Term | Definition |
---|---|
3-D Secure (3DS) |
3-D Secure authentication is the implementation of EMV 3D-Secure Specifications whereby issuer authenticates cardholder on a merchant request. |
Acquirers |
Acquirers and acquirer processors that process Visa transactions. |
Authentication |
See Transaction Authentication |
Cardholder Identity and Verification (ID&V) |
The process of cardholder authentication in the context of provisioning flow is called ID&V. |
Cardholder Verification Methods (CVM) |
The process by which a cardholder identity is verified during the transaction. |
Checkout |
Checkout is the process, typically in a Digital Payment Application (DPA) environment, where a consumer completes the purchase of the items by providing payment credentials. |
Click to Pay |
Product/program name for EMVCo Secure Remote Commerce (SRC) specification, as well as the name of the icon which represents SRC acceptance at a merchant’s online checkout experience. |
Cloud |
A capability that resides in a network. |
Consumer |
An individual performing payment activities in the context of a Digital Payment Application. |
Developer |
The user of this document and services described in this document. |
Device or Consumer Device |
Consumer-operated device such as a smartphone, laptop, personal computer, or tablet. |
Digital Acceptance Gateway (DAG) |
The program role responsible for DPA onboarding and connecting to Visa Click to Pay. Handles Click to Pay payload with Visa payment card credentials for payment processing on behalf of the DPA. |
Digital Card Facilitator (DCF) |
The program role responsible for providing cardholder access to one or more digital cards with Visa payment credentials and facilitating the Click to Pay checkout experience. |
Digital Payment Application (DPA) |
A consumer-facing application (such as web application, website, or mobile application) operated by a merchant, marketplace, or a service provider where the consumer can complete a purchase of goods or services. A DPA is also commonly referred to as a digital commerce merchant. |
Digital Terminal |
The program role responsible for providing payment card acceptance capability for Visa payment credentials to one or more DPAs. Responsible for initiating the Click to Pay checkout experience. |
ID Token |
Industry standard to exchange Consumer Identity between Identity Provider and a Relying Party. |
Identity Provider |
Entity responsible for issuance of an ID token. |
Issuers |
Issuers and Issuer processors that process transactions for Visa cards. |
Merchant Orchestrated Checkout |
An implementation of Click to Pay checkout experience where end to end UX is managed/rendered by merchant (or its trusted partner). |
Merchants |
Merchants that accept Visa cards. |
Mobile Application |
A software application resident on a mobile device that consumers use to access a product or a service. Typically, such applications are developed for a specific Operating System platform (e.g., iOS App or Android App). |
Payment Token |
See Token |
PCI | The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to secure and protect credit card data provided by cardholders and transmitted through card processing transactions. |
PII | Personal Identifiable Information (PII) is information that, when used alone or with other relevant data, can identify an individual. |
Relying Party |
Entity that uses the ID token in context of certain business operation. |
Secure Remote Commerce (SRC) |
A method of performing a payment or secure purchase of goods or services during a remote payment experience that involves a DPA checkout and a consumer device, as defined by the EMV® Secure Remote Commerce Technical Framework and the EMV® Secure Remote Commerce Specification. |
SRC Initiator (SRCI) |
Role defined in the EMV® Secure Remote Commerce Technical Framework for ecosystem participant that connects with all SRC systems on behalf of merchant. VDCP has two roles to denote an SRCI: Digital Terminal and Digital Acceptance Gateway. |
SRC Mark |
The EMVCo defined logo that will indicate to consumers that the checkout is powered by SRC. Note: The EMV® SRC payment icon, consisting of a pentagon design oriented on its side with a stylized depiction of a fast forward symbol on the right, formed by a continuous line, is a trademark owned by and used with permission of EMVCo, LLC. All brand names, logos and/or trademarks are the property of their respective owners, are used as an example only, and do not necessarily imply participation in SRC. |
