Challenge Methods
A Challenge Method is an individual mechanism used to verify cardholder identity when a transaction requires SCA. Each method satisfies one or more of the three SCA factors: something you know (knowledge), something you have (possession), or something you are (inherence).
Available Methods
Challenge methods are not used in isolation. They are combined into a Challenge Profile, which defines the full authentication flow including fallbacks and cardholder choice.
Sends a 6-digit one-time passcode via SMS. Covers the possession factor.
Sends a 6-digit one-time passcode via email. Covers the possession factor.
Push notification to the cardholder's banking app for Face ID or fingerprint. Covers possession and inherence. Highest acceptance rate.
Cardholder provides a pre-set password stored against the card. Covers the knowledge factor.
Cardholder answers security questions configured by the issuer at card level. Covers the knowledge factor.
Analyses device interaction patterns silently during the challenge. Covers the inherence factor. Must be paired with a second method.
Method Details
Factor: possession
Apata sends a 6-digit one-time passcode to the phone numbers associated with the card. If the issuer prefers not to share phone numbers with Apata, delegate send and delegate verify modes are available, where Apata hands off OTP delivery and verification to the issuer's own system.
Delegate Modes
Several methods support delegation to the issuer's system:
| Mode | Description |
|---|---|
| Delegate Send | Apata calls a webhook with the OTP instead of delivering it directly to the cardholder. The issuer is responsible for delivery. |
| Delegate Verify | Apata calls a webhook with the cardholder-provided OTP or authentication result, and the issuer confirms whether it is correct. |
| Delegate Cancel | Apata calls a webhook when the cardholder cancels the challenge, so the issuer can react accordingly. |
Delegate modes require a Webhook to be configured before the challenge method is set up.
Challenge Methods and Challenge Profiles
A challenge method is a single authentication action. A Challenge Profile combines one or more methods into a complete authentication flow, supporting fallbacks if a method fails and optionally allowing the cardholder to choose their preferred method. Even if only one challenge method is in use, it should always be wrapped in a Challenge Profile.
Updated about 1 month ago