Products - mSIGNIA

mSIGNIA’s EMV 3DS compliant merchant Server and SDKs (iOS, Android, web) are enhanced to ensure more transactions are approved without interruptions like challenges and out-of-band exchanges that cause cart abandonment. Some mSIGNIA products highlights…

Only product that is compliant with both EMV 3DS v2.2 and PSD2 SCA (not just processing extensions)
Only vendor to sell certified 3DS SDKs separately to 3DS vendors with their own 3DS Server
Payment Simulator enables merchants and all payment services to test their 3DS products in an end-to-end compliance sandbox
In spite of 2020 global delays, mSIGNIA tripled the number of companies using our EMV 3DS products
mSIGNIA’s EMV 3DS products are used by 2 of the 4 US credit card companies, 3 of the 10 largest payment providers, several banks, and leading 3DS technology providers

What payment security products do you need? Click on a statement below to find out more…

I have a 3DS Server and need SDKs

I need a 3DS Merchant Solution (Server + SDKs)

I need Better Data for SCA and Risk Scoring

I need to Test and Demo my 3DS and SCA offering

mSIGNIA’s Universal SDK for 3DS and SCA

The best payment products are simple for the merchant to implement, easy for the consumer to use, and enable frictionless approval of valid transactions.

mSIGNIA’s Universal SDK, or uSDK, is certified compliant with both EMV 3DS versions 2.1 and 2.2. The uSDK has been enhanced with EMV 3DS compliant extensions which improve data exchanges and user functionality to

Get issuers the data they require to approve more transactions, and
Comply with Europe’s PSD2 Strong Consumer Authentication.

The uSDK supports extended commands within compliant EMV 3DS protocol exchanges which instruct the uSDK to

Collect additional data such as device tags and behavioral biometrics for SCA compliance, and
Prompt the user for a fingerprint or facial biometric which can initiate a FIDO authentication exchange

Only mSIGNIA’s uSDK allows issuers and risk scoring engines to get enhanced device and biometric data from a merchant’s iOS and Android mobile app so more transactions are approved without interruptions that cause cart abandonment.

mSIGNIA’s uSDK includes SDKs for iOS, Android, and browsers as well as a uMPI, shown in orange in the diagram.

The uSDK’s enhanced commands are embedded in EMV 3DS protocol exchanges and invisible to the merchant’s eCommerce web server and their mobile apps.

mSIGNIA also provides a uMPI which makes EMV 3DS data exchanges transparent to the merchant and provides the merchant more control over data collected, the ability to protect consumer privacy, and the choice between credit and debit transaction processing.

Improving the consumer experience and accuracy of risk scoring increases the number of approved transaction so the entire payment ecosystem works better.

Click on the icons below or scroll down to learn more about uSDK benefits for merchants and consumers…

mSIGNIA’s simple, single universal SDK is easy to integrate; works with any compliant EMV 3DS Server, and supports 3^rd party configuring so issuers get the data they need to approve more transactions

Many larger merchants use multiple payment service providers (PSPs) for various reasons including geography, debit vs credit, and discounts. Since most PSPs require merchants to integrate the PSP’s specific SDK, this can lead to merchant confusion which (possibly multiple) SDKs are required to be integrated in their mobile apps.

Many merchants have only recently released their mobile app; the mobile learning curve is still very-much a work in progress. Enabling payment security within such a new environment can be a complex and poorly understood effort; fortunately, mSIGNIA has been helping developers protect their mobile apps for years.

The uSDK is a 6^th generation, universal SDK for web, iOS and Android mobile applications. The uSDK works with any compliant EMV 3DS Server and ACS, is widely used globally, and is configurable to gather additional data which increases the number of improved transactions.

mSIGNIA also provides a universal MPI, or uMPI, to simplify the integration between a merchant’s iOS and Android mobile apps, the merchant’s eCommerce web server, and the 3DS Server. The uMPI handles the complexities of 3DS exchanges so the merchant can focus on a wonderful selling experience, not 3DS protocol.

mSIGNIA’s uSDK and uMPI address merchant integration concerns by providing referenceable, reusable, and buildable storefront code for the browser, the iOS mobile app, the Android mobile app and even the merchant’s back-end commerce server.

Go back to merchant feature list

mSIGNIA’s uMPI provides merchants a transparent gateway to see, edit, and control data being collected from their consumers.

Typical EMV 3DS SDKs cipher the device data collected from the consumer’s device, hiding it from the merchant even though when a consumer transacts within a merchant’s mobile app, the merchant is responsible for protecting that consumer’s privacy. mSIGNIA’s uSDK and uMPI share all data collected so the merchant can determine how best to share that data to protect both consumers and transactions.

Merchants can also use the uMPI to add server data from card-on-file wallets, subscription payments, and shopping carts to improve the consumer experience.

