V Visa Inc. - 10-K

ITEM 1A.    Risk Factors

Regulatory Risks

We are subject to complex and evolving global regulations that could harm our business and financial results.

As a global payments technology company, we are subject to complex and evolving regulations that govern our operations. Such regulations may increase in quantity, complexity and scope in response to heightened geopolitical tensions. See Item 1 — Government Regulation for more information on the most significant areas of regulation that affect our business. The impact of these regulations on us, our clients, and other third parties could limit our ability to enforce our payments system rules; require us to adopt new rules or change existing rules; affect our existing contractual arrangements; and increase our compliance costs. As discussed in more detail below, we may face differing rules and regulations in matters like interchange reimbursement rates, preferred routing, domestic processing and localization requirements, currency conversion, point-of-sale transaction rules and practices, privacy, data use and protection, licensing requirements and associated product technology. As a result, the Visa operating rules and our other contractual commitments may differ from country to country, state to state, or product to product. Complying with these and other regulations increases our costs and operational complexity, and reduces our revenue opportunities.

If widely varying regulations come into existence worldwide, we may have difficulty rapidly adjusting our products, services, fees and other important aspects of our business to comply with the regulations. Our compliance programs and policies are designed to support our compliance with a wide array of regulations and laws, such as regulations regarding anti-money laundering, anti-corruption, competition, money transfer services, privacy and sanctions, and we continually adjust our compliance programs as regulations evolve. However, we cannot guarantee that our practices will be deemed compliant by all applicable regulatory authorities. In the event our controls should fail or we are found to be out of compliance for other reasons, we could be subject to monetary damages, civil and criminal penalties, litigation, investigations and proceedings, and damage to our global brands and reputation.

Increased scrutiny and regulation of the global payments industry, including with respect to interchange reimbursement fees, merchant discount rates, operating rules, risk management protocols and other related practices, could harm our business.

Regulators around the world have been establishing or increasing their authority to regulate various aspects of the payments industry. See Item 1—Government Regulation for more information . In the U.S. and many other jurisdictions, we have historically set default IRFs. Even though we generally do not receive any revenue related to IRFs in a payment transaction (in the context of credit and debit transactions, those fees are paid by the acquirers to the issuers; the reverse is true for certain transactions like ATM transactions), IRFs are a factor on which we compete with other payments providers and are therefore an important determinant of the volume of transactions we process. Consequently, changes to these fees, whether voluntarily or by mandate, can substantially affect our overall payments volume and net revenue.

Interchange reimbursement fees, certain operating rules and related practices continue to be subject to increased government regulation globally, and regulatory authorities and central banks in a number of jurisdictions have reviewed or are reviewing these fees, rules and practices. For example:

• Regulations adopted by the U.S. Federal Reserve cap the maximum U.S. debit interchange reimbursement rate received by large financial institutions at 21 cents plus 5 basis points per transaction, plus a possible fraud adjustment of 1 cent. Additionally, the Dodd-Frank Act limits issuers’ and payment networks’ ability to adopt network exclusivity and preferred routing in the debit and prepaid area, which also impacts our business. In response to seller requests, the Federal Reserve has recently taken actions to revisit its regulations that implement these aspects of the Dodd-Frank Act. For example, in October 2022, the Federal Reserve published a final rule effectively requiring issuers to ensure that at least two unaffiliated networks are available for routing ecommerce debit transactions by July 1, 2023. In October 2023, the Federal Reserve issued a proposal for comment that further lowers debit interchange rates, with a mechanism for automatic adjustment every two years. Finally, in August 2025, the District Court for the District of North Dakota ruled that the Federal Reserve exceeded its authori ty in implementing Regulation II, which sets debit card interchange fees. The court found the Federal Reserve improperly included various costs beyond what the Durbin Amendment allows, such as fraud losses, network fees and other fixed costs, when setting the debit interchange fee standard. As a result, the court vacated Regulation II’s debit interchange fee

Table of Contents

standard. Subsequently, however, the District Court in Kentucky ruled that the Federal Reserve acted within its discretion in setting the debit interchange cap. If the District Court of North Dakota’s decision is affirmed on appeal and ultimately prevails, it could potentially result in the Federal Reserve setting a significantly lower interchange cap for relevant debit transactions in the U.S. Separately, there continues to be interest in regulation of credit interchange fees and routing practices by members of Congress and state legislators. It is possible that the Credit Card Competition Act may be reintroduced in Congress or attempted to be offered as an amendment to unrelated legislation. Previous versions of the legislation were introduced in 2022 and 2023, and required among other things, that large issuing banks offer a choice of at least two unaffiliated networks over which electronic credit transactions may be processed. Finally, some states have passed or are considering passing laws that regulate how interchange can be set and assessed. For example, in May 2024, Illinois passed a law that restricts the assessment of interchange on the state tax and gratuity portions of a transaction, and restricts financial institutions and payment networks, among others, from using payment transaction data for any purpose other than facilitating or processing a transaction. While the Illinois law remains subject to legal challenge, if such laws are allowed to go into effect, they may also impose significant technical and compliance burdens on our business.

• In Europe, the EU’s IFR places an effective cap on consumer credit and consumer debit interchange fees for both domestic and cross-border transactions within the European Economic Area of 30 basis points and 20 basis points, respectively. EU member states have the ability to further reduce these interchange levels within their territories. The European Commission has announced its intention to conduct another impact assessment of the IFR, which could result in even lower caps on interchange rates and the expansion of regulation to other types of products, services and fees.

• Several countries in Latin America continue to explore regulatory measures against payments networks and have either adopted or are exploring interchange caps, including Argentina, Brazil, Chile and Costa Rica. In Asia Pacific, the Reserve Bank of Australia (RBA) which already regulates interchange, recently proposed reducing existing interchange caps on domestic credit and debit transactions and not allowing differential interchange treatment for consumer and commercial transactions. Similarly, in New Zealand, the Commerce Commission recently lowered existing caps on domestic credit transactions. Interchange is also regulated in certain countries in the Central and Eastern Europe, Middle East and Africa region, including the United Arab Emirates. Finally, many governments, including but not limited to governments in India, Costa Rica, and Turkey, are using regulation to further drive down MDR, which could negatively affect the economics of our transactions.

• While the focus of interchange and MDR regulation has primarily been on domestic rates, interest on cross-border rates has been growing. For example, we agreed to limit certain cross-border interchange rates in a settlement with the European Commission in 2019, which was extended through 2029. In 2020, Costa Rica became the first country to formally regulate cross-border interchange rates by regulation. In June 2022, the UK’s PSR initiated a market review focusing on post-Brexit increases in interchange rates for e-commerce transactions between the UK and Europe and is proposing to cap cross-border interchange on certain transactions in that geographic corridor. Most recently, in July 2025, New Zealand adopted interchange caps on cross-border transactions including commercial credit transactions. Australia has also proposed adopting caps for cross-border transactions. Cross-border MDR is also regulated in Costa Rica and Turkey.

• With increased lobbying by sellers and other industry participants, we are also beginning to see regulatory interest in network fees. For example, the UK’s PSR is conducting a market review into scheme and processing fees. In its interim report, the PSR indicated that it is reviewing possible remedies in the areas of governance, reporting and transparency, any of which, if adopted, could impose additional complexity and burdens on our business in the UK. Other regulators, for example, those in Australia, the EU, Chile and New Zealand have expressed an interest in network fees, including issues related to transparency. Finally, in 2024, the Greek Parliament limited acquirer fees for certain small ticket transactions in some seller categories for a period of three years.

• In addition, industry participants in some countries, including Argentina, Chile, Colombia, the Dominican Republic, Paraguay, Peru, South Africa and Turkey have sought intervention from competition regulators or filed claims relating to certain network rules, including Visa’s restrictions on cross-border acquiring. The Central Banks of Chile and the Dominican Republic recently enacted regulation that will permit cross-border acquiring for ecommerce transactions under certain conditions. Other countries, like Brazil, have adopted regulations that require us to seek government pre-approval for certain of our network rules, which could also impact the way we operate in those markets.

Table of Contents

• Government regulations or pressure may also impact our rules and practices and require us to allow other payments networks to support Visa products or services, to have the other networks’ functionality or brand marks on our products, or to share our intellectual property with other networks. In addition, the EU’s requirement to separate scheme and processing adds costs and impacts the execution of our commercial, innovation and product strategies.

• We are also subject to central bank oversight in a growing number of countries, including Brazil, India, the UK and within the EU. In several jurisdictions, we have been designated as a “systemically important payment system.” Some countries with existing oversight frameworks are looking to further enhance their regulatory powers, while regulators in other jurisdictions are considering or adopting approaches based on these regulatory principles. For example, in October 2023, VisaNet was designated as a prominent payment system in Canada. These types of designations generally result in oversight of authorization, clearing and settlement activities, including policies, procedures and requirements related to governance, client and seller access to our payment systems, reporting, cybersecurity, processing infrastructure, capital and/or credit risk management. We could also be required to adopt policies and practices designed to mitigate settlement and liquidity risks, including increased requirements to maintain sufficient levels of capital and financial resources locally, as well as localized risk management or governance.

• As innovations in payment technology have enabled us to expand into new products and services, they have also expanded the potential scope of regulatory influence. For instance, new products and capabilities, including tokenization, push payments and cross-border money movement solutions could bring increased licensing or authorization requirements in the countries where the product or capability is offered. Furthermore, certain portions of our business are regulated as payment institutions or as money transmitters, subjecting us to various licensing, supervisory and other requirements. As we continue to expand our capabilities and offerings in furtherance of our multi-year growth strategy, we will need to obtain new types of licenses. These licenses could result in increased supervisory and compliance obligations that are distinct from the obligations we are subject to in our capacity as a payment card network.

Regulators around the world increasingly take note of each other’s approaches to regulating the payments industry. Consequently, development in one jurisdiction may influence regulatory approaches in another. The risks created by a new law, regulation or regulatory outcome in one jurisdiction have the potential to be replicated and to negatively affect our business in another jurisdiction or in other product offerings. For example, our settlement with the European Commission on cross-border interchange rates has drawn attention from some regulators in other parts of the world. Similarly, new regulations involving one product offering may prompt regulators to extend the regulations to other product offerings. For example, credit payments could become subject to similar regulation as debit payments (or vice versa). The RBA initially capped credit interchange, but subsequently capped debit interchange as well.

When we cannot set default interchange reimbursement rates at optimal levels, issuers and acquirers may find our payments system less attractive. This may increase the attractiveness of other payments systems, such as our competitors’ closed-loop payments systems with direct connections to both sellers and consumers. We believe some issuers may react to such regulations by charging new or higher fees, or reducing certain benefits to consumers, which makes our products less appealing to consumers. Some acquirers may elect to charge higher MDR regardless of the Visa interchange reimbursement rate, causing sellers not to accept our products or to steer consumers to alternative payments systems or forms of payment. In addition, in an effort to reduce the expense of their payment programs, some issuers and acquirers have obtained, and may continue to obtain, incentives from us, including reductions in the fees that we charge, which directly impacts our net revenue. The evolving and increasing regulatory focus on the payments industry could negatively impact or reduce the number of Visa products our clients issue, the volume of payments we process, our net revenue, our brands, our competitive positioning, our ability to use our intellectual property to differentiate our products and services, the quality and types of products and services we offer, the countries in which our products and services are used, and the types of consumers and sellers who can obtain or accept our products and services, all of which could harm our business and financial results.

