Why is EMV 3DS So Important?
EMVCo® is the payment industry’s standards body responsible for securing in-person payments using a chipcard and online payments using 3DS. The ‘big new’ in in the 2nd version of 3DS is payments made within a mobile app; the ‘big fix’ is a frictionless consumer experience.
mSIGNIA joined EMVCo in 2015 to help create the 3DS version 2 specification, or EMV 3DS®, and was elected by other Technical Associates two years later to act as a technical advisor to the EMVCo Board, which includes American Express®, Discover®, JCB®, Mastercard®, UnionPay® and Visa®.
mSIGNIA was the first security company to release an iOS® and Android® mobile security SDK; as such mSIGNIA’s SDK and products were part of the initial EMV 3DS compliancy tests. mSIGNIA’s 6th generation SDK for iOS, Android and browsers is an EMVCo certified ‘universal’ SDK (uSDK); enabling merchants to integrate a single SDK into their website, iOS app or Android app and support the data requirements of advanced concepts like the choice of credit or debit processing and SCA compliance.
mSIGNIA provides a complete, balanced, mobile-first and data-ready EMV 3DS solution that is certified compliant with version 2.2 and all available payment network extensions like those from Visa® and Mastercard®.
Follow the links to learn more about EMV 3DS enhanced with SCA or see mSIGNA’s EMV 3DS and SCA products
PSD2 SCA Authentication Data
PSD2 SCA is a European standard for 2-factor authentication; it includes recommendations and clarifications regarding the pairing of authentication methods including newer, analytical authentication methods such as behavioral biometrics.
mSIGNIA uses EMV 3DS compliant extensions to allow issuers to remotely instruct the uSDK within a merchants app or website to collect SCA compliant authentication data for risk scoring.
The three authentication factors are:
Inherence / Biometrics
Who You Are
including Behavioral Biometrics (Typing Pattern, Device angle/tilt, Swipe pattern, and Pressure) and Physical Biometrics (Fingerprint and Face geometry)
Possession / Tokens
What You Have
including Device Identifiers like cookies, tags, crypto keys, or tokens stored on the device
Knowledge / Secrets
What You Know
including user entered data (PIN, password, QnA, etc) collected either during 3DS frictionless flow (via uSDK extension) or 3DS challenge
Follow the links to learn more about EMV 3DS enhanced with SCA or see mSIGNA’s EMV 3DS and SCA products
Digital Biometrics
mSIGNIA invented and patented Digital Biometrics, the newest invention in analytical identity, or aID. aID uses learning algorithms to understand how data can authenticate a user. The three main aID authentication methods are:
- Behavioral Biometrics – analyzes kinesiology (the data of motion) to recognize a user by their typing, swiping, device holding, and other movements
- Digital Biometrics – analyzes the data a consumer adds to their device, either directly or through their actions such as location, both the data and change in the data are analyzed
- Social Biometrics – analyzes a user’s identity claims against online data attributed to the user (i.e. credit histories, social media, etc); typically used to protect new accounts and account takeover
A Digital Biometric is unique in that it both identifies the device and the user. Naturally, since the data is stored on the device, it identifies the device. However, when a consumer gets a new phone, their Digital Biometric is synchronized to the new device … making a Digital Biometric device independent.
In addition, since a user’s actions change data logged by the device – including location, connected networks, and connected Bluetooth devices – even if one steals all the Digital Biometric from a user’s device and attempts to play-back that data to fraud the system, the data will not change according to the pattern learned from the real user; the fraudster will be detected.
As the table below shows, Digital Biometrics considers 4X the risk data defined for collection in the EMV 3DS specification:
