Data Center Migration
Enhanced Visa Security
Our migration to the Visa Data Center is underway, and we are making great progress. Below is information you need to ensure uninterrupted service for you and your customers. As a result, all Verifi partners will access a more efficient and streamlined platform to access Verifi products, called Verifi One. Advantages of the migration include:
- Applications housed on state-of-the-art infrastructure with superior security
- Proven scalability and stability
- Top notch disaster recovery to ensure minimal impact on operations
It is essential that you are aware of the changes below to ensure smooth transition to the Visa Data Center. You will have received an email from Verifi detailing specific impacts and any action items you’re requested to do prior to the migration. Those steps can be completed now. Migration will begin in July 2022 and must be completed by the end of September 2022. Please review the detailed email instructions received at your earliest convenience and reach out to Client Support at support@verifi.com or your Relationship Manager with any questions.
SELECT YOUR CATEGORY BELOW
As part of this migration, all Verifi sellers and resellers will be able to access the pre-dispute solutions they know and love using an upgraded, modern new portal branded as Verifi | One.
Portal Users
For Verifi sellers and resellers (using CDRN or RDR via the MyC portal):
Sellers and Resellers that currently access the MyC (CDRN) Portal or Verifi One will be migrated to our upgraded platform, Verifi One. Users will discover a modern layout and user experience with similar functionality that they use today. Sellers and resellers using Verifi products will need to complete the following to access this new platform:
- Access new URL for Portal
- Update password
- Receive new Organization ID for login
|
Current |
New |
Portal URL |
https://my.cdrn.com |
https://verifi-one.visa.com |
Username |
username |
new username criteria requirements |
Password |
password |
new Password |
Organization ID |
n/a |
new organization ID |
As we get closer to your migration date, you will receive an automated email that contains your new Organization ID and a link to the new portal URL to register and activate your username and password.
Organization ID represents your business entity and is a new enhancement to provide increased security
Verifi Partner API
For sellers and resellers using the Verifi Partner API for CDRN, Fraud and Dispute Notice Services:
Sellers and Resellers currently using the Verifi Partner API will need to complete the following:
- update URL
- update new secret key
- update supported message signature algorithms
- Add IP addresses as required
|
Current |
New |
Base URL |
https://api.cdrn.com |
https://verifiapi.visa.com |
Partner API Supported Version |
Version 1.5 |
Version 1.5 |
Shared Secret Key used in API message signature generation |
existing secret key |
new secret key |
Supported Message Signature Algorithms |
HMAC-SHA1 |
HMAC-SHA256 |
Partner ID |
current Partner id |
no change |
Partner Notifications Source IP Addresses |
Existing IP addresses |
Additional IP address for allow list: |
Technical Details:
- Message Signature Algorithms: HMAC-SHA1 algorithm is no longer supported. A code change will be required to modify the generation of the message signature to use the more secure HMAC-SHA256 algorithm. We encourage you to make this change now.
- Shared Secret Key: To generate and securely transfer the shared secret key, a user will be required to login to the new Verifi | One portal (https://verifi-one.visa.com) to generate and retrieve the secret key information. You will be notified when the Verifi One portal is available and ready to generate your secret key.
For Verifi sellers and resellers using the Merchant Hosted API for Order Insight:
Sellers and Resellers currently using the Merchant Hosted API will need to complete the following:
- add IP addresses as required
|
Current |
New |
MHAPI Supported Versions |
Version 1.4 |
Version 1.4 |
Shared Secret used in API message signature generation |
Existing secret key |
Existing secret key |
Verifi/Visa Source IP Addresses |
Existing IP addresses |
Additional IP Addresses: |
Verifi sellers and resellers may implement restrictions to only receive requests from Verifi from certain ‘allowed’ IP addresses. The list of API Addresses Verifi requests originate from is expanding to include the IP’s detailed above. Sellers and Resellers whitelisting IP addresses should include the additional IP addresses provided below to prevent any disruption to service. IP’s can be whitelisted immediately; you do not have to wait for migration. We encourage you to make this change now.
For Verifi sellers and resellers using the Verifi Hosted API for Order Insight:
Sellers and Resellers that currently using the Verifi Hosted API for Order Insight will need to complete the following:
- update URL
- update new secret key
- update supported message signature algorithms
|
Current |
New |
Base URL |
https://oi.verifi.com |
https://verifioi.visa.com |
VHAPI Supported Versions |
version 1.3 |
version 1.3 |
Shared Secret used in API message signature generation |
existing secret key |
new secret key |
Supported Message Signature Algorithms |
HMAC-SHA256 |
HMAC-SHA256 |
Shared Secret Key: A user will be required to login to the new Verifi One portal (https://verifi-one.visa.com) to generate and retrieve the secret key information. You will be notified when the Verifi One portal is available and ready to generate your secret key.
