Digital Authentication Framework (DAF) - Test Case Guide

Owned by Suyash Somani
Last updated: Mar 04, 2024
15 min read

The Visa Digital Authentication Framework (DAF) has been introduced to attempt to influence approval rates and potentially lower fraud through tighter control of the authentication experience. The framework is designed around merchant, network, and issuer data exchange resulting in a frictionless merchant experience. The DAF program uses the Visa Directory Server (VDS) to provide advice to issuers and has established rules that do not allow issuers to provide a step up when an authenticated payment credential (APC) has been established. An APC can be established by request via DAF, using an issuer step up, which then allows all subsequent transaction to be frictionless with full liability shift.  

Cardinal support for the Visa Digital Authentication Framework is currently considered Beta. The integration and corresponding documentation are subject to change.

 

Important test notes:

  • For the expiration year field CardExpYear, use the current year +3 (for example, when testing in 2023, you’d use 2026).

  • SignatureVerification should always return as Y when the field is present in the lookup response (it will not be returned in Enrolled = U test cases). If you receive a different value, reach out to your account representative or Cardinal Support for assistance.

  • Test PANs will not necessarily match the production card range for their respective card networks. As such, test PANs should not be used to determine the range of (or to create validation rules for) production cards. If you do have validation rules in place, trustlists can be used to allow or identify test PANs on an individual basis.

Implementation of 3DS Method is a requirement for Digital Authentication Framework.
For more information, please refer to Method URL Test Case documentation.

Confirm DAF Eligibility

VMID not valid

Scenario 

Non eligible DAF transactions

Authentication Experience

Frictionless

Test Values

 

EXP Date: 01/****

Visa PAN: TBD
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

No specific callouts for fields; transStatusReason will be returned based on the PAN.

Expected Results - Lookup Response (cmpi_lookup)

 

Enrolled = Y

<Enrolled>Y</Enrolled>

PAResStatus = N

<PAResStatus>N</PAResStatus>

Cavv = (value will not be provided)

<Cavv></Cavv>

EciFlag = 07

ErrorNo = 0

ErrorDesc = (value will not be provided)

StatusReason = 85

Additional Information

 

Test Case can apply to PA or NPA transactions.

 

When PAResStatus= N, the CardholderInfo field may be returned by the Issuer. When this is present, you must display this within your checkout experience.

Merchant Direction

 

To register for DAF EMV 3DS, a merchant’s acquirer must retrieve and confirm their Visa Merchant ID (VMID) with Visa. Once confirmed, merchants must share the VMID with their Cardinal representative to have it added to their payment account configuration.

Sample Messages

Sample Lookup Message

Sample Response Message

Issuer is not enrolled in DAF

Scenario 

Issuer is not enrolled in the DAF program

Authentication Experience

Frictionless

Test Values

 

EXP Date: 01/****

Visa PAN: TBD
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

No specific callouts for fields; transStatusReason will be returned based on the PAN.

Expected Results - Lookup Response (cmpi_lookup)

 

Enrolled = Y

PAResStatus = N

Cavv = (value will not be provided)

EciFlag = 07

ErrorNo = 0

ErrorDesc = (value will not be provided)

StatusReason = 88

Additional Information

 

Test Case can apply to PA or NPA transactions.

 

When PAResStatus= N, the CardholderInfo field may be returned by the Issuer. When this is present, you must display this within your checkout experience.

Sample Messages

Sample Lookup Message

Sample Response Message

Use Case 1: First time transaction

Test Case 1a: Unverified Payment Credential (Payment Authentication)

Scenario 

Enroll an unverified payment credential in the DAF program

Authentication Experience

Challenged

Test Values

 

EXP Date: 01/****

Visa PAN: 4000090000000847
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

Message Category = 01 (PA)

Device Channel = APP (01), BROWSER (02)

ChallengeIndicator = Challenge requested (3DS Requestor preference) (03), Challenge requested (Mandate) (04)

CustomerId (Go to field description)

Expected Results - Lookup Response (cmpi_lookup)

 

Enrolled = Y

PAResStatus = C

APCStatus = NOT_AVAILABLE (Go to field description)

Cavv = (value will not be provided)

EciFlag = 07

ErrorNo = 0

ErrorDesc = (value will not be provided)

Expected Results - Authentication (cmpi_authenticate response)

 

PAResStatus = Y

APCCreated = Y (Go to field description)

CAVV = <CAVV Value>

EciFlag = 05

ErrorNo = 0

ErrorDesc = (value will not be provided)

Card Network & Version Specifications

Visa Secure 2.1

DAF can be used with other exemptions

Visa Secure 2.2

Support for EMV 3DS 2.2 will be required if the Visa Delegated Authentication Program (VDAP) is to be used in conjunction with DAF in Europe.

