Challenge Profiles
A Challenge Profile combines one or more Challenge Methods into a complete authentication flow, controlling how a cardholder is challenged, what fallbacks are available, and whether the cardholder can choose their preferred method.
Even if only one challenge method is in use, it must be wrapped in a Challenge Profile. Assigning challenge methods directly to cards is deprecated.
Key Features
Automatically or manually move to the next authentication option when the current one fails or is declined by the cardholder.
Present the cardholder with a selection screen to pick their preferred authentication method before or after a failure.
Chain multiple methods within a single option to satisfy SCA's two-factor requirement in a single flow.
Control which authentication method is reported to the payment scheme when multiple methods are used or a fallback occurs.
Options
A Challenge Profile is made up of one or more options. Each option defines a single authentication path - either a single method or a sequence of methods that must be completed in order.
Option 1: Delegate SCA
Option 2: SMS OTP + KBA
Option 3: Delegate SCA
Option 4: SMS OTP + Static PasswordWhen multiple options are configured, they can be used to drive fallback or choice behaviour.
Fallback
Presents the cardholder with a button to switch to the next option if they are unable to complete the current one. For example, if Delegate SCA is Option 1 and SMS OTP is Option 2, the cardholder can tap the fallback button to move from the push notification to an SMS passcode.
The order of fallback follows the fallback index defined on each option.
Choice
Presents the cardholder with a selection screen at the start of the challenge, letting them pick their preferred authentication method from the available options. The order of options on the choice screen is controlled by the choice index.
Both choice settings require a choice Challenge Interface to be configured.
Multi-factor Authentication
A single option can contain multiple methods that are completed in sequence, satisfying SCA's requirement for two independent factors. For example, SMS OTP followed by Behavioural Biometrics covers possession and inherence. If the second factor fails, a fallback can be configured specifically for that second step without falling back all the way to Option 1.
Authentication Method Reporting
When a challenge profile uses multiple methods or falls back between them, Apata must still report a single authentication method value to the payment scheme. This is controlled by the auth method precedence on each method within an option. The method with the lowest precedence number takes priority in reporting. If Delegate SCA succeeds it is reported; if it fails and the cardholder falls back to SMS OTP, then SMS OTP is reported instead.
Assigning a Challenge Profile
A Challenge Profile is assigned to a Card Program. It can also be overridden at the card level via Card Link using the challengeProfileId field, allowing per-card authentication flows where needed.
Updated about 1 month ago