The question whether you have to use 3D Secure in your integration has several implications to keep in mind. Technically, you are not obliged to implement it, but because of the new Payment Services Directive (PSD2), banks are required to perform strong customer authentication (SCA) for online payments. This means that if you decide not to implement 3D Secure, they will refuse all transactions that they require SCA on, and can cause a huge drop in your authorisation rate.
As the deadline for issuers to enforce SCA are approaching, more and more issuers will start to send "soft declines". When this happens the issuer will respond to an authorisation request with Authentication required which means they mandate a strong customer authentication on that transaction. If this happens, and you do not have included executeThreeD set to false in your payment request, we will do a retry for 3DS1 or 3DS2. If you do have executeThreeD set to false the end status of the transaction is refused.
Please refer to our documentation on 3D Secure authentication and our 3D Secure for regulation compliance guide to learn more.