![]() ![]() As far as I understood, the Norwegian banks are currently working towards EMVco to enable more options due to these difficulties, but could of course not give a timeline on this.įor us as a Stripe customer, that means that we would love the ability to "force", prefer, or be able to swap to the webview-approach in our native apps. (Some banks have an SMS-only flow, but this is of course slightly less secure)īased on this, the banks have been forced to not expose all their options in the native 3ds2 flow, making it a less complete (and for ~10% of Norwegian customers outright broken) authentication flow. No built-in input masking, this excludes (in the minds of the banks we spoke to) using an SMS+personal password flow.Not all banks offer "bankid på mobil", although I guess this gives an incentive to start doing so - but that is not a short-term solution) No javascript, this excludes the national "bankid" service (which, confusingly is different from "bankid på mobil" which does not require javascript.So it turns out that the protocol maintained by EMVco has certain limitations that exclude several of the Norwegian banks' authentication flows, e.g. Hi and thanks a lot this is very clarifying! Armed with this we have reached out to the banks, and learned about the rationales behind their choices. With them being two different systems, I can see how things can become inconsistent. On native mobile we make API calls to their ACS. In a web browser you are served a page hosted by the bank. Is there a hierarchy of options, where the bank can provide a "first choice" and a "fallback?" - I am thinking about how it could be that the same bank on the same transaction provides different choices whether I go through the challenge flow in a web browser (react-stripe-js) vs in apps (stripe-ios, stripe-android) You can also obtain a copy of the 3DS2 protocol specification from EMVco, the consortium that maintains the spec. The acsUiType field is what determines which UI to use. "whyInfoText": "Some explanation about why using 3-D Secure is an excellent idea as part of an online payment transaction ", ![]() "whyInfoLabel": "Why using 3-D Secure? ", "submitAuthenticationLabel": "Continue ", "resendInformationLabel": "Send new One-time-password ", Please enter the value in the designated input field above and press continue to complete the 3-D Secure authentication process. "expandInfoText": "The issuer will send you via SMS a one-time password. "expandInfoLabel": "Additional instructions ", "challengeInfoText": "Please enter the received one-time-password ", "challengeInfoLabel": "One-time-password ", "challengeInfoHeader": "Header information ", "challengeAddInfo": "Additional information to be shown. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |