Visa is introducing a new program called Digital Authentication Framework (DAF) which seeks to improve security and enhance the frictionless capabilities of 3DSecure Transactions.
How Digital Authentication Framework works
When a merchant participating in the DAF program sends a 3DS Authentication Request including the DAF flag, the Visa directory will instruct the Issuer to not challenge the authentication.
If the pan is being used for the first time, Visa will requires a step up challenge to take place before setting up DAF for future transactions.
DAF affectively binds a card number to a merchant. In this manner it has many elements that are in common with Tokenization, but without the added complexity; everything is managed by the Visa directory.
How does DAF differ from similar features already in the 3DS specification such as Merchant Whitelisting/Trusted Merchant Listing?
The objectives of the two methodologies are similar but DAF is managed directly at the Visa Directory while Merchant Whitelisting is supported by the Issuer and therefore support will be more inconsistent across the ecosystem.
DAF is designed for improving security in markets where 3DSecure is not mandated or not in common use and transactions are processed without 3DS despite the fraud.
It provides a layer or security and authentication while maintaining a frictionless flow.
In Europe where PSD2 SCA applies to a transaction, a merchant/TR can only submit a transaction (domestic/intra-regional) under the DAF if SCA has been completed either:1. Under the VDAP program 2. Under an SCA bilateral outsourcing agreement or: 1. The transaction is eligible for an Acquirer SCA exemption
Rules for DAF
DAF is available in the form of a 3DS Extension and is supported from Versions 2.1 upwards.
Merchants must be registered to the DAF program and be accepted by Visa.
Visa will enable DAF on these two criteria:
- The Issuer has confirmed the authenticity of the Payment Credential through Issuer identification and verification (ID&V) or
- Visa has determined the Payment Credential to have a sufficient history of successful Transactions at a registered Merchant such that the Issuer has effectively validated its authenticity and the Payment Credential is uniquely associated with the registered Merchant or Merchant Token Requestor
Merchants who transact with Authenticated Payment Credentials and meet the DAF program criteria on qualified purchase transactions will receive fraud dispute protection in a frictionless manner on subsequent transactions.
Participating Issuers will enrol card ranges to support DAF. Issuers will provide SCA to setup DAF and will either accept a DAF enabled Authentication request frictionless or used Risk based authentication to decline the request.
The post Visa introduce Digital Authentication Framework (DAF) Program appeared first on Payments Cards & Mobile.