Where an OTP is required for Token account flow and Token payment flow, then the OTP is delivered to the customer in one of the following ways:
- Contis SMS to customer (preferred)
- Contis provide to client for onward delivery via SMS to the customer. This will be provided to the client either via:
- API 900 response (if a 900 response exists)
- HTTP Push (webhook) for:
- VerifyPSUWithSCA
For this webhook there is a new notification category code: 066
Verify PSU with SCA OTP HTTP Post:
NotificationType | CardHolderID | OTPType | OTPCode | SecurityHash
Example:
NotificationType=066&CardHolderID=21&OTPType=Verify PSU with SCA HTTP Post&OTPCode=12345678&SecurityHash=5d4337d825a29cbccaad48eaca80d07f04abf0315d1d5cf445057f13c06e902e
Note: OTPs for the online card payment journey are not covered in the above. Where a customer selects OTP as their method of authenticating an online card payment, the OTP delivery method will remain per existing client solutions in use today.