2FA for retailers

Learn how 2-Factor Authentication improves transaction security.

One of the most important preconditions for online payments is that customer should trust and feel secure while transacting on your site. One way for retailers like you to improve transaction security is by curtailing fraud attempts.

Apart from the security measures implemented by banks, you have a number of powerful additional techniques to authenticate card owner identity and prevent potential fraud and misuse. One of these is the 3D Secure Service powered by Infobip Two Factor Authentication (2FA).

How does the 3D Secure Service work with Infobip 2FA?

When consumers decide to buy goods or services from your online store, they proceed to the payment page to enter their card details. Now, both you and banks can use 3D Secure to authenticate these card transactions through a process wherein the customer is prompted to enter a one-time PIN to finalise the payment process. PINs can be generated and verified with the Infobip 2FA service.

This is how the process works:

  1. When applying for a credit card, the customer provides a valid phone number, which is stored in the bank’s user database.
  2. During the purchase process, the customer enters his credit card information on your payments page.
  3. You can verify the card details entered with the bank (card issuer) and simultaneously request the customer’s registered phone number.
  4. Upon receiving the customer's mobile phone number from the bank, you can send a PIN number to it, using this simple API request:

         "applicationId": "HJ675435E3A6EA43432G5F37A635KJ8B",
         "messageId": "0130269F44AFD07AEBC2FEFEB30398A0",
         "to": "41793026727"

‘ApplicationId’ and ‘MessageId’ are created during the 2FA service setup to support different configuration options and message templates (e.g. 'Your PIN number is <pin>.').

Once Infobip receives the API request, we generate a PIN ID and PIN. The PIN ID is returned to you via the API response and the PIN is sent to the given phone number.

  1. The customer receives a Time-Based-One-Time-Pin (TOTP) on his / her phone and retypes it in the field provided on the relevant webpage. This information is passed on to you.
  2. You then call Verify PIN API, providing the PIN ID received in step 4 and PIN provided by the user in step 5:




  1. Infobip verifies that the PIN entered by the customer is indeed paired with the PIN ID and returns a confirmation in the API response.
  2. Upon receiving a confirmation in the API response, your website approves the transaction and redirects the user to the 'thank you' page - the last step in the checkout process.