When the data is ready to be passed to the EMV 3DS Server and down the 3DS rails for transaction processing, the uMPI will cipher the resultant data according to EMV 3DS specification.

When a merchant is in control of the data being collected and sent through its storefront, they can protect the consumer and more comfortably pass the proper data over EMV 3DS so that the transaction is approved.

Go back to merchant feature list

Payment orchestration enables the merchant to choose the best payment method according to their business rules and customer demands.

Many payment cards are dual branded; having payment choices for credit or debit transaction processing. Often a national debit network is more economical for merchants and consumers.

As part of mSIGNIA’s client API’s 3DS data transparency, mSIGNIA allows a merchant to choose credit or debit pay rails according to their business needs. cAPI ciphers the resultant data accordingly so it can be passed over the proper payment network.

Go back to merchant feature list

EMV 3DS guarantees payment for a merchant’s online transactions, but only when the issuer approves the transactions. Issuers need the right data to approve transactions and their risk data tends to be specialized.

mSIGNIA recognized the balance required between merchants sharing data and issuers approving transactions.

The uMPI was created so merchants had transparency about the risk data being collected; transparency builds trust.
The uSDK was created so issuers can collect custom data and perform actions like prompting for a fingerprint; the right risk data yields more approved transactions

As an added benefit, the uSDK’s enhanced data also enables the 2-factor authentication required for SCA compliance. Authentication elements like dynamic device recognition and behavioral biometrics are approved SCA methods and reduce risk so more transactions are approved. For more about SCA authentication, see here.

Read the next section on Delegated Authentication to learn how merchants can also benefit from 2-factor authentication.

Go back to merchant feature list

A frictionless transaction requires frictionless authentication. The most advanced authentication schemes, including PSD2 SCA, feature 2-Factor authentication like biometrics and dynamic device recognition; for more on authentication factors see here.

Nearly all merchants authenticate their consumers and most merchants would benefit from frictionless authentication methods. mSIGNIA’s cAPI and uSDK enable a merchant to collect the authentication data that allows a merchant to improve the security and consumer experience of ‘knowing you customer’.

Merchants that perform 2-factor authentication can use this authentication as delegated authentication in EMV 3DS and exert more control over their payments and – ultimately – improve the consumer experience.

Many merchants are not ready to do their own SCA-compliant authentication. Other merchants want to continue to benefit of the liability shift EMV 3DS enables and not be responsible for the transaction when they provide their own Delegated Authentication.

For these merchants, mSIGNIA created the concept of Moderated Authentication. Moderated authentication enables the issuer to continue to authenticate their cardholder and be responsible for the transaction but without the interruption of step-up challenges or out-of-band.

Click to learn more about Moderated Authentication.

Go back to merchant feature list

mSIGNIA’s EMV Server and SDKs … the Complete 3DS Merchant Offering

mSIGNIA provides a complete EMV 3DS merchant solution that includes an EMV 3DS version 2.2 compliant 3DS Server, SDKs for iOS and Android, plus the uMPI which simplifies merchant integration, especially with a merchant’s iOS and Android mobile apps.

mSIGNIA offers its 3DS Server in cloud-compliant Java containers which allow a customer to run the Server on-premise and seamlessly integrate it with their overall payment offering and brand.

To learn everything about how mSIGNIA’s uSDK and uMPI benefit merchants, see above.

mSIGNIA’s uSDK enables SCA and improves Risk Scoring for Issuers

Online payments represent an interesting problem: consumers are connected to a merchant for the transaction, but a third party – issuers – are expected to secure the transaction. It is not the typical, 1:1 client/server security scheme; payment has multiple parties involved.

3DS, which stands for 3-Domain Security, was created to provide payment security across the merchant and issuer domains, using the payment network domain to make the connection. 3DS is not really a security standard; topics like authentication and transaction risk scoring are outside the spec. 3DS is a data transport standard, it defines the rails on which data moves between merchant and issuers. When it comes to reducing risk, data is everything.

For transactions done on a browser, the browser can be invisibly redirected to the issuer who can read-and-write cookies directly with the consumer’s device to identity the device and assess transaction risk.

However, with iOS and Android mobile app transactions, issuers cannot directly connect to the consumer’s device. The EMV 3DS SDK, running inside the merchant’s mobile app, collects specified data on-behalf-of the issuer and passes it down the 3DS rails as part of the initial 3DS frictionless flow.

When a merchant’s app includes mSIGNIA’s Universal SDK (or uSDK, shown as orange 3DS components in the diagram) it supports extended commands within compliant EMV 3DS protocol exchanges. 3DS extensions such as mSIGNIA’s uSDK instructions are compliant with the EMV 3DS spec; both Visa and Mastercard have their own 3DS extensions.

The uSDK’s enhanced commands are embedded in EMV 3DS protocol exchanges between the EMV 3DS SDK and ACS; they are invisible to the EMV 3DS Directory Server, the 3DS Server, and the merchant’s iOS and Android mobile apps.

Only mSIGNIA’s uSDK can…

Be remotely managed to satisfy the risk requirements of nearly any issuer or risk scoring engine
Collect risk data directly from a merchant’s iOS and Android mobile app
Prompt the consumer for a fingerprint or facial biometric without requiring out-of-band processing or a downloaded issuer app
Collect data such as dynamic device tags and behavioral biometrics for SCA compliance

mSIGNIA’s SDKs are being widely distributed to merchants by 2 of the 4 US payment networks, 3 of the 10 largest payment providers, and leading 3DS technology providers so issuers can get the data they require to approve more transactions without interruptions that cause cart abandonment.

mSIGNIA’s universal SDK framework enables the payment ecosystem to benefit from the mobile environment… rather than be limited by it.

Click on the icons below or scroll down to learn more about uSDK benefits for issuers and risk engines…

mSIGNIA’s uSDK allows issuers and risk scoring engines to collect the data they require from the consumer and their device so that more transactions are approved. Data collected can include both data read from the device’s memory and data relating to user actions such as collecting behavioral biometric data when the consumer is prompted to type their postal code.

The issuer/scoring service has the option of configuring when the uSDK performs the enhanced data collection. Data can be collected as part of the EMV 3DS initial frictionless flow or during the EMV 3DS challenge flow.

Choosing data collection before the transaction is sent in the initial EMV 3DS exchange allows the extra data to be scored immediately with the original transaction request. This eliminates unnecessary exchanges over (potentially slow, sometimes costly) mobile network connections and reduces the number of abandoned transactions.

Go back to the issuer feature list

Nearly all of today’s issuers use proprietary data (like tags or cookies) which ID the device and improve risk scoring. Issuing banks, or their risk engines, each have their own proprietary tags.

EMV 3DS specifies a well-vetted, academically proven method for encrypting and securely transmitting data between an EMV 3DS SDK and ACS. This secure conduit already exists in 3DS, mSIGNIA’s uSDK just leverages it to enable the issuer to send proprietary data to the uSDK.

Once the data is safely transmitted to the uSDK, the uSDK can use native iOS and Android protected memory resources to securely store the data on the consumer’s device where it can be collected later.

Since mobile app memory is much better protected than browser memory, risk data written to mobile apps can be expanded to include payment tokens and crypto keys.

Go back to the issuer feature list

Mobile devices ushered in the era of consumer fingerprint and facial biometrics. Issuers and scoring engines can leverage these familiar biometrics by instructing the uSDK to use system resources forcing the consumer to re-authenticate to the device and noting if a biometric was used.

The issuer/scoring service can also use the uSDK to prompt the user to type into their device to capture behavioral biometrics which capture data on typing, swiping, pressure, and device tilt.

These biometric functions are performed within the merchant’s mobile app without interruption to the shopping experience. Solutions other than mSIGNIA’s uSDK require (1) biometric authentications for 3DS payment be done as a disruptive out-of-band process and (2) the issuer app must be downloaded onto the consumer’s device.

SIGNIA’s uSDK is an easier, faster way to get the safety biometric authentication provides.

Go back to the issuer feature list

Issuers and scoring engines can add extended, 3DS compliant commands in the ACS responses which instruct the uSDK to store and collect additional authentication data. The additional consumer authentication data is passed to the issuer over existing 3DS rails.

SCA compliant authentication data includes inherence, possession, and knowledge authentication elements based on uSDK collected data such as dynamic device tags, user secrets, fingerprints, and behavioral biometrics. For more on SCA authentication data, click here.

Go back to the issuer feature list

Payment Simulator for EMV 3DS and SCA

EMV 3DS is an entirely new payment security standard, including new functionality like mobile in-app payments and new protocols that share data across the three domains: Merchant, Payment Network, and Issuer.

While there are certification labs that verify EMV 3DS protocol capabilities, there was no end-to-end payment simulator until mSIGNIA created one. Originally, the Payment Simulator was a reference merchant used to demonstrate mSIGNIA’s uSDK against mock EMV 3DS components (Server, DS, and ACS).

