I am using an API from a payments-provider.
At some point, I show the user a page where he can authenticate himself (enter a code that the payment-provider will send