Finally, policymakers and regulatory bodies in the U.S., Europe and other parts of the world are exploring ways to reform existing competition laws to meet the needs of the digital economy, including restricting large technology companies from engaging in mergers and acquisitions, requiring them to interoperate with potential competitors, and prohibiting certain kinds of self-preferencing behaviors. While the focus of these efforts remains primarily on increasing regulation of large technology, ecommerce and social media companies, they could also have implications for other types of companies including payments networks, which could constrain our ability to

Table of Contents

effectively manage our business. Recent political developments around the world, including recent shifts in trade policy, have added additional uncertainty with respect to new laws and regulations or changes in the interpretations or enforcement of existing laws and regulations, and increased risk of financial regulatory fragmentation.

Government-imposed obligations and/or restrictions on international payments systems may prevent us from competing against providers in certain countries, including significant markets such as China and India.

Governments in a number of jurisdictions shield domestic payments providers, including card networks, brands, and processors, from international competition by imposing market access barriers and preferential domestic regulations. To varying degrees, these policies and regulations affect the terms of competition in the marketplace and impair the ability of international payments networks to compete. Public authorities may also impose regulatory requirements that favor domestic providers or mandate that domestic payments or data processing be performed entirely within that country, which could prevent us from managing the end-to-end processing of certain transactions.

In China, UnionPay remains the predominant processor of domestic payment card transactions and operates the predominant domestic acceptance market. Although we filed an application with the People’s Bank of China (PBOC) in May 2020 to operate a Bank Card Clearing Institution (BCCI) in China, the timing and the procedural steps for approval remain uncertain. There is no guarantee that the license to operate a BCCI will be approved or, if we obtain such license, that we will be able to successfully compete with domestic payments networks. Co-badging and co-residency regulations also pose additional challenges in markets where Visa competes with national networks for issuance and routing. Certain banks have issued dual-branded cards for which domestic transactions in China are processed by UnionPay and transactions outside of China are processed by Visa, UnionPay or other international payments networks. Although the PBOC has permitted Visa and UnionPay’s cooperation on upgrading magstripe dual-branded cards to chip cards, these modernization efforts are limited to existing cards and not new issuances. Looking forward, the PBOC is considering phasing out dual-branded cards over time as new licenses are issued to international companies to participate in China’s domestic payments market. In response, we have been working with Chinese issuers to issue Visa-only branded cards for international travel, and later for domestic transactions should we obtain a BCCI license. However, notwithstanding such efforts, these restrictions on dual-branded cards have decreased our payments volume and impacted the net revenue we generate in China.

UnionPay has grown rapidly in China and is actively pursuing international expansion plans, which could potentially lead to regulatory pressures on our international routing rule (which requires that international transactions on Visa cards be routed over VisaNet). Furthermore, although regulatory barriers shield UnionPay from competition in China, alternative payments providers such as Alipay and WeChat Pay have rapidly expanded into ecommerce, offline and cross-border payments, which could make it difficult for us to compete even if our license is approved in China. NetsUnion Clearing Corp, a Chinese digital transaction routing system, and other such systems could have a competitive advantage in comparison with international payments networks .

Ongoing regulatory initiatives in India, including data localization requirements which continue to evolve, have cost implications for us and could affect our ability to effectively compete with domestic payments providers. Furthermore, any inability to meet the requirements of the data localization mandate could impact our ability to do business in India. In Europe, the European Central Bank has announced initiatives to reduce reliance on international payment networks. For example, with the support of the European Central Bank, the European Payments Initiative (EPI), led by a group of European banks, launched a pan-European A2A payment system, Wero. More recently, the European Central Bank has embarked on a multi-year effort to explore a digital euro, an alternative to foreign digital currency and payment service providers. In addition, regional groups of countries, such as the Gulf Cooperation Council (GCC) and a number of countries in Southeast Asia (e.g., Malaysia), have adopted or may consider, efforts to restrict our participation in the processing of regional transactions. The African Development Bank has also indicated an interest in supporting national payment systems in its efforts to expand financial inclusion and strengthen regional financial stability. Finally, some countries such as Nigeria and South Africa are mandating on-shore processing of domestic transactions. Geopolitical events, including sanctions and trade tensions have intensified these activities, which could adversely affect our business. For example, some countries have expressed concerns about their reliance on U.S. financial services companies, including payments networks, and have taken steps to bolster the development of domestic solutions, in light of U.S., European and UK sanctions against Russia and the decision by U.S. payments networks, including Visa, to suspend operations in the country. Separately, Russia has called for the BRICS countries (led by Brazil, Russia, India, China and South Africa, and which has recently expanded to include countries such as Egypt, Ethiopia, Iran, Saudi Arabia and the United

Table of Contents

Arab Emirates), to lessen dependence on the U.S. dollar and on Western payments systems by, among other things, integrating payments systems and cards across member countries.

Central banks in a number of countries, including those in Argentina, Australia, Brazil, Canada, Europe, India, Indonesia and Mexico, are in the process of developing or expanding national RTP networks and instant payment solutions with the goal of driving a greater number of domestic transactions onto these systems. In July 2023, the U.S. Federal Reserve launched its FedNow Service with core clearing and settlement functionality, and expects to add more features and enhancements over time. Some countries are also exploring cross-border connectivity of their respective RTP systems. Finally, an increasing number of jurisdictions are exploring the concept of building central bank digital currencies for retail payments, such as the European Central Bank’s digital euro initiative. If successfully deployed, these national payment platforms and digital currencies could have significant implications for Visa’s domestic and cross-border payments, including potential disintermediation.

Due to our inability to manage the end-to-end processing of transactions for cards in certain countries (e.g., Thailand, Mexico), we depend on our close working relationships with our clients or third-party service providers to ensure transactions involving our products are processed effectively. Our ability to do so may be adversely affected by regulatory requirements and policies pertaining to transaction routing or on-shore processing. In general, national laws that protect or otherwise support domestic providers or processing may increase our costs; decrease our payments volume and impact the net revenue we generate in those countries; decrease the number of Visa products issued or processed; impede us from utilizing our global processing capabilities and controlling the quality of the services supporting our brands; restrict our activities; limit our growth and the ability to introduce new products, services and innovations; force us to leave countries or prevent us from entering new markets; and create new competitors, all of which could harm our business.

Laws and regulations regarding the handling of personal data, including laws and regulations related to privacy, cybersecurity and AI, may impede our services or result in increased costs, legal claims or fines against us .

Our business relies on the processing of data across national borders. Legislators and regulators around the world are increasingly adopting or revising privacy, data protection, data management, data transfer, AI and cybersecurity laws and regulations. For example, our ongoing efforts to comply with complex U.S. and international privacy and data protection laws may increase the complexity of our compliance operations, entail substantial expenses, divert resources from other initiatives and projects, require us to modify our data processing practices, policies or services, and adversely impact our business. In addition, privacy laws in numerous jurisdictions, including but not limited to the U.S., China, India, Australia, New Zealand, Brazil, Kingdom of Saudi Arabia, Hong Kong and Japan, have established specific legal requirements for cross-border transfers of personal information and substantial compliance and audit obligations. Certain countries have also established specific legal requirements for data localization, such as where personal data must remain stored in the country. The global proliferation of new privacy and data protection laws may lead to inconsistent and conflicting requirements or legal interpretations, which create an uncertain regulatory environment. Noncompliance could also result in regulatory penalties and significant legal liability. Enforcement actions and investigations by regulatory authorities into companies related to data security incidents and privacy violations are generally increasing. In Europe, data protection authorities continue to apply and enforce the General Data Protection Regulation (GDPR), imposing record setting fines. As we develop integrated and personalized products and services and acquire new companies to meet the needs of a changing marketplace, we may expand our data profile through additional data types and sources, across multiple channels, and involving new partners. This potential expansion could amplify the impact of these various laws and regulations on our business. As a result, we are required to constantly monitor our privacy, data and cybersecurity practices and potentially change them when necessary or appropriate. We also may need to provide increased care in our data management, governance and quality practices, particularly as it relates to the use of data in products leveraging AI.

We are also subject to a variety of laws and regulations governing the development, use and deployment of AI technologies. These laws and regulations are increasingly complex, fragmented and still evolving, and there is no single global regulatory framework for AI. Our development, deployment and use of AI and machine learning is subject to various risks at each stage of use. In the context of AI development, risks include those related to intellectual property considerations, the collection and use of personal data, third party risks, technical limitations of algorithms and the accuracy of training data, and compliance with emerging AI legal standards. The increased risk of inadvertent disclosure of confidential information or personal data in connection with the utilization of AI technologies may result in stronger regulatory scrutiny, leading to legal and regulatory investigations and

Table of Contents

enforcement actions that may negatively affect our business, even if unfounded. In the context of use and deployment, risks include technical, operational and compliance considerations, and our ability to monitor and safely deploy AI systems throughout the organization with appropriate safeguards and in compliance with the various regulatory schemes related to AI technology.

In particular, the adoption of agentic commerce, in which autonomous AI agents initiate and execute transactions on behalf of users, presents novel and complex regulatory, privacy and cybersecurity risks. Legal frameworks governing such autonomous agents remain nascent, with limited direct guidance specific to payments. The interplay between payments regulations, data privacy laws and evolving AI regulations may create uncertainty around compliance obligations and potential liability exposure as more participants (including sellers, fintechs, AI developers and enablers) enter the agentic commerce ecosystem. The market is still assessing how regulators may apply existing consumer protection and other laws in the context of AI. For example, as agentic commerce solutions scale, we may see increased instances of erroneous or disputed payments, increased chargebacks and reputational harm. Furthermore, reliance on agentic AI introduces challenges in monitoring cross-border, prohibited or high-risk transactions, where conflicting regulatory requirements may apply. The fragmented regulatory landscape for emerging technologies such as AI and inconsistent requirements across legal frameworks may amplify difficulties in identifying, preventing or mitigating risk with a single global approach, potentially increasing our compliance costs or stratifying our ability to leverage certain data or technologies for innovation. For instance, the EU has adopted a comprehensive AI Act that establishes harmonized rules across Europe, with key provisions for high-risk AI systems taking effect in August 2026. Meanwhile, several U.S. states, including California, Colorado and Utah, have adopted AI-specific frameworks or are considering applying existing consumer and data protection laws to regulate AI. Depending on how these different regulations are interpreted and enforced, they may limit the ability to develop and deploy AI systems or significantly increase associated compliance costs. Our development and implementation of governance frameworks aimed at complying with emerging laws and regulations applicable to our AI and machine learning systems may not be successful in mitigating all of these emerging risks.

We may be subject to tax examinations or disputes, or changes in tax laws.

The application of tax laws requires significant judgment and can be subject to uncertainty and differing interpretations. We are currently under examination by, or in disputes with, the U.S. Internal Revenue Service as well as tax authorities in other jurisdictions, and we may be subject to additional examinations or disputes in the future. We exercise significant judgment and make estimates that we believe to be reasonable in calculating our worldwide provision for income taxes and other tax liabilities. However, relevant tax authorities may disagree with our estimates, interpretations or tax treatment of certain material items. Failure to sustain our position in these matters could adversely affect our cash flows and financial position. In addition, changes in existing laws in the U.S. or foreign jurisdictions, including unilateral actions of foreign jurisdictions to introduce digital services taxes, or changes resulting from the Organization for Economic Cooperation and Development’s proposals for the international tax system, including the introduction of a global minimum tax with widespread implementation by member countries, may also materially affect our effective tax rate and could increase our tax payments. Please see Item 7 and Note 19—Income Taxes to our consolidated financial statements included in Item 8 of this report.

Litigation Risks

We may be adversely affected by the outcome of litigation or investigations.

