From the documentation here: 3D Secure Overview
(We only operate in non-SCA-mandated markets)
Can we opt into 3DS in Risk Manager via a custom rule or just on a location basis?
Also, if 3DS is opted into via Risk Manager, will a 3DS verification token/flow be required for payment success even if verifyBuyer
is not called? I am wondering about a situation where we would want/ require a 3DS flow… but a fraudulent user removes the client-side verifyBuyer
invocation, we would want this transaction to fail obviously, but as the verification_token
is not mandatory when posting through the Payment API… it seems the transaction would succeed still be processed just as a non-3DS transaction