A small box 3d secure pops up when making a payment,if that not popping up then you must be blocking it your end.
Are you running something like noscript/adblocker ect ect.

same here. bank keeps rejecting the payments and now they blocked the whole thing for 24 hour. The reason they said is Steam lacks 3d secure.

The vendor is not required to request 3D-secure confirmation if they do not want to. And from what I have read around (I cannot tell personally because I do not use a card directly on this site) Steam does not use it. A reason can be because they want to have a frictionless payment experience for the user.

However the bank is also free to deny a payment request based on not receiving 3D secure confirmation. So if your bank has tightened up their rules recently this is why it happened.

In a few words... just get Paypal (if it is supported in your country) and make a payment through that. The 3D secure check occurs once (when you register your card) and then you can make purchases on Steam.

I'm sure I have seen Steam have 3-D Secure payments; I've definitely done the flow of confirming Steam transactions on my bank's mobile app, which is a 3-D Secure thing.

I suspect that the issue is Steam does it by creating a pop-up window, which is a poor choice because many browsers have policies which block pop-ups. Most other places use redirects or iframes rather than pop-ups. There was a Steam Deck beta update just yesterday with a fix because pop-ups weren't working there: https://steamcommunity.com/games/1675200/announcements/detail/3647382900914478172

Originally posted by MagicMight:

Steam does not use it. A reason can be because they want to have a frictionless payment experience for the user.

Card payment being busted because Steam's implementation of 3-D Secure doesn't work properly is pretty much the exact opposite of frictionless. That's almost maximal friction.

Originally posted by aiusepsi:

Card payment being busted because Steam's implementation of 3-D Secure doesn't work properly is pretty much the exact opposite of frictionless. That's almost maximal friction.

If Steam is indeed using doing 3D-S then there is no point in what I said above. I mentioned a reason why Steam (and any other vendor) would want to avoid it completely. If they do 3D-s and a user has not installed the phone app from their bank then there is a lot of friction for a purchase - depending on their bank they might have to do a SMS confirmation or log in their ebanking to confirm - which is something that Valve would want to avoid to give their customers a better experience.

Of course the failure of a proper implementation causes even more friction as you say.

That said... 3D-S 2 is coming and this will probably solve a lot of user experience issues.

i have the same problem. for years now i am buying without problems with my debit card.

since this year my bank is blocking the transactions and say that steam is sending wrong or no 3d secure requests.

i wrote to the steam support but they refuse any help. the only thing they say is use another payment method there is no problem. now they closed the ticket but the problem still exist. could be ubisoft.

i as a customer should not resolve those problems by myself, this is not acceptable.

i wrote to the support, to the bank, support again, bank again and again to support. its ridiculous.

dont know what to do now they are leaving us alone. i think i will buy no more on steam at least the rest of the year and will eventually use more GOG or EPIC store.

its EU law and steam just ignores it.

Originally posted by Erawolf:

same here. bank keeps rejecting the payments and now they blocked the whole thing for 24 hour. The reason they said is Steam lacks 3d secure.

Your bank is correct.
Steam's embedded browser is Chromium version 85. It's lacking 2.5 years (and counting) worth of updates and it -- quite likely; the bank I hold an account is affected by this as well -- either doesn't support some new browser APIs that didn't become available until later Chromium versions; is explicitly blocked for simply being too old; or is explicitly blocked because it identifies as an embedded browser.

(Yes; security-minded platforms block embedded browser views nowadays, because it's far too easy for application developers to covertly abuse them. E.g. by eavesdropping on keystrokes to steal passwords; or by simply hijacking an existing session whole, since they get access to all the browser cookies anyway.)

Originally posted by MagicMight:

The vendor is not required to request 3D-secure confirmation if they do not want to.

While that is true, with the EU's Revised Payment Services Directive (PSD2) it has become a requirement for payment service providers to use strong verification. So if the merchant doesn't request 3D-secure or whatever equivalent of strong verification is available on your payment method of choice, then the PSP or bank are legally required to force it in anyway. If they in turn don't, they can find themselves landing in hot water with the supervisory authorities that see to these rules being followed.

Originally posted by MagicMight:

In a few words... just get Paypal (if it is supported in your country) and make a payment through that.

Paypal currently also has problems with refusing to authenticate via the Steam client's embedded browser.

The real solution here is to log in to the Steam website using your default and up-to-date OS browser, and using that to either top off your Steam wallet, or directly purchase your games.

Long-term, the proper solution for Valve is to delegate payment fulfillment to the OS default browser as well. For some payment methods, like the Dutch iDeal this is matter of factly already a contractual requisite. They have it in their implementation guideline documents (you have to dig through their Atlassian account to find them, really bad discoverability - but it's there) that you're not allowed to start iDeal payment flows in in-app - i.e. embedded - browsers. And this practice is slowly becoming industry-standard.

This thread was quite old before the recent post, so we're locking it to prevent confusion.