Visa Digital Authentication Framework (DAF) Program
The Visa Digital Authentication Framework (DAF) Program brings frictionless authentication, enhanced customer experience and higher transaction security.
Visa is introducing a new program called Digital Authentication Framework (DAF) which seeks to improve security and enhance the frictionless capabilities of 3DSecure Transactions.
How DAF works
When a merchant participating in the DAF program sends a 3DS Authentication Request including the DAF flag, the Visa directory will instruct the Issuer to not challenge the authentication. If the pan is being used for the first time, Visa will requires a step up challenge to take place before setting up DAF for future transactions.
DAF affectively binds a card number to a merchant. In this manner it has many elements that are in common with Tokenization, but without the added complexity; everything is managed by the Visa directory.
How does DAF differ from similar features already in the 3DS specification such as Merchant Whitelisting/Trusted Merchant Listing? The objectives of the two methodologies are similar but DAF is managed directly at the Visa Directory while Merchant Whitelisting is supported by the Issuer and therefore support will be more inconsistent across the ecosystem.
DAF is designed for improving security in markets where 3DSecure is not mandated or not in common use and transactions are processed without 3DS despite the fraud. It seems to provide a layer or security and authentication while maintaining a frictionless flow.
In Europe where PSD2 SCA applies to a transaction, a merchant/TR can only submit a transaction (domestic/intra-regional) under the DAF if:
- SCA has been completed either:
- Under the VDAP program
- Under an SCA bilateral outsourcing agreement
- or:
- The transaction is eligible for an Acquirer SCA exemption
Rules for DAF
DAF is available in the form of a 3DS Extension and is supported from Versions 2.1 upwards.
Merchants must be registered to the DAF program and be accepted by Visa.
Visa will enable DAF on these two criteria:
-
- The Issuer has confirmed the authenticity of the Payment Credential through Issuer identification and verification (ID&V) or
- Visa has determined the Payment Credential to have a sufficient history of successful Transactions at a registered Merchant such that the Issuer has effectively validated its authenticity and the Payment Credential is uniquely associated with the registered Merchant or Merchant Token Requestor
Merchants who transact with Authenticated Payment Credentials and meet the DAF program criteria on qualified purchase transactions will receive fraud dispute protection in a frictionless manner on subsequent transactions.
Participating Issuers will enrol card ranges to support DAF. Issuers will provide SCA to setup DAF and will either accept a DAF enabled Authentication request frictionless or used Risk based authentication to decline the request.
Contact Endeavour to explore how DAF can work for your business.
Be in the know
Industry news, events and major releases.
Endeavour 3DSecure and Tokenization, your trusted companion in payments.
Let's talk Authentication and Tokenization in Singapore.
How Network Tokenization Leads to Higher Authorization Rates and a Better Customer Experience.
