How does EMV 3D Secure work?
The implementation of the new EMV 3D Secure standard in the Open Payment Platform is done with the following design principles in mind:
- Full support for both web integrations and mobile
- Configuration over Implementation - whenever possible, the new service will be enabled and (almost) no development will be required for the merchant
- No major updates expected - it will work on the existing product versions (where applicable)
- Minimize the integration effort for the merchant. Especially the existing integration will benefit an OOTB approach.
- 3D Secure version 1 fallback logic always available
- Support for transaction exemptions
- Inline integration for both web and mobile - no redirect
- MPI to handle completely the communication with the Directory Server
All the integration options from OPP are enhanced to support EMV 3D Secure.
Refer to the dedicated section to know more how it works for your integration
For details on how to perform EMV 3D Secure, refer to our EMV 3D Secure reference
Merchants using COPYandPAY are requested to do a minimal additional effort compared to the current integration. The workflow is identical to the 3D Secure version 1. The widget indeed will handle the entire additional communication and will be responsible for collecting mandatory browser based information automatically.
Data related to the customer must instead be collected by the merchant and sent with the payment request.
Server to Server
Merchants using server to server own the front-end integration. It is necessary to:
- prepare front-end and follow EMVCo's recommendation
- prepare back-end and send additional information along with the payment information
The integration works with the following steps:
- send Server-to-Server to OPP
- POST browser information to methodUrl
- Redirect shopper to ACS redirectUrl within an iFrame
Similarly to COPYandPAY, the integration via mSDK requires no additional effort compared to the current integration. The mSDK supports both Native and HTML user interface.
In particular the Ready-to-Use UI
- be responsible for collecting required device information automatically
- handle the communication with ACS
- render ACS authorization view for the merchant. Native UI whenever applicable or HTML in a WebView