/stripe-guides

How to disable 3D Secure in Stripe?

Learn how to disable 3D Secure in Stripe, including API and dashboard steps, regional limitations, and security considerations. Guide for developers and merchants.

Book a free  consultation
Matt Graham, CEO of Rapid Developers

Book a call with an Expert

Starting a new venture? Need to upgrade your web app? RapidDev builds application with your growth in mind.

Book a free consultation

How to disable 3D Secure in Stripe?

How to Disable 3D Secure in Stripe

 

Introduction

 

3D Secure (3DS) is an authentication protocol designed to provide an additional layer of security for online credit and debit card transactions. While Stripe generally recommends using 3D Secure to reduce fraud and liability, there may be cases where you want to disable it for specific transactions. This tutorial provides a comprehensive guide on how to disable 3D Secure in Stripe.

 

Step 1: Understand 3D Secure in Stripe

 

Before disabling 3D Secure, it's important to understand that Stripe's approach to 3DS is dynamic:

  • By default, Stripe uses dynamic 3D Secure that only triggers when necessary.
  • Complete disabling of 3DS might increase your risk of fraud and chargebacks.
  • In the European Economic Area (EEA), Strong Customer Authentication (SCA) regulations may require 3DS regardless of your settings.

 

Step 2: Access Your Stripe Dashboard

 

First, log in to your Stripe account:

  • Go to https://dashboard.stripe.com
  • Enter your credentials to access your dashboard

 

Step 3: Configure 3D Secure Settings in the Dashboard

 

For basic configuration through the dashboard:

  • Navigate to Payments → Settings
  • Look for "3D Secure" or "Authentication" settings
  • Select the option to disable automatic 3D Secure

Note that dashboard options may vary based on your region due to regulatory requirements.

 

Step 4: Disable 3D Secure Using the API

 

The most reliable way to disable 3D Secure is through the API when creating PaymentIntents. Here's how to do it:


const stripe = require('stripe')('sk_test_YOUR_SECRET_KEY');

const paymentIntent = await stripe.paymentIntents.create({
  amount: 1000, // Amount in cents
  currency: 'usd',
  payment_method_types: ['card'],
  // This is where we disable 3D Secure
  payment_method_options: {
    card: {
      request_three_d\_secure: 'never'
    }
  }
});

The key parameter here is request_three_d_secure: 'never', which tells Stripe to never request 3D Secure for this payment intent.

 

Step 5: Implement in Different Programming Languages

 

Python Implementation:


import stripe
stripe.api_key = "sk_test_YOUR_SECRET\_KEY"

payment\_intent = stripe.PaymentIntent.create(
  amount=1000,
  currency="usd",
  payment_method_types=["card"],
  payment_method_options={
    "card": {
      "request_three_d\_secure": "never"
    }
  }
)

PHP Implementation:


 1000,
  'currency' => 'usd',
  'payment_method_types' => ['card'],
  'payment_method_options' => [
    'card' => [
      'request_three_d\_secure' => 'never'
    ]
  ]
]);
?>

Ruby Implementation:


require 'stripe'
Stripe.api_key = 'sk_test_YOUR_SECRET\_KEY'

payment\_intent = Stripe::PaymentIntent.create({
  amount: 1000,
  currency: 'usd',
  payment_method_types: ['card'],
  payment_method_options: {
    card: {
      request_three_d\_secure: 'never'
    }
  }
})

 

Step 6: Implement with Stripe.js and Elements

 

When using Stripe.js to create Payment Intents on the frontend, you'll need to configure the backend to disable 3D Secure, then use the client secret in your frontend code:


// Backend: Create a PaymentIntent with 3D Secure disabled
const paymentIntent = await stripe.paymentIntents.create({
  amount: 1000,
  currency: 'usd',
  payment_method_options: {
    card: {
      request_three_d\_secure: 'never'
    }
  }
});

// Send the client\_secret to the frontend

Then in your frontend JavaScript:


// Initialize Stripe.js
const stripe = Stripe('pk_test_YOUR_PUBLISHABLE_KEY');
const elements = stripe.elements();

// Create card element
const card = elements.create('card');
card.mount('#card-element');

// Handle form submission
const form = document.getElementById('payment-form');
form.addEventListener('submit', async (event) => {
  event.preventDefault();
  
  const {error, paymentMethod} = await stripe.createPaymentMethod({
    type: 'card',
    card: card,
  });
  
  if (error) {
    // Handle error
    console.error(error);
  } else {
    // Confirm the PaymentIntent with the payment method
    const {error, paymentIntent} = await stripe.confirmCardPayment(
      clientSecret, // Received from your server
      {
        payment\_method: paymentMethod.id
      }
    );
    
    if (error) {
      // Handle error
      console.error(error);
    } else if (paymentIntent.status === 'succeeded') {
      // Payment succeeded
      console.log('Payment successful!');
    }
  }
});