Sample Messages

Sample Lookup Message

Sample Response Message

Sample Authenticate Request Message

Sample Authenticate Response Message

Test Case 1b: Unverified Payment Credential (Non Payment Authentication)

Scenario 

Enroll an unverified payment credential in the DAF program

Authentication Experience

Challenged

Test Values

 

EXP Date: 01/****

Visa PAN: 4000090000000847
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

Message Category = 02 (NPA)

Device Channel = APP (01), BROWSER (02)

AuthenticationIndicator = 04 - Add Card or, 05 - Maintain Card

Amount = 0

CustomerId (Go to field description)

Expected Results - Lookup Response (cmpi_lookup)

 

Enrolled = Y

PAResStatus = C

APCStatus = NOT_AVAILABLE (Go to field description)

Cavv = (value will not be provided)

EciFlag = 07

ErrorNo = 0

ErrorDesc = (value will not be provided)

Expected Results - Authentication (cmpi_authenticate response)

 

PAResStatus = Y

APCCreated = Y (Go to field description)

CAVV = <CAVV Value>

EciFlag = 05

ErrorNo = 0

ErrorDesc = (value will not be provided)

Card Network & Version Specifications

Visa Secure 2.1

DAF can be used with other exemptions

Visa Secure 2.2

Support for EMV 3DS 2.2 will be required if the Visa Delegated Authentication Program (VDAP) is to be used in conjunction with DAF in Europe.

Sample Messages

Sample Lookup Message

Sample Response Message

Sample Authenticate Request Message

Sample Authenticate Response Message

Test Case 1c: Failed Step Up Authentication

Scenario 

Cardholder canceled the transaction upon Step Up

Authentication Experience

Challenged

Test Values

 

EXP Date: 01/****

Visa PAN: 4000090000000896
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

Message Category = 01 (PA)

Device Channel = APP (01), BROWSER (02)

CustomerId (Go to field description)

Expected Results - Lookup Response (cmpi_lookup)

 

Enrolled = Y

PAResStatus = C

APCStatus = NOT_AVAILABLE (Go to field description)

Cavv = (value will not be provided)

EciFlag = 07

ErrorNo = 0

ErrorDesc = (value will not be provided)

Expected Results - Authentication (cmpi_authenticate response)

 

PAResStatus = N

APCCreated = N (Go to field description)

CAVV = (value will not be provided)

EciFlag = 07

ErrorNo = 0

ErrorDesc = (value will not be provided)

Sample Messages

Sample Lookup Message

Sample Response Message

Sample Authenticate Request Message

Sample Authenticate Response Message

Use Case 2: Subsequent transaction

Test Case 2a - Authenticated Payment Credential

Scenario 

Allows an authenticated payment credential (APC) to participate in the DAF program and provides a frictionless authentication experience

Authentication Experience

Frictionless

Test Values

 

EXP Date: 01/****

Visa PAN: 4000090000000854
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

Message Category = 01 (PA)

Device Channel = APP (01), BROWSER (02)

CustomerId (Go to field description)

Expected Results - Lookup Response (cmpi_lookup)

 

PAResStatus = Y

CAVV = <CAVV Value>

APCStatus = AVAILABLE (Go to field description)

EciFlag = 05

ThreeDSVersion = <ThreeDSVersion Value>

ErrorNo = 0

ErrorDesc = (value will not be provided)

Card Network & Version Specifications

Visa Secure 2.1

DAF can be used with other exemptions

Visa Secure 2.2

Support for EMV 3DS 2.2 will be required if the Visa Delegated Authentication Program (VDAP) is to be used in conjunction with DAF in Europe.

