently spoke with a chief financial officer whose company paid more than $300,000 in additional processing fees in the second half of October due to CEDP, after losing access to Level 2 and Level 3 interchange discounts overnight. November will be worse. For many B2B merchants, we’re talking about the difference between a profitable quarter and a painful one.
The merchants caught in the middle often don't know any of this is happening. They trust their processor to handle compliance. They see "Product 3" (which replaces Visa’s Level 2 and Level 3) on a merchant statement and assume they're covered, not knowing that when Visa does catch on, these discounted rates will be gone. Processors and gateways who chose quick fixes are abusing that trust.
For a merchant, getting compliant isn't quick or easy. It requires integrating ERP data with payment workflows, testing the connection, validating the inputs, and becoming a Verified Merchant with Visa. It can be a four-to-eight week implementation process. Every month a merchant delays is another month of elevated fees they'll never recover.
