Risk Manager 3D Secure (3DS) FAQ

Find answers to commonly asked questions about Risk Manager 3D Secure (3DS).

What is 3D Secure? 

3D Secure (3DS) is a standardized way of authenticating electronic card transactions. Enabling 3D Secure for online transactions can help protect your business from fraud chargeback liability. 

When 3DS is enabled, customers may be required to verify that they are authorized to use the card that is making the purchase, generally via one of two options:

How can I keep my business keep safe from fraud chargebacks?

What does this look like to my customers?

For many customers, 3D Secure will not visibly affect them at all. If their transaction is not flagged as risky or in need of verification by the card issuing bank, then the bank will approve the payment and it will be completed as usual, without any extra verification. 

However, if a payment meets the criteria to trigger 3D Secure, the seller will see one of the following:

1. A request for the one-time passcode sent via text message (SMS) or email.

2. A request for a biometric scan (fingerprint or face ID on their phone).

3. A redirection to their card-issuing bank.

While you can use Risk Manager to trigger calls to 3D Secure, Square does not control what the visual experience looks like for your customer. If your customer is experiencing issues completing their verification, please ask them to contact their card issuer for support.

How do I use 3DS with Risk Manager?

3D Secure is a feature that is now available to all sellers using Risk Manager. Here’s how to activate 3D Secure on payments: 

1. Go to Payments > Risk Manager from your online Square Dashboard.

2. Click Rules. 

3. Click Create rule.

   • If you receive a banner to update your APIs in order to enable 3D Secure rules, review our developer documentation page.

4. Under Select action, set your rule to Require 3D Secure. You can then set the location where the rule will apply, and the conditions when the rule will apply.

Only when a payment meets the criteria you set, will it be required to undergo 3D Secure verification.

Note: Payments initiated by sellers – such as in-person, manually entered transactions or mail-order/telephone orders – will not go through 3D Secure.

What are the benefits and risks of using 3D Secure?

While there are a lot of benefits to using 3D Secure, you want to make sure it’s the right thing for your business. Here are some benefits and risks:

Benefits

• Better fraud protection: With 3D Secure enabled, fraudsters have a more challenging time making fraudulent payments. Adding the extra verification makes it harder for a fraudster to make a payment because they’d have to have access to a card, as well as other personal information (e.g. phone number, facial ID, fingerprint).

Risks

• Increased issuer declines: There is the added possibility that card issuers may decline attempted payments they deem to be risky.

Risk Manager also offers other ways to manage your risk profile, including rule creation, blocking, allowing and alerts. We offer 3DS as an added choice to add to your fraud protection toolkit.

Am I responsible for chargebacks?

• If you have a 3D Secure rule enabled and a payment goes through because the issuing bank verified it, you are not responsible for covering a fraud chargeback (but may be responsible for other types of chargebacks).

Can I get 3D Secure? 

If you’d like more information on how to connect your Square online and in-app payments APIs to use 3D Secure, check out our developer documentation page.

Does 3D Secure cost extra? 

While different card issuers have different fees for 3D Secure, Risk Manager comes at no additional cost for payments accepted on Square Online, or through Square Online Checkout Links, regardless of if you use 3D Secure or not.