Card payments are the most widely available payment method in Subotiz Payments, working across most devices and regions. Combined with 3DS authentication, merchants can maintain a stable checkout experience while reducing fraud risk and benefiting from chargeback liability protection.
Supported card networks
When card payments are enabled, all supported card networks are available at checkout with no additional configuration required.
- Visa
- Mastercard
- American Express
- JCB
- UnionPay
- Diners Club
- Discover
Card network coverage
Different card networks vary in global reach and usage.
- Visa / Mastercard: The broadest global coverage, available across most markets.
- American Express: Widely used in North America and among higher-spending segments. Acceptance is lower in some regions.
- JCB: Primarily used in Japan.
- UnionPay: The dominant card network in China. Merchants targeting Chinese customers should confirm UnionPay is enabled.
Card payment characteristics
Card payments have the following characteristics.
- Broad coverage: Available across most countries and regions.
- Low dependency on environment: Works across most devices, browsers, and operating systems.
- Consistent display: Appears in all checkout scenarios when the payment provider is correctly configured.
Compared to digital wallets or BNPL methods, card payments are generally less dependent on device or regional conditions, making them the baseline payment method for most merchants.
Configuring 3DS
3D Secure (3DS) verifies the cardholder's identity during a transaction to reduce fraud.
- Enable 3DS: Go to Settings > Payment providers > Subotiz Payments and turn on the 3DS toggle. When enabled, 3DS is enforced for one-time card transactions and applied during the initial subscription transaction.
- Disable 3DS: When disabled, 3DS is not actively enforced and is triggered only when required by the issuing bank, payment network, compliance rules, or risk controls.
3DS and checkout experience
3DS does not always introduce additional steps for customers. The authentication flow is determined by the issuing bank's risk assessment.
- Frictionless flow: The issuing bank determines the risk is low and completes verification automatically. Customers experience no additional steps.
- Challenge flow: The issuing bank determines the risk is higher and requires the customer to verify their identity, typically by entering a one-time password or confirming through a banking app.
Most transactions go through the frictionless flow, meaning customers experience no additional steps.
3DS behavior in subscription billing
Card payments support subscription billing. First-time transactions and renewals are handled differently.
- First-time transaction: Initiated by the customer. When 3DS is enabled, authentication is required and the card token is stored for future charges.
- Subsequent renewals: Initiated by the merchant (MIT, Merchant Initiated Transaction). The system charges the saved card automatically, and 3DS is exempt.
3DS applies only to the initial transaction. Subscription renewal success rates are not affected by 3DS settings.
Chargeback liability
Enabling 3DS triggers a liability shift, transferring fraud-related chargeback responsibility from the merchant to the issuing bank.
- Without 3DS: The merchant is liable for fraudulent chargebacks, including refunds and fees.
- With 3DS: Once authentication is completed, the issuing bank assumes liability for fraudulent chargebacks.
Liability shift applies to unauthorized transaction claims. Disputes related to products or services follow standard chargeback rules.
Compliance Requirements (EU PSD2)
Some regions have mandatory 3DS requirements.
- European Union (PSD2): Strong Customer Authentication (SCA) is required for online payments. Transactions involving EU-based customers typically require SCA compliance through 3DS to meet regulatory requirements and benefit from liability shift protection.
- Other regions: Merchants can decide based on fraud risk, business needs, and local compliance requirements.
Issuer-driven 3DS
Even when 3DS is not enforced, some issuing banks may trigger authentication based on their own risk rules. This behavior varies by issuer and is determined by the issuing bank.
Zero-value authorization
Zero-value authorization is a card validation mechanism that confirms whether a card is valid without charging the customer. Common use cases include:
- Free trial subscriptions: Verifies the card before the first charge after the trial period.
- Saving payment details: Confirms the card is active before future charges.
Zero-value authorization does not appear as a charge on the customer's statement. Some issuing banks may display a temporary $0 authorization, which typically clears within a few days.
3DS settings
Setting | Authentication behavior |
|---|---|
Enabled | Merchant-enforced 3DS authentication |
Disabled | 3DS is triggered only when required by issuers, payment networks, compliance rules, or risk controls |
Enabling 3DS helps reduce fraud risk and provides chargeback liability protection, but additional authentication steps may affect payment success rates. Merchants can choose whether to enable 3DS based on business requirements, fraud risk, and compliance needs.
Card payments provide the most stable and widely supported checkout experience. The primary value of 3DS lies in reducing fraud risk, enabling liability shift, and supporting compliance requirements in regulated markets such as the EU. 3DS applies only to the initial transaction and does not affect subscription renewals.