HiTRUST 3-D Secure 2.0 SDK

HiTRUST3DSSDK provides merchants with 3DS transaction functionality for mobile apps. HiTRUST's products provide a simple and easy-to-use integration to a fully-certified and highly advanced SDK.

SDK Implements 3-D Secure 2.0 on Mobile Apps

Unlike 3D Secure 1 was originally created before smartphones became mainstream in modern society. Later on, 3D Secure 2 was designed to make it easier for banks to authenticate payments on their mobile banking apps (also known as “out-of-band authentication”). Instead of entering an SMS confirmation code or a password, the user can authenticate payments on their banking apps with just their fingerprint or a facial scan. In addition, 3D Secure 2 also allowed an innovative challenge flow process, whereby the challenge flow is embedded within web pages and mobile checkout processes without requiring redirects to other pages.

How mobile banking apps use embedded challenge flows using biometric authentication

When building an app, mobile SDKs that are built for 3D Secure 2 allow "in-app" authentication and completely avoid browser redirects.

3D Secure 1: Mobile authentication with browser redirect

3D Secure 2: Improved mobile authentication within an app

HiTRUST3DSSDK architecture

• Directory Servers only accept transactions from certified SDKs. Critical data is encrypted on SDKs using the DS's public key, and are then decrypted at DS.

• Standard TLS protocol with HiTRUSTacs (server) authentication by the HiTRUST3DSSDK. Commercial CA signs the public key certificate for the HiTRUSTacs.

• Challenge and cardholder response data are both encrypted and MACed using the session keys previously established between the HiTRUSTacs and HiTRUST3DSSDK.

HiTRUST Support and Professional Services

HiTRUST has helped numerous issuers and payment systems by helping them adapt to 3-D Secure 2.0. In order to help merchants adapt and to conduct cardholder experience trials, we have carried out many tests and trial schemes with beta mobile apps for merchants, processors, issuers and payment service providers.

However, EMV 3DS complicates this even further. HiTRUST3DSSDKs can collect any data that an app requests and encrypt that data so that the merchant doesn't know what data is being passed through its app. Such data will help issuers or payment providers skip the authentication process, thus providing a low-risk payment method.

Besides our HiTRUST3DSSDK software product, we also offer consulting services and pilot projects to issuers and merchants who want to create a higher quality and safer shopping experience by applying data intelligence to analyze the risks involved in 3DS transactions.


HiTRUST 3-D Secure 2.0 SDK support both iOS (V8.0 and above) and Android platforms (KitKat 4.4, API version 19. Merchants can get all the functionality they require by simply integrating the SDK to the merchant app. HiTRUST also has various licensing options, ranging from internal testing to full source code licenses.