Message-based transaction data signing

Message-based transaction data signing is a type of transaction data signing that supports virtual signatures that are sent via email, SMS, or voice delivery to a mobile device. A virtual signature consists of a one-time password (OTP) and signature data fields that are unique to the pending transaction.

This type of transaction requires a virtual authenticator that supports VDP Sign.

Prerequisites

To ensure successful message-based transaction data signing, the following prerequisites must be met:

  • The user exists in OneSpan Cloud Authentication.
  • A virtual authenticator that supports VDP Sign must be assigned to the user in OneSpan Cloud Authentication.
  • The user must provide a valid phone number and/or email address.

Sign transaction data via message-based virtual signature

Message-based transaction data signing — overview

Sequence of a message-based transaction data signing operation via virtual signature

  1. The user initiates the operation from their browser. They enter their credentials which triggers the client application to initiate the signature generation request with the OneSpan Trusted Identity platform.
  2. The Authentication component verifies the user credentials.
  3. The Authentication component generates the signature and contacts the Message Delivery component.
  4. The Message Delivery component forwards the message, which consists of an OTP and signature data fields, via the specified delivery method (SMS/ email/ voice call) to the mobile device of the user.
  5. The user verifies the signature data fields and enters the one-time password (OTP) into their client application.
  6. The client application sends the transaction validation request to the OneSpan Trusted Identity platform. The request contains the OTP and the signature data fields.
  7. The Authentication component validates the signature and confirms the transaction.

For more information about how to integrate message-based transaction data signing in OneSpan Cloud Authentication, see Message-based transaction data signing.