Skip to main content

Device Binding with SMS OTP

Device Binding is a separate from digitization flow intended to increase assurance level of card-on-file and other type of e-commerce tokens for the specific device and merchants while processing card-not-present authorizations. This process was introduced by Visa as part of Cloud Token Framework.

Device Binding is initiated by merchant or involved in Card-Not-Present authorizations Token Requestor. Token to device binding is performed for the tokens that was already succesfully provisioned and activated.

Conditions

TypeValue
Token Service ProviderVisa Token Service
Issuer decisionYellow path as REQUIRE_ADDITIONAL_AUTHENTICATION
Check Eligibility (Visa specific)Not applicable in this flow
Token TypeSTATIC
Provisioning TypeNot applicable

Sequence diagram

Digitization Overview

Sequence steps description

StepDescription
1Merchant propose consumer to proceed with token to device binding process
2Consumer opt into token to device binding process
3Merchant initiate token to device binding process
44.1. Visa Token Service send device binding request to the MTP I-TSP.
4.2. MTP I-TSP passthrough device binding request as Authorize Binding request to the issuer.
5Issuer response to the device binding with the REQUIRE_ADDITIONAL_AUTHENTICATION to request additional verification and identification(ID&V) of consumer.
6Visa Token Service receive the issuer device binding decision to proceed with additional ID&V of consumer.
77.1. Visa Token Service request available for consumer ID&V options
7.2. MTP I-TSP passthrough ID&V options request as Request Activation Methods to the issuer
8Issuer generate list of consumer available ID&V option
9Visa Token Service receive the list of available for consumer ID&V options
1010.1. Visa Token Service provide available ID&V options to the merchant
10.2. Merchant display available ID&V options to the consumer
11Consumer select SMS OTP as ID&V option
12Merchant passthrough consumer selected option and request activation code(OTP as One-Time Password) to be delivered to the consumer.
13Visa Token Service generate activation code
14Visa Token Service deliver activation code to the issuer through the MTP I-TSP
15Issuer deliver activation code in SMS text message to the consumer
16Consumer enter activation code received in SMS to the merchant screen
17Merchant pass activation code to the Visa Token Service for validation
18Visa Token Service succesfuly validated activation code
19Visa Token Service approve device binding request
20Visa Token Service notify merchant about succesful device binding