Enable DCAP
Visa's Digital Commerce Authentication Program (DCAP) defines data-sharing requirements for card-not-present (CNP) ecommerce transactions where the card is not physically presented at the point of sale. With DCAP, merchants pass additional cardholder, device, and transaction context to issuers during the authentication step, such as 3D Secure (3DS), with the goal of improving issuer risk assessment.
DCAP standardizes and increases the quality of data exchanged in the authentication flow, so issuers can make more informed authorization decisions. When required data elements are present, customer-initiated CNP transactions on eligible Visa consumer credit cards may:
- Qualify for interchange adjustments, such as a 5-basis-point net reduction in the US.
- See differences in authorization and fraud outcomes.
Braintree supports DCAP by collecting and sending the required data fields as part of the authentication flow. By passing this data through your existing setup, you can qualify for interchange cost savings. Before you enable DCAP, review your transaction eligibility to confirm expected savings.
Eligibility
DCAP applies to Visa consumer credit, customer-initiated, domestic card-not-present (CNP) transactions in the United States.
The following transactions are not eligible for DCAP:
- Debit card transactions
- Commercial (business) credit card transactions
- Merchant-initiated transactions
- Transactions without sufficient digital context (for example, payments initiated at a physical point-of-sale terminal or through a call center)
- Transactions authenticated using 3DS where liability shifts to the issuer, including frictionless and challenge (full) authentication flows
How DCAP works
- Authentication initiated: You use a Visa-approved 3DS Data-Only integration to include DCAP data during authentication.
- Data submission: You send the required cardholder and device data for eligible transactions.
Visa validation: Visa validates data presence, format, and quality:
- Fully compliant transactions are marked as qualified.
- Transactions with incorrect or incomplete data are not qualified.
Settlement outcome:
- Qualified transactions settle at DCAP-adjusted interchange rates.
- Eligible but non-qualified transactions settle at standard rates.
- Ineligible transactions settle at standard rates.
If the required data is not fully compliant, the DCAP interchange benefit is not applied.
Required data elements
To qualify for DCAP, eligible transactions must meet Visa's data validation requirements and include the following four fields.
| Field | Mandatory (US) | Definition |
|---|---|---|
| Billing address | Yes | Full billing address: streetAddress, locality, region, postalCode, countryCodeAlpha2 |
| Device ID | Yes | Device identifier, automatically collected through Braintree 3DS Data-Only |
| Email address | Yes | Cardholder email address |
| IP address | Yes | Customer IP address, automatically collected through Braintree 3DS Data-Only |
Data validation requirements
Visa performs field-level validation on all required data elements. To qualify:
- All required fields must be present.
- Data must meet Visa-defined format requirements.
- Data must be consistent with the transaction and cardholder context.
Do not send null, placeholder, or incorrect values. Transactions with incomplete, inconsistent, or incorrectly formatted data do not qualify. Visa evaluates qualification at the transaction level, so maintain consistent data quality across eligible transactions to realize interchange impact.
Integration options
In the US, Braintree supports DCAP through:
- 3DS Data-Only using Braintree
- 3DS Data-Only using an external provider (3DS passthrough)
Standard 3DS offers issuer liability shift, but does not qualify for DCAP.
Option 1: Braintree 3DS Data-Only
- Device ID and IP address are collected automatically.
- You need to provide an email address and billing address including all required sub-fields.
- You can add conditional logic to your integration to apply 3DS Data-Only processing to DCAP-eligible transactions only.
Option 2: External 3DS Data-Only (passthrough)
- Authentication is performed by an external 3DS provider.
- The provider must include all required DCAP data elements in the lookup request.
- Data must meet Visa validation requirements for qualification.
- The provider must add conditional logic to the integration to apply 3DS Data-Only processing to DCAP-eligible transactions only.
Next steps
Contact your PayPal account manager to enable DCAP and confirm the appropriate integration approach.