Sample Messages

Sample Lookup Message

Sample Response Message

Test Case 2b - Authenticated Payment Credential (VDAP)

Scenario 

Allows an authenticated payment credential (APC) to participate in the DAF program with Visa Delegated Authentication Program (VDAP) and provides a frictionless authentication experience

Authentication Experience

Frictionless

Test Values

 

EXP Date: 01/****

Visa PAN: 4000090000000854
(Applicable only for EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

Message Category = 01 (PA)

Device Channel = APP (01), BROWSER (02)

CustomerId (Go to field description)

 

ChallengeIndicator

 

AlternateAuthenticationData

 

AlternateAuthenticationMethod

 

AlternateAuthenticationDate

Expected Results - Lookup Response (cmpi_lookup)

 

PAResStatus = Y

CAVV = <CAVV Value>

APCStatus = AVAILABLE (Go to field description)

Visa:
EciFlag = 05

ThreeDSVersion = <ThreeDSVersion Value>

ErrorNo = 0

ErrorDesc = (value will not be provided)

Card Network & Version Specifications

Visa Secure 2.1

DAF can be used with other exemptions

Visa Secure 2.2

Support for EMV 3DS 2.2 will be required if the Visa Delegated Authentication Program (VDAP) is to be used in conjunction with DAF in Europe.

Sample Messages

Sample Lookup Message

Sample Response Message

Test Case 2c - Authenticated Payment Credential (Attempts)

Scenario 

When Visa Directory Server stands-in for subsequent DAF transactions where an issuer responds with a challenge response

Authentication Experience

Frictionless

Test Values

 

EXP Date: 01/****

Visa PAN: 4000090000000862
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

Message Category = 01 (PA)

Device Channel = APP (01), BROWSER (02)

CustomerId (Go to field description)

Expected Results - Lookup Response (cmpi_lookup)

 

PAResStatus = A

CAVV = <CAVV Value>

APCStatus = AVAILABLE (Go to field description)

EciFlag = 06

ThreeDSVersion = <ThreeDSVersion Value>

ErrorNo = 0

ErrorDesc = (value will not be provided)

Card Network & Version Specifications

Visa Secure 2.1

DAF can be used with other exemptions

Visa Secure 2.2

Support for EMV 3DS 2.2 will be required if the Visa Delegated Authentication Program (VDAP) is to be used in conjunction with DAF in Europe.

Sample Messages

Sample Lookup Message

Sample Response Message

Test Case 2d - Suspected Fraud

Scenario 

Issuer indicates suspected fraud on transaction

Authentication Experience

Frictionless

Test Values

 

EXP Date: 01/****

Visa PAN: 4000090000000870
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

Message Category = 01 (PA)

Device Channel = APP (01), BROWSER (02)

CustomerId (Go to field description)

Expected Results - Lookup Response (cmpi_lookup)

 

Enrolled = Y

PAResStatus = N

Cavv = (value will not be provided)

EciFlag = 07

ErrorNo = 0

ErrorDesc = (value will not be provided)

APCStatus = AVAILABLE (Go to field description)

StatusReason = 11

Additional Information

 

Test Case can apply to PA or NPA transactions.

 

When PAResStatus= N, the CardholderInfo field may be returned by the Issuer. When this is present, you must display this within your checkout experience.

Sample Messages

Sample Lookup Message

Sample Response Message

Test Case 2e - Stolen Card

Scenario 

Issuer reports that the card was stolen

Authentication Experience

Frictionless

Test Values

 

EXP Date: 01/****

Visa PAN: 4000090000000888
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

Message Category = 01 (PA)

Device Channel = APP (01), BROWSER (02)

CustomerId (Go to field description)

Expected Results - Lookup Response (cmpi_lookup)

 

Enrolled = Y

PAResStatus = N

Cavv = (value will not be provided)

EciFlag = 07

ErrorNo = 0

APCStatus = BLOCKED (Go to field description)

ErrorDesc = (value will not be provided)

StatusReason = 10

Additional Information

 

Test Case can apply to PA or NPA transactions.

 

When PAResStatus= N, the CardholderInfo field may be returned by the Issuer. When this is present, you must display this within your checkout experience.

Sample Messages

Sample Lookup Message

Sample Response Message

Use Case 3: Authenticated Payment Credential (APC) Status

Test Case 3a - APC Status Check

Scenario 

Merchant runs a 3RI transaction to check the status of the APC

Authentication Experience

Frictionless

Test Values

 

EXP Date: 01/****

Visa PAN: 4000090000000854
(Applicable for EMV 2.1.0 and EMV 2.2.0)

Required Fields - Lookup Request (cmpi_lookup)

 

Message Category = 02 (NPA)

Device Channel = 3RI (03)

ThreeRIIndicator = 05

CustomerId (Go to field description)

Expected Results - Lookup Response (cmpi_lookup)

 

Enrolled = Y

PAResStatus = Y

APCStatus = AVAILABLE (Go to field description)

CAVV = (value will not be provided)

EciFlag = 07

ErrorNo = 0

ErrorDesc = (value will not be provided)

Sample Messages

Sample Lookup Message

Sample Response Message

 

Â