Device binding
Device binding associates an end user device with a token stored on that device.
The token requestor initiates the flow with Visa Token Service (VTS). VTS then calls the issuer.
Tokenization Service translates the VTS request into requestDeviceBinding.
Handle device binding like a Tokenization (digitization) request. The issuer computes a trust level and returns a GREEN, YELLOW, or RED decision.
You can request device binding only for an existing token.
For a YELLOW decision, Visa requires the issuer to support at least one of these ID&V methods:
OTP via SMS or email
Call customer care
Verify in the issuer application
3DS
If you use issuer-application verification, the issuer and token requestor must agree on a protocol. This protocol lets the two applications exchange an authentication token.
Visa defines and validates the authentication token format. The token is a JSON Web Token (JWT).
The issuer and Visa exchange certificates. The issuer uses its certificate to sign the JWT. The token requestor sends the JWT to VTS. VTS verifies the signature.
When device binding completes, VTS sends a notification with the result. Tokenization Service translates it into notifyVirtualCardChange.
The sequence diagram shows the end-to-end flow.
Device binding initiated by the token requestor:
You can manage the ID&V method list dynamically by omitting idvMethodList in the requestDeviceBinding response.
With this approach, every time VTS requests the ID&V method list, Tokenization Service calls getIDnVMethodList.
If you include idvMethodList in the requestDeviceBinding response, Tokenization Service caches it for the current session. It then returns it to VTS as needed, without calling getIDnVMethodList.
Either the issuer or the token requestor can remove the binding between the token and the device.
This is depicted in the two flows below.
Unbind initiated by the issuer:
Unbind initiated by the token requestor:
Last updated
Was this helpful?