OTP delivery to PSU

Where an OTP is required for Token account flow and Token payment flow, then the OTP is delivered to the customer in one of the following ways:

  • Contis SMS to customer (preferred)
  • Contis provide to client for onward delivery via SMS to the customer. This will be provided to the client either via:
  1. API 900 response (if a 900 response exists)
  2. HTTP Push (webhook) for:
  3. VerifyPSUWithSCA

For this webhook there is a new notification category code: 066

Verify PSU with SCA OTP HTTP Post:

NotificationType | CardHolderID | OTPType | OTPCode | SecurityHash


NotificationType=066&CardHolderID=21&OTPType=Verify PSU with SCA HTTP Post&OTPCode=12345678

Note : OTPs for the online card payment journey are not covered in the above. Where a customer selects OTP as their method of authenticating an online card payment, the OTP delivery method will remain per existing client solutions in use today.