> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/tokenization/implement-tokenization/card-tokenization-request/processing-the-response/approve-with-step-up-authentication.md). # Approve with step-up authentication {% hint style="info" %} Step-up authentication is typically used for Tokenization with **xPay Wallets**. It does not apply to Tokenization initiated by an e-commerce merchant. {% endhint %} A step-up authentication decision (**YELLOW**) means D1 has conditionally approved **Tokenization**. Before the payment network **TSP** can provision and activate the digital card, the **End User** must complete an additional authentication step (an **ID\&V** method). ### What happens next 1. D1 returns a **YELLOW** decision to the payment network **TSP**, along with the supported ID\&V methods. 2. The **token requestor** prompts the **End User** to complete one of the supported methods. 3. If authentication succeeds, the payment network **TSP** completes provisioning and activates the digital card (payment network behavior). 4. D1 can notify your **issuer backend** of the Tokenization outcome and optionally send **End User** notifications (depending on what you enabled during **D1 onboarding**). For details, see [Processing the response](/tokenization/implement-tokenization/card-tokenization-request/processing-the-response.md#notifications). ### Common triggers Step-up authentication is commonly triggered when D1 detects higher risk, for example: * Phone number mismatch between **End User** data provided by the **Issuer** and the phone number provided by the payment network **TSP**. See [Decision engine > End User (consumer)](/tokenization/implement-tokenization/card-tokenization-request/processing-the-decision/decision-engine.md#end-user-consumer). * Missing **CSC** for a capture method where the CSC is expected. See [Decision engine > Card capture](/tokenization/implement-tokenization/card-tokenization-request/processing-the-decision/decision-engine.md#card-capture). ### Supported ID\&V methods When D1 returns **YELLOW**, it provides the payment network **TSP** with the list of supported ID\&V methods. * [OTP by SMS/email](/tokenization/implement-tokenization/card-tokenization-request/processing-the-response/approve-with-step-up-authentication/otp-by-sms-email.md) – The payment network generates the **OTP**. The **Issuer** (or D1 on behalf of the **Issuer**) delivers it to the **End User**. * [In-app authentication backend](/tokenization/implement-tokenization/card-tokenization-request/processing-the-response/approve-with-step-up-authentication/in-app-authentication-with-issuer-backend.md) – The **End User** authenticates in the **issuer application**, and the **Issuer** activates the digital card. * [Customer service](/tokenization/implement-tokenization/card-tokenization-request/processing-the-response/approve-with-step-up-authentication/customer-service.md) – The **End User** authenticates through the **Issuer**’s customer service process. {% hint style="warning" %} The methods that can be used depend on the Issuer’s ability to provide the required data. For example, if the Issuer does not have contact details such as an email address or phone number, those methods will not be available. {% endhint %} {% hint style="info" %} If you do not want D1 to send OTPs, you must support the [Deliver OTP API](/tokenization/integrate-the-d1-api/d1-api-summary.md). {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.payments.thalescloud.io/tokenization/implement-tokenization/card-tokenization-request/processing-the-response/approve-with-step-up-authentication.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.