As a follow up, I have been using Shopify Payments for a few weeks now. My opinion is that either 3DS support does not exist in Shopify or it is not being communicated in any way to merchants. As an example, we received an order today that suggests that it may be fraudulent. The Shopify portal states “this order is medium risk”. What the hell? This doesn’t help. The only relevant thing is whether the payment is 3DS compliant. Unfortunately, Shopify does not provide ANY indication whether the order meets 3DS authentication requirements. If it did, I would know whether I could fulfill the order with confidence. Now because Shopify does such a poor job of communicating about 3DS I must cancel the order and potentially I just lost a large sale.
As a reference, here is what other payment providers give to validate 3DS (where is this information in a Shopify pay transaction)? The key point here is the Liability shifted = TRUE.
3D Secure InformationEnrolled Enrolled (Y) Status Authenticate successful 3DS Version 1.0.2 Challenge Requested f Exemption Requested f Liability Shifted true Liability Shift Possible true CAVV AAACfderw3221GEK7PIt4= XID R0ZFMkFXRHIygsg3423m5pZDA= ECI Flag 05
Trevor’s post above indicates that an order will have a message stating if your customer has purchased using 3D secure, then you will see a card on the order page on the right side called 3D Secure Authentication, This card does not exist.
Update: As an update to this post, I was able to dig and find some information about the transactions. It appears to me that Shopify does NOT support 3DS for US merchants. If you are considering using Shopify and have products that are high risk for fraud, you might want to look elsewhere. I migrated to Shopify because I was given false information here. I wish I hadn’t even gotten on with Shopify.
Here is the information from the transaction: I assume the three_d_secure = nil means that 3D Secure is not used. I verified that this is the case for most of my store transactions. if i am somehow reading this wrong, please feel free to correct me.
“three_d_secure”=>nil, “wallet”=>nil}, “type”=>“card”}