New Case Study: A U.S. Issuer’s Experience with Visa’s IDX Solution

New Case Study: Visa’s IDX Solution

Read it here
Visa Consumer Authentication Service (VCAS)
Business Requirements Document (BRD)


Business Sponsor Stakeholder





Project Manager Stakeholder





Technical Contact Stakeholder






Authentication Method
Which 3DS protocols are included in this project?*
Is 3DS used today?*
VCAS Screen Languages – Please include the ISO Code(s) and/or dialect(s) (ISO 639-1 format)*
Risk Based Authentication
VCAS offers multiple authentication solutions.

The Pass/Fail solution leverages the VCAS Rules functionality to pass and fail authentication based on parameters created and maintained by the VCAS client. No system integration is required for this solution. (If selecting this option, please skip the Step-Up Method section.)

The Pass/Fail/Step-Up solution incorporates the rules from the Pass/Fail solution and also includes a step-up flow to obtain an authentication directly from the cardholder. This solution requires a system integration, please see the System Integration section further below.

What is your Risk Based Authentication solution?*


Step-Up Method
In this section you will define your step-up method for your 3DS transactions. The step-up allows you to give your cardholders the chance to authenticate themselves instead of failing the transaction. The System Integration section below will be required to support any step-up option.
 One-Time Passcode (OTP)

Who Will Create and Validate the OTP?*

Who will Send the OTP?*


OTP Delivery Method
For windows: Hold down the control (ctrl) button to select multiple options
For Mac: Hold down the command button to select multiple options
(Multiple selections for this section are possible, at least one selection is required)

What percentage of cardholder base has OTP delivery method above?*

Countries OTP will be delivered to:*

OTP Delivery Option*

 One-Time Passcode (OTP) + Knowledge Based Authentication (KBA) European Economic Area (EEA ONLY)

This method is specific to PSD2 SCA compliance. OTP+KBA will leverage the selections in the OTP section above.




Note: This method of authentication is only applicable to API based integrations (Real-Time Data Exchange (RDX)) as the VCAS client will need to perform valication of the Answer in real-time during the transaction. The RDX integration is required to pass the Question & Answer for KBA as VCAS will neither store nor validate the Question or Answer.

 Biometric

Leveraging Third Party SDK or mobile operating system*


Biometric Type*
For windows: Hold down the control (ctrl) button to select multiple options
For Mac: Hold down the command button to select multiple options
(Multiple selections for this section are possible, at least one selection is required)

What percent of cardholder base has application adoption?*

 Token

Hard or Soft Token?*
A hard token is provided by a physical token device (IE: key fob). A soft token is provided by a software application (IE: mobile application).
Token Validation*
Who validates the Token?
What percent of client base has Token adoption*

 Out of Band / Other

Out of Band Type*

What percent of client base has the Out Of Band Authentication adoption?*

Authentication Method Decision*

Define Multi-Authentication Flow*


System Integration
A system integration is necessary if our systems need to share information in order to successfully perform a step-up authentication.

File Processor (FP) - allows you to drop off cardholder information in a specific file format via SFTP (Secure File Transfer Protocol). This data will be used to facilitate authentication with your cardholders.

Real Time Data Exchange (RDX) - is a web service with 4 conditional API calls used to integrate with Cardinal's VCAS system to facilitate communication and share information real-time between our systems. RDX is flexible and allows you to, based on the authentication solution, determine how involved you would like to be in the transaction flow.

Integration Method*

File Processor SFTP Folder Location* - required if chose File Processor (FP) integration method

Security* - required if you chose Real Time Data Exchange (RDX) integration method


Data Sharing (Optional)
Additional information may be shared outside of the VCAS Portal. The Authentication Data Exchange (ADX) contains the results of the authentication and is sent in real-time API prior to VCAS sending those results back to the merchant.

Data may also be shared via an SFTP file delivery method via the confirmed marking file and the reports shown further below.
Add the Authentication Data Exchange (ADX) API to my solution

ADX Security

Bulk Confirmed Marking (Upload) - File upload by Client to mark transactions as good or fraud via SFTP file.
 Add Bulk Confirmed Marking to my solution

Bulk Confirmed Marking FTP Location

SFTP Reports (Download) - Additional data available via SFTP file delivery.
SFTP Folder Location


SFTP Reports
For windows: Hold down the control (ctrl) button to select multiple options
For Mac: Hold down the command button to select multiple options
(Multiple selections for this section are possible, at least one selection is required)


Additional Solution Details