|Tabla de Contenido|
Discover what it is, its purpose, how it works, which products support an OTP authentication, and potential authentication issues.
What is an OTP authentication, and what is its purpose?
A one-time password (OTP) or single-use password authentication (also known as dynamic key) is a password valid for a single transaction. It remains active for a specified period from its generation.
It is used in environments that require a high level of security that static or conventional passwords alone cannot provide.
OTP authentication process in the UAT environment
In the OTP authentication process, the issuing bank sends a text message or email with the authentication code (a minimal three-digit charge for the card user's security).
In our test environment, this process differs as no email or text message with the authentication code is sent. Instead, generic test numbers are provided for each country where we operate. For more details on this process, please refer to our guide Accept One-Time payments with OTP.
OTP authentication process in the production environment
1. Beginning of validation
The card user begins the payment process.
2. Request for validation
The merchant sends a validation request to Kushki to verify the card's ownership.
3. Sending a charge to the customer
Kushki charges a minimal amount to the client to verify the transaction's authenticity.
The issuing bank notifies the client via text message or email with the authentication code.
5. OTP Code Authentication
The client enters the three digits (charged amount) sent via text message or email.
6. Authentication process
The merchant requests Kushki to verify that the code entered is correct.
7. Successful Authentication
Kushki performs the validation (verifies that the code is correct), and requests a refund from the issuing bank of the amount charged to the card user.
8. Refund of the amount
The issuing bank returns the initially charged amount to the card user during the authentication process.
Which products support OTP authentication?
OTP authentication issues
The OTP authentication problems that could potentially occur are as follows:
OTP Authentication code used in the transaction
Ensure that the authentication code you are using in our test environment is the correct one, remember that in the integration guide for each country, you will find the test numbers.
For our production environment, you should receive by email or text message a 3-digit charge and use this number for authentication.
Assignment of security rules
If you haven't been assigned an OTP security rule, please submit a request to the Kushki Support Center for rule assignment.
OTP Authentication error codes
If you require to verify the reason for the rejection of transactions declined by the OTP security rule, please review the error codes article.