Comment by hakfoo
2 months ago
They added a "frictionless" flow in 3-D Secure v2, so probably for situations like "we recognize this combination of device and payment card and the transaction is pretty small" it can slide you through without a direct interaction.
I think some interpretations of the PSD regulations call for specific "after X euros of spend/Y transactions you have to explicitly challenge" but it may vary by country.
I wish my bank had a setting I could toggle so 3DS would always trigger. I've had my card blocked twice because someone asshat made a bunch of online payments with it, some of which failed, but some succeeded. Presumably some shitty website leaked my details, but ideally 3DS should ensure that those details are unusable. Alas that wasn't the case.