Skip to content

    Flexible 3DS Rules

    Flexible 3d secure (3ds) is a feature that allows the merchant to define rules when to use credit card 3ds authentication. Creating flexible 3ds rules is available for all credit card brands offered by the Payengine.

    3DS settings

    3ds is enabled by default for credit cards by the Payengine's account managers or admins. It is separately set for every card, and every card's entry mode. You can check the current values of the option in Merchant Center → Payment methods → Credit Card Options view.



    The flexible 3ds rules will only apply when a transaction reaches the 3ds flow according to the active settings.
    If no flexible 3ds rules are defined the 3ds processing will be done according to the main settings defined.

    3ds flows

    • Always - Always authenticate with 3ds - requires patch of verification (cvc)
    • For initial transactions - Require 3ds authentication only for initial transactions depends of flexible rules.
    • Never - Do not require 3ds authentication

    Flexible Rules

    Flexible 3ds rules can be defined based on transaction parameters in order to trigger or skip the 3ds authentication.

    How to define

    The flexible 3ds rules can be defined from the Merchant Center's "Risk Settings" section under "Flexible 3ds".


    Rules criteria

    Тhere are several criteria, the combination of which creates a 3ds rule.

    • when to require rule (ALWAYS or NEVER)
    • card Issuer Country
    • amount comparison (GREATER or LESS )
    • transaction amount (in smallest currency unit, e.g. cents)
    • currency of the transaction

    Filled amount must be in smallest currency unit (e.g. cents, NOT in EUR)


    Example 1

    If the merchant intends to reduce friction for some of his customers with cards issued in Germany who are doing orders with low amounts, a rule can be defined as follows:


    This rule means that if there is an order with a card which issuing country is German (DE) and the order amount is less than 2 EUR (200 cents), then the 3ds process will be never required.

    Example 2

    A more complex example may define some inclusion and exclusion techniques as follows:


    These three rules will be executed consecutively. When a rule applies then it's result (ALWAYS, NEVER) will be taken into account for the processing of the order and corresponding 3ds authentication.

    This way with the above-mentioned example a transaction with a German (DE) card for more than 2 EUR (200 cents) will always require a 3ds, while orders from a USA (US) card for less than 10 EUR(1000 cents) or transactions from a card of any other issuing country for less than 4 EUR (400 cents) will never require 3ds.

    Tracking Rules Application

    All credit card orders contain a property flexibleThreeDS under their meta object. This property indicates whether a rule was hit or not and what is the result. It is available via both API and Merchant Center.

    Flexible 3DS possible values

    The following three value options can be returned in the Flexible 3DS property.

    • 3DS offered without applying any Flexible 3DS Risk Rules
    • 3DS offered based on riskcard #: [riskcard identifier]
    • e.g. "3DS offered based on riskcard #: RiskCard-f4c8feb0-b028-4c8f-9ad9-d764e28cdde3"
    • 3DS not offered based on riskcard #: [riskcard identifier]

    Code Example:

    Code Sample - Values

        "createdAt": 1545049075692,
        "modifiedAt": 1545049075826,
        "merchantId": "Merchant-11111111-1111-1111-1111-111111111111",

    Was this helpful?

    What was your feeling about it?