Option B: activate with SMS or email OTP

Use this option when the issuer backend returns levelOfTrust=yellow. The end user completes step-up authentication using an OTP. The OTP is delivered by SMS or email.

Token activation using SMS or email OTP.

Flow

1. Return OTP methods

Return idvMethodList in requestCardDigitization (step 4). Include SMS OTP and/or email OTP methods.

2. Deliver the OTP

Tokenization Service calls sendOTP on the issuer backend. Send the OTP to the end user using the selected channel. Do not transform the OTP value.

3. Complete activation

The end user enters the OTP in the wallet application. The token requestor and payment network TSP validate it. Tokenization Service activates the token.

Issuer backend responsibilities

Send the OTP to the end user quickly.
Apply your fraud and rate-limit controls before sending.
Return an error when you cannot deliver the OTP.

See sendOTP in the API reference.

notifyVirtualCardChange on completion

Tokenization Service sends notifyVirtualCardChange after successful activation.

See notifyVirtualCardChange in the API reference.

notifyVirtualCardChange parameters

Parameter

Description

x-correlation-id

Contains the same value provided in requestCardEligibility.

virtualCardId

Identifies the updated virtual card.

action

Is set to ACTIVATE.

tokenInfo

Provides the DPAN and expiry date at activation (when provided by the TSP).

isPrimary

Is set to true.

PreviousOption A – activate without step-up authentication NextOption C – activate in the issuer application

Last updated 4 months ago

Was this helpful?