How to implement 3D Secure (Verified by Visa / MasterCard SecureCode) on Native mobile app (e.g. IOS)

Question

This question is specific to Native mobile applications (e.g. IOS, Android, WP apps that are not actually using a browser to access a web site).

We have an existing e-commerce website that takes payment for most of the major credit cards, and it also performs payer authentication via the 3DSecure program (implemented as Verified by Visa and MasterCard SecureCode). This helps negate fraud and reduce charge-backs.

The existing implementation is such that during checkout and payment stage, it involves redirecting the customer away from your website, to a bank / card issuer website where the customer can enter their previously set-up password to authenticate that they are indeed the card holder. The website will then redirect the customer back to your website with information needed to complete the transaction. (There is quite a bit more to it, but that's the basic premise of it).

So we're working to create a native app for IOS (initially) that is not just the user browsing with Safari to the website, but an ObjectiveC implementation that gives a native experience that is rich and task focussed UI and easy for the user to operate.

What we cannot do is open 'n browser window from the native app for the user to be redirected somewhere, for authentication, and then redirected back. The reasons for this are:

• This is a native app, not a web site, so there is nowhere (URL) to redirect back to.
• The user experience is terrible switching from a clean UI to a squinty and differently styled web form on another website, and then back.

Has anyone had to try and implement 3D Secure (VbV / SecureCode) using a Native app (WP/IOS/Andriod)? Can it be done? Did you take a different approach?

Thanks for reading!

Answer 1

As others have mentioned, the shopper's experience during native authentication will be too poor to consider implementing.

However, with the introduction of 3D Secure 2.0, 3D Secure providers will be able to offer native SDKs to allow authentication with less abandonment rate.

Answer 2

Even in native app you should use embedded WebView component to open banking ACS server url, let user enter password or other code there, get it verified by the bank and get back the results for your app for further forwarding to your card processing api.

As for Android, you can take a look how it is done in my helper class - https://github.com/LivotovLabs/3DSView (after making a couple of apps with 3D Secure support I decided to create a micro component for such task)

Hope this helps

Answer 3

We made an early decision with our acquirer (Global Payments aka HSBC) to not implement 3DS on native apps (or even mobile website in the end) because of the terrible user experience. We've had no problems with chargebacks, or with users. You should speak to your acquirer about this, and also to your payment gateway - in my view you should have 3DS switched off for mobile native / web until it is proven. Otherwise customers will not complete transactions.

That said, companies like Mopowered are claiming to have solved this with better implementations. I haven't seen these yet.

Answer 4

You can solve the 3d-secure redirection problem by using custom url-schemes. This is not a good user experience as you said, but we solved it this way on our ios project.