Digital Authentication Framework (DAF) as part of EMV 3DS
The Digital Authentication Framework (DAF) addresses the unique needs of card-not-present (CNP) payments. The objective of DAF is to have card-not-present (CNP) transactions with higher approval rates, lower fraud, and a consistent consumer user experience with low to no friction. EMV 3DS 2.1 and later versions can be used to support DAF.
More information on DAF can be found in the Visa Digital Authentication Framework 3-D Secure Implementation Guide for Issuers and Merchants/Acquirers on Visa Online. (Note: you will be prompted to log in for Visa Online)
Below are issuer EMV 3DS DAF challenge flow guidelines.
One-Time Password (OTP) Mobile Flow with DAF
When using DAF, issuer authentication is required on the initial use of the payment credential at the merchant. Issuers are not allowed to request a step-up or challenge on subsequent authentication requests from the same merchant, customer, and payment account that meet the DAF requirements.
Customers verify transactions using a secure code sent by text or email. Issuers can choose which delivery channels to make available to the customer. We recommend providing both options to the customer. Once the customer successfully submits the correct OTP, the issuer’s Access Control Server (ACS) closes the challenge window and hands control of the experience back to the 3DS Server.
When launching the initial step-up on the customer’s first transaction as part of DAF, inform the customer that this verification step will help keep their transactions secure for future purchases.
Key Screens
Data Elements from EMV 3DS specification |
Content/Requirement |
|---|---|
| Challenge Information Header OTP Choice Screen |
The page must display the headline “Keep your transactions safe and secure” above the Challenge Info text for OTP Choice Screen. |
| Challenge Information Text OTP Choice Screen |
This page must display the information text “Complete this step to verify your identity at [Electronic Store] and you’re all set for secure future purchases.”
|
| Challenge Information Header OTP Code Entry |
The page must display the headline “Enter verification code” above the Challenge Info Text. |
Challenge Information Text OTP Code Entry |
This text must include the following language:
|
Challenge Information Label |
The display name for this field must be “Verification Code”. |
Challenge Information Data Entry |
Input Box |
Submit Authentication Label |
A form element that should align with the center of the bottom margin displaying “Continue”. |
Resend Information Label |
The display name for this field must be ‘Resend Code’. A form element that should vertically align with the center of the bottom margin. |
Legal Disclaimer
Important Information on Copyright and Disclaimers
© 2022 Visa. All Rights Reserved
Notice: The trademarks, logos, trade names and service marks, whether registered or unregistered (collectively the “Trademarks”) are Trademarks owned by Visa. All other trademarks not attributed to Visa are the property of their respective owners, are used for identification purposes only and do not imply product endorsement or affiliation with Visa.
Note: This document is not part of the Visa Core Rules and Visa Product and Service Rules. In the event of any conflict between any content in this document, any document referenced herein, any exhibit to this document, or any communications concerning this document, and any content in the Visa Core Rules and Visa Product and Service Rules, the Visa Core Rules and Visa Product and Service Rules shall govern and control.
Note: Please note that the screens are for illustrative purpose only.
DISCLAIMERS: THIS DOCUMENT IS PROVIDED ON AN "AS IS,” “WHERE IS,” BASIS, “WITH ALL FAULTS” KNOWN AND UNKNOWN. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, VISA EXPLICITLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE LICENSED WORK AND TITLES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.