Smart 2FA
What is Smart 2FA?
Exclusively from Veratad, Smart 2FA℠ finally introduces two-factor authentication to customer onboarding. By combining the best of identity verification and two-factor, Smart 2FA delivers the highest level of surety that your customers are who they say they are.
This service is asynchronous
This service may include two requests:
Initial Request: with this request you will start the session by sending the target. Once started the first thing that will happen is the user will receive the OTP either through call or SMS. You will get a session token in return to send back in the secondary request with the user's OTP entry.
Secondary Request: with this request you will send the entered OTP to be scored. If successful the verification process will also occur and the final result is returned.
SMS or Call
You are able to send the OTP via SMS or Call by adjusting the service name on initial request. The service name will either be:
PhoneMatch5.0.Smart2FA.SMS
PhoneMatch5.0.Smart2FA.Call
Initial Request Parameters and example response
POST
https://production.idresponse.com/process/comprehensive/gateway
Request Body
Initial Request Body Example
Initial Request Action and Detail Responses
Secondary request parameters and responses
POST
https://production.idresponse.com/process/continue
Return the OTP entered and the token that you received on the Initial response to complete the transaction
Request Body
Secondary Request Sample Body
Secondary Request Action and Detail Responses
The following are all values that will be returned in the result object of the response.
Issues Responses
When a transaction returns as REVIEW
then there will be a list of issues. This list can include any of the below values.
Rules
PhoneMatch+Smart2FA will process with the default ruleset. Which is as follows:
The ruleset will return a PASS when:
All OTP checks have passed
A match is found
The target is not deceased
The target has provided all valid identity attributes including phone number
The ruleset will return a REVIEW when:
A match is found
The target is not deceased
The OTP was delivered
The OTP matched
The target's identity attributes do not all match
This result will also return an array of issues to notify you of exactly which target attributes provided did not match.
The ruleset will return a FAIL when:
A match is not found
The target is deceased
The phone line type is not acceptable
The OTP is not able to be delivered
The OTP entered does not match the OTP sent
The ruleset will return PENDING when:
The service is waiting for the next API call with session token
Service Testing
Since this service requires a successful OTP process you must use real data and have access to the phone number provided. You will be allotted 250 free transactions for development purposes.
Last updated