Menu

Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Verifying Transactions for PSD2

Twilio's new Verify API is currently available as a Public Beta product. Some features are not yet implemented and others may be changed before the product is declared as Generally Available. Public Beta products are not covered by a Twilio SLA.

What is PSD2?

PSD2 is the short name for Payment Service Directive 2, a set of regulations introduced by the European Banking Authority aimed at combating the rising costs of fraud by requiring Strong Customer Authentication (SCA) for online transactions of greater than 30 euros. To learn more about PSD2, SCA, and dynamic linking check out this post.

Getting started with Verify for PSD2

Twilio Verify can already enable you to quickly verify phone number ownership with one-time passwords (OTP) over SMS or Voice. In a few easy steps, we can extend these capabilities to help us comply with PSD2 by verifying transactions using dynamic linking and Strong Customer Authentication (SCA).

Create a Service with PSD2 Enabled

Before using Twilio Verify for transaction verification, we need to need to create a new Service with PSD2 mode enabled. When PSD2 mode is enabled requests to start and complete verifications will require that the Payee and Amount parameters. Enabling PSD2 mode for Service can be done through the Verify API.

        
        
        
        

        Start a transaction verification

        To verify a transaction, you will start by requesting to send a verification code to the user. Each verification code is dynamically-linked to the Amount and Payee of each transaction. This means that the verification code is unique to the phone number, amount and payee combination. This ensures that if the verification code is intercepted or the transaction is mutated the verification will fail.

        Each verification code is valid for 10 minutes. Subsequent calls to the API before the code has expired will send the same verification code.

              
              
              
              

              Please note: For some regions, we are unable to return carrier and cellphone data by default. You need to contact our support team to switch on those regions. More information on our support site.

              Complete a transaction verification

              To check if a verification code is correct, pass the code along with the phone number, amount and payee to the API.

                    
                    
                    
                    

                    Cancel a transaction verification

                    In some instances, the details of a transaction may change before it can be completed. When that occurs, you can cancel an in-progress transaction verification by updating the status. This will prevent a user from verifying an out-of-date transaction. Note that transactions that have been successfully verified cannot be canceled.

                          
                          
                          
                          
                          Rate this page:

                          Need some help?

                          We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.