The merchant is starting the real-time authorisation process (i.e. requests authorisation from the issuing bank / the consumers bank). As soon as the authorisation request reaches the bank, the PSOCA card gets automatically de-activated. It can only be re-activated by the consumer. The User Interface feeds this back to the consumer, for him/ her to perceive the added security.
A few seconds later the merchant has received authorisation and confirms the payment. Thats all. This is how easy a secure payment can be performed. The process is entirely intuitive and can be done by anybody, who can use a normal plastic card on the Internet. In principle, the consumer could now close the card window. That's all he/she needs to do for a payment.