Cardholder verification

Cardholder verification lets a token requestor ask the issuer to verify the end user.

Use this flow when you detect suspicious activity on an end user account.

To start the flow, the token requestor requests the list of supported ID&V methods. It sends the request to Visa Token Service (VTS). VTS then calls the issuer.

Tokenization Service translates this request into getIDnVMethodList. As in the Device binding flow, Visa requires the issuer to support at least one of these methods:

• OTP via SMS or email

• Verify in the issuer application

• 3DS

If you use issuer-application verification, apply the same protocol considerations as for device binding.

The sequence diagram shows the end-to-end flow.

Cardholder verification requested by the token requestor: