Guides
PortalContact Sales
Start typing to search…
  1. Authentication

Challenge Profiles

Challenge Profiles combine multiple Challenge Methods into a layered authentication strategy. They enable fallback options, cardholder choice, and multi-factor authentication to meet SCA requirements while optimizing user experience.

Multi-Factor Auth

Combine methods like SMS OTP + Static Password for SCA compliance.

Fallback Options

Automatically switch to alternative methods when primary authentication fails.

Cardholder Choice

Let cardholders select their preferred authentication method.

Profile Settings

Name & Alias
FieldRequiredDescription
NameYesUser-friendly identifier for the profile
AliasYesUnique identifier (alphanumeric, dashes, underscores). Cannot be changed after creation. Used to reference the profile in Card Programs.
DescriptionNoOptional details about the profile
Allow Fallback

When enabled, a button appears on the Challenge Interface allowing cardholders to switch to an alternative Challenge Method.

Enabled:

Disabled:

When a cardholder clicks the fallback button, Apata transitions to the next method based on the Fallback Index. For example:

  • Fallback Index 0: Delegate SCA
  • Fallback Index 1: SMS OTP

If Delegate SCA fails, the system moves from index 0 to index 1.

Allow Choice

When enabled, cardholders see a choice screen to select their preferred authentication method.

Example configuration:

Resulting choice screen:

The order of options is determined by the Choice Index.

📘

Enabling Allow Choice requires configuring a choice Challenge Interface.

Allow Choice On Fallback

When enabled, if a Challenge Method fails (timeout, bad response, missing phone number, etc.), the cardholder is shown a choice screen to select an alternative method.

📘

Requires a choice Challenge Interface to be configured.

Challenge Method Options

Options define which method(s) are used for authentication. Each option can contain one or multiple methods.

A profile with one option containing one method:

Option 1: Delegate SCA

No choice screen or fallback available-cardholder authenticates with this single method.

Option Configuration

Basic Settings
FieldDescription
AliasUnique identifier for the option (cannot be changed after creation)
DescriptionOptional details, e.g., "In-app notification" or "SMS OTP followed by Static Password"
Fallback on Error

When enabled, the system automatically transitions to the next option if the current method encounters an error.

Example: If Delegate SCA fails, automatically prompt with SMS OTP:

Challenge Method Selection
FieldDescription
Challenge MethodSelect the method from dropdown (SMS OTP, Email OTP, OOB, etc.)
Auth Method ValueDefault authentication method reported to payment schemes
Auth Method PrecedenceNumeric value determining reporting priority (lower = higher priority)
OverridesCustomise auth method value based on Protocol Version
Auth Method Precedence

When multiple methods are used, 3DS requires reporting a single authentication method. Precedence determines which method is reported.

Example:

  • Delegate SCA: Precedence 100
  • SMS OTP: Precedence 200

If Delegate SCA succeeds → report Delegate SCA If Delegate SCA fails and SMS OTP succeeds → report SMS OTP

📘

Use any numbers-only the relative order matters.

Adding Multiple Challenge Methods

PSD2 requires SCA with at least two authentication factors. To add a second method:

  1. Click Add challenge method
Add Challenge Method
  1. Configure the second method
Two Challenge Methods

Authentication flow:

First, cardholder completes SMS OTP:

SMS OTP Interface

Then, cardholder completes Static Password:

Static Password Interface

Secondary Method Fallback

Configure fallback when a second-factor method fails (not the primary method).

Example scenario:

  1. First factor: SMS OTP
  2. Second factor: Behavioural Biometrics
  3. Fallback second factor: KBA (Transaction History)

If Behavioural Biometrics fails (unsupported in app, JavaScript disabled, insufficient data), fall back to KBA.

To configure:

  1. Click Add challenge method with fallback
Add Challenge Method With Fallback
  1. Configure the fallback chain
Fallback from Secondary

Flow:

SMS OTP (1st factor)
    ↓ success
Behavioural Biometrics (2nd factor)
    ↓ failure
KBA / Transaction History (fallback 2nd factor)

Example Configurations

Simple: Single OOB Method
Profile: OOB Only
└── Option 1: Delegate SCA (OOB)

Cardholder authenticates via banking app push notification.

Two-Factor: SMS + Password
Profile: SMS + Password
└── Option 1: SMS OTP + Static Password

Cardholder receives OTP via SMS, then enters their password.

Choice: OOB or SMS+Password
Profile: Choice Enabled
├── Option 1: Delegate SCA (OOB)
└── Option 2: SMS OTP + Static Password

Settings: Allow Choice = true

Cardholder chooses between app authentication or SMS + password.

Fallback: OOB → SMS+Biometrics
Profile: OOB with Fallback
├── Option 1: Delegate SCA (OOB)
└── Option 2: SMS OTP + Behavioural Biometrics

Settings: Fallback on Error = true

If OOB fails, automatically fall back to SMS + biometrics.

Related Topics

  • Challenge Method – Individual authentication methods
  • Challenge Interface – Customise the authentication UI
  • SCA – Strong Customer Authentication requirements
  • Card Program – Assign Challenge Profiles to card segments

Updated 24 days ago