VERIFIED BY VISA (VbV) (2025)

VERIFIED BY VISA (VbV) TECHNICAL OVERVIEW

Verified by Visa is an authentication tool that is intended to validate that the authorized credit card holder is the one actually attempting to make a purchase. The key benefit to this program for merchants is that it provides a liability shift for covered transactions.

Key considerations when implementing or buying this functionality include:

  • The current consumer authentication tools offered by Visa are meant for and work only on e-commerce transactions. You need to have fraud processes to handle your MOTO traffic.

  • For these programs to work the merchant, issuer and acquiring bank must all be participating in the program. So make sure your acquiring bank is set up to support the e-commerce indicator, and check on their certification requirements.

  • You still need to perform other fraud checks. This tool only covers certain Visa transactions. There are legitimate cases in which you may not be able to complete the authentication process with the consumer and you still need to make sure overall fraud rates are kept within standards.

  • Companies doing little transactional volume should consider using an outsourced service bureau to perform this service.

  • Make sure you are checking and providing all of the correct data points: You have to note it as e-commerce with the ECI, and you must check the AVS, you must check for enrollment, you need the CAVV/AVV, show the order was checked for enrollment and you need the XID the unique transaction number.

  • You will have to get a digital certificate from Visa, which takes about two weeks. See your acquiring bank to get the form.

HOW DOES IT WORK?

The process used by the consumer authentication services to authenticate consumers is pretty simple. The consumer enrolls with the issuing bank and is given a password, PIN or device to authenticate themselves. When the consumer makes a purchase online the consumer is asked to give that password, PIN or device to authenticate. Depending on issuer implementations and mandates in certain countries, 2 Factor Authentication (2FA), a One-Time Password (OTP) or other dynamic authentication mechanisms may be required.

The purchase sequence can be broken down into five stages, first the consumer goes through the check-out procedure, the same way they do today, providing the same data fields they do today. When the buy button is pressed on their system, using the commercially available software on the market, it sends a message to Visa and card issuer, to find out if the consumer is participating in the VbV authentication program. If the consumer is participating in the program, the service will send a pop-up window to the consumer. The pop-up looks like it is coming from the consumer’s issuing bank. The pop-up asks the consumer to enter their password, OTP or PIN. The issuing bank then validates this password or PIN and returns the results to the merchant.

The benefits to merchants are that transactions covered by Verified by Visa shift the liability of fraud losses from the merchant to the card issuer. However, the requirements for eligible transactions can differ by region or country. Since 2003 Verified By Visa has provided a liability shift for transactions when the consumer authenticates through VbV, but also for transactions where the merchant attempts VbV authentication but the consumer is not enrolled in the program. Although, if the consumer is enrolled but they can’t authenticate you get no liability shift.

Only certain reason codes are covered for the liability shift with Verified by Visa. This includes:

  • Reason Code 83 - Fraudulent Transaction CNP

  • Reason Code 75 - Cardholder Does Not Recognize Transaction

  • Reason Code 23 - Invalid Travel & Entertainment

  • Reason Code 61 - Fraudulent Transaction MO/TO/EC

Several countries have mandates related to Verified by Visa. In the UK Visa Europe requires all issuers to use dynamic tokens for their VbV implementations. In Italy all online merchants must implement Verified by Visa. In Australia all card issuers will be required to enroll Visa cardholders in VbV by April, 2013.

From a security perspective, all communication between the consumer and issuing bank is secured, you as a merchant will not see or ask for this password. The pop-up window the end user receives contains a secret message that only the consumer knows and that shows the consumer that the pop-up window is real and not a fake that someone made to try and steal their password.

There has been a fraud case in which fraudsters acquired account information and then called the issuing bank and changed the address information and signed up for Verified by Visa. The fraudsters then made a lot of fraudulent transactions. But merchants will be covered as long as they followed the rules.

HOW DO YOU USE THE RESULTS?

For Visa orders, when you are using this technology, you should implement the following:

For orders in which the consumer is participating in the program, the order type is a covered type, and the consumer successfully authenticates, accept the order.

For orders in which the consumer is not participating in the program, the order type is a covered type, the merchant has checked for enrollment, and the order characteristics are within their normal order tolerances, accept the order.

For orders in which the consumer is not participating in the program, the order type is a covered type, the merchant has checked for enrollment, and the order characteristics are not in-line with their normal orders, review the order or perform further fraud checks favoring sales conversion.

For orders in which the consumer is participating in the program, cannot successfully authenticate and the order characteristics are in line with their normal orders; perform other fraud-screening checks or manually review the order favoring risk aversion.

For non-covered orders perform traditional checks.

VERIFIED BY VISA (VbV) (2025)

FAQs

Is verified by Visa legit? ›

Visa offers comprehensive fraud protection, but Verified by Visa goes even a step further, adding an extra layer of security at the point where you enter credit card information online. The service helps prevent unauthorized online use before it happens by confirming your identity with an additional password.

