Trust List

Back to 3DS Home Payment Flows
Navigate to...
keyboard_arrow_down

Trust List

When completing an EMV 3DS 2.3 authentication for a payment, cardholders may have the option to trust list a business they trust to potentially avoid having to authenticate future purchases. These businesses are then included on a “trust list” maintained by the cardholder’s issuer or payment service provider.

To request trusted beneficiary status, a merchant must set the 3DS Requestor Challenge Indicator in the authentication request to 09 (Challenge Requested – Trust List Prompt requested if challenge required). Once a merchant is added to a cardholder’s trust list, the merchant should set 3DS Request Challenge Indicator to 08 (No challenge requested; utilize Trust List exemption if no challenge required).

Issuers receiving trusted beneficiary authentication requests should give their cardholders the option to add the merchant that they are shopping from to their trusted beneficiary list. The following UX guides have been tested so that an issuer can effectively communicate to their cardholder that trusted beneficiary status can be granted to the merchant that they are shopping from.

Trusted Beneficiary Flow

During a purchase, the merchant’s EMV 3DS Server provider will send a request through EMV 3DS for the Issuer to allow the cardholder to grant trusted beneficiary status for that merchant. The Issuer’s ACS will display the option to grant trusted beneficiary status to the cardholder. If the cardholder agrees to grant trusted beneficiary status to the merchant, then the cardholder will authenticate for both granting trusted beneficiary status and for the payment. Upon success of the authentication, trusted beneficiary status will be granted to the merchant for the cardholder’s primary account number (PAN). 

Once a cardholder has granted trusted beneficiary status to the merchant, future purchases using the same PAN at that merchant may not require strong cardholder authentication. Cardholders should be able to manage which merchants have trusted beneficiary status via their issuer’s online banking services.

trusted beneficiary full flow

Key Screens

Enter verification code screen, filled state
Enter verification code screen, Learn more about fast authentication is expanded

UX Elements

The guidelines above demonstrate the trusted beneficiary flow using a one-time passcode (OTP) challenge. Issuers may use any of the EMV 3DS challenge types (Out of Band, Knowledge-Based, etc.) to authenticate a cardholder for the trusted beneficiary use case.

Data Elements from EMV 3DS specification 

Content/Requirement 
Challenge Information Header

OTP Code Entry
  • The page must display the headline Enter verification code above the Challenge Info text. 
Challenge Information Text

OTP Code Entry
  • This text must include the following language: 

OTP by SMS: We just sent you a verification by text message to <<masked phone number>>. You have [number of attempts to enter OTP] attempts. 

OTP by Email: We just sent you a verification code by email to <<masked email>>. You have [number of attempts to enter OTP] 

Challenge Information Label 
  • The display name for this field must be ‘Verification Code’. 

Challenge Information Data Entry 
  • Input Box 

Submit Authentication Label 
  • A form element that should align with the center of the bottom margin displaying “Confirm” 

Resend Information Label 
  • The display name for this field must be ‘Resend Code’. 
  • Challenge Information is resent to the customer. 
  • A form element that should vertically align with the center of the bottom margin. 

Trusted Beneficiary Check Box 
  • A check box must be included with the following suggested language: 

Turn on fast authentication to skip these steps in the future 

  • While an issuer may have their own language around the trusted beneficiary program, the language above, calling the program ‘Fast Authentication’ performed best during Visa user testing. This is the recommended language for Trusted Beneficiary programs from a Visa perspective. 

Trusted Beneficiary Information Label 
  • Display the Trusted Beneficiary information label as a graphical control element that can be expanded. 
  • The display name for this field must be ‘Learn more about fast authentication’. 

Trusted Beneficiary Information Text 
  • Display the Trusted Beneficiary Information Text only when the user selects the “Trusted Beneficiary Information Label”. 
  • The following language is recommended: 

Banks are now required to take customers through extra verification steps when making certain purchases online.  

[Issuer Name] allows customers the option to skip these at some online stores without compromising on security. 

Why Information Label
  • Display the Why Information Label as a graphical control element that can be expanded. 
  • The display name for this field must be ‘Need Help?’. 

Why Information Text
  • Display the Why Information Text only when the user selects the “Need Help? Label”. 
  • Text provided by the Issuer to be displayed to the cardholder to explain why the cardholder is being asked to perform the authentication task. 

Legal Disclaimer

Important Information on Copyright and Disclaimers

© 2022 Visa. All Rights Reserved

Notice: The trademarks, logos, trade names and service marks, whether registered or unregistered (collectively the “Trademarks”) are Trademarks owned by Visa. All other trademarks not attributed to Visa are the property of their respective owners, are used for identification purposes only and do not imply product endorsement or affiliation with Visa.

Note: This document is not part of the Visa Core Rules and Visa Product and Service Rules. In the event of any conflict between any content in this document, any document referenced herein, any exhibit to this document, or any communications concerning this document, and any content in the Visa Core Rules and Visa Product and Service Rules, the Visa Core Rules and Visa Product and Service Rules shall govern and control.

Note: Please note that the screens are for illustrative purpose only. 

DISCLAIMERS:  THIS DOCUMENT IS PROVIDED ON AN "AS IS,” “WHERE IS,” BASIS, “WITH ALL FAULTS” KNOWN AND UNKNOWN. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, VISA EXPLICITLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE LICENSED WORK AND TITLES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.