The CAP is a Mastercard initiative and technical specification for using EMV banking smartcards developed for authenticating users and transactions in online and telephone banking. It was also adopted by Visa as Dynamic Passcode Authentication (DPA). CAP is a form of two-factor authentication as both a smartcard and a valid PIN must be present for a transaction to succeed.
The CAP specification defines a handheld device (CAP reader) with a smart card slot, a numeric keypad, and a display capable of showing at least 12 characters. Banking customers who have been issued a CAP reader by their bank can insert their Chip and PIN (EMV) card into the CAP reader in order to participate in one of several supported authentication protocols.