Authenticating payments

Once a payer selects a provider we direct them to the specific authentication flow provided by that bank in order to securely authorise payment. These differ for each bank.

If the payer has more than one account with the provider they will select their preferred source of funds, then authorise the payment.

Web based authentication and authorisation

This is the default checkout flow and is included part of a bank's 'internet banking' offering. This doesn't normally involve the use of a card reader and is how many of your customers using a desktop web browser will authenticate bank payments.

App based authentication and authorisation

If the PaymentSession URL is opened on a mobile device the provider's authentication flow may be performed using the provider's mobile app (if the your customer has it installed).

This often means authentication can be performed quickly using biometrics (fingerprint/facial recognition) or a PIN code if the customer has set this up.

If a provider operates exclusively via a mobile app (e.g. Monzo or Starling) there is a common scenario where a payer may begin to Checkout on their desktop browser but are required to complete the authorisation using the Provider's mobile app. This normally involves scanning a QR code (or similar) to 'hand-off' the authentication and authorisation steps to the mobile app.