Visa wants the card that users carry in their wallet to serve more than just for payments. The company has launched, along with Keyno and Fidelity Bank (Bahamas) Limited, the first deployment of its Tap to Confirm and Tap to Activate technologies for issuing banks—two features that allow users to verify their identity or activate a new card with a simple tap on their mobile device within the banking app.
The announcement comes at a time when identity verification has become one of the most sensitive aspects of digital banking. SMS codes, call center interactions, one-time passwords, and recovery procedures are still common, but they also cause delays, operational costs, and fraud risks. Visa offers an alternative: using the EMV chip on the physical card as a trusted credential to confirm that the customer actually has the card in their possession.
From paying with a tap to authenticating with a tap
Tap to Confirm allows the cardholder to verify possession of their card for high-risk operations, such as large transfers, password changes, address updates, or account limit adjustments. Instead of entering an SMS code or calling the bank, the user brings the Visa card close to the mobile device, and the issuer’s app validates the authentication.
Tap to Activate applies the same principle to the activation of a new card. The customer can activate it within the banking app by tapping the phone with the card, without needing printed codes, calls, or wait times. To the user, the gesture feels familiar because it’s similar to contactless payments. For the bank, the operation relies on EMV cryptography and Visa’s infrastructure.
The technology utilizes Visa Chip Authenticate and the Visa Transaction Exchange (VTEX) API to authenticate card data in real-time via VisaNet. Visa states that its network processes over 150 billion transactions annually, illustrating the scale on which this new layer of verification is intended to operate.
The key distinction is that the physical card becomes a factor of identity as well as a payment instrument. Practically, the bank can request the user to demonstrate that they have the legitimate card during sensitive moments in their digital relationship. This can reduce reliance on SMS, which has been a reliable method for years but is also susceptible to frauds like SIM swapping, message interception, or social engineering.
Less friction for the customer, lower costs for the bank
Visa and Keyno present this technology as an enhancement to security and user experience. The promise is to reduce steps, avoid wait times at call centers, and bring more processes into the banking app. For issuers, this could mean fewer activation calls, reduced verification issues, and a more robust way to validate high-risk activities.
The initial commercial deployment is with Fidelity Bank (Bahamas) Limited through the FIDSECURE mobile app, supported by Keyno’s technology and Visa’s authentication infrastructure. After this pilot, Visa plans to expand Tap to Confirm as a security and authentication solution during 2026.
Keyno is not an unknown partner in card security; the fintech specializes in solutions like dynamic CVV, digital card visualization, biometric authentication in 3DS, Click to Pay, and Tap-to-X services for banks, credit unions, and fintechs. Their role here is to integrate the experience within the issuer’s environment and turn the card tap into a useful action for the customer.
For banks, the appeal is twofold: firstly, improving security against processes based on information that can be stolen or spoofed; secondly, reducing friction during critical moments—activating a new card, recovering access, confirming sensitive changes, or authorizing high-value transactions. Every minute of waiting on a call center or every code that doesn’t arrive on time increases the risk of abandonment, frustration, or incidents.
The approach also aligns with a broader payments trend: leveraging already widespread credentials instead of requiring users to learn new systems. The contactless card is a familiar object with a secure chip and everyday use. Turning it into an identity key within the banking app might be more intuitive than asking the customer to understand a different authentication method.
EMV security versus SMS vulnerability
Visa’s main technical argument is based on cryptogram validation via EMV. Unlike static codes or OTPs sent via SMS, the card’s chip generates cryptographic data that can be validated against the issuer’s infrastructure and Visa’s system. This makes it harder for an attacker to replicate the operation without the physical card.
That doesn’t eliminate all risks. A compromised mobile device, fake banking apps, social engineering attacks, or physical theft of the card or phone are scenarios that banks still need to address. No authentication method is foolproof. However, using the physical card as a factor introduces a different barrier to frauds that exploit leaked credentials or message interception.
Adoption will also depend on compatibility across devices, cards, issuers, and applications. To ensure the gesture remains simple, users shouldn’t face complex setups or confusing instructions. If it resembles contactless payment and works instantly, acceptance is more likely. If it frequently fails or requires too many conditions, its benefits could diminish.
Additionally, banks will need to decide how to integrate this into their risk workflows. Not every operation requires the same level of authentication. Using Tap to Confirm for minor activities might be excessive; applying it to sensitive changes or high-value transfers seems more appropriate. The key is balancing security with convenience.
Visa has long been working to expand the card’s role beyond the traditional plastic. Tokenization, mobile payments, digital credentials, Click to Pay, and strong customer authentication are part of this evolution. Tap to Confirm and Tap to Activate add an interesting layer because they re-engage with the physical object’s value in a digital world. The card doesn’t disappear—it changes function.
This movement also highlights an uncomfortable reality for digital banking: identity remains a weak point. Opening accounts, activating cards, recovering access, or confirming transactions continue to be moments where security, fraud, and customer experience intersect. If a simple tap can reduce calls, codes, and doubts, the potential benefits are significant.
Global rollout expected by 2026 will test whether the model works beyond this initial pilot. The technology makes sense, but its success will depend on issuer adoption, user clarity, and demonstrable reductions in fraud and operational costs. In payments, the best innovations are often those that customers understand effortlessly. Bringing the card to the mobile to verify who you are has a strong chance to meet that criterion.
Frequently Asked Questions
What is Visa’s Tap to Confirm?
Tap to Confirm allows users to verify their possession of a Visa card by bringing it close to their mobile device within the bank’s app. It’s designed to confirm sensitive actions such as large transfers or significant account changes.
What is Tap to Activate?
Tap to Activate enables customers to activate a new Visa card by touching it to their phone via the issuer’s app, without calling support or entering activation codes.
Why is it more secure than SMS?
Because it uses the EMV chip on the card and related cryptography rather than relying on a code received via message. This reduces risks such as SMS interception or SIM swapping fraud.
Is it available for all banks now?
No. The pilot launch is with Fidelity Bank (Bahamas) Limited and Keyno. Visa plans to expand availability throughout 2026.
via: investor.visa