How to implement 3D Secure (Verified by Visa / MasterCard SecureCode) on Native mobile app (e.g. IOS)

Jaans picture Jaans · Oct 11, 2013 · Viewed 16.1k times · Source

This question is specific to Native mobile applications (e.g. IOS, Android, WP apps that are not actually using a browser to access a web site).

We have an existing e-commerce website that takes payment for most of the major credit cards, and it also performs payer authentication via the 3DSecure program (implemented as Verified by Visa and MasterCard SecureCode). This helps negate fraud and reduce charge-backs.

The existing implementation is such that during checkout and payment stage, it involves redirecting the customer away from your website, to a bank / card issuer website where the customer can enter their previously set-up password to authenticate that they are indeed the card holder. The website will then redirect the customer back to your website with information needed to complete the transaction. (There is quite a bit more to it, but that's the basic premise of it).

So we're working to create a native app for IOS (initially) that is not just the user browsing with Safari to the website, but an ObjectiveC implementation that gives a native experience that is rich and task focussed UI and easy for the user to operate.

What we cannot do is open 'n browser window from the native app for the user to be redirected somewhere, for authentication, and then redirected back. The reasons for this are:

  • This is a native app, not a web site, so there is nowhere (URL) to redirect back to.
  • The user experience is terrible switching from a clean UI to a squinty and differently styled web form on another website, and then back.

Has anyone had to try and implement 3D Secure (VbV / SecureCode) using a Native app (WP/IOS/Andriod)? Can it be done? Did you take a different approach?

Thanks for reading!

Answer

Dmitri Livotov picture Dmitri Livotov · Oct 28, 2013

Even in native app you should use embedded WebView component to open banking ACS server url, let user enter password or other code there, get it verified by the bank and get back the results for your app for further forwarding to your card processing api.

As for Android, you can take a look how it is done in my helper class - https://github.com/LivotovLabs/3DSView (after making a couple of apps with 3D Secure support I decided to create a micro component for such task)

Hope this helps