We make sure that information within Adyen's Android 3D Secure 2 SDK is secure. However, we can only develop and maintain security measures within the SDK. To keep shopper data safe, it is your task to ensure that the SDK is used and embedded in a secure environment.
We recommend that you implement best practices for the following:
SDK version
Make sure that you're using the latest version of the SDK. Subscribe to the Adyen 3DS2 iOS GitHub repository and watch the releases to get alerts on security vulnerability patches. When a new version is released, update to the latest version in a timely manner.
Our SDKs use the following versioning format:
[EMVCo major version].[EMVCO minor version].[Adyen version]For example, 2.2.0.
Security warnings
When the SDK detects security issues during initialization, the SDK returns warnings. These warnings are also sent to the issuer, and then it is up to them to decide how to handle the transaction. For example, they can deny the transaction or ask for a challenge authentication flow.
Because it is up to the issuer to decide, you usually do not need to address these warnings. However, knowing the security warnings can be helpful when troubleshooting.
To check the warnings, use the
ADYWarning
class:
[ADYService serviceWithParameters:parameters appearanceConfiguration:nil completionHandler:^(ADYService *service) {
// Returns the security warnings produced by the 3DS SDK during initialization.
NSArray<ADYWarning *> *warnings = [service warnings];
}];The SDK can return any of the following security-related warnings:
- SW01 Device is jailbroken or rooted.
- SW02 The integrity of the SDK has been tampered with.
- SW03 The app is running on a simulator or emulator.
- SW04 A debugger is attached to the app.
- SW05 The operating system is not supported.