OTP Authentication

  • Updated
Tabla de Contenido

    Discover what it is, its purpose, how it works, which products support an OTP authentication, and potential authentication issues.


    What is an OTP authentication, and what is its purpose?

    A one-time password (OTP) or single-use password authentication (also known as dynamic key) is a password valid for a single transaction. It remains active for a specified period from its generation.

    It is used in environments that require a high level of security that static or conventional passwords alone cannot provide.

     

    OTP authentication process in the UAT environment

    In the OTP authentication process, the issuing bank sends a text message or email with the authentication code (a minimal three-digit charge for the card user's security).

    In our test environment, this process differs as no email or text message with the authentication code is sent. Instead, generic test numbers are provided for each country where we operate. For more details on this process, please refer to our guide Accept One-Time payments with OTP.

     

    OTP authentication process in the production environment

    OTP Authentication (1).png

     

    1. Beginning of validation

    The card user begins the payment process.

    2. Request for validation

    The merchant sends a validation request to Kushki to verify the card's ownership.

    3. Sending a charge to the customer

    Kushki charges a minimal amount to the client to verify the transaction's authenticity.

    4. Notification

    The issuing bank notifies the client via text message or email with the authentication code.

    5. OTP Code Authentication 

    The client enters the three digits (charged amount) sent via text message or email.

    6. Authentication process

    The merchant requests Kushki to verify that the code entered is correct.

    7. Successful Authentication 

    Kushki performs the validation (verifies that the code is correct), and requests a refund from the issuing bank of the amount charged to the card user.

    8. Refund of the amount

    The issuing bank returns the initially charged amount to the card user during the authentication process.

     

    Which products support OTP authentication?

    1. Smartlink 

    2. Plugins (Magento, WooCommerce, Prestashop, Shopify and Vtex)

    3. Kajita - Cajita

    4. Libraries (iOS and Android)

    5. Payment Button

    6. API

    7. Kushki.js


    OTP authentication issues

    The OTP authentication problems that could potentially occur are as follows:

     

    OTP Authentication code used in the transaction

    Ensure that the authentication code you are using in our test environment is the correct one, remember that in the integration guide for each country, you will find the test numbers.

    For our production environment, you should receive by email or text message a 3-digit charge and use this number for authentication.

     

    Assignment of security rules

    If you haven't been assigned an OTP security rule, please submit a request to the Kushki Support Center for rule assignment.

     

    OTP Authentication error codes

    If you require to verify the reason for the rejection of transactions declined by the OTP security rule, please review the error codes article.

     

     

    Related articles