> ## Documentation Index
> Fetch the complete documentation index at: https://primer.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# 3DS Challenge Mandate

## 3DS Challenge Mandate

The Mandate Challenge option lets you explicitly request that a 3D Secure (3DS) challenge be presented to your buyer, rather than allowing the card issuer to decide whether to use a frictionless or challenge flow.

This can help merchants meet compliance requirements, particularly when storing a card for future Merchant-Initiated Transactions (MITs), or when additional buyer verification is desired for risk or policy reasons.

While issuers are not obligated to honor a mandated challenge request, most issuers in regulated regions (such as the EEA and UK) will do so under PSD2 Strong Customer Authentication (SCA) rules.

## How Mandate Challenge Works

By default, issuers decide whether to authenticate a buyer via a frictionless or challenge 3DS flow.

When Mandate Challenge is enabled, Primer includes a flag in the 3DS authentication request that signals your preference for the buyer to be challenged.

If the issuer supports mandated challenges, this usually results in a challenge screen being shown to the buyer (e.g., a one-time passcode, app approval, or biometric verification).

If the issuer does not honor the mandate, the transaction will continue as a normal 3DS flow.

## When to Use Mandate Challenge

You should use the Mandate Challenge option when:

* You’re storing a card for future Merchant-Initiated Transactions (MITs) (for example, subscriptions, recurring payments, or delayed charges) within a region that has requirements for 3DS, such as the EEA.
  * PSD2 guidance recommends using a 3DS challenge for the initial card-on-file transaction, ensuring the cardholder has explicitly authenticated the storage consent.
* You need strong assurance of buyer authentication for higher-value or higher-risk payments.
* Your internal fraud or compliance policies require step-up authentication.

In general, Mandate Challenge helps ensure that the buyer explicitly completes SCA during checkout, rather than relying on an issuer’s risk-based decision to allow frictionless authentication.

## Implementing Mandate Challenge in Workflows

You can enable Mandate Challenge directly from the [Perform 3DS action](/workflows/apps/native-apps/primer-payments-app/perform-3ds-action) in your Workflows.

### Steps

1. Add a **Perform 3DS** block to your Workflow.
2. Under 3DS Options, select Mandate Challenge.
3. Save and publish your Workflow.

<Frame caption="Mandate Challenge in the Perform 3DS action">
  <img src="https://mintcdn.com/primer-cc826789/VyFK_A0n7sp9FOiH/images/payments/Perform3DSMandateChallenge.png?fit=max&auto=format&n=VyFK_A0n7sp9FOiH&q=85&s=f64154e4210251876048910083a0e084" alt="Perform 3ds Mandate Challenge" width="836" height="754" data-path="images/payments/Perform3DSMandateChallenge.png" />
</Frame>

You can also use [conditions](/workflows/utilities/conditions-block) to mandate challenges only for specific scenarios - for example:

* First time payments
* Transaction amount over £1000.00

<Frame caption="Condition Block for Mandate Challenge">
  <img src="https://mintcdn.com/primer-cc826789/VyFK_A0n7sp9FOiH/images/payments/MandateChallengeCondition.png?fit=max&auto=format&n=VyFK_A0n7sp9FOiH&q=85&s=3d8e955c3e8b0bb5d87da66a96206f6c" alt="Mandate Challenge Condition" width="957" height="879" data-path="images/payments/MandateChallengeCondition.png" />
</Frame>

This configuration ensures that your first card-on-file payment always requests a challenge, while repeat payments can proceed frictionlessly under MIT rules.

> Note: Mandating a challenge may increase friction during checkout and can impact conversion rates. It should be applied selectively, based on transaction context and business requirements.

## Viewing Challenge Results

You can see whether a challenge was presented in both the **Dashboard** and **API** responses:

* **Dashboard:**

  The 3DS Authentication section will display the authentication method used - `Challenge` or `Frictionless`.
* **API:**

  The `paymentMethod.threeDSecureAuthentication.challengeIssued` boolean will return `TRUE` if a challenge was presented.

You can use these values to audit and report on your 3DS flows.

## Best Practices

* **Always use a challenge for first-time card storage (MIT setup) in regulated regions.**

  This ensures regulatory compliance and reduces the risk of failed subsequent MITs.
* **Combine with conditions.**

  For example, only mandate challenges for new customers, high-risk transactions, or first-time card use.
* **Monitor completion rates.**

  Track your 3DS challenge completion success to balance security and conversion.