Visa is introducing a Digital Authentication Framework

From April 15 2023, Visa will introduce a Digital Authentication Framework (DAF) in Canada and the United States.

After this date, they’ll classify cardholder initiated Card Not Present (CNP) transactions that use fully authenticated tokens as Electronic Commerce Indicator (ECI) 05, if the transaction meets performance standards.

Dispute rights for Dispute Condition ‘10.4: Other Fraud - Card-Absent Environment’ on these transactions will also be removed.

What are fully authenticated tokens?

Fully authenticated tokens include network token transactions with EMV 3DS (3DS2) authentication, or device based token transactions such as Apple Pay or Google Pay.

The DAF aims to improve the security and performance of Card Not Present transactions by providing authentication and fraud performance requirements that, if met, will provide you with greater dispute protection against fraudulent transactions.

Visa will classify the transaction as ECI 05 when the following conditions are met:

• You make a cardholder-initiated CNP transaction using an authenticated token (i.e., the issuer performed identification and verification at the time of provisioning and the token is device-bound)

• The transaction has gone through EMV 3DS checks for cardholder verification (including biometric, or risk-based authentication) at the time of purchase

• You have included specific data required to enhance issuer decisioning (e.g., token cryptogram, merchant, or token requestor information, and device information)

And:

• You have maintained fraud rates at or below the minimum thresholds that Visa measures each month:
  
  - 0.1 % of all transaction volume, and below $100,000 USD per month, for merchants
  
  - 0.1 % of all transaction volume, and below $500,000 USD per month, for multi-merchant token requestors*

If you meet the above requirements, you may benefit from liability shift and optimized approval rates for these fully authenticated transactions.

*A multi-merchant token requestor is any digital wallet that allows device-bound tokens to be used across multiple merchants (for example, an Apple Pay or Google Pay transaction).

Will Checkout.com merchants qualify for this program?

We're looking into the qualification criteria for the Digital Authentication Framework to ensure you benefit from this program. We'll include an update in a following bulletin once we've completed our investigation.