3DS v2.2 and PSD2 SCA Compliance in One Product
mSIGNIA has a complete, EMV 3DS version 2.2 certified compliant merchant product suite, including:
- uSDK, or universal SDKs for iOS, Android, and browser transactions
- 3DS Server available in cloud-compliant Java containers for on-premise operation
- Payment Simulator for EMV 3DS and SCA interoperability testing
mSIGNIA’s uSDK includes EMV 3DS compliant extensions that enhance data management capabilities. The patent-pending 3DS extensions enable SCA compliance using EMV 3DS compliant protocols and data rails.
All features highlighted below are compliant with EMV 3DS v2.2
The uSDK includes the uMPI, an eCommerce web service that removes the complexity of merchants processing 3DS protocol and allows them to manage the data collected from their consumers before it is passed down 3DS rails
The uSDK allows issuers to add EMV 3DS compliant instructions within the ACS response; these are passed over EMV 3DS data rails and interpreted by the uSDK to configure collection of enhanced data like biometrics
The uSDK can be remotely configured by issuers to prompt for physical biometrics (fingerprint, facial…), collect behavioral biometrics data (type, swipe, pressure, and tilt) plus securely read and write data to a merchant’s mobile app
Only mSIGNIA goes beyond EMV 3DS v2.2 SCA exceptions to enable SCA compliance including as part of the 3DS frictionless transaction flow; disruptive OOB efforts that cause cart abandonment or the issuer’s mobile app are not required
mSIGNIA’s Payment Simulator enables compliance testing for EMV 3DS products – including Visa and Mastercard extensions – plus SCA authentication data visibility and a working behavioral biometric scoring engine
Merchant Friendly 3DS
mSIGNIA provides EMV 3DS v2.2 compliant 3DS Server and SDKs for iOS and Android mobile apps with compliant 3DS extensions which allow SCA compliance for easy, safe transactions. Payment providers can offer merchants the products necessary to reduce consumer friction, control data and payment exchanges, and increase approved transactions.
Overall, mSIGNIA offers EMV 3DS payment services and their merchants industry unique abilities such as…
Easy integration using a single uSDK for apps and a uMPI Java interface for eCommerce servers; works with any 3DS Server
Transparent data handling allows merchant control over consumer data shared, including server wallet data + international privacy regulations
Merchant can choose Debit or Credit pay rails according to their business needs
Issuers can collect the data required like biometrics to approve more transactions and be SCA compliant; Merchants can use auth data to perform Delegated Auth
Proprietary EMV 3DS products can be tested against a payment ‘sandbox’ to verify consumer experiences, confirm protocol handling and exchange SCA data
Payment service providers and acquirers selling to merchants can use the mSIGNIA’s Payment Simulator to demonstrate their own 3DS offering and allow their merchant customers to verify their SDK integrations with the payment provider service, learn more here.
With mSIGNIA’s uSDK, issuers and scoring engines can collect the data they require to approve more transactions and be SCA compliant. Providing this data-as-a-service enables a new revenue stream for PSPs and acquirers, learn more here.
Better Data Reduces Transaction Risk
Issuers need the data they require to approve transactions without friction and protect against fraud.
However, risk data must come from the consumer’s device through the consumer’s connection with the merchant. With browser transactions, the issuer is given a direct connection to the consumer’s device allowing data I/O to reduce risk. With iOS and Android mobile app transactions, a direct connection between issuer and consumer is not supported.
Only mSIGNIA’s uSDK 3DS compliant extensions enable issuers to work with the merchant’s mobile app to get the right data over EMV 3DS data rails without the annoyance of challenges or out-of-band exchanges that cause cart abandonment.
The added data and functionality enabled by the uSDK also allows the transaction to be SCA compliant.
Overall, mSIGNIA offers EMV 3DS issuers and risk scoring engines industry unique abilities such as…
Remote management of 3rd party data collected, reviewed by merchant; improves privacy and frictionless transaction approvals
Trusted data downloads and secure storage in 3rd party mobile apps; enables device tags/cookies, payment tokens, crypto keys, etc.
Issuers can initiate biometrics (fingerprint, facial, typing, etc.) within the merchant app; no OOB interruption or downloaded issuer app required
Enhanced data management and exchange over existing 3DS rails allow for several SCA compliant authentication elements
Proprietary EMV 3DS v2 products can be tested against a payment ‘sandbox’ to verify consumer experiences, confirm protocol handling and exchange SCA data
Issuers can use the mSIGNIA’s Payment Simulator to demonstrate their own 3DS offering and allow local merchants to verify their eCommece websites and mobile apps plus allows PSPs and acquirers to test their payment services, learn more here.
3DS Make vs Buy
A make-vs-buy decision typically depends on several factors including: Expertise, Cost, Time-to-Market, Market differentiation, and Brand recognition.
Compliancy with international standards, such as EMV 3DS and SCA, requires effort, time, and cost because of changes in the specification and updates to client platforms (i.e. browsers, iOS, Android, smart speakers, game consoles, etc.).
mSIGNIA has been leading EMV 3DS specification efforts since 2015; we pioneered testing the EMV 3DS SDK and our complete merchant solution (iOS SDK, Android SDK, and 3DS Server) was first to be certified v2.2 compliant.
