VCVS works by integrating with three APIs:
- Submit ID&V
- Validate OTP
The client configures rules that trigger a need for additional cardholder verification, then specifies VCVS as the verfication method.
The client then calls VCVS with the Authenticate API to request available step-up methods the Issuer supports.
VCVS then calls the Issuer to retrieve methods associated with the cardholder's PAN.
The Issuer returns available methods, which are then passed to the client and presented to the Cardholder.
The Cardholder selects their preferred method to receive dynamic authentication data. Visa then generates this data and provides it to the Issuer along with the Cardholder's choice of where they want the data sent. The Issuer then sends the dynamic authentication data to their Cardholder.
When the Cardholder receives the data, they interact with it in the appropriate manner and submit the data for validation by Visa.
Visa then validates the authentication data and provides the result to the client.