3D Secure 2

3D Secure 2

Keep your transactions compliant with Strong Customer Authentication (SCA) requirements and bring more friendly user experience to your customers with a 3D Secure 2, also known as EMV 3D Secure, a brand new secure authentication protocol which supports app-based authentication. Mobile SDK makes it easy to integrate all new 3DS features into your e-commerce app.



App-based authentication

In the app-based flow, a cardholder initiates a transaction on a mobile device (Android or iOS) from a 3DS-enabled app. Mobile SDK collects and encrypts data from the mobile device, and sends it to the issuer bank. Based on the data, the bank decides whether additional cardholder interaction is required.

Frictionless flow

The authentication is achieved without cardholder interaction.

Challenge flow

Cardholder interaction is required to authenticate the payment. With Mobile SDK, the authentication is embedded natively in app, i.e no redirects to a browser. There are a variety of authentication options which the bank can initiate. It can be a simple password input in a native UI, an OTP, or an "out-of-band authentication", where the authentication happens via fingerprint or facial recognication in the banking app. Check Advanced Options for more details.


Integration types

The Mobile SDK (MSDK) provides seamless integration with 3D Secure 2 payments.

Integration steps differs depending on how MSDK is used in your app. In these guides we assume that you already integrated base MSDK to make payments with one of the following ways:

Where do I start?

3D Secure 2 should work out of the box with the MSDK. Just configure 3DS 2 in the Administration Portal, import 3DS library to your project, and you are ready to run first 3DS 2 transaction.

Import the library

If you followed Install the SDK guide, then the library ipworks3ds_sdk is already installed. No extra imports is required.

There are two versions of the ipworks3ds_sdk: one to be used for development and one for production. The production version includes more strict security measures that would not allow for common development processes to occur, including running with attached debuggers or using simulators/emulators. In particular, the production version does not work with apps outside the official app/play store. The production version includes _deploy in the filename.


Ready-to-use UI

We assume that you already went through the base MSDK integration guide and can submit payments. If yes, proceed with the following instructions to enhance payments with the 3D Secure 2 verification.

NOTE: First of all, proper configuration in the Administration Portal should be done to enable 3DS 2 for the specific card brands.

There are no mandatory steps for 3D Secure 2 integration, everything is working out of the box. However, we strongly recommend to look through the Advanced Options. Use the threeDSConfig property of the CheckoutSettings instance to apply customizations.


Your Custom UI

We assume that you already went through base MSDK integration guide and can submit payments. If yes, proceed with the following instructions to enhance payments with the 3D Secure 2 verification.

NOTE: First of all, proper configuration in the Administration Portal should be done to enable 3DS 2 for the specific card brands.

Implement challenge callback

Submit transaction call

From now just follow with Submit Transaction step of MSDK Custom UI integration guide. All 3D secure 2 actions are integrated within payment request.


Advanced Options

Here you can find out how to:

Device data collection

Device information is gathered by the Mobile SDK from a shopper device during 3DS Service initialization. By default, SDK collects as many parameters as it can. The full list of device info can be found in the EMVCo Specifications, check the file called "EMV® 3-D Secure SDK—Device Information".

Device data blacklist

You can set a list of parameters which should not be pulled from the device because of some market or regional restrictions. Use identifiers from the "EMV® 3-D Secure SDK—Device Information" file, e.g. , and add this info to the 3DS config.

Security

As soon as 3DS Service is initialized, you may want to verify security warnings and abort the transaction in case of high risk. Here is the list of possible security warnings to be detected:

Security warning IDDescriptionSeverity Level
SW01The device is jailbroken.High
SW02The integrity of the SDK has been tampered.High
SW03An emulator is being used to run the app.High
SW04A debugger is attached to the app.Medium
SW05The OS or the OS version is not supported.High
  • If you use our Ready-to-use UI the right place to check warnings is a callback which is called before submitting the transaction. For this purpose, you should implement . See details in the MSDK guide.

  • If you use Mobile SDK and Your Custom UI you can invoke this method anywhere in your code.

UI customization

Mobile SDK allows to customize challenge screens to match your app's look-and-feel. API provides the following classes to customize specific elements on the screen:

ClassDescription
ToolbarCustomizationBackground color of the toolbar + header label customization
LabelCustomizationHeading text customization
TextCustomizationNon-heading text cusomization
TextBoxCustomizationCorner radius of input fields + label customization
ButtonCustomization Button background color, corner radius and font customization. Make sure you set appropriate style for each type of buttons:
  • CANCEL - Button placed in the right corner of Toolbar
  • SUBMIT - Main action on the screen
  • RESEND - Secondary action
  • CONTINUE - Main action in case of authentication in the external app
  • NEXT - Main action in case of authentication consists of several steps

See the sample code how UI customization can be applied in your app:

Challenge screens customization

Cardholder Information

Cardholder information is 3D Secure response field provided by ACS/Issuer to cardholder during a Frictionless or Decoupled transaction. The Issuer can provide information to cardholder. If this value is present in transaction response, this information is required to be displayed by merchant app to cardholder.