We are subject to numerous litigation matters, investigations, claims, examinations, information gathering requests, subpoenas, government and regulatory proceedings asserted by civil litigants, governments and enforcement bodies investigating or alleging, among other things, violations of competition and antitrust law, consumer protection law, privacy law and intellectual property law (these are referred to as “actions” in this section). Details of the most significant actions we face are described more fully in Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this report. These actions are inherently uncertain, expensive and disruptive to our operations. In the event we are found liable or reach a settlement in any action, particularly in a large class action lawsuit, such as one involving an antitrust claim entitling the plaintiff to treble damages in the U.S., or we incur liability arising from a government investigation, we may be required to pay significant awards or judgments, settlements, costs or fines. In addition, settlement terms, judgments, orders, pressures or events in or resulting from actions have impacted and may continue to impact our business by creating uncertainty for our business or by influencing or requiring us to modify, among other things, the default interchange reimbursement rates we set, the Visa operating rules or the way in which we enforce those rules, our fees or pricing, or the way we do business. These actions or their outcomes may also influence regulators, investigators, governments or civil litigants in the same or other jurisdictions, which may lead to additional actions against Visa. Finally, we are required

Table of Contents

by some of our commercial agreements to indemnify other entities for litigation brought against them, even if Visa is not a defendant. For certain actions like those that are U.S. covered litigation or VE territory covered litigation, as described in Note 5—U.S. and Europe Retrospective Responsibility Plans and Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this report, we have certain financial protections pursuant to the respective retrospective responsibility plans. The two retrospective responsibility plans are different in the protections they provide and the mechanisms by which we are protected. The failure of one or both of the retrospective responsibility plans to adequately insulate us from the impact of such settlements, judgments, losses or liabilities could materially harm our financial condition or cash flows, or even cause us to become insolvent.

Business Risks

We face intense competition in our industry.

The global payments space is intensely competitive. As technology evolves and consumer expectations change, new competitors or methods of payment emerge, and existing clients and competitors assume different roles. Our products compete with cash, checks, electronic payments, virtual currency payments, global or multi-regional networks, other domestic and closed-loop payments systems, digital wallets and alternative payments providers primarily focused on enabling payments through ecommerce and mobile channels. As the global payments space becomes more complex, we face increasing competition from our clients, other emerging payment providers such as fintechs, other digital payments, technology companies that have developed payments systems enabled through online activity in ecommerce, social media, and mobile channels, other providers of CMS and VAS offerings, as well as governments in a number of jurisdictions (e.g., U.S., Brazil and India), that are developing, supporting and/or operating national schemes, RTP networks and other payment platforms. For more information, please see Item 1—Competition above.

Our competitors may acquire, develop or make better use of substantially better technology, have more widely adopted delivery channels, or have greater financial resources. They may offer more effective, innovative or a wider range of programs, products and services. They may use more effective advertising and marketing strategies that result in broader brand recognition and greater use, including with respect to issuance and seller acceptance. They may also develop better solutions or offer more favorable pricing. Moreover, even if we successfully adapt to technological change and the proliferation of alternative types of payment services by developing and offering our own services in these areas, such services may provide less favorable financial terms for us, which could hurt our financial results. We expect to face more competition as AI continues to advance and GenAI and agentic AI capabilities become integrated into payments and related services in two main ways: first, by competitors successfully enhancing their products, services and external offerings with AI to achieve greater and faster product adoption; and second, by competitors providing internal AI tools to upskill their employees for greater operational efficiencies and impact. In addition, our competitors may have, or in the future may obtain, proprietary rights that would prevent, limit or interfere with our ability to design, use or sell our own AI-based offerings or services to our clients and other third parties. If we do not continue to invest in developing and supporting our AI-based initiatives, we may fall behind technological developments and evolving industry standards, which would likewise harm our reputation and ability to effectively compete, retain clients or grow our business.

Certain of our competitors operate with different business models, have different cost structures or participate in different market segments. Many of these competitors are also able to use existing payment networks without being subject to many of the associated costs. Moreover, these competitors also occupy various roles in the payments ecosystem that enable them to influence payment choice of other participants. Some of our competitors, including American Express, Discover, private-label card networks, virtual currency providers, technology companies that enable the exchange of digital assets, and certain alternative payments systems like Alipay and WeChat Pay, operate closed-loop payments systems, with direct connections to both sellers and consumers. Those business models may ultimately prove more successful or more adaptable to regulatory, technological and other developments. In some cases, these competitors have the support of government mandates that prohibit, limit or otherwise hinder our ability to compete for transactions within certain countries and regions. For more information on government actions, initiatives or regulations that could impact competition, please see Item 1—Government Regulation and Item 1A—Regulatory Risks above.

We expect the competitive landscape to continue to shift and evolve. For example:

• We, along with our competitors, clients, network participants, and others are developing or participating in alternative payments systems or products, such as mobile payment services, ecommerce payment services, P2P payment services, real-time and faster payment initiatives, and payment services that permit

Table of Contents

ACH or direct debits from or to consumer checking accounts, that could either reduce our role or otherwise disintermediate us from the transaction processing or the value-added services we provide to support such processing. Examples include initiatives from The Clearing House, an association consisting of large financial institutions that has developed its own faster payments system; Early Warning Services, which operates Zelle, a bank-offered alternative network that provides another platform for faster funds or real-time payments across a variety of payment types, including P2P, corporate and government disbursement, bill pay and deposit check transactions; and cryptocurrency, including stablecoin-based payments initiatives.

• In July 2025, the U.S. enacted the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act), establishing a comprehensive framework for regulating stablecoins. Similarly, the European Union has adopted its own legal framework for crypto assets. Many other countries, including the U.K., Japan, United Arab Emirates, Hong Kong and Singapore, are at varying stages of adopting stablecoin and digital assets-related regulatory frameworks. With more regulatory certainty and permissive or favorable regulations, stablecoins could potentially disrupt existing payment networks, including in cross-border and B2B transactions. In countries facing currency instability and controls, stablecoins could increasingly be used as an alternative to preserve and transfer asset value. In more mature markets, stablecoins could achieve broad adoption through regulated issuance by traditional banks, fintechs and other new entrants, as well as by being integrated in closed loop systems operated by large digital ecosystems and platforms.

• Parties that access our payment credentials, tokens and technologies, including clients, technology solution providers or others might be able to migrate or steer account holders and other clients to alternative payment methods or use our payment credentials, tokens and technologies to establish or help bolster alternate payment methods and platforms.

• Participants in the payments industry may merge, form joint ventures or enable or enter into other business combinations or bilateral agreements that strengthen their existing business propositions or create new, competing payment services. For example, parties may agree not to use our payments network for processing transactions resulting in sellers processing transactions directly with issuers, or processors processing transactions directly with issuers and acquirers.

• New or revised industry standards for or related to payments set by individual countries, regions or standard setting organizations may result in additional costs and expenses for Visa and its clients, or otherwise negatively impact the functionality and competitiveness of our products and services.

As the competitive landscape is quickly evolving, we may not be able to foresee or respond sufficiently to emerging risks associated with new businesses, products, services and practices. We may be asked to adjust our local rules and practices, develop or customize certain aspects of our payment services, adjust the economics or pricing for our offerings, or agree to business arrangements that may be less protective of Visa’s proprietary technology and interests in order to compete and we may face increasing operational costs and risk of litigation concerning intellectual property. Our failure to compete effectively in light of any such developments could harm our business and prospects for future growth.

Our net revenue and profits are dependent on our client and seller base, which may be costly to win, retain and develop.

Our financial institution clients and sellers can reassess their commitments to us at any time or develop their own competitive services. While we have certain contractual protections, our clients, including some of our largest clients, generally have flexibility to issue non-Visa products. In certain circumstances, our financial institution clients may decide to terminate our contractual relationship on relatively short notice without paying significant early termination fees. Because a significant portion of our net revenue is concentrated among our largest clients, the loss of business from any one of these larger clients could harm our business, results of operations and financial condition. For more information, please see Note 14—Segment Information to our consolidated financial statements included in Item 8 of this report. It may also be difficult or costly for us to acquire or conduct business with financial institutions or sellers that have longstanding exclusive, or nearly exclusive, relationships with our competitors. These financial institutions or sellers may be more successful and may grow more quickly than our existing clients or sellers. If there is a consolidation or acquisition of one or more of our largest clients or co-brand partners by a financial institution client or seller with a strong relationship with one of our competitors, it could result in our business shifting to a competitor, which could put us at a competitive disadvantage and harm our business.

Table of Contents

In addition, we face intense competitive pressure on the prices we charge our financial institution clients. In certain regions, we are increasingly facing competition from RTP networks, other payment facilitators offering lower pricing, and government involvement in domestic and cross-border payments. In order to stay competitive, we may need to adjust our pricing or offer incentives to our clients to grow payments volume, enter new market segments, adapt to regulatory changes, and expand their use and acceptance of Visa products and services. These include up-front cash payments, fee discounts, rebates, credits, performance-based incentives, marketing and other support payments that impact our net revenue and profitability. In addition, we offer incentives to certain sellers and acquirers to encourage them to route transactions to Visa. Pressures on pricing, incentives, fee discounts and rebates could moderate our growth. If we are not able to implement cost containment and productivity initiatives in other areas of our business or grow our volume in other ways to offset or absorb the financial impact of these incentives, fee discounts and rebates, it may harm our net revenue and profits.

Sellers’ and processors’ continued push to lower acceptance costs and challenge industry practices could harm our business.

We rely in part on sellers and their relationships with our clients or their agents to maintain and expand the use and acceptance of Visa products. Certain sellers and seller-affiliated groups have been exerting their influence in the global payments system in certain jurisdictions, such as the U.S., Australia, Canada and Europe, to attempt to lower acceptance costs paid by sellers to acquirers or their agents to accept payment products or services, by lobbying for new legislation, seeking regulatory intervention, filing lawsuits and in some cases, surcharging or refusing to accept Visa products. If they are successful in their efforts, we may face increased compliance and litigation expenses, issuers may decrease their issuance of our products, and consumer usage of our products could be adversely impacted. For example, in the U.S., certain stakeholders have raised concerns regarding how payment security standards and rules may impact debit routing choice and the cost of payment card acceptance. U.S. seller-affiliated groups and processors have expressed concerns regarding the EMV certification process and the roles of industry bodies such as EMVCo and the Payment Card Industry Security Standards Council in the development of payment card standards. Moreover, many sellers have advocated for lower acceptance costs in the form of reduced interchange rates, which could result in some issuers eliminating or reducing their promotion or use of Visa’s products and services, eliminating or reducing cardholder benefits such as rewards programs, or charging account holders increased or new fees for using Visa-branded products, all of which could negatively impact Visa’s payments volume and related revenue. Finally, some sellers and processors have advocated for changes to industry practices and Visa acceptance requirements at the point of sale, including the ability for sellers to accept only certain types of Visa products, to mandate only PIN authenticated transactions, to differentiate or steer among Visa product types issued by different financial institutions, and to impose surcharges on consumers presenting Visa products as their form of payment. A number of the issues flagged in this risk factor are subject to pending litigation. For more information, please see Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this report. If successful, these efforts could adversely impact consumers’ usage of our products and decrease our overall payments volume and net revenue, lead to regulatory enforcement and/or litigation that increases our compliance and litigation expenses, and ultimately harm our business.

We depend on relationships with financial institutions, acquirers, processors, sellers, payment facilitators, ecommerce platforms, fintechs and other third parties.