 

Step 7: Understand Regional Limitations

 

It's crucial to understand that in certain regions, particularly in the European Economic Area (EEA) under Strong Customer Authentication (SCA) regulations, you cannot completely disable 3D Secure:

  • In the EEA, payments that fall under SCA will require 3D Secure regardless of your settings
  • For European cards, setting `request_three_d_secure: 'never'` will be ignored for transactions that require SCA
  • Consider using exemptions where possible instead of trying to disable 3DS completely

 

Step 8: Use Payment Method Options for Specific Scenarios

 

For more granular control, you can configure 3D Secure behavior based on specific scenarios:


const paymentIntent = await stripe.paymentIntents.create({
  amount: 1000,
  currency: 'usd',
  payment_method_types: ['card'],
  payment_method_options: {
    card: {
      request_three_d\_secure: 'any',  // 'any', 'automatic', or 'never'
      three_d_secure: {
        version: '2.0.0'  // Specify 3DS version
      }
    }
  }
});

The available options for request_three_d_secure are:

  • 'automatic': Stripe decides when to use 3D Secure (default)
  • 'any': Always use 3D Secure when available
  • 'never': Never use 3D Secure unless required by regulation

 

Step 9: Test Your Implementation

 

Before going live, test your implementation thoroughly:

  • Use Stripe's test cards to simulate different scenarios
  • For testing 3D Secure specifically, use card number 4000 0000 0000 3220 (requires 3DS) and 4242 4242 4242 4242 (doesn't require 3DS)
  • Verify that 3D Secure is actually disabled for transactions where it's not mandated

// Test card that triggers 3DS
const testCard3DS = {
  number: '4000 0000 0000 3220',
  exp\_month: 12,
  exp\_year: 2025,
  cvc: '123'
};

// Test card that doesn't trigger 3DS
const testCardNo3DS = {
  number: '4242 4242 4242 4242',
  exp\_month: 12,
  exp\_year: 2025,
  cvc: '123'
};

 

Step 10: Monitor and Adjust Your Settings

 

After implementation, monitor your payment success rates and fraud levels:

  • Regularly review your Stripe Dashboard for declined payments
  • Check if disabling 3D Secure has affected your chargeback rates
  • Be prepared to re-enable 3D Secure if you notice increased fraud

 

Conclusion

 

Disabling 3D Secure in Stripe is possible through API configuration, but it comes with important caveats, especially regarding regional regulations. Always consider the security implications and regulatory requirements before disabling this additional layer of protection. For most merchants, Stripe's dynamic 3DS approach (the default setting) offers the best balance between security and user experience.

Want to explore opportunities to work with us?

Connect with our team to unlock the full potential of no-code solutions with a no-commitment consultation!

Book a Free Consultation

Client trust and success are our top priorities

When it comes to serving you, we sweat the little things. That’s why our work makes a big impact.

Rapid Dev was an exceptional project management organization and the best development collaborators I've had the pleasure of working with. They do complex work on extremely fast timelines and effectively manage the testing and pre-launch process to deliver the best possible product. I'm extremely impressed with their execution ability.

CPO, Praction - Arkady Sokolov

May 2, 2023

Working with Matt was comparable to having another co-founder on the team, but without the commitment or cost. He has a strategic mindset and willing to change the scope of the project in real time based on the needs of the client. A true strategic thought partner!

Co-Founder, Arc - Donald Muir

Dec 27, 2022

Rapid Dev are 10/10, excellent communicators - the best I've ever encountered in the tech dev space. They always go the extra mile, they genuinely care, they respond quickly, they're flexible, adaptable and their enthusiasm is amazing.

Co-CEO, Grantify - Mat Westergreen-Thorne

Oct 15, 2022

Rapid Dev is an excellent developer for no-code and low-code solutions.
We’ve had great success since launching the platform in November 2023. In a few months, we’ve gained over 1,000 new active users. We’ve also secured several dozen bookings on the platform and seen about 70% new user month-over-month growth since the launch.

Co-Founder, Church Real Estate Marketplace - Emmanuel Brown

May 1, 2024 

Matt’s dedication to executing our vision and his commitment to the project deadline were impressive. 
This was such a specific project, and Matt really delivered. We worked with a really fast turnaround, and he always delivered. The site was a perfect prop for us!

Production Manager, Media Production Company - Samantha Fekete

Sep 23, 2022