Enable 3D Secure by Default for Online Pickup Orders (BOPIS)

Enable 3D Secure by Default for Online Pickup Orders (BOPIS)

Problem
We’re seeing increased fraud on orders that are paid online and picked up in person. These transactions are still treated as card-not-present, and when the real cardholder reports fraud later, the dealer can end up with a chargeback after the product has already been released.

Proposed Solution
Appliance.io should enable 3D Secure (3DS) by default for any order where the fulfillment method is Pickup / In-Store Pickup.

Why 3DS solves the core issue
3DS adds an extra layer of cardholder verification at checkout. When authentication succeeds, it can provide liability shift (depending on card brand, issuer, and authentication outcome), which is the most direct way to reduce losses from “unauthorized” fraud for pickup orders.

What “by default” means

• If the customer selects Pickup, 3DS should automatically apply—no dealer setup required.

• This should apply across all pickup orders, with step-up challenges when the issuer requires it.

Optional configuration (nice-to-have, not required for v1)

• Dealer setting to toggle: Always require 3DS for pickup orders (default ON)

• Dealer setting for threshold: Require 3DS only above $X (default $0)

• Ability to keep other order types (delivery/shipping) unchanged if desired

Acceptance Criteria

• Pickup orders trigger 3DS automatically.

• Appliance.io clearly indicates in the order/payment record whether 3DS was:

  • Attempted

  • Authenticated (frictionless or challenged)

  • Failed / not available

• If 3DS fails or is not completed, appliance.io can optionally block payment completion for pickup orders (or flag for manual review).

Impact

• Fewer fraudulent pickup orders getting approved without verification

• Reduced chargeback exposure for dealers

• Consistent protection without dealers needing to understand fraud tooling