If you offer iDEAL in your app and are experiencing problems or are receiving customer complaints with regard to redirects to (some) of the iDEAL Issuers, please make sure that you do not redirect the user to the IssuerAuthenticationURL redirect URL by opening it in an in-app browser. This is not allowed as it will not only break your iDEAL payment flow, but also creates security issues. You should offer the IssuerAuthenticationURL redirect URL to the operating system of the mobile device of your user or make use of Chrome Custom Tabs (Android) or SafariViewController (iOS). For more detailed information, please refer to below passage from the iDEAL implementaton guidelines 10.3
When you as a merchant have an app in which you offer iDEAL as a payment option, specifically mind the following aspects regarding the Issuer redirect:
The consumer must be able to check the URL and https “lock” icon of the Issuer webpages at all times
The browser in which the redirect to the Issuer takes place, must be securely safeguarded for the Merchant (the Merchant should not be able to eavesdrop on user typing
The browser, in which the redirect to the Issuer takes place, must be able to open bank-apps (app schemes like “bank://ideal/12392”).
To be able to comply to the above requirements, we strongly advise you to always offer the
IssuerAuthenticationURLredirect URL to the operating system of the mobile device. As a result, the
IssuerAuthenticationURLredirect URL will be opened within the browser of choice of the user or directly in the bank-app
It is strictly forbidden to make use of custom made in-app browsers for the redirect to the Issuer, because by doing this the above requirements are not complied to!
In case you chose to make use of an in-app browser for opening the IssuerauthenticationURL, you must make use
of forfor Apple iOS and Chrome Custom Tabs for Android, so that you comply to the above requirements.