Static Password
The Static Password challenge method represents the knowledge factor in SCA. When enabled, cardholders must enter their pre-set password to authenticate the transaction.
Knowledge Factor
Proves the cardholder knows their secret password.
Simple Setup
No external integrations required for basic configuration.
Delegate Option
Optionally delegate password verification to your own systems.
How It Works
- Cardholder initiates a transaction
- Apata presents password entry screen
- Cardholder enters their password
- Apata verifies against stored password (or delegates to issuer)
- Transaction proceeds or fails based on verification
Configuration
Basic Settings
| Field | Description |
|---|---|
| Name | User-friendly identifier |
| Alias | Unique identifier (alphanumeric, dashes, underscores). Cannot be changed after creation. |
| Description | Optional details about the method |
Attempt Settings
Authentication Method
| Field | Description |
|---|---|
| Default Value | (01) Static Passcode - reported to payment schemes |
| Matchers | Override auth method value based on Protocol Version |
Delegate Options
| Option | Description |
|---|---|
| Delegate Verify | Apata sends entered password to your Webhook for verification |
| Delegate Cancel | Receive notification when cardholder cancels challenge |
Delegate options require a Webhook to be configured first.
Benefits of Delegate Verify:
- Password never stored in Apata
- Use your existing password verification system
- Full control over password policies
Additional Options
| Option | Description |
|---|---|
| Show Info Screen When Missing Details | Display informational screen if password is not configured |
| Challenge Interface | Select or customise the UI via Challenge Interface Builder |
Password Storage Options
The password is stored with the card enrolment and verified by Apata directly.
Pros:
- Simple setup
- No webhook integration needed
Cons:
- Password stored externally
Common Use Cases
Second Factor Authentication
Static Password is commonly used as a second factor combined with:
- SMS OTP (possession) + Static Password (knowledge)
- Email OTP (possession) + Static Password (knowledge)
This combination satisfies PSD2 SCA requirements.
Fallback Method
Can be configured as a fallback when other methods fail:
- If OOB fails → fall back to Static Password
- If Behavioural Biometrics fails → fall back to Static Password
API References
| Webhook | Description |
|---|---|
| Delegate Verify | Verify cardholder-entered password |
| Delegate Cancel | Cardholder cancelled notification |
Related Topics
- Challenge Profile – Combine Static Password with other methods
- Challenge Interface – Customise the password entry screen
- Webhook – Configure delegate endpoints
- SCA – Strong Customer Authentication requirements
Updated 24 days ago