SFTP
For sellers and resellers who receive an extract file from Verifi:
Sellers and Resellers that currently receive an extract file* from Verifi to support reconciliation and reporting services will need to complete the following:
- update host and folder path
- receive new username/password
- review preferred Public Key authentication
*Extract file types
- Prevent Data Extract
- RDR Data Extract
|
Current |
New |
SFTP Host and folder |
sftp.verifi.com |
sfile2.trusted.visa.com |
Host IP Addresses |
192.64.225.92 |
198.241.159.22 198.241.159.50 198.241.174.38 198.241.174.41 |
SFTP Credentials |
username/password |
new username/password |
SFTP Public Key Authentication |
optional |
preferred |
Verifi sellers and resellers may implement restrictions to only receive requests from Verifi from certain ‘allowed’ IP addresses. The list of API Addresses Verifi requests originate from is expanding to include the IP’s detailed above. Sellers and Resellers whitelisting IP addresses should include the additional IP addresses provided below to prevent any disruption to service. You are encouraged to whitelist these additional IPs immediately.
FAQs for Resellers / Sellers
What are the changes to the different portals that we have now at Verifi?
Moving forward, there will be only one portal which is verifi-one.visa.com. You will be notified when the Verifi One portal has been pushed live and will also be sent specific login details to access your account.
This new combined portal will host both legacy MyCDRN Portal and legacy Verifi One functionality .
Legacy Portal |
New Portal |
My.cdrn.com |
|
One.verifi.com |
Refer to Portal migration requirements, above for more details.
What are the changes for my Portal users?
A new URL will be provided to resellers/sellers to access the new Verifi One portal. The URL to the new portal will be https://verifi-one.visa.com. The following changes will also apply:
- Users will receive a new user login. This will be communicated via email once the new login information is established.
- The new user login includes username and password, along with a new organization ID for added security.
Where will I pick up my (daily) extract files?
Refer to Batch migration requirements, above for more details.
Will the fields or the format of the extract files be changed with this migration?
No, we are not making changes to the format or content of the file. You can expect the same information available in the file.
How long will the files stay in the SFTP folder?
Files will remain in the SFTP folder for one week. At that point they are expected to be removed. Please contact Verifi Support if you missed a file and need it re-generated at (888) 398-5188 or support@verifi.com.
What time will the file be available each day?
Timing of when the files will be available will vary. While Verifi tries to maintain a consistent schedule, the timing of internal jobs may need to change impacting delivery timelines.
I cannot access the SFTP location, how can I regain access?
Please check your new username and password for Visa SFTP. If you still have trouble accessing the SFTP location, contact Verifi Support and they can assist you with resetting your account credentials and provide timing for when it can be completed. Support contact details: (888) 398-5188 or support@verifi.com.
Our platform will continue to be card brand agnostic. Issuers that currently access Verifi One will be migrated to our upgraded platform. Users will discover a modern layout and user experience with similar functionality to that which they use today.
Portal and Portal Drop Users
If you currently use Verifi One, you will need to make the following changes:
|
Current |
New |
Portal URL |
https://one.verifi.com |
https://verifi-one.visa.com |
Username |
username |
new username criteria requirements |
Password |
password |
new password |
Organization ID |
n/a |
new organization ID |
As we get closer to your migration date, you will receive an automated email that contains your new Organization ID and a link to the new portal URL to register and activate your username and password.
Organization ID represents your business entity and a new enhancement to provide a better and secure login to the application.
Batch
Verifi SFTP: If you leverage Verifi’s SFTP system to exchange files for CDRN processing, the required changes are as follows:
|
Current |
New |
SFTP Host and folder |
Verifi Host and folder |
new Verifi Host and folder |
SFTP Credentials |
username/password |
new username/password |
SFTP Public Key Authentication |
optional |
preferred |
PGP File Encryption on Issuer generated files |
PGP Key |
New PGP Key provided by Verifi for issuer to use when encrypting files to send to Verifi |
PGP File Encryption on Verifi generated files |
Issuer provided PGP Key |
No change |
Technical Details:
- We will provide a new SFTP Host and folder path for you to exchange files
- We will provide you with new username/password credentials to access your SFTP account
- If your technical team prefers to use SSH, please generate the SSH key and share the public key file with us.
- The current PGP key used for file encryption is being retired, we will provide you with a new PGP key via secure email if that is applicable to your setup. This PGP key would be used for encrypting files you are sending to Verifi for processing
Issuer SFTP: if Verifi connects to your bank hosted SFTP system to exchange files for CDRN processing, required changes are as follows:
- We will access your SFTP folder using current credentials (username/password) provided to us.
