jpeck_api | Stripe Developers | Page 1

crude anvilBOT Apr 29, 2026, 8:22 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1499143900542144615

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

#

crystal flume Apr 29, 2026, 8:24 PM

#

Is it technically impossible to complete 3DS on an off_session card PI without user (card holder) input if we're using the 'any' strategy?
Setting request_three_d_secure to any on the payment intent requests that the bank require 3ds for the transaction

#

Makes no sense to do that for an off session transaction like this

#

especially if you already requested it with the setupintent

#

More info on what it means to do this: https://docs.stripe.com/payments/3d-secure/authentication-flow?platform=web

proven mantle Apr 29, 2026, 8:25 PM

#

Got it, thanks!
is the SetupIntent + MIT pattern considered equivalent security to re-authing (with 3DS) on each charge?

crystal flume Apr 29, 2026, 8:26 PM

#

I would say it's sufficient

#

I can't comment on whether it's equivalent

#

If the customer auths the setupintent with 3ds that means they're agreeing to future off-session transactions

#

Up to you on whether you want to require it for every transaction

#

But really it just adds unnecssary friction

proven mantle Apr 29, 2026, 8:27 PM

#

Fair. So what is Stripe doing with the 'automatic' strategy to allow off-session card payments?

crystal flume Apr 29, 2026, 8:27 PM

#

It's left up to the bank

#

If a future off session payment requires 3ds it's because the bank decided it needed it

proven mantle Apr 29, 2026, 8:29 PM

#

Got it. Would you say most of the times, in that case, the issuer/bank honors the MIT mandate?

crystal flume Apr 29, 2026, 8:29 PM

#

Usually yes

#

But 3ds can still happen

proven mantle Apr 29, 2026, 8:32 PM

#

So basically 'any' => always requests that the bank requires is and 'automatic' => up to the bank?

crystal flume Apr 29, 2026, 8:33 PM

#

Yeah you can read the doc here: https://docs.stripe.com/api/payment_intents/create#create_payment_intent-payment_method_options-card-request_three_d_secure

proven mantle Apr 29, 2026, 8:36 PM

#

perfect, thanks, was just looking at that. Can you tell me more about the "frictionless" flow mentioned in the any option there? It seems to always require user input anytime we use that option.

crystal flume Apr 29, 2026, 8:36 PM

#

The customer still needs to be online to use frictionless

proven mantle Apr 29, 2026, 8:37 PM

#

got it

crystal flume Apr 29, 2026, 8:37 PM

#

https://support.stripe.com/questions/frictionless-flow-for-charges-created-using-3d-secure-2-(3ds2)

proven mantle Apr 29, 2026, 8:37 PM

#

Okay, that's all I have for now. Basically confirms what we've concluded, just need an authoritative voice on it. Thanks so much for the quick response!

crystal flume Apr 29, 2026, 8:37 PM

#

No problem

#jpeck_api