Visa Introduces Their New Program: Digital Authentication Framework (DAF)
May 31, 2022
A new program by Visa is looking to improve security and “enhance the frictionless capabilities of 3DSecure transactions.”
Digital Authentication Framework (DAF) allows participating merchants to send a 3DSecure authentication request, including the DAF. The first time a request is sent, Visa will require a “step up challenge” to take place before setting it up. This will allow for future transactions to go without friction, as upon the authentication request, the Visa directory will instruct the issuer to not challenge the authentication for consequent sales.
DAF effectively binds a card number to a merchant. In this manner it has many elements that are in common with Tokenization, but without the added complexity; everything is managed by the Visa directory.
Whitelisting is similar, but DAF takes place exclusively at the Visa Directory while whitelisting happens at the issuer. As a result, DAF will reportedly make support more consistent.
DAF is intended to be used in markets where 3DSecure is not commonly in use even though fraud is prevalent, this will provide a “layer of security and authentication while maintaining a frictionless flow.”
Who can use DAF?
In Europe where PSD2 SCA applies to a transaction, a merchant/TR can only submit a transaction (domestic/intra-regional) under the DAF if SCA has been completed either: 1. Under the VDAP program 2. Under an SCA bilateral outsourcing agreement or: 1. The transaction is eligible for an Acquirer SCA exemption. DAF is available in the form of a 3DS Extension and is supported from Versions 2.1 upwards. Merchants must be registered to the DAF program and be accepted by Visa.
There’s two criteria merchants have to meet for Visa to enable DAF:
The authenticity of the Payment Credential has been confirmed by the issuer through identification and verification (ID&V), or Visa deems a certain payment credential to be safe through a history of successful transactions at a registered merchant.
After authenticated transactions are through, merchants will be eligible to receive fraud dispute protection by meeting DAF program criteria on qualified transactions.
Participating Issuers will enrol card ranges to support DAF. Issuers will provide SCA to set up DAF and will either accept a DAF enabled Authentication request frictionless or user Risk based authentication to decline the request.
This program aims to make markets safer without running the risk of hurting merchants’ sales with complicated set-ups or checkout processes.
Want to learn more? Check out Payments Cards and Mobile’s full write-up here.
Share your thoughts on our LinkedIn page.
Poll: Consumers Are Turning to E-fraud
Shopping Around For A Better Checkout Experience: Unprepared Merchants Are Left Behind
