1
Visa's Digital Commerce Authentication Program (DCAP) is a voluntary program designed to help merchants unlock interchange savings on eligible ecommerce transactions by sharing additional customer and device data. It can also help improve authorization rates and reduce fraud by giving issuers more context to evaluate transactions. In the United States, qualifying merchants may realize up to 5 basis points in net savings per eligible transaction.1 At enterprise transaction volumes, those savings can be meaningful.
DCAP initially applies to Visa consumer credit, customer-initiated transactions. As the program rolls out in April 2026 across the United States and select APAC markets, merchants are evaluating whether DCAP will affect payment costs and transaction performance, and whether it is worth acting on now.
As Visa continues to expand DCAP globally, requirements and incentives will vary by region and transaction type. Merchants with cross-border or multi-market operations should monitor regional rollout details as they become available.
DCAP will not have the same impact across all merchants.
It is most relevant for merchants currently using network tokens to process ecommerce transactions. Changes to how Visa structures token incentives make DCAP directly relevant to their economics. Choosing not to engage may carry a cost.
It is also relevant for merchants focused on reducing payment costs. DCAP creates another path to interchange savings on eligible transactions, both for tokenized and untokenized transactions.
For merchants earlier in their optimization journey, or with limited card-not-present volume, DCAP may be less of an immediate priority. Understanding how much of your transaction volume qualifies can help determine whether this is something to act on now.
Merchants need to provide a defined set of customer and device data on eligible transactions and fulfill data quality requirements to get DCAP benefits:
Of note, some of these required data fields may be static throughout a customer relationship. Email address and billing details typically fall into this category, whereas data points such as IP address and device ID may change transaction to transaction.
Regardless of how frequently data changes, it needs to be provided in the format Visa expects. Fields cannot be empty, null, or contain placeholder values. For example, an email address must be a valid format, not a dummy value. Data quality is what determines whether transactions actually qualify.
DCAP benefits depend on execution. Visa validates every required data field. Incomplete, inconsistent, or incorrectly formatted data does not qualify. Merchants who maintain data quality reliably across eligible transactions are best positioned to benefit.
A practical way to assess readiness is to start with three questions:
In many cases, this data may already flow through existing authentication infrastructure such as 3D Secure (3DS). For merchants already capturing the required data in a structured way, that can make the path more straightforward. For others, additional work may be needed to collect the data and pass it correctly.
PayPal supports DCAP through 3DS Data-Only, the Visa-approved authentication flow required for DCAP eligibility.
Whether you are using PayPal's 3DS Data-Only solution or an external provider, PayPal can help assess your specific setup, identify any work required, and simplify the path to adoption.
At PayPal, data quality and authorization performance are core to how we approach payments. For merchants evaluating DCAP, that foundation matters.
If you process Visa ecommerce transactions, understanding where DCAP fits in your payments setup is worth the time, whether you are evaluating it now or planning for what comes next.
Explore how PayPal supports payment optimization or connect with your PayPal Account Manager.