Assisted 3DS authentication
Learn about our Assisted 3DS authentication model, where your platform participates in the authentication flow. This guide explains your role in managing the user challenge process for securing online transactions.
The Assisted 3DS authentication model is a hybrid approach where the MatchMove manages the security and generation of the One-Time Password (OTP), but delegates the last-mile delivery to the Partner. The platform "assists" the partner by providing the security code via a webhook, enabling the partner to communicate with the cardholder through their own channels.
How It Works
- Challenge Required: The platform determines a transaction requires 3DS verification.
- OTP Generation: The platform generates a secure, time-bound OTP.
- Handoff (Webhook): Instead of sending an SMS or email, the platform triggers a real-time webhook to the partner’s server containing the OTP and transaction context.
- Partner Delivery: The partner receives the webhook and immediately pushes the OTP to the cardholder via their preferred channel (SMS, Email, or In-App Push).
- Verification: The cardholder inputs the code, and the platform validates it to authorize the transaction.
Getting started with Assisted 3DS authentication
Assisted 3DS Authentication is an OPTIONAL service that is available for new and existing partners.
Without this enabled, by default, MatchMove is responsible for the delivery of 3DS OTP to the enabled delivery channels.
However, when this service is enabled, the partner will be able to take over the delivery of the 3DS OTP to the cardholder.
1
Enable Assisted 3DS in the platform configuration
Partners who want to enable Assisted 3DS Authentication should contact the MatchMove Implementation team and request to set up and configure it in the platform configuration.
2
Implement 3DS Authentication webhook workflow
Once the service is enabled in the configuration, partners must subscribe to the webhook event CARDS.3DS.AUTHENTICATION.
This webhook will deliver a payload containing the card ID and transaction 3DS from a payment authentication request.
Upon receipt of theCARDS.3DS.AUTHENTICATION the partner must consume the payload and prepare for the OTP delivery to their customer.
Sample webhook payload
{
"entities": {
"card": {
"id": "{{card_id}}",
"type": "{{card_type_code}}"
},
"transaction": {
"authentication": {
"channel": "email,sms,partner_app",
"created_at": "2024-10-22T22:52:41+08:00",
"id": "{{card_id}}",
"method": "otp",
"otp": "856596",
"otp_expires_at": "2026-01-21T15:45:46+08:00",
"otp_generated_at": "2026-01-21T15:41:46+08:00",
"retry_count": "0"
},
"merchant": {
"merchant_name": ""
},
"network": "MASTERCARD",
"transaction_amount": "0.1",
"transaction_currency": "SGD"
},
"user": {
"email": "john.smith@matchmove.com",
"id": "{{user_id}}",
"mobile": "8814722483",
"mobile_country_code": "63"
}
},
"entity_id": "{{card_id}}",
"entity_type": "CARD",
"event_timestamp": "2026-01-21T07:41:46Z",
"message_id": "74d29503a0fa4a6cbf096dd9383c0f78",
"program_code": "{{program_code}}",
"version": "v2",
"webhook_event": "CARDS.3DS.AUTHENTICATION"
}3
Deliver the 3DS OTP (received from the webhook) to your customer
The authentication code received from the webhook must be passed or delivered to the cardholder through the allowed channels.
Allowed 3DS OTP delivery channels:
- SMS
- Email
- Push notification via the Partner app
4
Validate your integration
There are simulation APIs available that can be used to test Assisted 3DS Authentication in the staging environment.
You can go to the Simulate Assisted 3DS Authentication section to learn more about the simulation procedures.
Related Links
On this page
- Assisted 3DS authentication