From the documentation here: 3D Secure Overview
(We only operate in non-SCA-mandated markets)
Can we opt into 3DS in Risk Manager via a custom rule or just on a location basis?
Also, if 3DS is opted into via Risk Manager, will a 3DS verification token/flow be required for payment success even if
verifyBuyer is not called? I am wondering about a situation where we would want/ require a 3DS flow… but a fraudulent user removes the client-side
verifyBuyer invocation, we would want this transaction to fail obviously, but as the
verification_token is not mandatory when posting through the Payment API… it seems the transaction would succeed still be processed just as a non-3DS transaction