Device Binding with SMS OTP
Device Binding is a separate from digitization flow intended to increase assurance level of card-on-file and other type of e-commerce tokens for the specific device and merchants while processing card-not-present authorizations. This process was introduced by Visa as part of Cloud Token Framework.
Device Binding is initiated by merchant or involved in Card-Not-Present authorizations Token Requestor. Token to device binding is performed for the tokens that was already succesfully provisioned and activated.
Conditions
| Type | Value |
|---|---|
| Token Service Provider | Visa Token Service |
| Issuer decision | Yellow path as REQUIRE_ADDITIONAL_AUTHENTICATION |
| Check Eligibility (Visa specific) | Not applicable in this flow |
| Token Type | STATIC |
| Provisioning Type | Not applicable |
Sequence diagram
Sequence steps description
| Step | Description |
|---|---|
| 1 | Merchant propose consumer to proceed with token to device binding process |
| 2 | Consumer opt into token to device binding process |
| 3 | Merchant initiate token to device binding process |
| 4 | 4.1. Visa Token Service send device binding request to the MTP I-TSP. 4.2. MTP I-TSP passthrough device binding request as Authorize Binding request to the issuer. |
| 5 | Issuer response to the device binding with the REQUIRE_ADDITIONAL_AUTHENTICATION to request additional verification and identification(ID&V) of consumer. |
| 6 | Visa Token Service receive the issuer device binding decision to proceed with additional ID&V of consumer. |
| 7 | 7.1. Visa Token Service request available for consumer ID&V options 7.2. MTP I-TSP passthrough ID&V options request as Request Activation Methods to the issuer |
| 8 | Issuer generate list of consumer available ID&V option |
| 9 | Visa Token Service receive the list of available for consumer ID&V options |
| 10 | 10.1. Visa Token Service provide available ID&V options to the merchant 10.2. Merchant display available ID&V options to the consumer |
| 11 | Consumer select SMS OTP as ID&V option |
| 12 | Merchant passthrough consumer selected option and request activation code(OTP as One-Time Password) to be delivered to the consumer. |
| 13 | Visa Token Service generate activation code |
| 14 | Visa Token Service deliver activation code to the issuer through the MTP I-TSP |
| 15 | Issuer deliver activation code in SMS text message to the consumer |
| 16 | Consumer enter activation code received in SMS to the merchant screen |
| 17 | Merchant pass activation code to the Visa Token Service for validation |
| 18 | Visa Token Service succesfuly validated activation code |
| 19 | Visa Token Service approve device binding request |
| 20 | Visa Token Service notify merchant about succesful device binding |