GuidesAPI ReferenceSupport
Guides

3D Secure for Stripe Processing

Suggest Edits

What is 3DS

Card networks have an authentication system known as 3D Secure (3DS) that can be used as an extra verification step to authorize online payments. This consists of directing your customer to a URL to perform a verification step before the payment will be authorized.

3DS is increasingly becoming a standard for online Credit Card transactions to combat fraud. Adding the 3DS flow to your integration is highly recommended if you accept online payments. If 3DS is not supported, any 3DS challenges that are encountered will result in an automatic failure.

{  
  "outcome": {
    "result": "failed",
  	"code": "4040",
  	"description": "Payment Flow Not Supported. Try a different payment method."
  }
}

Add 3DS Support

To participate in 3DS you must pass the return_url parameter when creating a sale with the API. Only include a return_url if the customer is in your checkout process and is available to complete 3DS.

Card Transaction Sale Request (transact/card/sale)

{
  "...",
  "return_url": "https://redirect.to"
}

Transaction Sale Request (transact/sale)

{
  
  "payment_method": {
    "card": {
     "..."
    }
  },
  "options": {
    "card": {
      "...",
      "return_url": "https://redirect.to"
    }
  },
  "..."  
}

3DS API Response

When 3DS is required, an API response will note it:

{
  "next_action": {
    "redirect": {
      "url": "https://redirect.to"
    }
  },
  "outcome": {
    "result": "success",
  	"code": "5000",
  	"description": "Requires Action"
  }
}

If you receive a code of 5000, you will need to check the next_action property for next steps. For 3DS, the next step is to take your customer to the redirect.url. It is recommended that this URL be shown using a modal inside an iframe.

Once the customer has verified the payment, they will be returned to the return_url that was provided in the initial sale call. The transaction_id will be included as a query parameter upon redirecting.

Upon being redirected to your return_url be sure to retrieve the transaction and process the result.

Testing

Currently, 3DS is only supported for merchants processing on Stripe. Use the credit card number 4000000000003220 to trigger a 3DS challenge.

Updated 5 months ago