Our relationships with industry participants are complex and require us to balance the interests of multiple third parties. For instance, we depend significantly on relationships with our financial institution clients and on their relationships with account holders and sellers to provide our products and services, and thereby compete effectively in the marketplace. We offer incentives to sellers, acquirers, ecommerce platforms and processors to encourage routing preference and acceptance growth. We also engage in many payment card co-branding efforts with sellers, who receive incentives from us. As emerging participants such as fintechs enter the payments industry, we engage in discussions to address the role they may play in the ecosystem, whether as, for example, an issuer, seller, ecommerce platform or digital wallet provider. As these and other relationships become more prevalent and take on a greater importance to our business, our success will increasingly depend on our ability to sustain and grow these relationships. In addition, we depend on our clients and third parties, including network partners, vendors and suppliers, to submit, facilitate and process transactions properly, provide various services associated with our payments network on our behalf, and otherwise adhere to our operating rules and applicable laws. As our clients expand their global footprint, their legal and regulatory obligations can become even more complex. From time to time, our relationships may be affected by actions of our clients and industry participants that may materially and adversely impact our business, products or services, and to the extent we or such parties fail to perform or deliver

Table of Contents

adequate services or comply with regulatory obligations, it may result in negative experiences for account holders or others when using their Visa-branded payment products, which could harm our business and reputation.

Our business could be harmed if we are not able to maintain and enhance our brand, if events occur that have the potential to damage our brand or reputation, or if we experience brand disintermediation.

Our brand is globally recognized and is a key asset of our business. We believe that our clients and their account holders associate our brand with acceptance, security, convenience, speed and reliability. Our success depends in large part on our ability to maintain the value of our brand and reputation of our products and services in the payments ecosystem, elevate the brand through new and existing products, services and partnerships, and uphold our corporate reputation. The popularity of products that we have developed in partnership with technology companies and financial institutions as well as government actions that mandate other networks to process Visa-branded card transactions may have the potential to cause brand disintermediation at the point of sale, in ecommerce and mobile channels, and decrease the presence of our brand. Our brand reputation may also be negatively impacted by a number of factors, including authorization, clearing and settlement service disruptions; data security breaches; compliance failures by Visa, including by our employees, agents, clients, partners or suppliers; failure to meet expectations of our clients, consumers or other stakeholders; negative perception of our industry, the industries of our clients, Visa-accepting sellers, or our clients’ customers and agents, including third-party payments providers; ill-perceived actions or affiliations by clients, partners or other third parties, such as sponsorship or co-brand partners; and fraudulent, or illegal activities using our payment products or services, and which we may not always be in a position to detect and/or prevent from occurring over our network. Our brand could also be negatively impacted when our products are used to facilitate payment for legal, but controversial, products and services, including adult content, firearms and gambling activities. Additionally, these risks could be exacerbated if our financial institution partners and/or sellers fail to maintain necessary controls to ensure the legality of these transactions, if any legal liability associated with such goods or services is extended to ancillary participants in the value chain like payments networks, or if our network and industry become entangled in political or social debates concerning such legal, but controversial, commerce. If we are unable to maintain our reputation, the value of our brand may be impaired, which could harm our relationships with clients, account holders, employees, prospective employees, governments and the public, as well as impact our business.

Global economic, political, market, health and social events or conditions may harm our business.

More than half of our net revenue is earned outside the U.S. In addition, international cross-border transaction revenue represents a significant part of our net revenue and is an important part of our growth strategy. Our net revenue is dependent on the volume and number of payment transactions made by consumers, governments, and businesses whose spending patterns may be affected by economic, political, market, health and social events or conditions. Adverse macroeconomic conditions within the U.S. or internationally, including but not limited to recessions, inflation, rising interest rates, increase in tariff rates, high unemployment, currency fluctuations, actual or anticipated large-scale defaults or failures, rising energy prices, a slowdown or disruption of global trade, trade retaliation, government shutdowns, and reduced consumer, small business, government, and corporate spending, have a direct impact on international commerce. Our business depends on the smooth functioning of international financial systems and the free flow of commerce across borders. Any restrictions on the activities of multinational businesses, disruptions to global trade, or deterioration in international relations could materially and adversely affect our payments volume, transactions, client relationships, and net revenue. Any events or conditions that impair the functioning of the financial markets, tighten the credit market, or lead to a downgrade of our current credit rating could increase our future borrowing costs and impair our ability to access the capital and credit markets on favorable terms, which could affect our liquidity and capital resources, or significantly increase our cost of capital. Furthermore, in efforts to deal with adverse macroeconomic conditions, governments may introduce new or additional initiatives or requests to reduce or eliminate payment fees or other costs. In an overall soft global economy, such pricing measures could result in additional financial pressures on our business.

Geopolitical trends towards nationalism, protectionism and restrictive visa requirements, as well as continued activity and uncertainty around economic sanctions, tariffs or trade restrictions, including restrictions on the cross-border flow of data, the potential or threat of retaliatory international and domestic policies and actions, changing perceptions of U.S.-based companies in the regions where we operate or plan to operate, could impact the expansion of our business in certain regions and have resulted in us suspending our operations in other regions. In March 2022, we suspended our operations in Russia due to economic sanctions imposed on Russia, impacting Visa and its clients. As a result, we are no longer generating revenue from domestic and cross-border activities related to Russia. The war in Ukraine and the ongoing instability in the Middle East, and any resulting conflicts in the region,

Table of Contents

could have lasting impacts on the region and its economies, which could adversely affect our business. Changes in geopolitical conditions also increase the security risks described elsewhere in these risk factors.

In addition, outbreaks of illnesses, pandemics like COVID-19, or other local or global health issues, political uncertainties, international hostilities, armed conflicts, wars, civil unrest, climate-related events, including the increasing frequency of extreme weather events, impacts on or failures of the power grid, and natural disasters have to varying degrees negatively impacted our operations, clients, third-party suppliers, activities, and cross-border travel and spend. Any decline in cross-border travel and spend would impact our cross-border volume, the number of cross-border transactions we process and our currency exchange activities, which in turn would reduce our international transaction revenue. These events or conditions could impact our clients as well, and their decisions could reduce the number of cards, accounts, and credit lines of their account holders, and impact overall consumption by consumers and businesses, which would ultimately impact our net revenue. In addition, our clients may implement cost-reduction initiatives that reduce or eliminate marketing budgets, and decrease spending on our value-added services.

Our ability to adjust to evolving corporate responsibility and sustainability (CRS) matters and related regulations could adversely affect our business and financial results or negatively impact our reputation.

We are subject to dynamic, and sometimes conflicting laws, regulations and other directives that govern a wide array of issues, including some that extend beyond our core products and services. This includes, but is not limited to, matters that touch upon sustainability, climate change, people and talent management, equal opportunity and inclusion, supply chain management and human rights. A wide range of stakeholders, including governments, NGOs, consumers, partners, employees and investors, are increasingly attentive to these corporate responsibility matters and are developing expectations which at times may be discordant with each other and with Visa’s existing strategies and disclosure practices. For example, certain regulators have proposed or adopted, or plan to propose or adopt, rules or standards related to these matters that would apply to our business, including the EU’s Corporate Sustainability Reporting Directive and Corporate Sustainability Due Diligence Directive and the State of California’s legislation requiring broad disclosure of greenhouse gas emissions and other climate-related information.

Our ability to achieve, or make sufficient progress towards any of our CRS objectives is subject to numerous risks, many of which are outside of our control, including the evolving legal environment and regulatory requirements for the tracking and reporting of CRS standards or disclosures and the actions of suppliers, partners, and other third parties. Accordingly, our goals may evolve from time to time, implementation of these goals may require considerable investments, and ultimately, we cannot guarantee our ability to achieve or to make sufficient progress toward, any or all of our publicly stated goals. From time to time, we may restate previously reported data to reflect updated methodologies for reporting our CRS data, an improvement in the availability and quality of data, changing assumptions, changes in the nature and scope of our operations, or other changes in circumstances. This may result in a lack of consistent or meaningful comparative data from period to period or between us and other companies in the same industry. Furthermore, where new laws or regulations are more stringent than current legal or regulatory requirements, we may experience increased compliance burdens and costs to meet such obligations. Because our stakeholders often hold differing views on our CRS-related goals and initiatives and we face conflicting directives from U.S. and international regulatory authorities, any failure, or perceived failure, to meet these evolving and varied stakeholder expectations and standards may result in negative attention in the media, reputational impacts, including an inaccurate perception or misrepresentation of our actual CRS practices, diversion of management’s attention and resources, and proxy fights, among other material adverse impacts on our business. Additionally, the goals or initiatives themselves could potentially subject us to litigation or investigations initiated by government authorities or private actors alleging that our activities related to CRS are anti-competitive, discriminatory or otherwise unlawful.

Our indemnification obligation to fund settlement losses of our clients exposes us to significant risk of loss and may reduce our liquidity.

We indemnify issuers and acquirers for settlement losses they may suffer due to the failure of another issuer or acquirer to honor its settlement obligations in accordance with the Visa operating rules. This indemnification creates settlement risk for us due to the timing difference between the date of a payment transaction and the date of subsequent settlement. Our indemnification exposure is generally limited to the amount of unsettled Visa card payment transactions at any point in time and any subsequent amounts that may fall due to adjustments for previously processed transactions. In addition, changes in the credit standing of our clients or concurrent settlement failures or insolvencies involving more than one of our largest clients, several of our smaller clients, significant sponsor banks through which non-financial institutions participate in the Visa network, or systemic operational

Table of Contents

failures could expose us to liquidity risk, and negatively impact our financial position. In certain instances, we may indemnify issuers or acquirers in situations in which a transaction is not processed by our system. Even if we have sufficient liquidity to cover a settlement failure or insolvency, we may be unable to recover the amount of such payment. This could expose us to significant losses and harm our business. See Note 12—Settlement Guarantee Management to our consolidated financial statements included in Item 8 of this report.

Technology and Cybersecurity Risks

Failure to anticipate, adapt to, or keep pace with, new technologies in the payments industry could harm our business and impact future growth.

The global payments industry is undergoing significant and rapid technological change, including increased proliferation of mobile and other proximity and in-app payment technologies, ecommerce, tokenization, cryptocurrencies, distributed ledger and blockchain technologies, cloud-based encryption and authorization, and new authentication technologies such as biometrics, FIDO 2.0, 3D Secure 2.0 and dynamic cardholder verification values or dCVV2. As a result, we expect new services and technologies to continue to emerge and evolve. For example, GenAI and agentic commerce solutions have emerged as an opportunity for Visa, its clients, suppliers, sellers and partners to innovate more quickly and better serve consumers. Rapid adoption and novel uses of GenAI and agentic commerce across the marketplace may also introduce unique and unpredictable security risks to our systems, information, and the payments ecosystem. In addition to our own initiatives and innovations, we work closely with third parties, including potential competitors, for the development of, and access to, new technologies. It is difficult, however, to predict which technological developments or innovations will become widely adopted and how those technologies may be regulated. Moreover, some of the new technologies could be subject to intellectual property-related lawsuits or claims, potentially impacting our development efforts and/or requiring us to obtain licenses, implement design changes or discontinue our use. If we or our partners fail to adapt and keep pace with new technologies in the payments space in a timely manner, it could harm our ability to compete, decrease the value of our products and services to our clients, impact our intellectual property or licensing rights, harm our business and impact our future growth.

A disruption, failure or breach of our networks or systems, including as a result of cyber incidents or attacks, could harm our business.

