How can US merchants set up 3D secure in Shopify Pay?

Payments + Shipping & Fulfilment

Topic summary

Issue: A US merchant wants reliable 3D Secure (3DS) on Shopify Payments, including the ability to force 3DS on high-value orders and to see clear proof (e.g., liability shift) on each order.

Shopify’s stance: 3DS is enabled by default on Shopify Payments and is triggered by the card issuer when required. Shopify supports 3DS 1.0 and 2.0; authentication flow varies by bank (SCA: Strong Customer Authentication). A “3D Secure Authentication” card should appear on the order if used. Cardinal (a 3DS provider) is only supported for EEA/UK with third‑party gateways.

Merchant experience: No visible 3DS indicator on orders; risk ratings (e.g., “medium,” “low”) don’t confirm 3DS or liability shift. Transaction metadata often shows three_d_secure = nil. One “low risk” order resulted in a chargeback, fueling concern 3DS wasn’t applied. The merchant reports that Summer 2023 updates didn’t add the needed controls/visibility and moved to WooCommerce, where 3DS v2 worked (except for Amex).

Other input: A community workaround suggests switching country to India to enable Stripe, then back to USA, and using Stripe Radar rules; this appears unofficial.

Status: Unresolved. Key gaps: how US merchants can verify 3DS per order, obtain liability shift details, or enforce 3DS by threshold.

Summarized with AI on December 22. AI used: gpt-5.
3

As a follow up, I have been using Shopify Payments for a few weeks now. My opinion is that either 3DS support does not exist in Shopify or it is not being communicated in any way to merchants. As an example, we received an order today that suggests that it may be fraudulent. The Shopify portal states “this order is medium risk”. What the hell? This doesn’t help. The only relevant thing is whether the payment is 3DS compliant. Unfortunately, Shopify does not provide ANY indication whether the order meets 3DS authentication requirements. If it did, I would know whether I could fulfill the order with confidence. Now because Shopify does such a poor job of communicating about 3DS I must cancel the order and potentially I just lost a large sale.

As a reference, here is what other payment providers give to validate 3DS (where is this information in a Shopify pay transaction)? The key point here is the Liability shifted = TRUE.

3D Secure InformationEnrolled Enrolled (Y) Status Authenticate successful 3DS Version 1.0.2 Challenge Requested f Exemption Requested f Liability Shifted true Liability Shift Possible true CAVV AAACfderw3221GEK7PIt4= XID R0ZFMkFXRHIygsg3423m5pZDA= ECI Flag 05

Trevor’s post above indicates that an order will have a message stating if your customer has purchased using 3D secure, then you will see a card on the order page on the right side called 3D Secure Authentication, This card does not exist.

Update: As an update to this post, I was able to dig and find some information about the transactions. It appears to me that Shopify does NOT support 3DS for US merchants. If you are considering using Shopify and have products that are high risk for fraud, you might want to look elsewhere. I migrated to Shopify because I was given false information here. I wish I hadn’t even gotten on with Shopify.

Here is the information from the transaction: I assume the three_d_secure = nil means that 3D Secure is not used. I verified that this is the case for most of my store transactions. if i am somehow reading this wrong, please feel free to correct me.

“three_d_secure”=>nil, “wallet”=>nil}, “type”=>“card”}

1 Like