.png?width=365&height=122&name=BTLogo%20(1).png)
Visa’s Digital Commerce Authentication Program: What DCAP is, and isn’t.
Visa recently introduced the Digital Commerce Authentication Program (DCAP). It hasn’t generated much noise yet, but it represents a meaningful shift in how online transactions are evaluated and approved.
At a high level, DCAP enables merchants to send enhanced data with an authorization request so issuers can make better decisions to improve approval rates, reduce fraud, and maintain a seamless checkout experience.
The concept is straightforward. The implications are not. There’s already a growing body of content explaining DCAP, and much of it frames the program as an authentication or security enhancement tied to 3D Secure or step-up verification.
That framing misses the point.
DCAP is not about adding friction. It’s not a new authentication flow, and it doesn’t require customer challenges like one-time passcodes or biometrics.
It’s about improving the quality of the data that travels with an authorization request.
Merchants provide a small set of high-value signals; device ID, email address, billing address, and IP address; which are validated, enriched, and passed through Visa’s network so issuers can make more confident decisions in real time.
The goal is simple: Give issuers enough context to approve good transactions without needing to question them.
Why DCAP Matters for Merchants
For years, improving payment performance has largely focused on what happens after a transaction is declined. Retries, routing strategies, fallback logic, and dunning have all been core tools.
DCAP shifts that focus earlier in the lifecycle.
When issuers have better data at the moment of authorization, they can approve more legitimate transactions, reduce false declines, lower fraud rates, and avoid unnecessary customer friction.
Visa has already shared early results showing meaningful improvements in both authorization rates and fraud reduction when enhanced data is consistently included.
There are also direct economic benefits.
For eligible transactions, DCAP provides a ten basis point interchange incentive, offset by a five basis point program fee, resulting in a net five basis point savings. When combined with existing network token incentives, which provide an additional five basis points, merchants can achieve up to ten basis points of total interchange reduction.
It’s important to note that these incentives apply specifically to credit transactions and are currently designed for customer-initiated transactions (CIT).
That said, the performance benefits extend beyond those constraints. Improved authorization rates and reduced fraud can positively impact debit and merchant-initiated transaction (MIT) flows as well.
But the bigger shift is strategic.
DCAP is part of a broader move toward identity-rich transactions, where approvals are driven less by static card data and more by context. Who the customer is, what device they’re using, and how they typically behave all start to matter more.
The Three Ways to Implement DCAP
Visa provides three primary paths for merchants to participate in DCAP, each with different trade-offs depending on how a merchant’s payment stack is designed.
3D Secure (Data-Only)
The most familiar approach is through existing 3DS integrations.
Merchants can pass enhanced data through their 3DS provider using a “data-only” flow, avoiding customer challenges while still generating authentication artifacts such as CAVV and ECI indicators.
This approach works well for merchants already leveraging 3DS, but it introduces additional dependencies and can carry some of the historical baggage associated with 3DS in certain markets.
Token Service (VTS / TMS)
For tokenized transactions, merchants can include enhanced data when requesting a cryptogram through Visa’s token services.
The enriched data is then linked to the token and passed along during authorization.
This path is effective for merchants with mature token strategies, but it is inherently limited to token-based transaction flows.
IDX Direct API
The most flexible and forward-looking approach is through Visa’s Intelligent Data Exchange (IDX) API.
This allows merchants to send enhanced data directly to Visa, which returns a match key that is included in the authorization message in existing fields, similar to how authentication values are used today.
This approach:
- Works across both PAN and token transactions.
- Provides full control over the data being shared.
- Supports a broader set of enhanced data elements.
- Aligns with modern, API-driven payment architectures.
For merchants building toward greater flexibility and control, this path represents where the ecosystem is heading.
The Catch: This Isn’t Just an Integration
On paper, DCAP looks straightforward. Provide four data elements, send them with the authorization, and benefit from improved outcomes.
In practice, most merchants aren’t set up to do this cleanly.
The challenge isn’t just collecting the data. It’s managing it consistently across the entire payment lifecycle.
- Device data often lives in front-end systems.
- Customer identity signals are fragmented across platforms.
- Payment credentials are stored within individual processors.
- Authorization construction is controlled by PSPs rather than merchants.
DCAP requires these pieces to come together in a coordinated way. That makes this less of an integration problem and more of an architecture problem.
To fully take advantage of DCAP, merchants need the ability to:
- Collect and standardize enhanced data at the point of interaction.
- Maintain control over payment credentials and tokens.
- Inject data consistently into authorization requests.
- Support multiple integration paths as the ecosystem evolves.
DCAP doesn’t require a new payments stack, but it does require a more coordinated one.
How Basis Theory Helps Merchants Participate in DCAP
While DCAP is conceptually simple, the challenge for most merchants is operational. Collecting the right data, managing it consistently, and ensuring it’s available at the moment of authorization.
This is where having the right infrastructure layer becomes critical.
Basis Theory is designed to support all three DCAP integration paths—whether a merchant is leveraging 3D Secure, token-based flows, or direct integration with Visa’s IDX API—without requiring changes to how they process payments today. For merchants using Basis Theory Elements, much of the required data is already being captured.
Device signals, IP address, and other contextual data are collected at the point of interaction and stored alongside the payment token. When a transaction is initiated, these data elements can be seamlessly injected into existing workflows, enabling DCAP participation without requiring significant changes to front-end or back-end systems.
For merchants earlier in their journey, or evaluating how to modernize their payments architecture, Basis Theory can serve as the collection and orchestration layer for enhanced data sharing.
In this model, the required DCAP data is captured once, standardized, and securely transmitted to Visa. The merchant then simply includes the appropriate linking indicator in their authorization request to their existing payment processor, allowing the transaction to qualify for DCAP while Visa handles the data matching and enrichment behind the scenes.
The result is a flexible approach that allows merchants to:
- Participate in DCAP across multiple integration paths.
- Maintain existing processor relationships.
- Standardize how data is collected and used across transactions.
- Improve performance without introducing additional customer friction.
Ultimately, DCAP is not about choosing a specific integration path, it’s about ensuring you have the infrastructure in place to support any of them as your payments strategy evolves.
DCAP is an early step in a broader shift across the payments ecosystem.
As networks, issuers, and merchants move toward more contextual and identity-driven transactions, the ability to control and share high-quality data will become increasingly important.
This isn’t just about improving authorization rates today.
It’s about building the foundation for how transactions will be evaluated in the future.
