/n software 3-D Secure V2 C++ Edition

Questions / Feedback?

ACSHTML Property

HTML provided by the ACS.

Syntax

ANSI (Cross Platform)
char* GetACSHTML();

Unicode (Windows)
LPWSTR GetACSHTML();
@property (nonatomic,readonly,assign,getter=ACSHTML) NSString* ACSHTML;
- (NSString*)ACSHTML;
#define PID_CLIENT_ACSHTML 1

IPWORKS3DS_EXTERNAL void* IPWORKS3DS_CALL IPWorks3DS_Client_Get(void *lpObj, int propid, int arridx, int *lpcbVal, int64 *lpllVal);

Default Value

""

Remarks

This field contains HTML provided by the ACS in the Challenge Response Message (CRes). This will be populated when the ACSUIType is HTML.

As per the EMV® 3-D Secure specification, the HTML UI is presented to the cardholder via a web view which remains in control of the app. The app must intercept any remote URL requests made from within the web view, and instead handle them within the app. Preventing the cardholder from making requests in the web view to another server is critical to the security of the environment. According to the EMVCo specification, intercepting these requests has two effects:

  • Prevents malicious HTML from redirecting a user to a phishing site.
  • Conceptually puts the web view form under the control of the ACS, rather than the app.
The following are key points mentioned in the EMV 3DS specification:
  • Navigation attempts from within the web view must be captured by the app and handled internally. This includes all requests including images, javascript files, css, etc.
  • The web view element is not utilized as a browser, but as a UI element whose content is provided by the ACS.
Please refer to the EMV 3DS specification for more details and guidance on this topic. This information is not meant to replace the text in the EMV 3DS specification.

This property is read-only.

Data Type

String

Copyright (c) 2022 /n software inc. - All rights reserved.
/n software 3-D Secure V2 C++ Edition - Version 2.2 [Build 8318]