The question whether you have to use 3D Secure in your integration has several implications to keep in mind. Technically, you are not obliged to implement it, but because of the Payment Services Directive (PSD2), banks are required to perform strong customer authentication (SCA) for online payments. This means that if you decide not to implement 3D Secure, banks can refuse all transactions that require SCA, which can cause a drop in your authorisation rate.
With the rollout of PSD2, more and more issuers will start to send "soft declines". When this happens the issuer will respond to an authorisation request with Authentication required which means they mandate SCA on that transaction. If this happens, and you do not have included executeThreeD set to false in your payment request, we will do a retry for 3D Secure 1 or 3D Secure 2. If you do have executeThreeD set to false the end status of the transaction is refused.
Please refer to our documentation on 3D Secure authentication and our 3D Secure for regulation compliance guide to learn more.