# Pending Authentication Flow

<img src="https://992597239-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FglP5cKjSNRgDHCPNNsT4%2Fuploads%2FByxXDLW0zRXxdDvWN7e8%2Ffile.excalidraw.svg?alt=media&#x26;token=cf57e700-0202-4678-af73-67d569e2d0e9" alt="" class="gitbook-drawing">

***

**Characteristics:**

* Card enrolled in 3D Secure
* Issuer requires additional cardholder verification
* User interaction required

**Flow Steps:**

```
1. Setup → Get authentication tokens
2. Capture → Collect device data automatically
3. Enroll → 3D Secure check: CHALLENGE REQUIRED 
4. Challenge → Display authentication modal to user
5. User Action → Complete OTP, biometric, or other verification
6. Validation → Confirm challenge completion
7. Result → Authentication successful (ECI: 06 for VISA/AMEX, 02 for Mastercard) or authentication failed
8. Authorization → Process payment (if successful)
9. Complete → Transaction finalized
```

**API Responses:**

* Setup: `status: "Completed"`
* Enroll: `status: "Pending_authentication"`
* Validation: `status: "Authentication_successful"` or `status: "Authentication_failed"`

**Challenge Types:**

* SMS OTP verification
* Mobile app push notification
* Biometric authentication
* Security questions
* Hardware tokens

**Implementation Notes:**

* Use Cardinal Commerce SDK for challenge display
* Handle challenge timeout scenarios
* Provide fallback authentication methods