Our cybersecurity and processing systems, as well as those of financial institutions, sellers and third-party service providers, have experienced and may continue to experience errors, interruptions, delays or damage from a number of causes including but not limited to, hardware, software and network failures, computer viruses, ransomware, malware or other destructive software, use of AI technologies by bad actors, internal design, manual or user errors, advanced or persistent cyber attacks, social engineering threats, such as phishing or deepfake schemes, including those using synthetic media, insider threats, terrorism, political tensions, war or other military conflicts, or civil unrest, security breaches of our physical premises, workplace violence or wrongdoing, catastrophic events, natural disasters, severe weather conditions and other effects from climate change. Because the tactics, techniques and procedures used to obtain unauthorized access, or to disable or degrade systems change frequently, have become increasingly more complex and sophisticated, and may be difficult to detect for periods of time, we may not anticipate these acts or respond adequately or timely. For example, cybercriminals have increasingly demonstrated advanced capabilities, such as use of zero-day vulnerabilities, and rapid integration of new technology such as GenAI are being used by threat actors to create sophisticated attacks that are increasingly automated, targeted and more difficult to defend against. Our own use and deployment of GenAI technologies could expand our cybersecurity attack surface, increasing exposure to breaches, fraud, unauthorized transactions and other vulnerabilities. In addition, third-party suppliers of hardware and infrastructure that operate our data centers and support employee productivity could be impacted by supply chain disruptions, such as manufacturing, shipping delays, and service disruption due to cyber attacks. An extended supply chain or service disruption could also impact processing or delivery of technology services. Moreover, due to the interconnectivity and complexity of information systems and their reliance on common systems, software and vendors, disruptions or degradations have had, and will likely continue to have, wide-reaching consequences, including the potential to disrupt the overall financial system and other key systems in the global economy. Such attacks and breaches have resulted and may continue to result in fraudulent activity and financial losses to Visa’s financial institution clients, sellers or third-party service providers.

Our visibility and role in the global payments industry also puts our company at a greater risk of being targeted by hackers. In the normal course of our business, we have been the target of malicious cyber activity. We have been, and may continue to be, impacted by attacks and data security breaches of financial institutions, sellers, and

Table of Contents

third-party service providers. We are also aware of instances where governments have directed or sponsored attacks against some of our financial institution clients, and other instances where sellers and issuers have encountered substantial data security breaches affecting their customers, some of whom were Visa account holders. Given the increase in payments through ecommerce, social media and mobile channels, we continue to see increased cyber and payment fraud activity, as cybercriminals attempt phishing and social engineering scams, distributed denial of service attacks and other disruptive actions.

The security measures and procedures we, our financial institution and seller clients, other sellers and third-party service providers in the payments ecosystem have in place to protect sensitive consumer data and other information may not be implemented effectively, may differ in scope and complexity across different ecosystem participants, or may not be successful or sufficient to counter all data security breaches, cyber incidents and attacks or system failures. In some cases, the mitigation efforts may be dependent on third parties who may not follow the required contractual standards, who may not be able to timely patch vulnerabilities or fix security defects, or whose hardware, software or network services may be subject to error, defect, delay, outage or lack appropriate security measures to prevent breaches or data exfiltration incidents. Cyber incidents and attacks can have cascading impacts that unfold with increasing speed across our internal networks and systems and those of our partners and clients.

Furthermore, as a global financial services company, Visa is increasingly subject to complex, varied, and rapidly evolving cybersecurity regulations and cyber incident reporting requirements across numerous jurisdictions. For example, governments around the world have recently passed or are considering new critical infrastructure cybersecurity laws and regulations, some of which may apply to Visa. With the often short timeframes required for cyber incident reporting, there is a risk that Visa or its third-party service providers will fail to meet the reporting deadlines for any given incident. It may take considerable time for us to investigate and evaluate the full impact of cyber incidents, particularly for sophisticated attacks. These factors may inhibit our ability to provide prompt, full and reliable information about the cyber incident to our clients, partners and regulators, as well as to the public. In the event we are found to be out of compliance, we could be subject to monetary damages, civil and criminal penalties, litigation, investigations and proceedings, and damage to our reputation and brand.

Any of these events, individually or in the aggregate, could significantly disrupt our operations; impact the availability and integrity of our systems, applications, or the systems of our third-party service providers; result in the unauthorized disclosure, release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary, sensitive and personal information (including account data information) or data security compromises; impact our clients and consumers; increase the risk of fraudulent transactions; damage our reputation and brand; result in litigation or claims, violations of applicable privacy and other laws, and increased regulatory review or scrutiny, investigations, actions, fines or penalties; result in damages or changes to our business practices; decrease the overall use and acceptance of our products; decrease our volume, net revenue and future growth prospects; financial losses to Visa’s financial institution clients, sellers or third-party service providers, and be costly, time consuming and difficult to remedy. There can be no assurance that our efforts will prevent all such threats. In the event of damage or disruption to our business due to these occurrences, we may not be able to successfully and quickly recover all of our critical business functions, assets, and data through our business continuity program and we may not be able to notify affected third parties when appropriate. Furthermore, while we maintain insurance, our coverage may not sufficiently cover all types of losses or claims that may arise. In addition, in the case of any cyber-attack or other security incident information or security breach or technology failure arising from third-party systems impacting us, any third-party indemnification may not be applicable or sufficient to address the impact of such incidents.

Structural and Organizational Risks

We may not achieve the anticipated benefits of our acquisitions, joint ventures or strategic investments, and may face risks and uncertainties as a result.

As part of our overall business strategy, we make acquisitions and strategic investments, and enter into joint ventures. We may not achieve the anticipated benefits of our current and future acquisitions, joint ventures or strategic investments and they may involve significant risks and uncertainties, including:

• disruption to our ongoing business, including diversion of resources and management’s attention from our existing business;

• greater than expected investment of resources or operating expenses;

Table of Contents

• failure to adequately develop or integrate our acquired entities or joint ventures;

• the data security, cybersecurity and operational resilience posture of our acquired entities, joint ventures or companies we invest in or partner with, may not be adequate and may be more susceptible to a system failure, service disruption or cyber incident or attack;

• difficulty, expense or failure of implementing controls, procedures and policies at our acquired entities or joint ventures;

• challenges of integrating new employees, business cultures, business systems and technologies;

• failure to retain employees, clients or partners of our acquired entities or joint ventures;

• in the case of foreign acquisitions, risks related to the integration of operations across different cultures and languages;

• disruptions, costs, liabilities, judgments, settlements or business pressures resulting from litigation matters, investigations or legal proceedings involving our acquisitions, joint ventures or strategic investments;

• the inability to pursue aspects of our acquisitions or joint ventures due to outcomes in litigation matters, investigations or legal proceedings;

• failure to obtain the necessary government or other approvals at all, on a timely basis or without the imposition of burdensome conditions or restrictions;

• the economic, political, regulatory and compliance risks associated with our acquisitions, joint ventures or strategic investments, including when entering into a new business or operating in new regions or countries. For more information on regulatory risks, please see Item 1—Government Regulation and Item 1A—Regulatory Risks above;

• discovery of unidentified issues and related liabilities after our acquisitions, joint ventures or investments were made;

• failure to mitigate the deficiencies and liabilities of our acquired entities or joint ventures;

• dilutive issuance of equity securities, if new securities are issued;

• the incurrence of debt;

• negative impact on our financial position and/or statement of operations; and

• anticipated benefits, synergies or value of our acquisitions, joint ventures or investments not materializing or taking longer than expected to materialize.

In addition, we may pursue additional strategic objectives, such as additional exchange offers, which can divert resources and management’s attention from our existing business and, if unsuccessful, may harm our business and reputation.

We may be unable to attract, hire and retain a highly qualified workforce, including key management.

The talents and efforts of our employees, particularly our key management, are vital to our success. The market for highly skilled workers and leaders in our industry, especially in fintech, technology, AI, cybersecurity and other specialized areas, is extremely competitive. Our management team has significant industry experience and would be difficult to replace. We may be unable to retain them or to attract, hire or retain other highly qualified employees, particularly if we do not offer employment terms that are competitive with the rest of the labor market. Ongoing changes in laws and policies regarding immigration, travel and work authorizations have made it more difficult for employees to work in, or transfer among, jurisdictions in which we have operations and could continue to impair our ability to attract, hire and retain qualified employees. Failure to attract, hire, develop, motivate and retain highly qualified employee talent, especially in light of changing worker expectations and talent marketplace variability; to adequately address potential increased scrutiny of our talent-related programs and initiatives; to develop and implement an adequate succession plan for the management team; or to maintain our strong corporate culture of fostering innovation and collaboration could impact our workforce development goals, impact our ability to achieve our business objectives, and adversely affect our business and our future success.

Table of Contents

The conversions of our class B-1, B-2 and class C common stock or series A, B and C preferred stock into shares of class A common stock would result in voting dilution to, and could adversely impact the market price of our existing class A common stock.

The market price of our class A common stock could fall as a result of many factors. The value of our class B-1, B-2 and C common stock and series A, B and C preferred stock is tied to the value of the class A common stock. Under our U.S. retrospective responsibility plan, upon final resolution of our U.S. covered litigation, all class B-1 and B-2 common stock will become convertible into class A common stock. Under our Europe retrospective responsibility plan, Visa will continue to release value from the series B and series C preferred stock in stages based on developments in current and potential litigation. The series B and series C preferred stock will become fully convertible to series A preferred stock or class A common stock no later than 2028 (subject to a holdback to cover any pending claims). Conversion of our class B-1, B-2 and C common stock into class A common stock, or our series A, B and C preferred stock into class A common stock, would increase the amount of class A common stock outstanding, which would dilute the voting power of existing class A common shareholders. In addition, the sale of significant portions of converted class A common stock could adversely impact the market price of our existing class A common stock.

Holders of our class B-1, B-2 and C common stock and series A, B and C preferred stock may have different interests than our class A common shareholders concerning certain significant transactions.

Although their voting rights are limited, holders of our class B-1, B-2 and C common stock and, in certain specified circumstances, holders of our series A, B and C preferred stock, can vote on certain significant transactions. With respect to our class B-1, B-2 and C common stock, these transactions include a proposed consolidation or merger, a decision to exit our core payments business and any other vote required under Delaware law. With respect to our series A, B and C preferred stock, voting rights are limited to proposed consolidations or mergers in which holders of the series A, B and C preferred stock would receive shares of stock or other equity securities with preferences, rights and privileges that are not substantially identical to the preferences, rights and privileges of the applicable series of preferred stock; or, in the case of series B and C preferred stock, holders would receive securities, cash or other property that is different from what our class A common shareholders would receive. Because the holders of classes of capital stock other than class A common stock are our current and former financial institution clients, they may have interests that diverge from our class A common shareholders. As a result, the holders of these classes of capital stock may not have the same incentive to approve a corporate action that may be favorable to the holders of class A common stock, and their interests may otherwise conflict with interests of our class A common shareholders.

Delaware law, provisions in our certificate of incorporation and bylaws, and our capital structure could make a merger, takeover attempt or change in control difficult.

Provisions contained in our certificate of incorporation and bylaws and our capital structure could delay or prevent a merger, takeover attempt or change in control that our shareholders may consider favorable. For example, except for limited exceptions: (1) no person may beneficially own more than 15 percent of our class A common stock (or 15 percent of our total outstanding common stock on an as-converted basis), unless our board of directors approves the acquisition of such shares in advance; (2) no competitor or an affiliate of a competitor may hold more than 5 percent of our total outstanding common stock on an as-converted basis; (3) the affirmative votes of the class B-1, B-2 and C common stock and series A, B and C preferred stock are required for certain types of consolidations or mergers; (4) our shareholders may only take action during a shareholders’ meeting and may not act by written consent; and (5) only our board of directors, Chair, or CEO or any shareholders who have owned continuously for at least one year not less than 15 percent of the voting power of all shares of class A common stock outstanding may call a special meeting of shareholders.

