Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

Verify Transactions for PSD2


(information)

Info

To enable PSD2 mode on your account, contact Twilio Support(link takes you to an external page).


What is PSD2?

what-is-psd2 page anchor

PSD2 is the short name for Payment Service Directive 2(link takes you to an external page), a set of regulations introduced by the European Banking Authority(link takes you to an external page) aimed at combating the rising costs of fraud. PSD2 requires Strong Customer Authentication (SCA) for online transactions involving more than 30 Euros. To learn more about PSD2, SCA, and dynamic linking check out this post.(link takes you to an external page)


Get started with Verify for PSD2

get-started-with-verify-for-psd2 page anchor

Twilio Verify already allows you to quickly verify phone number ownership with one-time passwords (OTP) over SMS. In a few steps, you can extend these capabilities to help comply with PSD2 by verifying transactions using dynamic linking and Strong Customer Authentication (SCA).

Enable PSD2 on your account

enable-psd2-on-your-account page anchor

First, you must contact Twilio Support(link takes you to an external page) to enable PSD2 mode on your account.

Create a Service with PSD2 enabled

create-a-service-with-psd2-enabled page anchor

Next, create a new Service with PSD2 mode enabled, as shown in the code sample below.

Once enabled, requests to start and/or complete verifications require the Payee and Amount parameters.

Create a PSD2 Enabled Verify Service

create-a-psd2-enabled-verify-service page anchor
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl

_10
// Download the helper library from https://www.twilio.com/docs/node/install
_10
// Find your Account SID and Auth Token at twilio.com/console
_10
// and set the environment variables. See http://twil.io/secure
_10
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_10
const authToken = process.env.TWILIO_AUTH_TOKEN;
_10
const client = require('twilio')(accountSid, authToken);
_10
_10
client.verify.v2.services
_10
.create({psd2Enabled: true, friendlyName: 'My PSD2 Service'})
_10
.then(service => console.log(service.psd2Enabled));

Output

_38
{
_38
"sid": "VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_38
"account_sid": "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_38
"friendly_name": "My PSD2 Service",
_38
"code_length": 4,
_38
"lookup_enabled": false,
_38
"psd2_enabled": true,
_38
"skip_sms_to_landlines": false,
_38
"dtmf_input_required": false,
_38
"tts_name": "name",
_38
"do_not_share_warning_enabled": false,
_38
"custom_code_enabled": true,
_38
"push": {
_38
"include_date": false,
_38
"apn_credential_sid": "CRXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_38
"fcm_credential_sid": null
_38
},
_38
"totp": {
_38
"issuer": "test-issuer",
_38
"time_step": 30,
_38
"code_length": 3,
_38
"skew": 2
_38
},
_38
"default_template_sid": "HJXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_38
"verify_event_subscription_enabled": false,
_38
"date_created": "2015-07-30T20:00:00Z",
_38
"date_updated": "2015-07-30T20:00:00Z",
_38
"url": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_38
"links": {
_38
"verification_checks": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/VerificationCheck",
_38
"verifications": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Verifications",
_38
"rate_limits": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/RateLimits",
_38
"messaging_configurations": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/MessagingConfigurations",
_38
"entities": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Entities",
_38
"webhooks": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Webhooks",
_38
"access_tokens": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/AccessTokens"
_38
}
_38
}

Start a transaction verification

start-a-transaction-verification page anchor

To start a transaction verification, send an HTTP POST request to your PSD2-enabled Service's Verifications resource. This request must contain the Amount, Payee, To, and Channel parameters.

This HTTP request causes Twilio to send a verification code to the user. Each verification code is dynamically-linked to the Amount and Payee of each transaction. The code is unique to the To (e.g., the recipient's phone number), Amount, and Payee combination. This ensures that verification fails in the event of code interception or transaction mutations.

Each verification code is valid for 10 minutes. Within that ten-minute time frame, any subsequent HTTP POST requests to the Verifications resource for the transaction cause Twilio send the same verification code.

