Changelog
StatusDashboard
Back to All
added

May 28, 2025

20 days ago by Matt Ruhland

3DS Authentication Rules Are Now Available
Release date: May 28th, 2025
Impact: New rule type now available to control 3DS authentication decisions
Audience: All customers enrolled in Lithic 3DS
Action required: None. This is an additive feature that does not impact existing rules
Products affected: Auth Rules APIs

Overview

We're expanding the Auth Rules product to support decisioning on 3DS authentications. In addition to authorization rules, you can now create rules that determine whether to decline or challenge 3DS authentications based on transaction attributes. This gives you granular control over your 3DS authentication flow, allowing you to precisely tailor your cardholder 3DS experience to meet your program's risk and CX goals.

🚧

Important:

3DS authentication rules only apply to programs which are enrolled in Lithic 3DS. Additionally, before creating 3DS challenge rules, reach out to your program's customer success manager to ensure challenges are configured for your program.

Details

The Auth Rules API now supports a new rule type: CONDITIONAL_3DS_ACTION. This rule type evaluates during the THREE_DS_AUTHENTICATION event stream and allows you to specify an action (DECLINE or CHALLENGE) to be performed based on configurable conditions.

Available Attributes for 3DS Rules:

  • MCC - Merchant Category Code
  • COUNTRY - Country of card acceptor
  • CURRENCY - Transaction currency
  • MERCHANT_ID - Unique merchant identifier
  • DESCRIPTOR - Merchant descriptor
  • TRANSACTION_AMOUNT - Transaction amount in cents (converted to cardholder billing currency, if applicable)
  • RISK_SCORE - Network risk score (0-999)
  • MESSAGE_CATEGORY - Authentication message category

Example: Creating a 3DS Authentication Rule

{
  "type": "CONDITIONAL_3DS_ACTION",
  "parameters": {
    "action": "CHALLENGE",
    "conditions": [
      {
        "attribute": "RISK_SCORE",
        "operation": "IS_GREATER_THAN",
        "value": 750
      },
      {
        "attribute": "TRANSACTION_AMOUNT",
        "operation": "IS_GREATER_THAN",
        "value": 10000
      }
    ]
  },
  "name": "High Risk High Value Transaction Challenge"
}

This example rule would challenge 3DS authentications for transactions with a risk score above 750 and an amount exceeding $100. By combining multiple conditions, you can precisely define which risky authentications are declined or challenged, while ensuring low cardholder friction for routine transactions.

Release Timeline

  • API availability: May 28th, 2025
  • Dashboard availability: June 30th, 2025
  • Backtesting support: June 30th, 2025

User Impact

This change is additive only and doesn't require modifications to any existing integrations.

API addition: The Auth Rule API object now includes a new event_stream field that indicates whether the rule applies to AUTHORIZATION or THREE_DS_AUTHENTICATION events. The GET endpoint also accepts an optional event_stream parameter to filter rules by event type.

Updated Documentation

For detailed endpoint specifications and usage examples, visit our API Reference.

If you have any questions or concerns, please contact us via the HELP link in your Lithic Dashboard.

The Lithic changelog has an RSS feed! To monitor for new update announcements, subscribe with your preferred RSS reader.