By default a card processor will let you skip 3D Secure on US, Asia and most LATAM cards because the issuer's risk model rates the transaction 'low'. Baynoy sets payment_method_options.card.request_three_d_secure to 'any' on every PaymentIntent. We deliberately give up the ~2% optional-3DS lift in conversion.
Why: chargeback liability shift. A 3DS-authenticated authorization moves fraud liability from the merchant to the issuer in 87% of card schemes globally (Visa SDK 2.3, MasterCard SecureCode 3, JCB J/Secure). For a typical SaaS, gross chargeback rate hovers at 0.4–0.6%. At 0.5% on $100k/month that is $500 of disputed transactions a month — and the operational tax of fighting them is 3–4 hours of staff time per dispute.
Net math: a 2% conversion drag costs $2,000 of incremental signups foregone, but eliminates $500 of chargebacks and ~15 hours of dispute work. For any business above $50k monthly volume, mandatory 3DS pays for itself within the first quarter.