Start a PSD2 verification

start-a-psd2-verification page anchor
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl

_16
// Download the helper library from https://www.twilio.com/docs/node/install
_16
// Find your Account SID and Auth Token at twilio.com/console
_16
// and set the environment variables. See http://twil.io/secure
_16
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_16
const authToken = process.env.TWILIO_AUTH_TOKEN;
_16
const client = require('twilio')(accountSid, authToken);
_16
_16
client.verify.v2.services('VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
_16
.verifications
_16
.create({
_16
amount: '€39.99',
_16
payee: 'Acme Inc.',
_16
to: '+15017122661',
_16
channel: 'sms'
_16
})
_16
.then(verification => console.log(verification.sid));

Output

_23
{
_23
"sid": "VEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_23
"service_sid": "VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_23
"account_sid": "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_23
"to": "+15017122661",
_23
"channel": "sms",
_23
"status": "pending",
_23
"valid": false,
_23
"date_created": "2015-07-30T20:00:00Z",
_23
"date_updated": "2015-07-30T20:00:00Z",
_23
"lookup": {},
_23
"amount": "€39.99",
_23
"payee": "Acme Inc.",
_23
"send_code_attempts": [
_23
{
_23
"time": "2015-07-30T20:00:00Z",
_23
"channel": "SMS",
_23
"attempt_sid": "VLXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
_23
}
_23
],
_23
"sna": null,
_23
"url": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Verifications/VEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
_23
}

(information)

Info

For some regions, Twilio is unable to return carrier and cellphone data by default. To enable these regions, contact Twilio Support(link takes you to an external page).

More information can be found in the Help Center(link takes you to an external page).

Complete a transaction verification

complete-a-transaction-verification page anchor

To check if a verification code is correct, send an HTTP POST request to your PSD2-enabled Service's Verification Check resource. This request must contain the Code, To (e.g., the user's phone number), Amount, and Payee parameters. A sample request is shown in the example below.

Complete a PSD2 Verification

complete-a-psd2-verification page anchor
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl

_16
// Download the helper library from https://www.twilio.com/docs/node/install
_16
// Find your Account SID and Auth Token at twilio.com/console
_16
// and set the environment variables. See http://twil.io/secure
_16
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_16
const authToken = process.env.TWILIO_AUTH_TOKEN;
_16
const client = require('twilio')(accountSid, authToken);
_16
_16
client.verify.v2.services('VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
_16
.verificationChecks
_16
.create({
_16
to: '+15017122661',
_16
code: '1234',
_16
amount: '€39.99',
_16
payee: 'Acme Inc.'
_16
})
_16
.then(verification_check => console.log(verification_check.status));

Output

_14
{
_14
"sid": "VEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_14
"service_sid": "VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_14
"account_sid": "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_14
"to": "+15017122661",
_14
"channel": "sms",
_14
"status": "approved",
_14
"valid": true,
_14
"amount": "€39.99",
_14
"payee": "Acme Inc.",
_14
"sna_attempts_error_codes": [],
_14
"date_created": "2015-07-30T20:00:00Z",
_14
"date_updated": "2015-07-30T20:00:00Z"
_14
}

Cancel a transaction verification

cancel-a-transaction-verification page anchor

In some instances, the details of a transaction may change before it can be completed. When that occurs, you can cancel an in-progress transaction verification by updating the Status of the Verification resource. An example of this request is shown below.

This prevents a user from verifying an out-of-date transaction.

That transactions that have been successfully verified cannot be canceled.

Cancel a Transaction Verification

cancel-a-transaction-verification-1 page anchor
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl

_11
// Download the helper library from https://www.twilio.com/docs/node/install
_11
// Find your Account SID and Auth Token at twilio.com/console
_11
// and set the environment variables. See http://twil.io/secure
_11
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_11
const authToken = process.env.TWILIO_AUTH_TOKEN;
_11
const client = require('twilio')(accountSid, authToken);
_11
_11
client.verify.v2.services('VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
_11
.verifications('VEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
_11
.update({status: 'canceled'})
_11
.then(verification => console.log(verification.to));

Output

_23
{
_23
"sid": "VEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_23
"service_sid": "VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_23
"account_sid": "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_23
"to": "+15017122661",
_23
"channel": "sms",
_23
"status": "canceled",
_23
"valid": false,
_23
"date_created": "2015-07-30T20:00:00Z",
_23
"date_updated": "2015-07-30T20:00:00Z",
_23
"lookup": {},
_23
"amount": null,
_23
"payee": null,
_23
"send_code_attempts": [
_23
{
_23
"time": "2015-07-30T20:00:00Z",
_23
"channel": "SMS",
_23
"attempt_sid": "VLXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
_23
}
_23
],
_23
"sna": null,
_23
"url": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Verifications/VEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
_23
}


Rate this page: