Online payments represent an interesting problem: consumers are connected to a merchant for the transaction, but a third party – issuers – are expected to secure the transaction. It is not the typical, 1:1 client/server security scheme; payment has multiple parties involved.
3DS, which stands for 3-Domain Security, was created to provide payment security across the merchant and issuer domains, using the payment network domain to make the connection. 3DS is not really a security standard; topics like authentication and transaction risk scoring are outside the spec. 3DS is a data transport standard, it defines the rails on which data moves between merchant and issuers. When it comes to reducing risk, data is everything.
For transactions done on a browser, the browser can be invisibly redirected to the issuer who can read-and-write cookies directly with the consumer’s device to identity the device and assess transaction risk.
However, with iOS and Android mobile app transactions, issuers cannot directly connect to the consumer’s device. The EMV 3DS SDK, running inside the merchant’s mobile app, collects specified data on-behalf-of the issuer and passes it down the 3DS rails as part of the initial 3DS frictionless flow.
When a merchant’s app includes mSIGNIA’s Universal SDK (or uSDK, shown as orange 3DS components in the diagram) it supports extended commands within compliant EMV 3DS protocol exchanges. 3DS extensions such as mSIGNIA’s uSDK instructions are compliant with the EMV 3DS spec; both Visa and Mastercard have their own 3DS extensions.
The uSDK’s enhanced commands are embedded in EMV 3DS protocol exchanges between the EMV 3DS SDK and ACS; they are invisible to the EMV 3DS Directory Server, the 3DS Server, and the merchant’s iOS and Android mobile apps.
Only mSIGNIA’s uSDK can…
- Be remotely managed to satisfy the risk requirements of nearly any issuer or risk scoring engine
- Collect risk data directly from a merchant’s iOS and Android mobile app
- Prompt the consumer for a fingerprint or facial biometric without requiring out-of-band processing or a downloaded issuer app
- Collect data such as dynamic device tags and behavioral biometrics for SCA compliance
mSIGNIA’s SDKs are being widely distributed to merchants by 2 of the 4 US payment networks, 3 of the 10 largest payment providers, and leading 3DS technology providers so issuers can get the data they require to approve more transactions without interruptions that cause cart abandonment.
mSIGNIA’s universal SDK framework enables the payment ecosystem to benefit from the mobile environment… rather than be limited by it.
Click on the icons below or scroll down to learn more about uSDK benefits for issuers and risk engines…