One-Time Password Resend

After the cardholder receives the OTP on their mobile phone, they enter it into the form that is displayed on the merchant terminal. After entering the password, the cardholder presses

Enter

and the password is returned to the issuer to verify that the OTP matches what was sent to the cardholder. When the response from the issuer is an invalid or incorrect OTP, resend OTP can be triggered. The request includes the original

consumerAuthenticationInformation.authenticationTransactionId

that was returned in the Payer Authentication Enrollment response. The transaction ID enables the matching of the original OTP that was sent to the cardholder with the OTP that the cardholder entered into the terminal. After the OTP match is made, the cardholder is authenticated and can then be validated.

The process for running this service is the same one used to generate the original OTP except for including the ID generated by the response. Refer to the One-Time Password Generation section for a list of required and optional fields used in Payer Authentication Enrollment when resending the password to the issuer.