Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Pre-Implementation
The Issuer must have a Access Control Server (ACS) that the Visa 3DS 2.0 Directory Server can route the authentication request
and perform authentication of cardholder.
ACCESS CONTROL SERVER 1
Decide: Build, Buy, or use Hosted Solution
If building in-house ACS an issuer must:
- EMVCo’s 3DS requirement: This first step is done by completing EMVCo’s 3DS Testing. EMVCo issues an EMVCo
Reference Number and a Letter of Approval on successful completion of EMVCo 3DS Testing
- Visa’s 3DS requirement:. This is done by completing Visa’s 3DS Compliance Test. Visa issues an 3DS Approval Letter
- Digital Certificates: Obtain and install Digital Certificates for the ACS to connect to Visa’s Directory Server
If using or buying an already built product issuer must:
- Visa’s 3DS requirement:. Obtain EMVCo Letter of Approval & Reference # from purchsee and complete Visa’s 3DS
Compliance Test. Visa issues an 3DS Approval Letter
- Digital Certificates: Obtain and install Digital Certificates for the ACS to connect to Visa’s Directory Server
If using a hosted solution or buying an already built product issuer must:
- Choose a Compliant ACS Product: Choose an ACS that has completed EMVCo 3DS testing and Visa testing using the
Visa Approved 3DS 2.0 Product list.
- Register ACS with Visa through the 3rd party agent program (hosted solution only): Issuer must ensure its ACS
provider is registered in Visa’s Third Party Agent Program and obtains a Visa Business ID (see website
www.visa.com/third-party-agent)
- Digital Certificates: Obtain and install Digital Certificates for the ACS to connect to Visa’s Directory Server
1
Using a hosted solution dramatically lowers implementation and maintenance requirements. Most of the steps in this document
will be performed by the service provider if a hosted solution is chosen. See page 2 for link to list of service providers
ACS Implementation
Review relevant Visa guides and specifications: Implementation Guide
Implement with ACS: UI elements, risk-based authentication rules, challenge methods (i.e. one-time passcode)
Visa Implementation
Issuer setup with Visa
Ensure Issuer Host System can process all 3DS fields in VisaNet
Test ACS, CAVV’s and Issuer Host
ISSUER SETUP WITH VISA
CAVV Keys (if applicable): Cardholder Authentication Verification Value (CAVV) keys are used by the issuer, or Visa on
behalf of the issuer, to validate the CAVV cryptogram included in the authorization request. The issuer or its ACS
provider need to create/load CAVV keys into Issuer ACS and the Issuer Attempts Server (as applicable)
Set up Issuer BINs/Card Ranges with Visa 3DS 2.0 Directory Server: Visa’s 3DS 2.0 Directory Server is responsible for
routing 3DS 2.0 authentication messages from Merchant’s 3DS Server to the Issuer’s ACS. The Issuer completes the Visa
Directory Server Load File form and sends the form to Visa with the issuer BINs and associated ACS URLs
ISSUER HOST SETUP
Verify Issuer Host Can Process Visa 3DS 2.0 Authentication and Related Authorization Data Fields (N/A if currently
supporting 3DS 1.0): Complete VisaNet certification using the Visa Certification Management System (VCMS) for the
3DS related fields (i.e., CAVV Results Code (F44.13) Electronic Commerce Indicator (ECI) (F60.8), CAVV Data (F126.9),
Engage issuer processor (if used)
- Optitional New Field for 3DS 2.0: 3DS Indicator F126.20,.
Turn on VBV VIP/BASE II (N/A if currently supporting 3DS 1.0): Complete CIQ form to set up issuer to participate in VBV
for authorization and settlement
Set-Up CAVV Verification (N/A if currently supporting 3DS 1.0): Determine if issuer or Visa will validate the CAVV for
authenticated and attempts transactions, and stand-in processing. Load CAVV keys into Issuer Host and/or VisaNet
TESTING
Test CAVV (doesn’t require sending/receiving full 3DS authentication/authorization messages): Use Visa’s 3-D Secure
2.0 Testing Service to validate the issuer’s CAVV keys are have been created and installed correctly. Complete testing for
Issuer CAVV and Issuer Attempts CAVV testing (optional)
Test Authentication (if applicable): Perform Issuer ACS testing including verifying authentication methods,
authentication status, and UI elements.
Test Authorization (if applicable): Confirm Issuer Host and VisaNet have been configured to send and receive Visa’s
authentication data and to process CAVV data. VCMS is available to support the Issuer’s Host and VisaNet testing for the
CAVV Result Code, ECI, CAVV Data, and 3DS Indicator.
Program Launch
Finalize the “go live” date: Communicate date to all stakeholders, submit setup forms (CIQs, VbVCIS Load Forms,
CAVV Key Management CIQ), confirm issuer internal team readiness
Launch 3DS 2.0 program: Issuer ACS, Issuer Attempts Server, Host (including 3DS Indicator), Issuer support
teams/systems, Visa 3DS Directory Server, Issuer VisaNet settings (including 3DS Indicator
Manage 3DS 2.0 program: ACS Monitoring (system availability, authentication processing, authorization
processing), Reporting (transaction reports, statistical reports, disputed transactions reports), Dispute Resolution
(review and respond to disputes)
Maintain Updated 3DS Program/System: BINs/card ranges, Issuer ACS and CAVV key changes, portfolio/provider
changes
Visa Online • Visa maintains support documentation relevant to 3DS on Visa Online • Visa Online