On This Page
FILTER BY TAG

Set Up Passkey Service

Before your agents can begin sending Intelligent Commerce API requests to
Visa Acceptance Platform
, you must first set up the
TMS
 Passkey Service.
Passkey Service is an e-commerce authentication solution that is built on Fast Identity Online (FIDO). Passkey Service uses device-based authentication to provide a consistent and secure payment experience. Passkey Service provides a streamlined customer experience and enhances security by standardizing local authentication. Passkey Service also offers eligibility for liability shift under the digital authentication framework.
A Passkey Service credential is assigned to a device and card combination after a successful cardholder authentication. You can use this Passkey Service credential during cardholder checkout when the same device and payment card are used. This avoids repeated calls to the issuer and optimizes the cardholder's payment experience.
Prerequisite
The Passkey Service requires the customer's payment credentials to be stored in a
TMS
 instrument identifier token. You must create an instrument identifier token for each of your customer's payment credentials before you can begin using the Passkey Service.
To create an instrument identifier, see Create an Instrument Identifier.
IMPORTANT
This feature is in the pilot phase. You have early access to this feature even though it might contain bugs or unfinished work. You should consider the risk when using this feature.

Passkey Service Workflow

This workflow illustrates the process of integrating to Passkey Service and binding a network token to a device or browser.

Figure:

Passkey Service Workflow
  1. The cardholder initiates a session and generates a device fingerprint with the iframe on your website. For information about iframes and the Visa Token Service SDK, contact your
    Visa Acceptance Solutions
     account manager.
  2. You send a request to determine if FIDO authentication is available for the network token. These are the possible responses that indicate the Passkey Service authentication status:
    • AUTHENTICATE
      : The device and network token combination is registered with Passkey Service. The authentication takes places through the iframe.
    • AUTHENTICATION_REGISTRATION
      : The device and network token combination is not registered with Passkey Service and the issuer has approved the device binding.
    • STEP_UP_AUTHENTICATE
      : The device and network token combination is not registered with Passkey Service and the issuer has challenged the device binding.
  3. (Optional) You inform the issuer to send a one-time password (OTP) code. This step is required if the response to creating authentication options returns a value of
    STEP_UP_AUTHENTICATE
     in the
    action
     field, and the
    stepUpOptions.method
     field is set to one of these values:
    • OTP_SMS
    • OTP_EMAIL
    • OTP_ONLINE_BANKING
    For more information see Create a One-Time Password for Tokenized Card Authentication
  4. (Optional) You validate the OTP code from the issuer. See Validate a One-Time Password or Issuer Authentication Code.
  5. If you get a notification that the device binding was approved and authentication step-up method is app-to-app, customer service, or outbound call, or you receive a response of
    AUTHENTICATION_REGISTRATION
     in step 2 or step 4, then send a request to determine if FIDO registration is available for the cardholder. See Create Tokenized Card Authentication Registration.
  6. The cardholder registers with FIDO using the iframe with URL from the previous step.
  7. Create a cryptogram with FIDO data. See Create Tokenized Credentials with Authenticated Passkey Service Credentials. This step is optional if you are sending a payment.
RELATED TO THIS PAGE