Visa to replace Global Brand Protection Program

Web Shield Marketing
May 2, 2023
 min read
A person pays with a gold visa card

Effective 1 May 2023, Visa will introduce the Visa Integrity Risk Program (VIRP) to replace the Global Brand Protection Program (GBPP). We examine the updated requirements for acquirers and their agents in respect of high-risk merchants.

Visa and Mastercard have high-risk or high brand-risk programs with broadly similar objectives. They exist to protect the card schemes and their participants from illegal and brand-damaging transactions, which pose significant fraud, regulatory or legal risk, or may cause reputational damage.

Several merchant sectors are listed on these programs due to the goods or services sold, for example gambling and drugs merchants. However, there is increasing need to consider how sales are made.

Negative option sales models, free trials and deceptive marketing practices in general can render any card transaction illegal, even if the goods and services sold are perfectly legal. Every merchant type is susceptible, because it is not what the merchant sells, it is how they sell it that creates risk for acquirers and card schemes.

Both card schemes require acquirers to register and prove they have adequate controls in place before acquiring merchants in certain sectors.

Let’s now come on to look at the new Visa Integrity Risk Program (VIRP) in more detail.

Visa Integrity Risk Program (VIRP) overview

The VIRP replaces Visa’s Global Brand Protection Program (GBPP). The term ‘high integrity risk merchant’ replaces the term ‘high brand-risk merchant’. Visa describes high integrity risk merchants as those that operate in business types that are legal, but at heightened risk of processing illicit transactions.

There are now three tiers of high integrity risk merchants, where tier 1 is the highest risk tier. Each tier requires commensurate due diligence and controls to mitigate the risks the merchants bring. Please see the table below for a list of merchants and tiers.

Visa Integrity Risk Program (VIRP) registration requirements

Acquirers must register all merchants operating in high integrity risk categories via the high integrity risk registration (HIRR) system. A separate registration is required to become a tier 1, 2 or 3 acquirer. Tier 1 approval includes tier 2 and 3. Tier 2 approval includes tier 3. Tier 3 approval includes tier 3 only.

Former high-brand risk acquirers under the GBPP program may continue to process high integrity risk merchants in tiers 1 and 2, if they have processed transactions for these kinds of merchants within the last 12 months preceding 6 April 2023. However, acquirers must obtain separate approvals for each tier 1 category merchant that they are not currently processing.

Acquirers contracting with third-party agents, such as ISOs, payment facilitators or digital wallet operators, to sign up high integrity risk merchants must register their agents. They must conduct proper due diligence of agents, their on-boarding and monitoring processes to ensure they comply with Visa requirements. These must be subject to assurance and formal oversight at least annually.

High integrity risk MCCs

The high integrity risk MCCs are detailed in the table below and apply to card-absent (i.e. card-not-present) transactions only.

High integrity risk MCCs

For more information

The Visa Integrity Risk Program guide contains further details on registration requirements, non-compliance and remediation processes, fees, non-compliance fines and more. Please also see Visa Business News, Article A112842, published 6 April 2023.

Web Shield is already set up for the changes to VIRP. If you have any questions regarding any of the aspects of the VIRP update and how it affects Web Shield’s solutions, feel free to reach out to your account manager or contact

Share this post

Let us guide you through the world of compliance

Card scheme compliance can be a daunting task. Our team of experts is here to help. Get expert advice and cutting-edge tools to improve your business.