Risk Manager 3D Secure (3DS) FAQ
Find answers to commonly asked questions about Risk Manager 3D Secure (3DS).
What is 3D Secure?
3D Secure (3DS) is a standardized way of authenticating electronic card transactions. Enabling 3D Secure for online transactions can help protect your business from fraud chargeback liability.
When 3DS is enabled, customers may be required to verify that they’re authorized to use the card that’s making the purchase, generally via one of two options:
For online payments, customers may be required to provide additional information in order to complete the transaction. Note: For online payments, chip and PIN transactions are not available.
For in-person payments, customers are able to use their chip cards. This chip and signature transaction allows the bank to verify the seller and removes responsibility for fraud chargebacks from the business.
How can I keep my business safe from fraud chargebacks?
If the customer is unable to verify that they’re the rightful cardholder, then they will not be able to complete the transaction. However, if the customer verifies that it really is them and that the payment is not fraudulent, then they can complete the transaction. If the transaction is completed and authorized through 3D Secure, the liability for fraud chargebacks then shifts from the seller to the card-issuing bank.
What does this look like to my customers?
For many customers, 3D Secure will not visibly affect them at all. If their transaction is not flagged as risky or in need of verification by the card issuing bank, then the bank will approve the payment and it will be completed as usual, without any extra verification.
However, if a payment meets the criteria to trigger 3D Secure, the seller will see one of the following:
A request for the one-time passcode sent via text message (SMS) or email.
A request for a biometric scan (fingerprint or face ID on their phone).
A redirection to their card-issuing bank.
Note: The card issuer determines if a payment looks suspicious and what the customer sees when a 3D Secure verification appears on their end.
While you can use Risk Manager to trigger calls to 3D Secure, Square does not control what the visual experience looks like for your customer. If your customer is experiencing issues completing their verification, please ask them to contact their card issuer for support.
How do I use 3DS with Risk Manager?
3D Secure is a feature that is now available to all sellers using Risk Manager. Here’s how to activate 3D Secure on payments:
Go to Payments > Risk Manager from your online Square Dashboard.
Click Create rule.
If you receive a banner to update your APIs in order to enable 3D Secure rules, review our developer documentation page.
Under Select action, set your rule to Require 3D Secure. You can then set the location where the rule will apply, and the conditions when the rule will apply.
Only when a payment meets the criteria you set, will it be required to undergo 3D Secure verification.
Note: Payments initiated by sellers – such as in-person, manually entered transactions or mail-order/telephone orders – will not go through 3D Secure.
What are the benefits and risks of using 3D Secure?
While there are a lot of benefits to using 3D Secure, you want to make sure it’s the right thing for your business. Here are some benefits and risks:
Better fraud protection: With 3D Secure enabled, fraudsters have a more challenging time making fraudulent payments. Adding the extra verification makes it harder for a fraudster to make a payment because they’d have to have access to a card, as well as other personal information (e.g. phone number, face ID, fingerprint).
Fraud chargeback protection: If a payment is 3D Secure verified and results in a fraud dispute, you as a seller are not held responsible. Note: If the dispute is non-fraud (a customer is unhappy with purchase, broken items, etc.), you may still be liable for the chargeback. You can protect yourself from these chargebacks by using Square Contracts.
Possible decreased payment completions: This depends on how the card issuer has designed their 3D Secure verification experience. If it’s an easy-to-use experience, customers may not be bothered. However, if it’s difficult to verify or understand, a customer may not attempt to complete the verification process and abandon the purchase altogether.
Increased issuer declines: There is the added possibility that card issuers may decline attempted payments they deem to be risky.
Risk Manager also offers other ways to manage your risk profile, including rule creation, blocking, allowing and alerts. We offer 3DS as an added choice to add to your fraud protection toolkit.
Am I responsible for chargebacks?
If you have a 3D Secure rule enabled and a payment does not invoke it due to a service outage, system failure or if a qualifying customer’s card-issuing bank does not have 3D Secure enabled, Square will cover the chargeback.
If you have a 3D Secure rule enabled and a payment goes through because the issuing bank verified it, you are not responsible for covering a fraud chargeback (but may be responsible for other types of chargebacks).
Can I get 3D Secure?
Most Square sellers using Risk Manager will be able to activate 3D Secure by simply creating a rule to enable 3D Secure. However, some sellers may need to update the integration on their website in order to enable 3D Secure.
If you’d like more information on how to connect your Square online and in-app payments APIs to use 3D Secure, check out our developer documentation page.
Does 3D Secure cost extra?
While different card issuers have different fees for 3D Secure, Risk Manager comes at no additional cost for payments accepted on Square Online, or through Square Online Checkout Links, regardless of if you use 3D Secure or not.
For any API transactions, Square eGift Cards or third-party integrations, Risk Manager is offered for free.