Blog / Payments & payment fraud

DCAP explained: Boosting approval rates and reducing fraud with Visa's new program

Online payments are increasingly won or lost on decisioning quality. With DCAP, Visa is signaling that better context will be a first-class input to authorization.

15 June 2026

Share this article:

DCAP explained: Boosting approval rates and reducing fraud with Visa's new program

Visa is rolling out DCAP across the world, and it’s one of the more meaningful shifts in card-not-present payments we’ve seen in a while, promising up to 5 basis point net savings for eligible transactions.

Here’s your short yet meaningful explainer of what it means for merchants.

What is DCAP – the Digital Commerce Authentication Program?

DCAP is Visa’s voluntary program to improve authorization performance and reduce fraud by encouraging merchants/acquirers/payment partners to share richer risk signals with issuers – without adding checkout friction.

Instead of treating every CNP transaction as “issuer sees very little, merchant sees a lot”, DCAP pushes toward better data symmetry.

What data does DCAP refer to?

DCAP can include device ID, IP address, email/phone, billing address, and related context that helps issuers distinguish legitimate customers from suspicious activity that could be related to fraud.

How does the data get shared?

There are a few different rails that DCAP can use, but two common patterns are:

1. Within the 3D Secure flow (data-only/enriched authentication)

Risk and context gets attached inside the authentication message flow – often positioned as “data-only 3DS”.

2. Via a separate data-sharing API + a link key in the auth message

Risk data is sent to Visa first. Then, the authorization request references it via a match key so issuers can access the context when deciding to approve or decline.

The benefits of DCAP and how to implement

Reasons for merchants to consider the voluntary DCAP program include potential for fraud reduction, more approvals and lower costs.

  1. Higher approval rates (especially for good customers): DCAP enables issuers to say “yes” with more confidence – thus reducing friction.

  2. Lower fraud: Better signals reduce blind spots.

  3. No extra step for the customer: The goal of DCAP is security by better data, not more friction.

  4. Cost implications: There are financial incentives tied to meeting data-quality requirements (so data quality starts to matter commercially, not just technically) as well as potential interchange reductions. Visa promises up to 5 basis points of savings for eligible transactions, made up of 10 basis points interchange incentive minus 5 basis points in fees.

To qualify for DCAP interchange benefits, merchants must meet specified data quality standards.

If you’re a merchant (or work at a PSP/acquirer), look into what applies in your locale, and keep in mind that there are different rollout dates for different regions.

It’s worth pressure‑testing:

  • what risk signals you already capture reliably

  • where your coverage is weak (common gaps: mobile device IDs, billing address completeness)

  • how consistently those fields are passed through your payment/auth flows

Ravelin’s approach to DCAP is about making sure the right signals are captured cleanly and passed through consistently.

If you already use Ravelin for 3DS or for payment fraud detection, please don't hesitate to reach out to your AM to discuss.

To hear more about our data-focused, AI-first approach to payments and fraud, please reach out to the Ravelin team.

CNP payments are increasingly won or lost on decisioning quality. And DCAP is Visa signalling that better context will be a first-class input to authorization.


Ravelin Logo

Stay up to speed

Get the latest reports, analysis and advice on fraud, payments and growing securely online in your inbox.

Subscribe

Frequently Asked Questions

Is DCAP for Visa payments only?

DCAP is Visa's Digital Commerce Authentication Program. However, Mastercard has also announced its own minimum data quality requirements, under the name of "Enhanced Data Standards Requirements."

Is Mastercard's Enhanced Data Standard Requirements the same as DCAP?

The two programs have similar goals – to encourage richer, higher-quality signals. They both push the ecosystem toward consistently providing more identifiers such as email, phone, address, etc.

Mastercard's program does not incur any costs or penalties at the moment, though this may change in the future.

Both programs use 3DS but DCAP offers a direct API, while Mastercard does not.

The minimum data points are currently one for Mastercard versus two for Visa, with regional nuances.

Author

James Hogan

James Hogan Senior Product Manager – Payments Engineering

For the past 12 years, James has led product teams at iconic companies such as Ebay, Mastercard, Worldpay and Ocado, specializing in…

More from this author

Share this article:

Related content

Blog / Payments & payment fraud

A guide to A2A payments for merchants: Pros, cons & A2A fraud

Because the cost of transaction is significantly lower than with traditional card networks, A2A payments can incur significant savings for merchants – but fraud prevention should always be front-of-mind.

RAVELIN STAFF Mark Barlow Head Of product website

Mark Barlow, Chief Product Officer

Blog / Fraud analytics

The agentic commerce gold rush is on, but are merchants accounting for risk?

Ravelin’s Agentic Commerce and Fraud Report 2026 reveals rapid agentic adoption across ecommerce. But growing fraud risks and unclear liability raise concerns about embracing AI shopping too quickly.

Ravelin Symbol Blue 1

Ravelin Technology

Blog / Refund abuse

Your refund policy could land you in VAMP hot water – here's how refunds affect chargeback ratios

Refund strategy has consequences not only for customer satisfaction and loss prevention, but also for dispute volume and the broader cost of managing risk. Learn how to address this.

Unnamed 3

Nelda Biltauere, Senior Fraud and Payments Researcher