- If we’re accessing your SFTP folder with SSH, we will generate a new SSH and provide the public key to you.
- You may need to add additional Verifi IP addresses to your allow list to permit our system to connect to your SFTP to exchange files
|
Current |
New |
SFTP Host and folder |
Issuer specified host and folder |
No change |
SFTP Credentials |
Issuer specified credentials |
No change |
SFTP Public Key Authentication |
Generated SSH Key |
New Generated SSH Key |
IP Allow List |
Existing IP addresses |
Additional IP addresses: |
PGP File Encryption on Issuer generated files |
Verifi provided PGP key |
New PGP key provided by Verifi to issuer to use when encrypting files to send to Verifi |
PGP File Encryption on Verifi generated files |
Issuer provided PGP Key |
No change |
API
For issuers using the Verifi Issuer API the following changes must be made:
|
Current |
New |
Base URL |
https://api.cdrn.com |
https://verifiapi.visa.com |
Shared Secret Key used in API message signature generation |
existing secret key |
new secret key |
Supported Message Signature Algorithms |
HMAC-SHA1 |
HMAC-SHA256 |
Issuer ID |
current issuer id |
no change |
IP Allow List |
Existing IP addresses |
Additional IP addresses: |
OTHER TECHNICAL DETAILS:
- Verifi Signature: HMAC-SHA1 protocol is no longer supported, and Verifi Signature will need to be upgraded to a more secure HMAC-SHA256 protocol.
- Shared Secret Key: To generate and securely transfer the shared secret key, a user will be required to login to the Verifi One portal to generate and retrieve the secret key information. Further instructions with screenshots will be provided closer to your migration date.
FAQs for Issuers
With this migration, will issuers have to use Verifi One?
Moving forward, there will be only one portal issuers will use to access Verifi platforms: verifi-one.visa.com. This updated portal will host both legacy CDRN and legacy Verifi One functionality. Issuers currently using MyC to use the “portal drop” functionality will be able to do so in the updated Verifi One portal.
Legacy Portal |
New Portal |
My.cdrn.com |
|
One.verifi.com |
Will a test environment be available for issuers to test new functionality and workflows in before migration? If so, when?
The test environment will be available prior to migration. Should you need to access this test environment, please let your Relationship Manager know and we will provide you with the appropriate technical information and requirements.
What are the changes for my Portal issuers?
There will be a new URL given to the issuer that will be different from the current used for Verifi One. The new URL to access the new portal is expected to be https://verifi-one.visa.com.
The following changes will also occur:
- User receives a prompt to set new user login details. This will be communicated via email once the new login information is established.
- The new user login criteria include username and password, as well as a new organization ID for added security.
For Issuers with API integrations – either directly connected or via third-party connections – what changes are necessary?
Issuers using a third-party connection or direct API connection will be required to change the URL and to connect with new API Key credentials. Details are as follows:
- New API URL – there will be a new API URL to replace api.cdrn.com. As currently planned, the new API URL will be verifiapi.visa.com.
- API credentials: new API Key credentials will be given to the integrator.
If an issuer has a custom integration with a third-party integrator or platform, how should they proceed to ensure successful migration?
A Verifi issuer’s dedicated relationship manager will reach out in the coming months to issuers with custom integrations to work through next steps alongside the third-party integrator or platform.
Questions related to Batch integrations:
- What changes will need to be made for issuers that utilize batch file (file transfer) via SFTP?
- What will be required to redirect to the VDC?
- Will there be a new URL given to the issuer?
- Will there be new user login issued?
Depending on where issuer drops the file transfer, the following are the expected changes:
For issuers that drop batch files to Verifi SFTP |
Affected changes:
|
For issuers that drop batch files to their SFTP server |
This allow list will ensure that our Visa application can still pick up the file from Issuer’s SFTP Server.
|
For issuers that receive encrypted MLE files from Verifi |
Issuer needs to provide PGP public key to Verifi/Visa. |
Will Portal Drop functionality be supported within MyCDRN following the migration to the Visa Data Center? If yes, what will be required to redirect the issuer? Will there be a new URL given to the issuer? Will there be a new user login issued?
A: Yes, portal drop (upload) via the application is still supported. The issuer user logs in to the upgraded Verifi One application with the new credentials and navigates to the case upload menu. Issuer users can then select a file to be uploaded to Verifi.
I am an issuer integrated to Verifi through a third-party case management tool, which adjustments to my integration need to be made?
Any integration adjustments that need to be made will be communicated to individual contracted issuers only. We expect issuer partners to share relevant information accordingly with their third-party case management provider.