When prospects and customers like one of the largest payment networks in the world asked to use mSIGNIA’s Payment Simulator for their own product demonstrations and brand testing, mSIGNIA made the platform a product and the most powerful 3DS testing tool in the industry.

mSIGNIA’s Payment Simulator contains a complete payment environment:

Reference merchant storefront… browsers, iOS app, Android app all integrating mSIGNIA’s EMV 3DS compliant uSDK and routing 3DS data through the uMPI; mobile apps can run either in a web simulator or on actual iOS and Android devices
3DS Server … mSIGNIA’s compliant 3DS Server
Directory Server … a protocol compliant reference server for message routing
ACS … an issuer environment where either
- Card numbers determine one of over 100 ACS responses (i.e. approve, challenges, OOB)
- Behavioral biometrics data for SCA testing is scored by a working risk engine in real-time

The Payment Simulator is a wonderful tool for EMV 3DS awareness and education, it even allows visibility into the data being exchanged over the EMV 3DS protocols. It is used by …

3DS technology vendors to demonstrate their 3DS offering to prospects including merchants and issuers
Payment networks to test compliance with their EMV 3DS protocol extensions

Click on the icons below or scroll down to learn more about benefits of the Payment Simulator

The Payment Simulator is a complete web service testing environment which allows certified EMV 3DS product substitutions to verify against other compliant EMV 3DS components.

Merchants can substitute their website, iOS app, and Android app with integrated EMV 3DS SDKs and test against an EMV 3DS certified Server and control over 100 ACS protocol responses to verify the consumer experience
PSPs and Acquirers can substitute their 3DS Server and test against a fully functional merchant storefront (web, iOS, and Android) and control over 100 ACS protocol responses using a functional merchant wallet to store the payment card numbers which determine ACS responses
Payment Networks can substitute their DS and ensure interoperability between merchants and issuers; testing includes any of their proprietary protocol extensions
Issuers and scoring engines can substitute their ACS and test against either against an interactive merchant environment to ensure their challenges are rendered correctly or use an AReq Editor to test all possible protocol responses and error handling

As part of the testing, the Payment Simulator provides an expanded view of EMV 3DS data exchanges, shown in the diagram below, which details data flows and data collected from various consumer device scenarios.

Over 100 pre-defined EMV 3DS tests are included to verify browser, mobile app, and merchant initiated (3RI) protocol options like: No Exemption, Data Share Only, Decoupled Auth, Delegated Auth, TRA exemptions, Trusted Merchant (Prompt/No Prompt), Secure Corp Card, and Non-Payment.

In addition, data expansions for mSIGNIA’s SCA data extensions are shown below.

To go back to the list of Payment Simulator features, click here

The Payment Simulator comes with over 100 pre-defined EMV 3DS tests included to verify browser, mobile app, and merchant initiated (3RI) protocol options such as No Exemption, Data Share Only, Decoupled Auth, Delegated Auth, TRA exemptions, Trusted Merchant (Prompt/No Prompt), Secure Corp Card, and Non-Payment.

The Payment Simulator also tests the extended program rules and protocol for EMV 3DS required for Verified by Visa® and Mastercard SecureCode® compliance. Payment Simulator will add other payment network extensions as they are required.

To go back to the list of Payment Simulator features, click here

There are geographic markets using mSIGNIA’s Payment Simulator to create a localized EMV 3DS testing environment. To support localized market testing, the Payment Simulator allows EMV 3DS services to choose between testing against the default Payment Simulator sandbox or the local vendors.

For example, issuers in certain countries have coordinated to provide local acquirers a complete suite of ACS environments to ensure end-to-end testing between local banks. Acquires can provide the same localized testing to payment services and merchants to ensure the best possible consumer experience.

Any 3^rd party proprietary EMV 3DS product can be enrolled in the Payment Simulator so that other Payment Simulator users can test their products against either the default sandbox components or enrolled 3rd party products.

To go back to the list of Payment Simulator features, click here

In addition to complete EMV 3DS testing, mSIGNIA’s Payment Simulator also tests mSIGNIA’s uSDKs 3DS compliant extensions which carry SCA authentication data over EMV 3DS data rails. SCA authentication data includes dynamic device tokens, challenge-response exchanges, user secrets, and behavioral biometrics.

The expanded view for 3DS data payloads are also used to detail the SCA data conveyed.

In addition, the Payment Simulator can show the user experience associated with various SCA authentication methods including fingerprint and facial biometric capture and typed entry for behavioral biometrics.

Behavioral biometric data – type, swipe, pressure, and tilt – is passed to an mSIGNIA partner’s operational scoring engine for real-time decisioning. With behavioral biometric scoring, the Payment Simulator iOS and Android apps running on an actual mobile device provide more realistic data than the mobile apps running in a web simulator.

To go back to the list of Payment Simulator features, click here

The Payment Simulator allows a vendor’s merchant Server, DS, or ACS to be performance tested against a default, optimized system. Performance tests use a self-creating script which streams high volumes of various EMV 3DS protocol messages to the test environment. The performance test is operated on a dedicated AWS, high-powered, dynamic instance cloud to ensure the EMV 3DS test component has the power and memory required to perform a proper test.

To go back to the list of Payment Simulator features, click here