{"id":2573,"date":"2026-01-15T15:25:42","date_gmt":"2026-01-15T05:25:42","guid":{"rendered":"https:\/\/www.gpayments.com\/blog\/?p=2573"},"modified":"2026-01-15T15:25:43","modified_gmt":"2026-01-15T05:25:43","slug":"emv-3ds-default-sdk-transition","status":"publish","type":"post","link":"https:\/\/www.gpayments.com\/blog\/article\/emv-3ds-default-sdk-transition\/","title":{"rendered":"The Evolution from Mobile SDK to Default SDK in EMV 3DS\u00a0"},"content":{"rendered":"\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">Mobile authentication has changed noticeably since the early days of <a href=\"http:\/\/www.gpayments.com\/about\/3d-secure-2\/\">EMV 3DS<\/a>. The original Mobile SDK was designed at a time when device operating systems, app security frameworks, and authentication methods were developing at different speeds. As mobile transactions became the dominant channel for digital payments, behaviour fragmentation across platforms became more visible.<\/span><\/p>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">The transition to the Default SDK is a response to that shift. It\u00a0consolidates\u00a0the requirements, data handling, and runtime\u00a0behaviours\u00a0needed for reliable mobile authentication, reducing\u00a0variation\u00a0and improving the consistency of outcomes.<\/span><\/p>\n<h2 style=\"text-align: left;\"><span class=\"TextRun SCXW256499646 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW256499646 BCX8\" data-ccp-parastyle=\"heading 2\">What the Default SDK\u00a0<\/span><span class=\"NormalTextRun SCXW256499646 BCX8\" data-ccp-parastyle=\"heading 2\">represents<\/span><\/span><\/h2>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">The Default SDK is a baseline mobile authentication implementation defined in the EMV 3DS specification. It provides a common foundation for how:<\/span><\/p>\n<ul style=\"text-align: left;\">\n<li><span data-contrast=\"auto\"> Device and application information is collected<\/span><\/li>\n<li><span data-contrast=\"auto\">The authentication context is shared with the <a href=\"https:\/\/www.gpayments.com\/solutions\/issuing\/\">access control servers<\/a><\/span><\/li>\n<li><span data-contrast=\"auto\"> Strong authenticator challenges are triggered and completed<\/span><\/li>\n<li><span data-contrast=\"auto\"> The user is returned to the merchant environment after authentication<\/span><\/li>\n<\/ul>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">The aim is to create predictable authentication\u00a0behaviour\u00a0across Android and iOS environments. The earlier Mobile SDK models\u00a0tended\u00a0to vary depending on app frameworks, device security features, and individual implementation choices. The Default SDK is designed to reduce that variation.<\/span><\/p>\n<h2 style=\"text-align: left;\" aria-level=\"2\"><b><span data-contrast=\"none\">Why the transition is happening<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:200,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">Several industry trends influenced the move:<\/span><\/p>\n<ul style=\"text-align: left;\">\n<li><strong> Device-based authentication is now standard practice<\/strong>\n<ul>\n<li><span data-contrast=\"auto\">Modern devices have secure hardware-backed biometric capabilities. Authentication frameworks needed to align more closely with these system-level controls.<span data-ccp-props=\"{}\">\u00a0<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul style=\"text-align: left;\">\n<li><strong> More consistent handling of authentication signals isrequired<\/strong>\n<ul>\n<li><span data-contrast=\"auto\">Issuers use device and contextual information to inform step-up decisions. When signal quality varies, so do\u00a0authorisation\u00a0outcomes.<span data-ccp-props=\"{}\">\u00a0<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul style=\"text-align: left;\">\n<li><strong> Friction reduction is a priority<\/strong>\n<ul>\n<li><span data-contrast=\"auto\">Many\u00a0abandonment\u00a0issues stem from challenge flows that behave differently across mobile environments. A unified SDK helps improve predictability.<span data-ccp-props=\"{}\">\u00a0<\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">The Default SDK is designed to support these evolving authentication patterns rather than requiring workarounds or per-app adjustments.<\/span><\/p>\n<h2 style=\"text-align: left;\" aria-level=\"2\"><b><span data-contrast=\"none\">Impact on Issuers and ACS Implementations<\/span><\/b><\/h2>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">Standardising\u00a0the mobile authentication layer allows issuers and ACS providers to:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: left;\">\n<li><span data-contrast=\"auto\"> Use stronger device-bound authenticators more reliably<\/span><\/li>\n<li><span data-contrast=\"auto\"> Apply risk-based policies with clearer routing logic<\/span><\/li>\n<li><span data-contrast=\"auto\"> Reduce unnecessary step-up challenges in low-risk scenarios<\/span><\/li>\n<\/ul>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">When authentication\u00a0behaviour\u00a0is predictable, policy controls become easier to tune.