Last year, we analyzed 3D Secure (3DS) trends in unregulated markets, where we found that US issuers often declined transactions that requested 3DS, viewing the request itself as a fraud signal. Since then, customers have told us they want to understand similar trends in markets where multifactor authentication is required, so they can fine-tune their own authentication strategy.
That’s where we can help. We analyzed authentication and conversion data across businesses in the European Economic Area (EEA), the United Kingdom (UK), and Japan. Our findings reveal a surprising paradox: even with very high two-factor authentication trigger rates—which traditionally add friction to the checkout flow—France, the UK, and Japan still maintain high conversion rates. This challenges the conventional wisdom that authentication flows always impact conversion. Instead, our data suggests that the implementation quality of authentication flows, not the quantity of usage, determines business impact.
You can read more about our analysis below, and learn how these findings can help you fine-tune your authentication strategy for regulated markets.
French issuers challenge transactions at twice the rate of other EEA markets, but still maintain high conversion rates

In response to high fraud rates, the Banque de France announced new requirements to increase 3DS usage, such as recommending that French issuers decline merchant-initiated transactions that are set up without being strongly authenticated. As a result, we found that French issuers were challenging transactions with two-factor authentication at nearly 100% higher rates than the rest of the EEA and 200% higher than UK issuers.
Despite French issuers challenging cardholders twice as much as other markets, France sees high challenge success rates and conversion performance. In the first half of 2024, 3DS request rates increased by 15%. At the same time, frictionless authentication flows—which tend to increase conversion because they don’t challenge cardholders with two-factor authentication—increased by 40%.
This is thanks in part to French issuers approving more Strong Customer Authentication (SCA) exemption requests when transactions come with richer data over 3DS rails. Conversion rates are also tied to cultural norms that shape cardholder behavior: France was one of the earliest adopters of microchip cards that require a PIN for authentication, normalizing secure card authentication years before many other countries adopted it. As a result, French cardholders are familiar with two-factor authentication and are more likely to authenticate themselves during 3DS challenge flows.
This illustrates how businesses should adapt their strategies market by market rather than applying a uniform European approach.
UK has the highest authentication and challenge success rates among regulated markets

When managing friction during authentication flows or using SCA exemptions to maximize the success of authorization, the UK outperforms every other regulated market. UK authentication success rates are 5%–10% higher than comparable SCA markets, with higher challenge success rates. UK issuers also accept exemption requests at rates 10 percentage points higher than issuers in the EEA.
This is a reflection of the UK’s maturity across the payments ecosystem. The Financial Conduct Authority, the UK’s financial regulatory body, gave the UK an extra year to implement SCA, so UK issuers had the time to invest in risk-based decision-making compared to many EEA issuers. UK issuers have also built new infrastructure to reduce friction during cardholder challenges, such as sending push notifications rather than asking for cardholders to use a one-time password. In fact, over 75% of challenges are authenticated via a bank app, mostly using biometrics.
New markets adopting 3DS, such as Japan, can still maintain high conversion rates

This data represents the payments performance over a limited time frame and is not reflective of, or a guarantee of, any future performance or Stripe’s overall performance.
Newer markets implementing strong authentication regulations often see an initial decrease in conversion rates. This can sometimes happen because banks, businesses, and payment processors interpret the new rules differently, and they aren’t always prepared for the changes.
Japan’s April 2025 mandate offers a different story. Since the mandate, the number of transactions being routed through 3DS quadrupled. However, payments performance has not suffered: 60% of transactions were routed through the frictionless pathway and businesses have seen an average 93% conversion rate. Challenge success rates were high from the beginning, reflecting Japanese cardholders’ familiarity with one-time password–based and banking app–based authentication flows. In addition, our early data on disputes shows that the goal of the mandate—to reduce fraud—is working: dispute rates are more than 30% lower than the same period last year.
We did see pockets of transactions where the authentication success rate suffered, but we were able to resolve those by closely collaborating with the issuers and by using our AI models to configure the data fields on each 3DS request according to each issuer’s preference.
Japan’s experience shows that well-executed authentication mandates can reduce fraud without compromising the user experience.
The best of both worlds
Our analysis shows that markets with authentication regulations can have the best of both worlds: a decrease in fraud while maintaining high conversion rates. This highlights the importance of understanding your authentication performance and business needs across regions to make informed decisions on what works best in each market.
Stripe can help. On average, businesses in SCA regions can benefit from a 1.20% uplift in conversion while reducing fraud on all transactions by 7.67% with our AI-powered optimizations. And for businesses in Japan, we launched the Japan 3DS mandate with zero incidents, enabling Japanese businesses to reach an average 93% conversion rate.
With Stripe, businesses in regulated markets can:
- Use built-in AI–based optimizations to automatically select the optimal protocol and authentication pathway for their business, and apply relevant risk-based regulatory exemptions.
- Run 3DS authentication using Stripe while authorizing the payment with any payment processor.
- Intelligently trigger 3DS to optimize for payments, fraud, or conversion use cases. Backed by a new multihead model and decisioning layer, early users have seen an over 30% reduction in fraud on eligible transactions, representing one of our largest ever improvements.
To optimize your authentication strategy, get started with Stripe today or contact sales to learn more.
The insights, projections, and forward-looking statements contained here are for informational purposes only and should not be relied upon. These are based on assumptions and information currently available, but actual results may differ materially.