OTP-based 3DS authentication flow

In the payments ecosystem, authorization occurs after the completion of 3D Secure (3DS) authentication. The merchant uses the authentication data captured as part of the 3DS process to submit an authorization for approval.

The following diagram captures the high-level interaction that takes place among key parties when a cardholder uses their card online, for example, to do shopping at an e-commerce merchant. Once the authentication is successful, the merchant end—acquirer, acquiring processor, payment service provider payment gateway—receives the Cardholder Authentication Verification Value (CAVV) or Universal Cardholder Authentication Field (UCAF) authentication result. It's expected that the merchant end includes the authentication result when submitting the transaction authorization to the network as authentication proof.

When a cardholder attempts to make an online payment to a merchant supporting 3DS authentication, the following process occurs:

  1. The cardholder performs an online transaction such as shopping at an e-commerce site, for instance.
  2. The merchant initiates an authentication request by sending the request to the card network such as Visa, Mastercard, etc.
  3. The card network routes the authentication request to the Nium platform.
  4. The Nium platform prompts the cardholder, via the merchant’s checkout experience, to enter a one-time passcode that Nium sends via SMS and email.
  5. The Nium platform verifies the one-time password (OTP) and completes the authentication.
  6. The Nium platform sends the authentication result to the network and the merchant.