Home

Use 3D Secure with Square Risk Manager

Who is this article for?
Sellers and staff with the risk manager permission to configure risk manager settings. Set permissions in Square Dashboard.

About 3D Secure

Square 3D Secure (3DS) is a feature available to all sellers using Risk Manager – it’s a standardised way to authenticate electronic card transactions. Enabling 3DS when processing online transactions can help protect your business from fraud chargeback liability. When 3DS is enabled, customers may be required to verify that they are authorised to use the card that is making the purchase.

Risk Manager comes at no additional cost for online payments accepted on Square Online, or through Square Payment Links, regardless of if you use 3DS or not.
For any API transactions, Square eGift Cards or third-party integrations, Risk Manager is also offered for free.

Before you begin 

For many customers, Square 3D Secure will not visibly affect them at all. If their transaction is not flagged as risky or in need of verification by the card-issuing bank, then the bank will approve the payment and it will be completed as usual, without any extra verification. 

However, if a payment meets the criteria to trigger 3DS, Square sellers will see one of the following:

  • A request for the one-time passcode sent by text message (SMS) or email.

  • A request for a biometric scan (fingerprint or face ID on their phone).

  • A redirection to their card-issuing bank.

While you can use Risk Manager to trigger calls to 3D Secure, Square does not control what the visual experience looks like for your customer. If your customer is experiencing issues completing their verification, ask them to contact their card issuer for support.

The card issuer (Bank of America, US Bank, Wells Fargo, etc) determines if a payment looks suspicious and what the customer sees when a 3D Secure verification appears on their end.

Set up 3D Secure

Most Square sellers using Risk Manager will be able to activate 3D Secure by simply creating a rule to enable 3D Secure. However, some sellers may need to update the integration on their website in order to enable 3D Secure.

  1. Sign in to your Square Dashboard and click Payments > Risk Manager > Rules > Create rule.

    • If you receive a banner to update your APIs in order to enable 3D Secure rules, review our Strong Customer Authentication page via Square Developer docs.

  2. Under Select action, set your rule to Require 3D Secure. You can then set the location where the rule will apply, and the conditions when the rule will apply.

Only when a payment meets the criteria you set, will it be required to undergo 3D Secure verification. Payments initiated by sellers – such as in-person, manually entered transactions or postal/telephone orders – will not go through 3D Secure.

Disputes with 3D Secure

If you have a 3D Secure rule enabled and a payment does not invoke it due to a service outage, system failure or if a qualifying customer’s card-issuing bank does not have 3D Secure enabled, Square will cover the dispute, also known as a chargeback.

If you have a 3D Secure rule enabled and a payment goes through because the issuing bank verified it, you are not responsible for covering a fraud chargeback (but may be responsible for other types of disputes).

If the customer is unable to verify that they are the rightful cardholder, then they will not be able to complete the transaction. However, if the customer verifies that it really is them and that the payment is not fraudulent, then they can complete the transaction. If the transaction is completed and authorised through 3D Secure, the liability for fraud chargebacks then shifts from the seller to the card-issuing bank.

Benefits and risks of 3D Secure

While there are a lot of benefits to using 3D Secure, you want to make sure it’s the right thing for your business. Here are some benefits and risks:

Benefits

  • Better fraud protection: With 3D Secure enabled, fraudsters have a more challenging time making fraudulent payments. Adding the additional verification makes it harder for a fraudster to make a payment because they’d have to have access to a card, as well as other personal information (eg phone number, face ID, fingerprint).
  • Fraud chargeback protection: If a payment is 3D Secure verified and results in a fraud dispute, you as a seller are not held responsible.
    • If the dispute is non-fraud (a customer is unhappy with purchase, broken items, etc), you may still be liable for the chargeback. You can protect yourself from these chargebacks by using Square Contracts.

Risks

  • Possible decreased payment completions: This depends on how the card issuer has designed their 3D Secure verification experience. If it is an easy to use experience, customers may not be bothered. However, if it is difficult to verify or understand, a customer may not attempt to complete the verification process and abandon the purchase altogether.
  • Increased issuer declines: There is the added possibility that card issuers may decline attempted payments they deem to be risky.
You also have access to Set up Square Risk Manager, including rule creation, blocking, allowing and alerts. We offer 3DS as an added choice to add to your fraud protection toolkit.

Disclaimer: Although this tool is designed to help prevent payment disputes, the risk of a payment dispute is present with all card payments. Sellers will continue to be liable for all payments they accept and the disputes they receive. Square is not assuming liability for payments, regardless of the risk evaluation that is delivered.

Related articles

Can't find what you need?