OTP delivery to PSU

Where an OTP is required for Token account flow and Token payment flow, then the OTP is delivered to the customer in one of the following ways:

  • Contis SMS to customer (preferred)
  • Contis provide to client for onward delivery via SMS to the customer. This will be provided to the client either via:
  1. API 900 response (if a 900 response exists)
  2. HTTP Push (webhook) for:
    • VerifyPSUWithSCA

For this webhook there is a new notification category code: 066

Verify PSU with SCA OTP HTTP Post:

NotificationType | CardHolderID | OTPType | OTPCode | SecurityHash

Example:

NotificationType=066&CardHolderID=21&OTPType=Verify PSU with SCA HTTP Post&OTPCode=12345678&SecurityHash=5d4337d825a29cbccaad48eaca80d07f04abf0315d1d5cf445057f13c06e902e

Note: OTPs for the online card payment journey are not covered in the above. Where a customer selects OTP as their method of authenticating an online card payment, the OTP delivery method will remain per existing client solutions in use today.