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2 style=\"text-align: left;\" aria-level=\"2\"><b><span data-contrast=\"none\">Impact on Acquirers, Payment providers, and Gateways<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:200,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">Reliable mobile authentication data improves:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: left;\">\n<li><span data-contrast=\"auto\"> Frictionless approval rates<\/span><\/li>\n<li><span data-contrast=\"auto\"> Challenge success consistency<\/span><\/li>\n<li><span data-contrast=\"auto\"> Retrybehaviourin fallback cases<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">Since mobile checkout is now the primary channel for many merchants, predictable authentication outcomes support both security and revenue protection\u00a0objectives.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2 style=\"text-align: left;\" aria-level=\"2\"><b><span data-contrast=\"none\">Impact on Merchants and Product Teams<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:200,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">Merchants often interact with authentication through their payment provider rather than directly. The transition to the Default SDK may appear invisible at first, but it influences:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: left;\">\n<li><span data-contrast=\"auto\"> Checkout continuity between app and mobile browser flows<\/span><\/li>\n<li><span data-contrast=\"auto\"> How biometric authentication is surfaced to the user<\/span><\/li>\n<li><span data-contrast=\"auto\"> The frequency of step-up challenges<\/span><\/li>\n<\/ul>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">The result is more\u00a0consistent\u00a0user journeys and less unpredictability during payment completion.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2 style=\"text-align: left;\" aria-level=\"2\"><b><span data-contrast=\"none\">Key Elements to Review During the Transition<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:200,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">When planning or assessing readiness,\u00a0organisations\u00a0may review:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul style=\"text-align: left;\">\n<li><span data-contrast=\"auto\"> How the application currently handles device information and authentication prompts<\/span><\/li>\n<li><span data-contrast=\"auto\"> Return-to-merchant navigation patterns during OOB or biometrics flows<\/span><\/li>\n<li><span data-contrast=\"auto\"> Whether historical configuration influences challenge frequency<\/span><\/li>\n<li><span data-contrast=\"auto\"> Whether SDK data aligns with the latest Device Information specification<\/span><\/li>\n<\/ul>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">These are the\u00a0areas\u00a0most likely to affect both user experience and fraud decisioning.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2 style=\"text-align: left;\" aria-level=\"2\"><b><span data-contrast=\"none\">Looking Ahead<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:200,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h2>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">The shift from the Mobile SDK to the Default SDK aligns authentication with the current state of mobile security architecture. As more issuers adopt device-bound credentials, and as biometric authentication becomes the default confirmation method, the infrastructure supporting those interactions must be consistent and reliable.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p style=\"text-align: left;\"><span data-contrast=\"auto\">The Default SDK provides that foundation.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Mobile authentication has changed noticeably since the early days of EMV 3DS. The original Mobile SDK was designed at a time when device operating systems, app security frameworks, and authentication methods were developing at different speeds. As mobile transactions became the dominant channel for digital payments, behaviour fragmentation across platforms became more visible. The transition [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":2577,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2],"tags":[13,115,109],"class_list":["post-2573","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-article","tag-3ds2","tag-emvco","tag-sdk"],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/posts\/2573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/comments?post=2573"}],"version-history":[{"count":9,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/posts\/2573\/revisions"}],"predecessor-version":[{"id":2583,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/posts\/2573\/revisions\/2583"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/media\/2577"}],"wp:attachment":[{"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/media?parent=2573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/categories?post=2573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gpayments.com\/blog\/wp-json\/wp\/v2\/tags?post=2573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}