Skip to main content

Overview

Secure Fields supports two distinct 3-D Secure approaches: a Native implementation you build and control, and a Hosted solution managed by Gr4vy. Both support Dynamic 3-D Secure configuration via Flow rules.

Choose your approach

Hosted 3DS Solution

Learn how to use the hosted 3DS solution with Secure Fields.

Native 3DS implementation

Prerequisites

Native 3DS requires merchant account-level 3-D Secure configuration to be set up. This is different from the per-connection setup and must be enabled before using the native implementation.

Merchant account-level configuration

Follow the setup guide to configure 3DS at the merchant account level.

How it works

Native 3DS automatically handles all device fingerprinting requirements, including collecting the device’s IP address, user agent, and other authentication metadata needed for 3-D Secure compliance. You don’t need to manually collect or pass this data—the implementation handles it transparently.

Limitations & Considerations

When you use native 3DS with Secure Fields, it is important to pass the transaction context (for example, metadata, merchant_initiated, or cart_items) when you create the Checkout Session. As native 3DS runs before transaction creation, so this context must already be present at session creation time to find the right 3DS profile, as well as take into consideration any flow rules. Additionally, it’s important to note that the system runs 3DS Flow rules at the time of the enrollment check, which is run at the time of submitting Secure Fields. Currently, this Flow rule check doesn’t support anti-fraud checks as these are currently tied to a transactions, though there are plans to add this in the near future.

Initialization

There are two ways to initialize the native 3-D Secure component: as a React component or through the vanilla JavaScript API (in Node or CDN scenarios). The property challengeWindowSize controls the size of the challenge window and can be set to the following values:
The examples use a <dialog> as the container for the 3-D Secure UI, but any container can be used.

Showing the 3-D Secure UI

With the 3-D Secure start callback, the 3-D Secure process start can be detected, allowing the container UI to be displayed.

Receiving the 3-D Secure result

With the 3-D Secure finish callback, the 3-D Secure process finish can be detected, allowing any UI element that was shown during the process to be dismissed and the outcome of the process to be received.
These are the arguments received by the 3-D Secure finish callback: The authentication object contains the following properties:

After authentication

Once you receive the 3-D Secure authentication result, you can determine whether authentication was attempted and whether it was successful. You can then proceed to create a transaction regardless of the outcome. The authentication object provides the following key signals:
  • attempted: Whether the authentication process was initiated
  • timed_out: Whether the authentication timed out before completing
  • user_cancelled: Whether the user dismissed the challenge
  • transaction_status: The final result ("Y" = success, "N" = failed, null = unknown)
Based on these values, you can decide to proceed with the transaction creation or inform the user accordingly. The authentication result is included in the transaction response and can be used for reporting, compliance, or business logic decisions.

Testing and validation

To test your Native 3DS implementation, use the 3DS Test Cards in your sandbox environment. These cards allow you to simulate various outcomes, including frictionless authentication, mandatory challenges, and specific failure states.

Test cards

Visa

Mastercard

American Express

Challenge screen inputs

When a challenge is triggered, use the following values to simulate different transaction results.

OTP (One-Time Password)

When the challenge screen asks for a code, enter one of the following:

Selection options

Some challenges may present a list of options (for example, “Select your favorite city”). Single-select
  • Paris or Nice: Returns Success (Y).
Multi-select
  • Paris & Lyon: Returns Success (Y).
  • Toulouse & Lyon: Returns Success (Y).

Best practices for testing

  1. Verify UI transitions: Ensure your app correctly transitions from the card entry screen to the 3DS challenge modal and back.
  2. Test error states: Use the “Rejected” or “Failed” cards to ensure your app displays helpful messaging to the user when a card cannot be verified.
  3. Check authentication outcome: After a successful test, verify that the authentication object in your callback reflects the expected result before attempting the final transaction.