The EMV 3DS SDKs have been getting more complex with each 3DS version, as of Oct 2020…
- 18 companies certified EMV 3DS SDKs for v2.1, the spec was active for about a year
- Just 12 companies have certified EMV 3DS v2.2 SDKs even though the spec (which added SCA exemption and delegated auth complexity) has been active for nearly twice as long, or about two years
- In the next 3DS v2.3 spec, available around end-of-year, 5 of the 7 new features directly affect the SDKs, including new SDK delivery formats (native (the current format), Split-SDK, Limited-SDK, and possibly Web SDK) not to mention new data handlers for travel, FIDO, browser security, and automated OOB flows
mSIGNIA is one of only 5 companies with the expertise and dedication to have certified both v2.1 and v2.2 SDKs.
mSIGNIA is already working on v2.3 to not only provide SDKs that are compliant, but that continue offering innovations such as SCA compliance, enhanced data handling, prompting for biometrics like fingerprints, and server managed SDKs.
Standards certification is a costly endeavor. Just the fees to fully certify EMV 3DS SDKs is about $120,000 US; it is about another $110,000 in certification fees for the 3DS Server.
These are just the cost of annual certification fees … the manpower cost to research the specs, create the products, process certifications, and update products with spec and platform changes is extra.
With the increasing SDK complexity and certification costs, it is easy to see why only 5 companies have certified 3DS SDKs for both available spec versions.
When you consider mSIGNIA’s enhancements for merchant transparency and configurable data collection which improves the number of approved transactions and SCA, the cost to be best is even higher.
mSIGNIA’s terms are very low upfront and payments are typically made only when 3DS transactions are performed; contact us to learn more.
mSIGNIA’s EMV 3DS products are already certified 3DS v2.2 compliant and used globally by 2 of the 4 US credit card companies, 3 of the 10 largest payment providers / acquirers, several banks, and leading 3DS technology providers.
mSIGNIA consistently is among the first to certify its iOS SDK, Android SDK, and 3DS Server.
You could be in-market now with the latest, well-vetted EMV 3DS certified products which include market leading enhancements like SCA compliance.
Payment service providers and acquirers differentiate on a breadth of payment services, including EMV 3DS which is typically operated within a range of merchant web APIs.
Web APIs are vastly different than mobile SDKs.
With EMV 3DS version 2.1, only 1 in about 3 companies with a certified v2.1 3DS Server had certified SDKs. 3DS version 2.2 added complexity to the SDKs, causing only 1 in 4 3DS certified Server providers to included SDKs. As of October 2020, just 12 companies offer v2.2 SDKs. There are likely to be even fewer certified v2.3 3DS SDKs because 5 of 7 new features impact the SDKs.
EMV 3DS certified SDKs for iOS and Android complete the offering for a payment provider and enable merchants to guarantee their mobile app payments.
Plus, only mSIGNIA’s EMV 3DS certified uSDK also allows payments to be SCA compliant.
Only mSIGNIA allows its uSDK and Server to be renamed and branded by PSPs and acquirers so they become part of the payment provider’s overall service offering.
mSIGNIA’s 3DS Server is sold in cloud-compliant Java containers so it can be run on-premise at the payment provider.
mSIGNIA even certifies some of its EMV 3DS products in our customer’s corporate name so that they appear when prospects search on EMV 3DS certified product lists.
Data is Everything
The recognition of data’s value has become a contest of comparisons; “Data is the new oil” (Clive Humby), without it “you are blind and deaf” (Geoffrey Moore). Generally, “In God we trust, all others bring data” (W. Edwards Deming).
Simply put: Data is Everything.
Getting the right data to the parties that need it is data-as-a-service (“DaaS”)
Data drives innovations in risk management, machine learning, and artificial intelligence.
Complex requirements like transaction risk and user authentication break down to the data collected for analysis.
For transaction risk and consumer authentication, much of this data must be collected from the consumer and their internet device. Interestingly, authentication data is the one action that cannot be performed in the cloud; it must be done at the edge, on the consumer’s device.
mSIGNIA understands data is everything. We have an international patent portfolio protecting the invention of Digital Biometrics that considers four times the data currently used in the EMV 3DS version 2.2 specification.
mSIGNIA’s SDK for Digital Biometric data collection was the genesis for the universal SDK, or uSDK, that can be configured to collect whatever data a risk scoring engine requires. Various risk scoring engines exist for transactions, device recognition, and behavioral biometrics … they all need their required data.
mSIGNIA’s uSDK can be configured by risk engines to collect data from the consumer’s device – transaction data, device tokens, challenge-and-response exchanges, behavioral biometric data, whatever – and send that data over EMV 3DS rails so risk engines can score it.
The uSDK provides Data-as-a-Service (DaaS) so risk engines get the data required so more valid transactions are approved and less fraud occurs. The right data is everything and people are willing to pay for it.