New Functionality for Mobile 3DS Authentication in Asset Mobile Implemented by our Team Monte Carlo
1 April 2021

Three-Domain Secure (3-D Secure or 3DS) is an anti-fraud message protocol that allows users to identify themselves to the issuer of their payment card during a contactless transaction. This is an additional layer of protection that helps prevent unauthorized transactions in e-commerce environments, in line with EU requirements.

In general, the protocol allows the card issuer (i.e. the cardholder's bank) to request additional authentication data from the cardholder at the time of the transaction. The purpose is only the issuing bank to have access to this additional data. The trader and any other intermediate party receive only an answer to the validation: approved or not.

It is called "Three Domain" due to the interaction of three main actors:

  • Merchant/acquirer domain
  • Domain of the issuer/bank
  • Interoperability domain (e.g., payment system)

From the beginning of 2021, with our assistance, our customers from International Asset Bank already have functionality for 3DS authentication in their mobile banking application. The solution allows Asset Mobile users to choose between two types of authentication - via SMS with a code and a pre-selected password or by confirmation via push notification and biometric data.

The implementation of this project improves the mobile application of our client, making it safer and more convenient. On the one hand, the use of the 3DS protocol reduces the risk of unauthorized transactions, in line with the EU requirements. On the other hand, for mobile banking users, there is no need to use two separate applications on their devices.

The 3DS project was developed by our team for software architecture named Monte Carlo. The team carried out the initial creation and implementation of the Asset Mobile application, which currently has more than 10,000 users. More about Monte Carlo and the challenges related to the project, shares its team leader Mihail.

Why did you choose this name for your team?

Mihail: The choice is based not only on our affection for the beautiful city on the French Riviera.

"Monte Carlo Methods" is the name of a wide class of computational algorithms. They are used in various fields to simulate systems with many coupled degrees of freedom. They are most useful when it is difficult or impossible to use other mathematical methods.

We do not hide our affection for the Monaco Grand Prix, where participants must be really fast, creative and with an unconventional approach in limited conditions.

What projects has your team been involved in during the past months?

Mihail: Since the Monte Carlo team consists of excellent professionals with profound knowledge, fast thinking and unconventional approach, our projects are complex and untraditional. They are usually related to: research and implementation of new technologies; specifying the software architecture of new applications and systems and highest level optimizations of the company's existing products. In the recent months, in addition to the 3DS project, we are proud that we managed to migrate our Core Banking system to SQL 2019. In practice, this allows it to process larger volumes of data in a shorter periods of time.

What were the challenges and difficulties you faced during the 3DS project?

Mihail: Definitely the biggest challenge was the cooperation between 4 companies - CSoft, IAB, Borica and OpenWay. In view of the pandemic, we were communicating by phone, video-conferencing, even by viber, and we were able to collaborate completely remotely. As a result, we not only achieved flawless realization, but also got to know even better how the way different types of financial institutions work.

What did you learn during the project and would you apply in the future?

Mihail: We have enriched our knowledge related to the security of mobile applications development. We have implemented the functionality so that the registration and payment processes are divided into separate, clearly defined and easy to oversee steps. This facilitates end users, optimizes the bank's monitoring and supports the work of its employees in the service centers.

We are ready to apply the 3DS protocol and the methodology for tracking the registration in new solutions for our other clients (for other clients of ours).