Table of Contents

ITEM 7.    Management’s Discussion and Analysis of Financial Condition and Results of Operations

This management’s discussion and analysis provides a review of the results of operations, financial condition and liquidity and capital resources of Visa Inc. and its subsidiaries (Visa, we, us, our or the Company) on a historical basis and outlines the factors that have affected recent earnings, as well as those factors that may affect future earnings. The following discussion and analysis should be read in conjunction with the consolidated financial statements and related notes included in Item 8 of this report.

This section of the report generally discusses fiscal 2025 compared to fiscal 2024. Discussions of fiscal 2024 compared to fiscal 2023 that are not included in this report can be found in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 in our Annual Report on Form 10-K for the year ended September 30, 2024, filed with the U.S. Securities and Exchange Commission.

Overview

Visa is a global payments technology company that facilitates secure, reliable and efficient global commerce and money movement. We provide transaction processing services (primarily authorization, clearing and settlement) among consumers, issuing and acquiring financial institutions and sellers. We are focused on extending, enhancing and investing in our proprietary advanced transaction processing network, VisaNet, to offer a single connection point for facilitating money movement to multiple endpoints through various form factors and innovative technologies across more than 200 countries and territories. Visa is not a financial institution. We do not issue cards, extend credit or set rates and fees for account holders of Visa products.

Financial overview. A summary of our GAAP and non-GAAP operating results is as follows:

For the Years Ended

September 30,

% Change (1)

(in millions, except percentages and per share data)

Net revenue

Operating expenses

Net income

Diluted earnings per share

Non-GAAP operating expenses (2)

Non-GAAP net income (2)

Non-GAAP diluted earnings per share (2)

(1) Figures in the table may not recalculate exactly due to rounding. Percentage changes are calculated based on unrounded numbers.

(2) For a full reconciliation of our GAAP to non-GAAP financial results, see tables in Non-GAAP financial results below.

Highlights for fiscal 2025 . Net revenue increased 11% over the prior year, primarily due to the growth in processed transactions, nominal cross-border volume, and nominal payments volume, partially offset by higher client incentives. See Results of Operations—Net Revenue below for further discussion. Exchange rate movements did not have a material impact on net revenue growth.

GAAP operating expenses increased 30% over the prior year, primarily driven by higher litigation provision and personnel expenses. See Results of Operations—Operating Expenses below for further discussion. Exchange rate movements did not have a material impact on operating expenses growth.

Non-GAAP operating expenses increased 11% over the prior year, primarily driven by higher personnel, general and administrative, and depreciation and amortization expenses.

Release of preferred stock. In August 2025, we released $1.4 billion of the as-converted value from our series B and C preferred stock and issued 40,080 shares of series A preferred stock in connection with the ninth anniversary of the Visa Europe acquisition. See Note 5—U.S. and Europe Retrospective Responsibility Plans and Note 15—Stockholders’ Equity to our consolidated financial statements included in Item 8 of this report.

Table of Contents

Senior notes. In May 2025, we issued Euro-denominated fixed-rate senior notes in a public offering in an aggregate principal amount of €3.5 billion ($3.9 billion), with maturities ranging between 3 and 19 years. See Note 10—Debt to our consolidated financial statements included in Item 8 of this report.

Acquisition. In December 2024, we acquired Featurespace Limited (Featurespace), a developer of real-time artificial intelligence payments protection technology that helps prevent and mitigate payments fraud and financial crime risks, for a purchase consideration of $946 million. See Note 2—Acquisitions to our consolidated financial statements included in Item 8 of this report.

Interchange multidistrict litigation. During fiscal 2025, we recorded additional accruals of $2.2 billion to address claims associated with the interchange multidistrict litigation. We also made additional deposits of $875 million into the U.S. litigation escrow account. The additional accruals related to the interchange multidistrict litigation could be higher or lower than deposits made into the U.S. litigation escrow account. See Note 5—U.S. and Europe Retrospective Responsibility Plans and Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this report .

Continued resolution in the interchange multidistrict litigation will be considered by our board of directors with regards to successive exchange offers for class B common stock. Visa may, but is under no obligation to, conduct a successive exchange offer for class B common stock if (i) one year has passed since the initial exchange offer for the next preceding class of class B common stock; and (ii) if the estimated interchange reimbursement fees at issue in unresolved claims for damages in the U.S. covered litigation have been reduced by 50% or more since the consummation of the prior exchange offer (or in the case of the first successive exchange offer, since October 1, 2023), as determined by Visa. The estimated interchange reimbursement fees at issue in unresolved claims for damages in the U.S. covered litigation was approximately $49.6 billion as of October 1, 2023 and was approximately $39.4 billion (1) as of October 1, 2025.

Common stock repurchases. In April 2025, our board of directors authorized a $30.0 billion share repurchase program, providing multi-year flexibility. During fiscal 2025, we repurchased 54 million shares of our class A common stock in the open market for $18.2 billion. As of September 30, 2025, our share repurchase program had remaining authorized funds of $24.9 billion. See Note 15—Stockholders’ Equity to our consolidated financial statements included in Item 8 of this report.

Non-GAAP financial results. We use non-GAAP financial measures of our performance which exclude certain items which we believe are not representative of our continuing operations, as they may be non-recurring or have no cash impact, and may distort our longer-term operating trends. We consider non-GAAP measures useful to investors because they provide greater transparency into management’s view and assessment of our ongoing operating performance.

• Gains and losses on equity investments. Gains and losses on equity investments include periodic non-cash fair value adjustments and gains and losses upon sale of an investment. These long-term investments are strategic in nature and are primarily private company investments. Gains and losses associated with these investments are tied to the performance of the companies that we invest in and therefore do not correlate to the underlying performance of our business.

• Amortization of acquired intangible assets. Amortization of acquired intangible assets consists of amortization of intangible assets such as technology and customer relationships acquired in connection with business combinations executed beginning in fiscal 2019. Amortization charges for our acquired intangible assets are non-cash and are significantly affected by the timing, frequency and size of our acquisitions, rather than our core operations. As such, we have excluded this amount to facilitate an evaluation of our current operating performance and comparison to our past operating performance.

• Acquisition-related costs. Acquisition-related costs consist primarily of one-time transaction and integration costs associated with our business combinations. These costs include professional fees, technology integration fees, restructuring activities and other direct costs related to the purchase and integration of acquired entities. These costs also include retention equity and deferred compensation when they are

(1)      These figures are estimated and approximated. These estimates do not include claims in certain purported indirect purchaser class actions or any claims of merchants serviced by opt-outs that are payment processors and facilitators. The interchange at issue for unresolved claims will continue to increase. See U.S. Covered Litigation in Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this report for more information on the Interchange Multidistrict Litigation (MDL) - Individual Merchant Actions.

Table of Contents

agreed upon as part of the purchase price of the transaction but are required to be recognized as expense post-combination. We have excluded these amounts as the expenses are recognized for a limited duration and do not reflect the underlying performance of our business.

• Severance costs. During fiscal 2025, we recorded severance costs within personnel expense to realign our organizational structure and focus on areas that will drive higher long-term growth. This broad-based optimization effort has been excluded as it is not representative of our ongoing operations.

• Lease consolidation costs. During fiscal 2025 and 2024, we recorded charges within general and administrative expense associated with the consolidation of certain leased office spaces. We have excluded these amounts as it does not reflect the underlying performance of our business.

• Litigation provision. Litigation provision includes significant accruals related to certain legal matters that are not covered by the U.S. retrospective responsibility plan or the Europe retrospective responsibility plan (uncovered legal matters) and additional accruals associated with the interchange multidistrict litigation which are covered by the U.S. retrospective responsibility plan (U.S. covered litigation). Litigation provision associated with these matters can vary significantly based on the facts and circumstances related to each matter and do not correlate to the underlying performance of our business. During fiscal 2025, 2024 and 2023, we have excluded these amounts to facilitate a comparison to our past operating performance.

Under the U.S. retrospective responsibility plan, we recover the monetary liabilities related to the U.S. covered litigation through a downward adjustment to the rate at which shares of our class B-1 and class B-2 common stock ultimately convert into shares of class A common stock. During fiscal 2025, basic and diluted earnings per class A common stock increased $0.01 and was unchanged, respectively, as a result of the downward adjustments of the class B-1 and B-2 common stock conversion rates during the period. During fiscal 2024 and 2023, basic and diluted earnings per class A common stock were unchanged in both fiscal years, as a result of the downward adjustments of the class B-1 and B-2 common stock conversion rates during the periods. See Note 5—U.S. and Europe Retrospective Responsibility Plans and Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this report.

• Indirect taxes. During fiscal 2024, as a result of the resolution of an audit, we recognized a benefit within general and administrative expense related to the release of the reserve previously recognized in fiscal 2021. This one-time benefit is not representative of our ongoing operations.

• Charitable contribution. During fiscal 2024, we donated investment securities to the Visa Foundation and recognized a non-cash general and administrative expense. We have excluded this amount as it does not reflect the underlying performance of our business.

Table of Contents

Non-GAAP operating expenses, non-operating income (expense), income tax provision, effective income tax rate, net income and diluted earnings per share should not be relied upon as substitutes for, or considered in isolation from, measures calculated in accordance with GAAP. The following tables reconcile our GAAP to non-GAAP financial measures:

For the Year Ended

September 30, 2025

Operating Expenses

Non-operating Income (Expense)

Income Tax Provision (1)

Effective Income Tax Rate (2)

Net Income

Diluted Earnings Per Share (2)

(in millions, except percentages and per share data)

GAAP

(Gains) losses on equity investments, net

Amortization of acquired intangible assets

Acquisition-related costs

Severance costs

Lease consolidation costs

Litigation provision

Non-GAAP

For the Year Ended

September 30, 2024

Operating Expenses

Non-operating Income (Expense)

Income Tax Provision (1)

Effective Income Tax Rate (2)

Net Income

Diluted Earnings Per Share (2)

(in millions, except percentages and per share data)

GAAP

(Gains) losses on equity investments, net

Amortization of acquired intangible assets

Acquisition-related costs

Litigation provision

Lease consolidation costs

Indirect taxes

Charitable contribution

Non-GAAP

Table of Contents

For the Year Ended

September 30, 2023

Operating Expenses

Non-operating Income (Expense)

Income Tax Provision (1)

Effective Income Tax Rate (2)

Net Income

Diluted Earnings Per Share (2)

(in millions, except percentages and per share data)

GAAP

(Gains) losses on equity investments, net

Amortization of acquired intangible assets

Acquisition-related costs

Litigation provision

Non-GAAP

(1) Determined by applying applicable tax rates.

(2) Figures in the table may not recalculate exactly due to rounding. Effective income tax rate, diluted earnings per share and their respective totals are calculated based on unrounded numbers.

Payments volume and processed transactions. Payments volume is the primary driver for our service revenue, and the number of processed transactions is the primary driver for our data processing revenue.

Payments volume represents the aggregate dollar amount of purchases made with cards and other form factors carrying the Visa, Visa Electron, V PAY and Interlink brands and excludes Europe co-badged volume. Nominal payments volume is denominated in U.S. dollars and is calculated each quarter by applying an established U.S. dollar/foreign currency exchange rate for each local currency in which our volumes are reported. Processed transactions include payments and cash transactions, and represent transactions using cards and other form factors carrying the Visa, Visa Electron, V PAY, Interlink and PLUS brands processed on Visa’s networks.

The following table presents nominal payments and cash volume:

International

Visa

Twelve Months Ended June 30, (1)

(in billions)

Nominal payments volume

Consumer credit

Consumer debit (2)

Commercial (3)

Total nominal payments volume (4)

Cash volume (5)

Total nominal volume (4)(6)

Table of Contents

The following table presents the changes in nominal and constant payments and cash volume:

International

Visa

Twelve Months Ended June 30, (1),(4)

Nominal

Nominal

Nominal

Constant (7)

Nominal

Constant (7)

Nominal

Constant (7)

Nominal

Constant (7)

Payments volume growth

Consumer credit growth

Consumer debit growth (2)

Commercial growth (3)

Total payments volume growth

Cash volume growth (5)

Total volume growth

(1) Service revenue in a given quarter is primarily assessed based on nominal payments volume in the prior quarter. Therefore, service revenue reported for the twelve months ended September 30, 2025, 2024 and 2023, was based on nominal payments volume reported by our financial institution clients for the twelve months ended June 30, 2025, 2024 and 2023, respectively. On occasion, previously presented volume information may be updated. Prior period updates are not material.

(2) Includes consumer prepaid volume and Interlink volume.

(3) Includes large, medium and small business credit and debit, as well as commercial prepaid volume.

(4) Figures in the table may not recalculate exactly due to rounding. Percentage changes and totals are calculated based on unrounded numbers.

(5) Cash volume generally consists of cash access transactions, balance access transactions, balance transfers and convenience checks.

(6) Total nominal volume is the sum of total nominal payments volume and cash volume. Total nominal volume is provided by our financial institution clients, subject to review by Visa.

(7) Growth on a constant-dollar basis excludes the impact of foreign currency fluctuations against the U.S. dollar.

The following table presents the number of processed transactions:

For the Years Ended

September 30,

% Change (1)

(in millions, except percentages)

Visa processed transactions

(1) Figures in the table may not recalculate exactly due to rounding. Percentage changes are calculated based on unrounded numbers. On occasion, previously presented information may be updated. Prior period updates are not material.

Results of Operations

Net Revenue

Our net revenue is primarily generated from payments volume on Visa products for purchased goods and services, as well as the number of transactions processed on our network. See Note 1—Summary of Significant Accounting Policies to our consolidated financial statements included in Item 8 of this report for further discussion on the components of our net revenue.

The following table presents our net revenue earned in the U.S. and internationally:

For the Years Ended

September 30,

% Change (1)

(in millions, except percentages)

International

Net revenue

(1) Figures in the table may not recalculate exactly due to rounding. Percentage changes are calculated based on unrounded numbers.

Table of Contents

Net revenue increased in fiscal 2025 over the prior year primarily due to the growth in processed transactions, nominal cross-border volume, and nominal payments volume, partially offset by higher client incentives.

Our net revenue is impacted by the overall strengthening or weakening of the U.S. dollar as payments volume and related revenue denominated in local currencies are converted to U.S. dollars. In fiscal 2025, exchange rate movements did not have a material impact on net revenue growth.

The following table presents the components of our net revenue:

For the Years Ended

September 30,

% Change (1)

(in millions, except percentages)

Service revenue

Data processing revenue

International transaction revenue

Other revenue

Client incentives

Net revenue

(1) Figures in the table may not recalculate exactly due to rounding. Percentage changes are calculated based on unrounded numbers.

• Service revenue increased in fiscal 2025 over the prior year primarily due to growth in nominal payments volume of 7%, select pricing modifications and card benefits.

• Data processing revenue increased in fiscal 2025 over the prior year primarily due to growth in processed transactions of 10% and select pricing modifications.

• International transaction revenue increased in fiscal 2025 over the prior year primarily due to growth in nominal cross-border volume of 13%, excluding transactions within Europe, and higher volatility of a broad range of currencies, partially offset by business mix.

• Other revenue increased in fiscal 2025 over the prior year primarily due to growth in advisory and other services and select pricing modifications.

• Client incentives increased in fiscal 2025 over the prior year primarily due to growth in payments volume. The amount of client incentives we record in future periods will vary based on changes in performance expectations, actual client performance, amendments to existing contracts or the execution of new contracts.

For fiscal 2025, 2024, and 2023, revenue from value-added services was $10.9 billion, $8.8 billion and $7.2 billion, respectively. Value-added services revenue in fiscal 2025 increased 24% over the prior year primarily due to growth in Issuing Solutions, Advisory and Other Services and Acceptance Solutions.

Operating Expenses

Our operating expenses consist of the following:

• Personnel expenses include salaries, employee benefits, incentive compensation and share-based compensation.

• Marketing expenses include expenses associated with advertising and marketing campaigns, sponsorships and other related promotions of the Visa brand and client marketing.

• Network and processing expenses mainly represent expenses for the operation of our processing network, including maintenance, equipment rental and fees for other data processing services.

• Professional fees mainly consist of legal fees, consulting fees and expenses associated with client engagements.

Table of Contents

• Depreciation and amortization expenses include amortization of internally developed and purchased software, depreciation expense for property and equipment and amortization of finite-lived intangible assets primarily obtained through acquisitions.

• General and administrative expenses consist mainly of card benefits such as costs associated with airport lounge access, extended cardholder protection and concierge services, facilities costs, travel and meeting costs, indirect taxes, foreign exchange gains and losses and other corporate expenses incurred in support of our business.

• Litigation provision represents litigation expenses for accruals related to legal matters that are not covered by the U.S. retrospective responsibility plan or the Europe retrospective responsibility plan (uncovered legal matters) and additional accruals associated with the interchange multidistrict litigation which are covered by the U.S. retrospective responsibility plan (U.S. covered litigation). The accruals are an estimate based on management’s understanding of our litigation profile, the specifics of each case, advice of counsel to the extent appropriate and management’s best estimate of incurred loss.

The following table presents the components of our total operating expenses:

For the Years Ended

September 30,

% Change (1)

(in millions, except percentages)

Personnel

Marketing

Network and processing

Professional fees

Depreciation and amortization

General and administrative

Litigation provision

Total operating expenses

NM – Not meaningful

(1) Figures in the table may not recalculate exactly due to rounding. Percentage changes are calculated based on unrounded numbers.

• Personnel expenses increased in fiscal 2025 over the prior year primarily due to a higher number of employees and compensation focused on areas that will drive higher long-term growth, including acquisitions. In addition, the increase in fiscal 2025 over the prior year was due to severance costs in the current year to realign our organizational structure.

• Marketing expenses increased in fiscal 2025 over the prior year primarily due to higher spending for client marketing.

• Network and processing expenses increased in fiscal 2025 over the prior year primarily due to continued technology and processing network investments to support growth and acquisitions.

• Professional fees increased in fiscal 2025 over the prior year primarily due to higher legal fees and higher expenses associated with client engagements.

• Depreciation and amortization expenses increased in fiscal 2025 over the prior year primarily due to additional amortization and depreciation from our on-going investments and acquisitions.

• General and administrative expenses increased in fiscal 2025 over the prior year primarily due to higher usage of travel related card benefits, the absence of the release of the reserve on indirect taxes previously recognized in fiscal 2021 and higher indirect taxes, partially offset by a charitable contribution to the Visa Foundation in the prior year.

• Litigation provision increased in fiscal 2025 over the prior year primarily due to higher accruals related to the U.S. covered litigation. See Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this report.

Table of Contents

Non-operating Income (Expense)

Non-operating income (expense) primarily includes interest income on cash and investments, interest expense from borrowings, interest related to taxes, and gains and losses on equity investments and derivatives.

The following table presents the components of our non-operating income (expense):

For the Years Ended

September 30,

% Change (1)

(in millions, except percentages)

Interest expense

Investment income (expense) and other

Total non-operating income (expense)

(1) Figures in the table may not recalculate exactly due to rounding. Percentage changes are calculated based on unrounded numbers.

• Interest expense decreased in fiscal 2025 over the prior year primarily due to higher interest benefit related to taxes and lower losses from derivatives, partially offset by higher interest expense related to the issuance of debt in fiscal 2025.

• Investment income (expense) and other decreased in fiscal 2025 over the prior year primarily due to lower interest income on our cash and investments.

Effective Income Tax Rate

The following table presents our effective income tax rates:

For the Years Ended

September 30,

Effective income tax rate

The effective income tax rates in fiscal 2025 and fiscal 2024 were 17% including the following:

• during fiscal 2025, a $263 million tax benefit as a result of a tax position taken on certain expenses; and

• during fiscal 2024, a $223 million tax benefit as a result of the conclusion of audits.

The Organization for Economic Cooperation and Development (OECD) published administrative guidance around the implementation of a 15% global minimum tax (Pillar Two). Various OECD member countries have either enacted or are in the process of enacting Pillar Two legislation. While there was no material tax impact in fiscal 2025, we are monitoring developments and evaluating the potential impact of Pillar Two on future years.

In July 2025, U.S. tax legislation was enacted that includes, among other provisions, the allowance of accelerated tax deductions for qualified property and research expenditures, as well as changes in various international provisions. The changes are applicable to Visa with effective dates ranging from January 2025 through fiscal 2027. The legislation did not have a material tax impact in fiscal 2025, and we do not expect a material tax impact in future years, though we will continue to evaluate the provisions as additional guidance becomes available.

Liquidity and Capital Resources

Based on our current cash flow budgets and forecasts of our short-term and long-term liquidity needs, we believe that our current and projected sources of liquidity will be sufficient to meet our projected liquidity needs for more than the next 12 months. We will continue to assess our liquidity position and potential sources of supplemental liquidity in view of our operating performance, current economic and capital market conditions and other relevant circumstances.

Table of Contents

Cash Flow Data

The following table summarizes our cash flow activity:

For the Years Ended

September 30,

(in millions)

Total cash provided by (used in):

Operating activities

Investing activities

Financing activities

Operating activiti es. Cash provided by operating activities increased in fiscal 2025 over the prior year primarily due to growth in our underlying business and the timing of payments related to income taxes, partially offset by higher incentive payments.

Investing activities. Cash provided by investing activities increased in fiscal 2025 over the prior year primarily due to the absence of investment securities purchases, partially offset by lower proceeds from maturities and sales of investment securities.

Financing activities. Cash used in financing activities decreased in fiscal 2025 over the prior year primarily due to proceeds received from the issuance of senior notes, partially offset by higher share repurchases and higher dividends paid.

Sources of Liquidity

Cash, cash equivalents and investments. As of September 30, 2025, our cash and cash equivalents balance was $17.2 billion and our available-for-sale debt securities was $2.4 billion. Our investment portfolio is designed to invest cash in securities which enables us to meet our working capital and liquidity needs. Our investment portfolio consists of debt securities issued by the U.S. Treasury and U.S. government-sponsored agencies. $1.6 billion of the investments are classified as current and are available to meet short-term liquidity needs. The remaining non-current investments have stated maturities of more than one year from the balance sheet date; however, they are also generally available to meet short-term liquidity needs.

Factors that may impact the liquidity of our investment portfolio include, but are not limited to, changes to credit ratings of the securities, uncertainty related to regulatory developments, actions by central banks and other monetary authorities and the ongoing strength and quality of credit markets. We will continue to review our portfolio in light of evolving market and economic conditions. However, if current market conditions deteriorate, the liquidity of our investment portfolio may be impacted and we could determine that some of our investments are impaired, which could adversely impact our financial results. We have policies that limit the amount of credit exposure to any one financial institution or type of investment.

Commercial paper program . We maintain a commercial paper program to support our working capital requirements and for other general corporate purposes. As of September 30, 2025, we had no outstanding obligations under the program. See Note 10—Debt to our consolidated financial statements included in Item 8 of this report.