What is Visa VbV? ›

Verified by Visa (VbV) is an advanced security feature from Visa that helps authenticate purchasers as authorized cardholders. This extra layer of verification helps protect both cardholders and merchants during checkout.

How do I activate my Visa VbV card? ›

Register. Through the bank that issued your Visa card, register for Verified by Visa in just a few minutes. Upon activation, Verified by Visa protects you at every participating online store. When you shop online at a participating merchant, your card will be automatically recognised as protected by Verified by Visa.

Is Verified by Visa the same as Visa secure? ›

Visa Secure (formerly known as Verified by Visa) helps protect your account against fraud and unauthorised use. We work with Visa to give you greater protection against fraudsters – you'll see its logo next to ours on a new verification screen which may pop up when you pay online.

How much does verified by visa cost? ›

Verified by Visa is a free, online security service for your WellsOne® Commercial Card. This service helps ensure that only you can make internet purchases with your Wells Fargo commercial card by requiring you to enter a password when shopping at participating online merchants.

How to skip verified by Visa? ›

By selecting Remember Me, Visa will remember you on that browser and device and you can skip verification on that device and browser the next time you click to pay with Visa.

Which cards have VBV? ›

VBV uses personal passwords or identity information to help protect Visa card numbers against unauthorized use. VBV is available for most Visa cards from participating financial institutions.

How do I activate VBV? ›

How it works
  1. Register for Verified by Visa in just a few minutes through the bank that issued your card or when prompted at the time of your transaction.
  2. Upon activation, Verified by Visa protects you at every participating online store.

When did verified by Visa start? ›

In 2001 Arcot Systems (now CA Technologies) and Visa Inc. with the intention of improving the security of Internet payments, and offered to customers under the Verified by Visa brand (later rebranded as Visa Secure).

How do I get verified by Visa? ›

The financial institution that issued your Visa card has a number of tools that can help verify your identity such as a one-time passcode or biometrics. If you encounter this extra step, simply follow the instructions on your screen to verify your identity. I see the Visa logo when I'm going through the extra check.

What is the verified by Visa program? ›

Verified by Visa is an anti-fraud tool that verifies if the rightful cardholder is making a purchase. The identity check uses a technology called 3D Secure. "Three-Domain Secure" means three separate parties confirm the authenticity of a transaction (the merchant bank, the card issuer, and the payment network).

How do I verify my Visa? ›

Online Visa Verification

You can usually do it through the embassy website of the country you're visiting. These websites usually allow you to check the status of your visa application by entering in key details such as your application number or reference number, passport number, and sometimes even your date of birth.

How does VBV work? ›

VBV protects your existing Visa card with a password that's been created by you and offers the added assurance that only you can use your Visa card online.

Does Verified by Visa ask for full password? ›

If you've already registered your card, the system will automatically recognise your card details when you enter them. You'll then be asked for your personal password to complete your transaction.

What websites don t use verified by Visa? ›

Amazon: Amazon doesn't require CVV for certain cards or in specific situations, like when using 1-Click ordering. Apple: Apple doesn't require CVV for Apple Pay transactions or when using certain credit cards. PayPal: PayPal often doesn't require CVV, as it uses its own security tokenization system.

What is the verified by visa program? ›

Verified by Visa is an anti-fraud tool that verifies if the rightful cardholder is making a purchase. The identity check uses a technology called 3D Secure. "Three-Domain Secure" means three separate parties confirm the authenticity of a transaction (the merchant bank, the card issuer, and the payment network).

What websites don t use verified by visa? ›

There are a few shopping online websites that do not require a CVV ( Card Verification Value ) for making purchases . These include Amazon , eBay , and Target . These websites use alternative methods of verifying the authenticity of a credit or debit card , such as billing address verification or 3D secure technology .

What is card information data verified by visa? ›

It is a password-protected authentication system designed to confirm the identity of the cardholder when a Visa card is used online. By requesting a password known only to the cardholder, the bank can verify that the genuine cardholder is entering their card details into an eCommerce website.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Pres. Lawanda Wiegand

Last Updated:

Views: 6441

Rating: 4 / 5 (51 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Pres. Lawanda Wiegand

Birthday: 1993-01-10

Address: Suite 391 6963 Ullrich Shore, Bellefort, WI 01350-7893

Phone: +6806610432415

Job: Dynamic Manufacturing Assistant

Hobby: amateur radio, Taekwondo, Wood carving, Parkour, Skateboarding, Running, Rafting

Introduction: My name is Pres. Lawanda Wiegand, I am a inquisitive, helpful, glamorous, cheerful, open, clever, innocent person who loves writing and wants to share my knowledge and understanding with you.