Stripe - 3D Secure Authentication

The following is only supported for Stripe Processing

What is 3DS

Card networks have an authentication system known as 3D Secure (3DS) that can be used as an extra verification step to authorize online payments. This consists of directing your customer to a URL to perform a verification step before the payment will be authorized.

3DS is increasingly becoming a standard for online Credit Card transactions to combat fraud. Adding the 3DS flow to your integration is highly recommended if you accept online payments. If 3DS is not supported, any 3DS challenges that are encountered will result in an automatic failure.

{  
  "FailureData": {
    "Code": "4040",
    "Description": "Requested Function Not Supported",
    "MerchantActionText": "Try a different payment method",
    "IsDecline": false
  },
}

Add 3DS Support

To participate in 3DS you must pass the ReturnUrl parameter when creating a payment with API 4.0. Only include a ReturnUrl if the customer is in your checkout process and is available to complete 3DS.

Payment Request (v4/payment)

{
  "...",
  "ReturnUrl": "https://redirect.to"
}

3DS API Response

When 3DS is required, an API response will note it:

{
  "Status": "RequiresAction",
  "RedirectUrl": "https://redirect.to"
}

If you receive a status of RequiresAction, your customer will need to complete an additional step to complete the payment. For 3DS, the next step is to take your customer to the RedirectUrl. It is recommended that this URL be shown using a modal inside an iframe.

Once the customer has verified the payment, they will be returned to the ReturnUrl that was provided in the initial payment call. The payment_id will be included as a query parameter upon redirecting.

Upon being redirected to your ReturnUrl, be sure to retrieve the payment using the payment_id query parameter and process the result.

Testing

Currently, 3DS is only supported for merchants processing on Stripe. Use the credit card number 4000000000003220 to trigger a 3DS challenge.