Reminder: Visa transactions authenticated with Apple Pay Credential On File tokens may benefit from liability shift

On October 14, 2022, Visa reclassified cardholder-initiated ecommerce Apple Pay Credential On File token transactions. Due to low levels of fraud that had previously been seen on these transactions, they may now be processed as ECI 05 and benefit from upgraded liability shift if:

• The cardholder and merchant are in the AP, CEMEA, Europe and LAC regions.
  

• The Token Authentication Verification Value (TAVV) is included in the authorization request from the acquirer and successfully validated by the Visa
  Token Service (VTS).
  

• It is a Cardholder-Initiated Transaction (CIT) using token type 01 - COF or a Secure Element (SE) transaction using token type 02. 

The token provider is Apple Inc (the ecommerce transaction has been made via Apple Pay). However, this does not guarantee that liability shift will be applied. In some cases, liability shift may not occur where:

• The card issuers Access Control Server downgrades an authentication result, based on risk data.
  

• The scheme downgrades the authentication result if data validation fails due to invalid authentication processing, scheme internal rules or issuer decision.

• Additionally, if low fraud rates are not maintained, Visa will engage the Token Requestor-Token Service Provider with a response that can suspend its ECI 05 classification, allowing issuers to dispute the transactions in question.

‍Please see our Docs for more information on ECIs and when liability shift applies.

‍Our docs on how to submit network tokens are also available here.