Issuer Implementation

Quick Reference for 3-D Secure 2.0

What
Visa’s 3-D Secure (3DS) 2.0 Program is a global solution designed to make e-commerce transactions more secure by helping to
ensure the transaction is initiated by the rightful owner of the Visa account. Authentication happens during the online checkout
process before authorization, and is enabled by a separate platform and separate set of messages.
The 3DS process is initiated by a Merchant using its 3-D Secure Server to submit a 3DS authentication request. Visa’s Directory
Server receives the request and routes the request to the issuer. The Issuer’s Access Control Server(ACS) reviews the information
in the authentication request, authenticates the cardholder using their form of authentication, and responses back to the
merchant.

Pre-Implementation
The Issuer must have a Access Control Server (ACS) that the Visa 3DS 2.0 Directory Server can route the authentication request
and perform authentication of cardholder.
ACCESS CONTROL SERVER 1
 Decide: Build, Buy, or use Hosted Solution
 If building in-house ACS an issuer must:
- EMVCo’s 3DS requirement: This first step is done by completing EMVCo’s 3DS Testing. EMVCo issues an EMVCo
Reference Number and a Letter of Approval on successful completion of EMVCo 3DS Testing
- Visa’s 3DS requirement:. This is done by completing Visa’s 3DS Compliance Test. Visa issues an 3DS Approval Letter
- Digital Certificates: Obtain and install Digital Certificates for the ACS to connect to Visa’s Directory Server
 If using or buying an already built product issuer must:
- Visa’s 3DS requirement:. Obtain EMVCo Letter of Approval & Reference # from purchsee and complete Visa’s 3DS
Compliance Test. Visa issues an 3DS Approval Letter
- Digital Certificates: Obtain and install Digital Certificates for the ACS to connect to Visa’s Directory Server
 If using a hosted solution or buying an already built product issuer must:
- Choose a Compliant ACS Product: Choose an ACS that has completed EMVCo 3DS testing and Visa testing using the
Visa Approved 3DS 2.0 Product list.
- Register ACS with Visa through the 3rd party agent program (hosted solution only): Issuer must ensure its ACS
provider is registered in Visa’s Third Party Agent Program and obtains a Visa Business ID (see website
www.visa.com/third-party-agent)
- Digital Certificates: Obtain and install Digital Certificates for the ACS to connect to Visa’s Directory Server

1
Using a hosted solution dramatically lowers implementation and maintenance requirements. Most of the steps in this document
will be performed by the service provider if a hosted solution is chosen. See page 2 for link to list of service providers
 ACS Implementation
 Review relevant Visa guides and specifications: Implementation Guide
 Implement with ACS: UI elements, risk-based authentication rules, challenge methods (i.e. one-time passcode)
Visa Implementation
 Issuer setup with Visa
 Ensure Issuer Host System can process all 3DS fields in VisaNet
 Test ACS, CAVV’s and Issuer Host
ISSUER SETUP WITH VISA
 CAVV Keys (if applicable): Cardholder Authentication Verification Value (CAVV) keys are used by the issuer, or Visa on
behalf of the issuer, to validate the CAVV cryptogram included in the authorization request. The issuer or its ACS
provider need to create/load CAVV keys into Issuer ACS and the Issuer Attempts Server (as applicable)
 Set up Issuer BINs/Card Ranges with Visa 3DS 2.0 Directory Server: Visa’s 3DS 2.0 Directory Server is responsible for
routing 3DS 2.0 authentication messages from Merchant’s 3DS Server to the Issuer’s ACS. The Issuer completes the Visa
Directory Server Load File form and sends the form to Visa with the issuer BINs and associated ACS URLs
ISSUER HOST SETUP
 Verify Issuer Host Can Process Visa 3DS 2.0 Authentication and Related Authorization Data Fields (N/A if currently
supporting 3DS 1.0): Complete VisaNet certification using the Visa Certification Management System (VCMS) for the
3DS related fields (i.e., CAVV Results Code (F44.13) Electronic Commerce Indicator (ECI) (F60.8), CAVV Data (F126.9),
Engage issuer processor (if used)
- Optitional New Field for 3DS 2.0: 3DS Indicator F126.20,.
 Turn on VBV VIP/BASE II (N/A if currently supporting 3DS 1.0): Complete CIQ form to set up issuer to participate in VBV
for authorization and settlement
 Set-Up CAVV Verification (N/A if currently supporting 3DS 1.0): Determine if issuer or Visa will validate the CAVV for
authenticated and attempts transactions, and stand-in processing. Load CAVV keys into Issuer Host and/or VisaNet
TESTING
 Test CAVV (doesn’t require sending/receiving full 3DS authentication/authorization messages): Use Visa’s 3-D Secure
2.0 Testing Service to validate the issuer’s CAVV keys are have been created and installed correctly. Complete testing for
Issuer CAVV and Issuer Attempts CAVV testing (optional)
 Test Authentication (if applicable): Perform Issuer ACS testing including verifying authentication methods,
authentication status, and UI elements.
 Test Authorization (if applicable): Confirm Issuer Host and VisaNet have been configured to send and receive Visa’s
authentication data and to process CAVV data. VCMS is available to support the Issuer’s Host and VisaNet testing for the
CAVV Result Code, ECI, CAVV Data, and 3DS Indicator.
Program Launch
 Finalize the “go live” date: Communicate date to all stakeholders, submit setup forms (CIQs, VbVCIS Load Forms,
CAVV Key Management CIQ), confirm issuer internal team readiness
 Launch 3DS 2.0 program: Issuer ACS, Issuer Attempts Server, Host (including 3DS Indicator), Issuer support
teams/systems, Visa 3DS Directory Server, Issuer VisaNet settings (including 3DS Indicator
 Manage 3DS 2.0 program: ACS Monitoring (system availability, authentication processing, authorization
processing), Reporting (transaction reports, statistical reports, disputed transactions reports), Dispute Resolution
(review and respond to disputes)
 Maintain Updated 3DS Program/System: BINs/card ranges, Issuer ACS and CAVV key changes, portfolio/provider
changes

Additional 3DS 2.0 Issues, Decision Points, & Resources

Topic Considerations Resources
Hosted Solutions • Hosted solutions greatly simplify and streamline implementations • Approved provider list
• Visa offers a hosted ACS solution for issuers, referred to as Visa Consumer
Authentication Service (VCAS)
Processor-level • Issuer processors have integrated an ACS solution to allow their issuers to • Reach out to processor for more
Issuer participate information

Visa Online • Visa maintains support documentation relevant to 3DS on Visa Online • Visa Online

© 2017 Visa. All Rights Reserved.