Card payments in Malaysia are subject to authentication using 3D Secure, which introduces an extra layer of security for customers making purchases online. To avoid an increase in declines when transacting with Malaysian cardholders, you might need to make integration changes.
Stripe Checkout supports payment authentication out the gate. If you’re using the Charges API, which does not support authentication, you will need to make changes to your integration. The Payment Intents API and Setup Intents API both support authentication, however you need to ensure your integration can handle the `requires_action` state as this will prompt your customers to authenticate their payments. If you’re not sure if your integration can handle authentication or are receiving a large amount of declines due to `authentication_required`, we recommend testing your integration with our 3D Secure authentication test cards.
As a payment service provider, Stripe aims to keep bad actors out of the payment ecosystem and deter fraudulent activities that impact both our users and their customers. As online scams/fraudulent activities are reportedly on the riseA in Malaysia, Stripe has taken precautionary steps to enhance the mitigation measures, such as requesting customer authentication when a suspicious payment activity is detected. Stripe’s enhanced efforts to deter fraudulent activities are in line with Malaysia’s regulatory expectations of payment service providers, and aims to mitigate the impact of fraudulent transactions.
3D Secure, or 3DS for short, is an authentication protocol used to add an extra layer of security to online transactions. When a transaction is authenticated using 3DS, liability for any fraudulent activity shifts to the issuing bank. This additional security comes with a tradeoff, namely an extra step during the checkout flow.
Yes, the Charges API V1 does not support authentication, so you will need to migrate to the Payment Intents API. It is important to test your integration to ensure it can handle authentication requests. Otherwise you will see an increase in declined payments with error code `authentication_required`.
The Payment Intents API and Setup Intents API both support authentication, however you need to ensure your integration can handle the `requires_action` state as this will prompt your customers to authenticate their payments.
If you are not sure, we recommend testing your integration with our 3D Secure authentication test cards to get the best understanding of the path forward.