Credit facility. We have an unsecured revolving credit facility, which is maintained to ensure the integrity of the payment card settlement process and for general corporate purposes. As of September 30, 2025, there were no amounts outstanding under the credit facility. See Note 10—Debt to our consolidated financial statements included in Item 8 of this report.

Senior notes. In May 2025, we issued Euro-denominated fixed-rate senior notes in a public offering in an aggregate principal amount of €3.5 billion ($3.9 billion), with maturities ranging between 3 and 19 years. See Note 10—Debt to our consolidated financial statements included in Item 8 of this report.

U.S. Litigation escrow account. Pursuant to the terms of the U.S. retrospective responsibility plan, which was created to insulate Visa and our class A common shareholders from financial liability for certain litigation cases, we maintain a U.S. litigation escrow account from which monetary liabilities from settlements of, or judgments in, the

Table of Contents

U.S. covered litigation will be payable. As these funds are restricted for the sole purpose of making payments related to the U.S. covered litigation matters, we do not rely on them for other operational needs. See Note 5—U.S. and Europe Retrospective Responsibility Plans and Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this repor t.

Uses of Liquidity

Payments settlement.  Payments settlement due to and from our financial institution clients can represent a substantial daily liquidity requirement. Most U.S. dollar settlements are settled within the same day and do not result in a receivable or payable balance, while settlements in currencies other than the U.S. dollar generally remain outstanding for one to two business days, which is consistent with industry practice for such transactions. In general, during fiscal 2025, we were not required to fund settlement-related working capital. As of September 30, 2025, we held $9.2 billion of our total available liquidity to fund daily settlement in the event one or more of our financial institution clients are unable to settle, with the remaining liquidity available to support our working capital and other liquidity needs. See Note 12—Settlement Guarantee Management to our consolidated financial statements included in Item 8 of this report .

Litigation. Judgments in and settlements of litigation or other fines imposed in investigations and proceedings could give rise to future liquidity needs. During fiscal 2025, we deposited $875 million into the U.S. litigation escrow account to address claims associated with the interchange multidistrict litigation. The balance of this account as of September 30, 2025 was $3.0 billion and is reflected as restricted cash in our consolidated balance sheets. See Note 5—U.S. and Europe Retrospective Responsibility Plans and Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this repor t.

Common stock repurchases. During fiscal 2025, we repurchased shares of our class A common stock in the open market for $18.2 billion. As of September 30, 2025, our share repurchase program had remaining authorized funds of $24.9 billion. Share repurchases will be executed at prices we deem appropriate subject to various factors, including market conditions and our financial performance, and may be effected through accelerated share repurchase programs, open market purchases or privately negotiated transactions, including through Rule 10b5-1 plans . See Note 15—Stockholders’ Equity to our consolidated financial statements included in Item 8 of this report.

Dividends . During fiscal 2025, we declared and paid $4.6 billion in dividends to holders of our common and preferred stock. On October 28, 2025, our board of directors declared a quarterly cash dividend of $0.67 per share of class A common stock (determined in the case of all other outstanding common and preferred stock on an as-converted basis). We expect to continue paying quarterly dividends in cash, subject to approval by the board of directors. See Note 15—Stockholders’ Equity to our consolidated financial statements included in Item 8 of this report.

Acquisition. In December 2024, we acquired Featurespace for a purchase consideration of $946 million. See Note 2—Acquisitions to our consolidated financial statements included in Item 8 of this report.

Senior notes. As of September 30, 2025, we had an outstanding aggregate principal amount relating to our senior notes of $25.4 billion. Principal payments on our senior notes of $4.0 billion and €1.4 billion ($1.6 billion) are due in December 2025 and June 2026, respectively, for which we have sufficient liquidity. See Note 10—Debt to our consolidated financial statements included in Item 8 of this report.

Client incentives. As of September 30, 2025, we had short-term and long-term liabilities recorded on the consolidated balance sheet related to client incentive contracts of $10.4 billion and $0.2 billion, respectively.

Uncertain tax positions. As of September 30, 2025, we had long-term liabilities for uncertain tax positions of $309 million. See Note 19—Income Taxes to our consolidated financial statements included in Item 8 of this report.

Purchase obligations. As of September 30, 2025, we had short-term and long-term obligations of $1.6 billion and $0.2 billion, respectively, related to agreements to purchase goods and services that specify significant terms, including fixed or minimum quantities to be purchased, minimum or variable price provisions, and the approximate timing of the transaction. For obligations where the individual years of spend are not specified in the contract, we have estimated the timing of when these amounts will be spent. For future obligations related to sponsorships and software arrangements, see Note 18—Commitments to our consolidated financial statements included in Item 8 of this report.

Table of Contents

Leases. For future lease payments related to leases that have commenced and are recognized on the consolidated balance sheet, see Note 9—Leases to our consolidated financial statements included in Item 8 of this report.

Indemnifications

We indemnify our financial institution clients for settlement losses suffered due to the failure of any other client to fund its settlement obligations in accordance with our operating rules. The amount of the indemnification is limited to the amount of unsettled Visa payment transactions at any point in time. We maintain and regularly review global settlement risk policies and procedures to manage settlement risk, which may require clients to post collateral if certain credit standards are not met. See Note 1—Summary of Significant Accounting Policies and Note 12—Settlement Guarantee Management to our consolidated financial statements included in Item 8 of this report.

Accounting Pronouncements Not Yet Adopted

In December 2023, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) 2023-09, which provides improvements to income tax disclosures. This standard requires disaggregated information related to the effective tax rate reconciliation as well as information on income taxes paid. This ASU is effective for our annual periods beginning October 1, 2025, and requires prospective application with the option to apply the standard retrospectively. We are currently evaluating the impact of the ASU on our disclosures.

In November 2024, the FASB issued ASU 2024-03, which requires disclosure of additional information about specific expense categories underlying certain income statement expense line items. Subsequently, the FASB also issued an amendment to this standard. The amendments in the ASU are effective for our annual periods beginning October 1, 2027, and interim periods beginning October 1, 2028, and require either prospective or retrospective application. We are currently evaluating the impact of the ASU on our disclosures.

In September 2025, the FASB issued ASU 2025-06, which modernizes the accounting for internal-use software by eliminating project stage-based capitalization and clarifying the probable-to-complete threshold to commence the capitalization of software costs. This ASU is effective for our annual and interim periods beginning October 1, 2028, and transition approaches include prospective, retrospective or modified methods. We are currently evaluating the impact of the ASU on our consolidated financial statements.

Critical Accounting Estimates

Our consolidated financial statements are prepared in accordance with accounting principles generally accepted in the United States of America which require us to make judgments, assumptions and estimates that affect the amounts reported. See Note 1—Summary of Significant Accounting Policies to our consolidated financial statements included in Item 8 of this report. We have established policies and control procedures which seek to ensure that estimates and assumptions are appropriately governed and applied consistently from period to period. However, actual results could differ from our assumptions and estimates, and such differences could be material.

We believe that the following accounting estimates are the most critical to fully understand and evaluate our reported financial results, as they require our most subjective or complex management judgments, resulting from the need to make estimates about the effect of matters that are inherently uncertain and unpredictable.

Revenue Recognition — Client Incentives

Critical estimates. We enter into long-term incentive contracts with financial institution clients, sellers and other business partners for various programs that provide cash and other incentives designed to increase revenue by growing payments volume, increasing Visa product acceptance, encouraging seller acceptance and use of Visa’s payment services and driving innovation. These incentives are primarily accounted for as reductions to net revenue; however, if a separate identifiable benefit at fair value can be established, they are accounted for as operating expenses. Incentives are recognized systematically and rationally based on management’s estimate of each client’s performance. These estimates are regularly reviewed and adjusted, as appropriate, based on changes in performance expectations, actual client performance, amendments to existing contracts or the execution of new contracts.

Assumptions and judgment. Estimation of client incentives relies on forecasts of payments and transaction volume, card issuance and card conversion. Performance is estimated using client-reported information,

Table of Contents

transactional information accumulated from our systems, historical information, market and economic conditions and discussions with our clients, sellers and business partners.

Impact if actual results differ from assumptions. If actual performance is not consistent with our estimates, client incentives may be materially different than initially recorded. Increases in incentive payments are generally driven by increased payments and transaction volume, which drive our net revenue. As a result, in the event incentive payments exceed estimates, such payments are not expected to have a material effect on our financial condition, results of operations or cash flows. The cumulative impact of a revision in estimates is recorded in the period such revisions become probable and estimable.

Legal and Regulatory Matters

Critical estimates. We are currently involved in various legal proceedings, the outcomes of which are not within our complete control and may not be known for prolonged periods of time. Management is required to assess the probability of loss and estimate the amount of such loss, if any, in preparing our consolidated financial statements.

Assumptions and judgment. We evaluate the likelihood of a potential loss from legal or regulatory proceedings to which we are a party. We record a liability for such claims when a loss is deemed probable and the amount can be reasonably estimated. Significant judgment may be required in the determination of both probability and whether a loss is reasonably estimable. Our judgments are inherently subjective and based on a number of factors, including management’s understanding of the legal or regulatory profile and the specifics of each proceeding, our history with similar matters, advice of internal and external legal counsel and management’s best estimate of potential loss. As additional information becomes available, we reassess the potential loss related to pending claims and may revise our estimates.

We have entered into loss sharing agreements that reduce our potential liability in connection with certain litigation. However, our U.S. retrospective responsibility plan only addresses monetary liabilities from settlements of, or final judgments in, the U.S. covered litigation. The plan’s mechanisms include the use of the U.S. litigation escrow account. The accrual related to the U.S. covered litigation could be either higher or lower than the U.S. litigation escrow account balance. Our Europe retrospective responsibility plan only covers Visa Europe territory covered litigation (and resultant liabilities and losses) relating to the covered period, subject to certain limitations, and does not cover any fines or penalties incurred in the European Commission proceedings or any other matter. See Note 5—U.S. and Europe Retrospective Responsibility Plans and Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this report.

Impact if actual results differ from assumptions. Due to the inherent uncertainties of the legal and regulatory processes in the multiple jurisdictions in which we operate, our judgments may be materially different than the actual outcomes, which could have material adverse effects on our business, financial conditions and results of operations in the period in which the effect becomes probable and reasonably estimable. See Note 20—Legal Matters to our consolidated financial statements included in Item 8 of this report.

Income Taxes

Critical estimates. The determination of our provision for income taxes and income tax assets and liabilities requires significant judgment, the use of estimates and the interpretation and application of accounting principles and tax laws.

Assumptions and judgment. We have various tax filing positions with regard to the timing and amount of income, including the allocation of income among various tax jurisdictions, deductions and credits, based on our interpretation of tax laws. We record a valuation allowance if it is more likely than not that some portion or all of the deferred tax assets will not be realized. We also inventory, evaluate and measure all uncertain tax positions taken or expected to be taken on tax returns and record liabilities for the amount of such positions that in our judgment may not be sustained, or may only be partially sustained, upon examination by the relevant taxing authorities. Our assessment may change based on various factors including changes in facts or circumstances, changes in tax law, and audit activity.

Impact if actual results differ from assumptions. Although we believe that our estimates and judgments are reasonable, actual results may differ from these estimates. Some or all of these judgments are subject to review by the taxing authorities. If one or more of the taxing authorities were to successfully challenge our right to realize some or all of the tax benefit we have recorded, and we were unable to realize this benefit, it could have a material adverse effect on our financial condition, results of operations or cash flows.

Table of Contents