SRC Participating Issuer |
An issuer that integrates with SRC System specific functions to provide one or more optional capabilities. |
SRC Program |
Responsible for the policies and processes associated with the oversight of SRC participants within an SRC System. |
SRC System |
A technical platform defined within the EMV Secure Remote Commerce Technical Framework and Specifications that securely facilitates remote card payments between consumers, digital payment applications, SRC Initiators, and Digital Card Facilitators on behalf of one or more SRC Programs. |
SRC System Orchestrated Checkout |
An implementation of Click to Pay checkout experience where part of the UX is managed/ rendered by SRC System. |
SRC Trigger |
The point of initialization of an SRC event which may accompany an SRC Mark. This can be a consumer device-enabled clickable button, instruction, or voice command. |
Token |
An implementation of EMV Tokenization Specifications; a secure representation of a PAN. |
Token Requestors |
Token requestors can be digital Wallet Providers, payment enablers, merchants, Issuers, OS manufactures, or acquirers, depending on the implementation. |
Transaction Authentication |
Process of cardholder authentication by the issuer in the context of transaction. For e.g. transaction authentication is performed by use of 3DS. |
UX |
User Experience |
Visa Click to Pay System |
Visa’s implementation of EMV® Secure Remote Commerce Technical Framework and the EMV® Secure Remote Commerce Specification, for all Visa cards. |
Visa Click to Pay Terms |
Terms of service for use of Click to Pay with Visa (available at https://usa.visa.com/legal/checkout/terms-of-service.html), as may be updated from time to time. |
Visa Digital Commerce Program (VDCP) |
Visa program name under which one or more card-not-present (CNP) solutions are made available for integration, based on Visa Click to Pay and Visa Token Service. |
Visa Privacy Notice |
Visa Global Privacy Notice (available at usa.visa.com/legal/global-privacy-notice.html), as may be updated from time to time. |
Visa Representative |
Visa internal staff member that Issuers or Acquirers may contact for questions and assistance with implementation tasks and testing. |
Visa Secure |
Formerly “Verified by Visa”. Visa Secure is Visa’s implementation of EMV 3D-Secure Specifications whereby issuer authenticates cardholder on a merchant request. |
Wallet Provider |
The application developer providing the VCOP user experience for the user. |
Acquirers process all transactions in the same manner as they do today. This includes authorization, clearing, settlement, and exception processing. Acquirers or processors should be able to handle Visa token data and optional 3DS data for a Visa Click to Pay transaction.
Cardholder owns and provides the payment credentials to a Digital Payment Application (DPA) in order to complete a transaction (typically, sending or receiving a payment). Cardholder may have to interact with multiple parties, like DPA or Digital Terminal or a token requestor, during a transaction.
A DPA is any entity that facilitates or accepts a Visa card-based financial transaction to perform commerce (e.g., a merchant or an e-commerce application). DPA can participate in Visa Digital Commerce Program (as well as programs from other card brands that follow the EMVCo SRC framework) via a Digital Terminal and a Digital Acceptance Gateway.
Note: A Digital Payment Application may choose to partner with a third-party Digital Terminal and Digital Acceptance Gateway or perform these roles on its own.
Digital Terminal is an SRCI with non-payment responsibilities, such as enabling payment acceptance for DPAs and invoking DCF interactions during checkout. Participating Digital Terminal systems must integrate with a Visa-certified DCF solution provider. Digital Terminals may integrate with other DCF solution providers (non-Visa) to support non-Visa payment cards.
Note: Visa recommends that Digital Terminal also performs the Digital Card Facilitator role, to achieve a fully integrated checkout user experience.
The DCF is an entity that provides cardholder UX (including card selection), facilitates cardholder verification (CVM), and integrates with Click to Pay systems to provide information necessary for a particular checkout experience. To participate in VDCP, a DCF must provide the ability for a Visa cardholder to transact at a participating DPA that accepts Visa card for payments.
