OTP based 3DS authentication flow

In the payments ecosystem, authorization occurs after the completion of 3D Secure authentication. The merchant uses the authentication data captured as part of the 3D Secure process to submit an authorization for approval.

Following diagram captures the high level interaction that takes place among key parties when a cardholder uses his/her card online - say for example to do shopping at an e-commerce merchant. Once the authentication is successful, the merchant end (acquirer, acquiring processor, PSP - payment gateway) will receive the authentication result (CAVV/UCAF). It is expected that the merchant end will include the authentication result when submitting the transaction authorization to the network as an authentication proof.


When a cardholder attempts to make an online payment to a merchant supporting 3DS authentication, the following process occurs:

  1. Card holder performs an online transaction (shopping at ecommerce site, for instance).
  2. The merchant initiates an authentication request by sending the request to the card network (Visa, MasterCard, etc.,).
  3. The card network routes the authentication request to the Nium platform.
  4. The Nium platform prompts the cardholder, via an embedded iframe within the merchant’s checkout experience, to enter a one-time passcode that Nium sends via SMS or email.
  5. The Nium platform verifies the OTP and completes the authentication.
  6. The Nium platform sends the authentication result to both the network and the merchant.