> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gr4vy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Customer Authentication Module (CAM)

Customer Authentication Module (CAM) is a feature provided by Mastercard's Click to Pay that adds an extra layer of security to transactions. It verifies the identity of the customer by analyzing device and behavioral data during the checkout process, reducing the risk of fraud.

When CAM is enabled, it silently collects device and behavioral data in the background as the customer interacts with the checkout page. This data is used to create a risk profile for the transaction. Based on this profile, CAM determines whether the transaction is low-risk and can proceed without interruption, or if it requires additional verification.

If a higher risk is detected, CAM may prompt the customer for a one-time password (OTP) or another form of step-up authentication to confirm their identity before the payment is completed. This process is designed to be as seamless as possible, only introducing friction when necessary.

## Benefits

* **Enhanced Security**: Adds a robust layer of authentication to prevent fraudulent transactions.
* **Reduced Friction**: Most legitimate transactions are processed without any extra steps for the customer.
* **Increased Trust**: Provides customers with greater confidence that their payments are secure.

## Implementation

To enable Customer Authentication Module when using Secure Fields for Click to Pay, add the `authenticate.consumer` property to your Secure Fields configuration and set it to `true`.

When enabled, CAM automatically collects and analyzes data to authenticate customers during checkout, providing enhanced security without any additional integration effort.

<CodeGroup>
  ```jsx React {9} theme={"system"}
  <ClickToPay
    srcDpaId='{SRC_DPA_ID}'
    dpaName='{DPA_NAME}'
    dpaLocale='en_AU'
    cardBrands={['mastercard', 'visa', 'amex']}
    consentCheckbox='#click-to-pay-consent-checkbox'
    learnMoreLink="#click-to-pay-learn-more-link"
    authenticate={{
      consumer: true,
    }}
  />
  ```

  ```js Node {11} theme={"system"}
  const clickToPay = secureFields.addClickToPay('#click-to-pay', {
    srcDpaId: '{SRC_DPA_ID}',
    dpaName: '{DPA_NAME}',
    dpaLocale: 'en_AU',
    cardBrands: ['mastercard', 'visa', 'american-express'],
    consentCheckbox: "#click-to-pay-consent-checkbox",
    learnMoreLink: "#click-to-pay-learn-more-link",
    cardForm: "#cc-form",
    signIn: "#click-to-pay-sign-in"
    authenticate: {
      consumer: true,
    }
  })
  ```
</CodeGroup>

## Common issues

<AccordionGroup>
  <Accordion title="3DS overlay pops up but automatically closes">
    This occurs when the 3DS acquirer configuration does not match the required values. Check the 3DS acquirer configuration and verify that the acquirer details for each card scheme are configured exactly as per the [Mastercard Unified Checkout Solutions SDK reference](https://developer.mastercard.com/unified-checkout-solutions/documentation/sdk-reference/parameters/#acquirer-data), listed below.

    **Mastercard**

    | Parameter            | Value    |
    | -------------------- | -------- |
    | Acquirer BIN         | `545301` |
    | Acquirer Merchant ID | `SRC3DS` |

    **Visa**

    | Parameter            | Value      |
    | -------------------- | ---------- |
    | Acquirer BIN         | `432104`   |
    | Acquirer Merchant ID | `33334444` |
  </Accordion>

  <Accordion title="No 3DS prompt when you expect a challenge flow">
    On supported devices, authentication can complete with a passkey and no 3DS prompt appears. If you expect a challenge-based 3DS flow and no prompt appears, work through the following checks.

    **1. Check which features are enabled**

    In the browser developer tools, open the **Network** tab and find the request to `click-to-pay.html`.
    Copy the **Request URL** and URL-decode it twice. The decoded payload should include an `authenticate` block reflecting the features you have enabled:

    ```json theme={"system"}
    "authenticate": {
      "checkout": true,
      "consumer": true
    }
    ```

    `authenticate.checkout` controls [TAS](/guides/features/click-to-pay/tas) and `authenticate.consumer` controls [CAM](/guides/features/click-to-pay/cam). If either value is missing or set to `false`, the feature is not enabled.

    **2. Check the `dynamicDataType` field**

    In the same decoded payload, ensure that the `dynamicDataType` field is either omitted or set to `CARD_APPLICATION_CRYPTOGRAM_SHORT_FORM`.
    This configuration requests a dynamic network token, which [TAS](/guides/features/click-to-pay/tas) requires.

    **3. Verify `acquirer_data` is present in the acquirer response**

    In the **Network** tab, locate the acquirer request.
    The response must have values for `acquirer_data`. If there is no acquirer data, it is likely due to the checkout session initiation.
    Ensure the checkout session setup was created with the correct data fields.
  </Accordion>
</AccordionGroup>