Skip to main content

Enable 3DS2 for Stripe gateway integration


Enable 3DS2 for Stripe gateway integration

3D Secure 2.0 (3DS2) is a widely recommended solution for strong customer authentication (SCA) under PSD2. The Stripe v2 gateway integration provides support for 3DS2 through the embedded iFrame of Payment Pages 2.0. 

To comply with PSD2 using 3DS2, the following updates are required:

  1. Enable 3DS2 for your Stripe merchant account.
  2. Configure the gateway instance.
  3. Configure 3DS2 settings in Payment Pages.

Then you can implement and use Payment Pages 2.0 as usual. See Payment Pages 2.0 implementation overview for more information.

The integration flow is identical to the Payment Pages without 3DS2, whereas the processing flow from the perspective of end customers is different from before. If end customers are challenged while transacting on your Payment Page, they will get held up on the challenge window before passing the validation. The callback page is displayed only when they are authenticated. A created payment method ID is also returned. 

If your customers failed the strong customer authentication, the [ThreeDs2_Authentication_Exception] error code and the actual error message are returned. The error code is common across all gateways, while the error message is gateway-specific.

Enable 3DS2 for merchant account 

Before configuring your Zuora tenant, you must enable several settings related to 3DS2 for your Stripe merchant account. Contact Stripe Support to enable these required settings.

Configure the gateway instance

Only the Stripe v2 version supports 3DS2. If you are using an earlier version of Stripe gateway integration, upgrade your gateway to this version. Contact Zuora Global Support to get access to Stripe v2.

Follow Configure the Stripe payment gateway to learn how to configure Stripe v2 gateway instances.

Configure 3DS2 settings in Payment Pages

When setting up a Payment Page, select the Enable 3D Secure 2.0 checkbox and select the created gateway instance from the Default Payment Gateway dropdown list. You can complete other settings as usual.

Payment Pages 2.0 configuration page for Stripe

Zuora recommends you to enable the CAPTCHA challenge feature so that you can limit the number of times end customers can attempt to submit the form after they fail the authentication. CAPTCHA challenge can be used with the 3DS2 feature to prevent potential bot attacks and reinforce the transaction security.

To enable CAPTCHA challenge, you should set a positive integer for both the Limit the number of submission before CAPTCHA Challenge and Limit the number of submission before blocking Submission fields when configuring the Payment Page.

Note: If you select a gateway integration that does not support 3DS2, the following error message is displayed when saving the Payment Page:

Gateway not support 3DS2 message

Credit Card Reference Transactions

If you are using the Credit Card Reference Transactions (Tokenization) payment methods through the existing Stripe v1 gateway, you must upgrade to Stripe v2. Otherwise, the payments using tokenized payment methods through Stripe might fail after September, 14.

Contact Zuora Global Support to get access to Stripe v2.

Direct POST

After completing the authentication and authorization outside Zuora, you need to pass through the credit card data along with several required fields for merchant initiated transactions (MITs) to Zuora through Direct POST. See Direct POST Form Fields for Payment Pages 2.0 for a full list of fields for 3DS2.

Specific to the Stripe gateway:

  • The field_mitNetworkTransactionId field corresponds to network_transaction_id you get from Stripe.
  • The field_mitGatewayToken1 corresponds to ds_transaction_id you get from Stripe. If ds_transaction_id is null, you can skip including this field.