2FA for Tokenization

Sending Cardholders 2FA Codes

See Cardholder Authentication for an overview of two-factor authentication for digital wallets. The generation of a 2FA code is triggered when either the wallet or you decide (if using self-serve tokenization decisioning above) to authenticate the end user trying to tokenize their card. Note that when Apple or Google pass a recommendation_decision of REQUIRE_ADDITIONAL_AUTHENTICATION, Lithic must either trigger 2FA or decline the tokenization per the wallets’ requirements.

Lithic offers two ways to send a two-factor authentication code to end users:

  1. Lithic sends the 2FA code on your behalf. We will send the user a message via text or email using the information on file for enrolled accountholders. Speak to your implementation manager about how to set this up.
  1. You send the 2FA code to end users yourself. You may want to customize your messaging and/or send all messages from a single, consistent email address or phone number. If you want to send 2FA codes yourself, register an event subscription URL to subscribe to events of type tokenization.auth_code. See Digital Wallet Tokenization Auth Code.

Digital Wallet Tokenization Auth Code

Lithic also enables customers to deliver authentication codes to end users themselves. This webhook will only be sent to customers authenticating their end users via email or phone; this code will not be sent for users authenticating via mobile app. Lithic will send you a webhook containing the two-factor authentication code using event_type: tokenization.two_factor_authentication_code. Note that to receive these webhooks, you'll need to subscribe to this event type using our Events API. See the API Reference for more information about the data you will receive via the webhook.