The Merchant Orchestrated Checkout experience helps with checkout conversion by eliminating distractions such as redirects and pop-ups to third parties. In this context, a Digital Terminal performs the Digital Card Facilitator role, and renders all necessary UX required to support the Click to Pay checkout experience.
Digital Acceptance Gateways are business entities that help payment applications connect to card brand-specific Click to Pay systems and that facilitate the retrieval and management of Click to Pay payment credentials and the processing of payments (authorization, clearing, and settlement).
Issuers (and issuer processors) process transactions including authorization, clearing, settlement, and exception processing. Issuers can also integrate with Visa Click to Pay System-specific functions in order to provide one or more optional capabilities, including push provisioning.
Visa provides the system implementation and necessary SDKs and APIs to enable a fully integrated Click to Pay checkout experience.
|
Digital Payment Application |
Digital Terminal (Non-Payment SRCi) |
Digital Acceptance Gateway (Payment SRCi) |
Digital Card Facilitator |
Visa Click to Pay System |
Issuer |
---|---|---|---|---|---|---|
Merchant Registration |
Onboard to Visa Click to Pay System by working with Digital Acceptance Gateway |
N/A |
Onboard merchant and perform KYC Validate incoming merchant application end points Register merchant with Visa Click to Pay System, including setting of encryption between Visa Click to Pay System and DAG |
N/A |
Register merchant’s applications and processing identifiers Generate and provide “Token User” identifier |
N/A |
Guest Checkout—Add Card Flow |
Trigger Visa Click to Pay checkout from Merchant Guest Checkout flow Provide card entry UX |
Ensure card is enrolled to Visa Click to Pay System |
N/A |
Provide card entry/card selection UX Retrieve checkout response from Visa Click to Pay System |
Send Visa Click to Pay payload based on transaction parameters and DAG instructions |
Provide issuer card art Enroll Visa credentials into Visa Click to Pay Cardholder Verification (CVM) services |
Guest Checkout—Repeat Purchase Flow |
Trigger Visa Click to Pay checkout from Merchant Guest Checkout flow Provide card list from Visa Click to Pay System and card selection UX |
Fetch list of cards from Visa Click to Pay System for recognized and unrecognized users |
Receive authenticated Click to Pay payload for payment processing |
Provide card entry/card selection UX Initiate CVM Retrieve checkout response from Visa Click to Pay System |
Send Visa Click to Pay payload based on transaction parameters and DAG instructions |
Provide issuer card art Enroll Visa credentials into Visa Click to Pay Cardholder Verification (CVM) services |
Guest Checkout— Payment Flow |
Present Review and Confirm and Order Confirmation pages Share payment payload reference with DAG |
Fetch necessary information from Visa Click to Pay System to facilitate Review and Confirm flow |
Receive Visa Click to Pay payload from DPA Retrieve payment credentials from encrypted payload or from Visa Click to Pay System using Click to Pay Transaction ID |
Return Visa Click to Pay summary payload to Digital Terminal |
Encrypt the Visa Click to Pay payload using DAG’s instructions (e.g., encryption keys) OR Provide Visa Click to Pay payload on API request from DAG |
Future: Handle notification of payment attempt |
Credential on File—Merchant Initiated Transaction |
|
N/A |
Retrieve Visa Click to Pay payload using Transaction ID or Generate MIT credentials using COF data |
N/A |
N/A |
N/A |
Credential on File—Consumer Initiated Transaction |
|
N/A |
Retrieve Visa Click to Pay payload using Transaction ID |
N/A |
Provide Click to Pay payload on API request from DAG |
Future: Handle notification of payment attempt |
Transaction Authentication |
|
Optionally provide Transaction Authentication parameters based on DPA request |
Ability to consume Visa token + 3DS data to the DPA (TAVV + CAVV or DTVV + CAVV) Ability to indicate that DAG requires authenticated transaction on behalf of the merchant |
N/A |
Invoke 3DS flow if requested during Visa Click to Pay experience |
Optimize 3DS 2.0 step-up rules based on Visa Click to Pay CVM rules |