Login/Register
How to implement 3D Secure (Verified by Visa / MasterCard SecureCode) on Native mobile app (e.g. IOS)
Asked Answered
androidiosnativecredit-card3d-secure
A

4

12

This question is specific to Native mobile applications (e.g. IOS, Android, WP apps that are not actually using a browser to access a web site).

We have an existing e-commerce website that takes payment for most of the major credit cards, and it also performs payer authentication via the 3DSecure program (implemented as Verified by Visa and MasterCard SecureCode). This helps negate fraud and reduce charge-backs.

The existing implementation is such that during checkout and payment stage, it involves redirecting the customer away from your website, to a bank / card issuer website where the customer can enter their previously set-up password to authenticate that they are indeed the card holder. The website will then redirect the customer back to your website with information needed to complete the transaction. (There is quite a bit more to it, but that's the basic premise of it).

So we're working to create a native app for IOS (initially) that is not just the user browsing with Safari to the website, but an ObjectiveC implementation that gives a native experience that is rich and task focussed UI and easy for the user to operate.

What we cannot do is open 'n browser window from the native app for the user to be redirected somewhere, for authentication, and then redirected back. The reasons for this are:

  • This is a native app, not a web site, so there is nowhere (URL) to redirect back to.
  • The user experience is terrible switching from a clean UI to a squinty and differently styled web form on another website, and then back.

Has anyone had to try and implement 3D Secure (VbV / SecureCode) using a Native app (WP/IOS/Andriod)? Can it be done? Did you take a different approach?

Thanks for reading!

Ardene answered 11/10, 2013 at 3:12 Comment(1)
We've not done this yet - so this is not an answer. We are throwing around similar questions at the concept stage at the moment, for what our future app behavious might be with 3D Secure. I am just wondering about your statement that there is nowhere to be redirected back to from within your native app. If you were to use a custom URL scheme within your app - could you not have a place to be redirect to - on the device? Or is that something that the bank web-site might not facilitate?Niggardly
D
11

Even in native app you should use embedded WebView component to open banking ACS server url, let user enter password or other code there, get it verified by the bank and get back the results for your app for further forwarding to your card processing api.

As for Android, you can take a look how it is done in my helper class - https://github.com/LivotovLabs/3DSView (after making a couple of apps with 3D Secure support I decided to create a micro component for such task)

Hope this helps

Discoid answered 28/10, 2013 at 10:55 Comment(7)
Haven't used this yet but plan to give it a shot as part of our project spike. Looks good from a cursory glance.Aerodontia
Is there any such code/lib for iOS? I want to integrate 3DS in my app while adding payment card..Ryannryazan
Hi I tried using the 3DSView but it doesn't seem to be working properly, it actually loads the final postback URL (for e.g. if its google it loads the google page). Is there a way to fix this?Banderole
It seems you did not set the postback url before starting the process. Please leave more details on project's issues page on GitHub so I'll be able to help.Discoid
I have set the postback url, tried debugging a bit, but for some reason the shouldOverrideUrlLoading() is never calledBanderole
Check this issue, maybe it's your case too - github.com/LivotovLabs/3DSView/issues/12Discoid
Is there any sample for iOS too?Balthazar
C
4

We made an early decision with our acquirer (Global Payments aka HSBC) to not implement 3DS on native apps (or even mobile website in the end) because of the terrible user experience. We've had no problems with chargebacks, or with users. You should speak to your acquirer about this, and also to your payment gateway - in my view you should have 3DS switched off for mobile native / web until it is proven. Otherwise customers will not complete transactions.

That said, companies like Mopowered are claiming to have solved this with better implementations. I haven't seen these yet.

Cannery answered 12/10, 2013 at 19:13 Comment(2)
Thanks - that is useful. Specifically, the client uses an internet processing gateway solution from VeriFone (previously CommIdea). They didn't have anything for mobile when we did the initial development. Will find out if things have changed since. Agreed, I think 3D-Secure sucks, and as a consumer I hate it even more. For the mobile platform, I don't think it is good at all. It did result in a tremendous improvement of fraud and charge-backs for the normal web transactions, so there's that. Has anyone considered logging the phone serial # / imsi /etc. for fraud transaction purposes?Ardene
Have you agreed on any other alternative arrangement with the acquirer bank (ie an alternative verification etc) or have you just moved on not using any verification to prevent chargeback disputes?Verisimilitude
L
2

You can solve the 3d-secure redirection problem by using custom url-schemes. This is not a good user experience as you said, but we solved it this way on our ios project.

Lawhorn answered 23/10, 2013 at 15:2 Comment(3)
any alter net solution for 3d-secure redirectionLalla
@ismail can you give some sample for the same?Thinner
@Lawhorn Could you please post sample how to get control using custom url-schemes?Mckinleymckinney
I
2

As others have mentioned, the shopper's experience during native authentication will be too poor to consider implementing.

However, with the introduction of 3D Secure 2.0, 3D Secure providers will be able to offer native SDKs to allow authentication with less abandonment rate.

Imprecate answered 27/3, 2017 at 4:3 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.