3-D Secure 2.0 SDK Implements 3-D Secure functionality for mobile applications on behalf of the merchant. Modirum provides easy integration to a certified and well-supported SDK component.
The 3-D Secure 2.0 protocol specifies an SDK to handle cryptographic and security functions on behalf of the merchant in App-based transactions.
Merchant integrates the SDK to the merchant app to get all needed functionality. Modirum offers 3-D Secure 2.0 SDK for iOS and Android platforms.
A 3-D Secure 2.0 transaction flow may be either Frictionless (no prompting) or Challenge (cardholder is prompted for authentication). The SDK handles the Challenge dialogue on behalf of the merchant.
One-Time-Passcode covers authentication methods such as code generators and SMS-OTP. Note that passcode lists on paper may not be allowed by payment systems.
Out-of-Band methods include authentication apps such as ModirumID, authentication on a separate device, SIM-card based apps and so on. In this case the ACS is connected to the corresponding authentication method back-end.
Challenge dialogue may be presented using iOS or Android native components or by an HTML page provided by the ACS. Redirection-based challenge methods are not possible with 3-D Secure 2.0 SDK.
Directory Servers accept transactions from certified SDKs only. Critical data is encrypted on SDK with DS’s public key, decrypted at DS.
Standard TLS protocol with ACS (server) authentication by the 3DS SDK. The public key certificate for the ACS is signed by a commercial CA.
The challenge and cardholder response data is encrypted and MACed using the session keys previously established between the ACS and the 3DS SDK.
Modirum is currently participating in EMVCo’s Early Adopter Programme testing, targeted for a limited number of vendors. Once completed, Modirum SDK will be submitted to EMVCo certification testing when test revice is available.
Current estimate is to have EMVCo certification testing available in Q4/2017.
Modirum was selected by EMVCo to produce first reference implementation of 3-D Secure 2.0 SDK during EMVCo’s protocol development in 2016.
Modirum has supported numerous issuers and payments systems in adapting to 3-D Secure 2.0.
Modirum has implemented various test and pilot environments with suitable tester and pilot mobile applications for payment systems, issuers, merchants and processors to support merchant adaptation and to conduct cardholder experience trials.
Besides SDK as software product, Modirum offers consulting and pilot projects. For issuers and merchants who want to be early adopters, it is recommended to start piloting 3-D Secure 2.0 before going live.
Modirum 3-D Secure 2.0 SDK is implemented based on the latest available specification. It is currently available for pilot and development projects.
A certified production level SDK will be available in late 2017 (depending on EMVCo certification schedule).
All major payment systems will be supported as soon as requirements and specifications are available.
Modirum has various license options available ranging from internal testing to full source code licenses.