Did you have any success solving this issue at all? I have a store located in Slovakia and we are using Stripe for card payments as well and 3DS is not triggered (no authentication required) when our customers are paying with card. We already had few customers complaining about this. Would be great if Shopify could provide any solution to this. In the meantime any advice?
Hi Eva_C, no unfortunately I haven't yet. As you might expect, when I contacted Shopify again and quoted the EU regulation to them, they told me this:
As for the additional information or explanation on the laws and how Stripe’s configuration fits. We can’t give legal advice, so we can’t really fully explain that part.
I don't want to provide you any information that might be false or mislead you in anyway especially regarding something as sensitive as this one. For Stripe and its configuration fits on your local laws and or practices, what I can suggest is to reach out to Stripe per se since they're the best to ask about their product as well.
I emailed back that I found this completely astonishing, as since they advise us to use Stripe as their preferred partner, and since Shopify documentation all says that if we use Stripe then we will be compliant, then it is definitely their responsibility to ensure that it does comply! I told them that the EU is not some tiny country with strange "local laws" as this ignorant email seems to imply, and they should be liaising with Stripe to make sure that it does. Of course I got no answer to this. So I will be contacting Stripe again soon to try and sort this out. I would suggest that you do the same - the more people complain, the more likely it is that they will listen.
Hi @jtdesign @YH14 @swim @Eva_C My name is Lynn from Oceanpayment which you can find our company name in the list of payment providers.https://www.oceanpayment.com/
I have read through all your conversations. Oceanpayment can definitely help you with the 3DS in your online payment getaway. please send me an email firstname.lastname@example.org
I can arrange our team to have a phone meeting with you with all your questions.
Looking forward to your emails.
Lynn WANG - Oceanpayment
Hi @YH14 , thank you so much for more information about current state of this issue. Wow that reply from Shopify is truly astonishing and very dissapointing. We swapped Braintree for Stripe exactly for the same reason that this will get us compliant with PSD2. I will definitely get in touch with Stripe as well, as we are probably going to drop their services if this won't get resolved. We are most likely going back to Braintree, which is cheaper for us and with the same end result (having no 3DS authentification, even though they provide it outside shopify) and probably have to use the services of Cardinal Commerce (a 3rd party 3DS provider) which will set us back at least another 20$ a month.
I really hope both Shopify and Stripe start listening to their customers and work this out, because right now this is all very messed up. If you ever get to any workable solution, please don't hesitate to update this thread.
Hi Eva, I will definitely let you know. And I should clarify also, according to previous emails that I've exchanged with both Shopify and Stripe over this - it is a little misleading to say that Stripe does not support 3DS, as it does. If you read through all the Stripe documentation on their website, it explains that the model that we are talking about (the extra layer of authentication by the customer) is 3DS1, but they have now updated to 3DS2. This allows more data to be sent to the bank when the payment is made and to determine if the payment is authentic or not, without requiring the customer to input more information. It is supposed to speed up the checkout experience.
That is all fine, however, that is not what the wording of the EU directive says - it says that this extra layer of authentification needs to be there. And also if you look at all the code data attached to individual payments, you will see that 3DS is mentioned. However, in all the payments I've looked at, it always says "three-d-secure: null". So this to me means that 3DS has not been triggred on any of these payments. I need to clarify with Stripe why not.