We have deprecated the Radar rule “Request 3D Secure if 3D Secure is required,” which was previously enabled by default on some Stripe accounts. This legacy rule is no longer necessary and was triggering 3D Secure (3DS) requests based on an outdated list of BINs. Stripe continues to automatically request 3DS authentication whenever it’s required by card issuers or regulations, even when this rule is off.

What’s changing?

The “Request 3D Secure if 3D Secure is required” rule is deprecated. If this rule is still active on your account, it will no longer match any payments.

Why are we making this change?

Stripe now automatically handles 3DS requirements more accurately through direct processing of soft decline responses from card issuers and built-in compliance with regulatory requirements (such as Strong Customer Authentication under PSD2). This approach is more precise than the legacy rule, which sometimes requested 3DS authentication even when it wasn’t required.

Do I need to take any action?

No action is required. Stripe will continue to automatically request 3DS authentication whenever it’s required by the issuing bank or necessary for regulatory compliance.

Read more about 3D Secure authentication.