Skip to main content
Card payments are the foundation of online payments, accepted globally and trusted by customers worldwide. Dodo Payments supports all major card networks with built-in fraud protection and PCI compliance.

Supported Card Networks

Global Networks

NetworkCoverage
VisaGlobal leader, 4B+ cards worldwide
MastercardGlobal reach, strong security features
American ExpressPremium cardholders, higher spending
DiscoverUS-focused, growing globally
JCBLeading in Japan, expanding across Asia
UnionPayDominant in China, 8B+ cards
Diners ClubPremium international travelers

Regional Networks

NetworkRegion
InteracCanada’s debit network
Cartes BancairesFrance’s national network
Korean Local CardsKorean domestic networks
RupayIndia’s national network

Configuration

Use these values in allowed_payment_method_types:
TypeDescription
creditAll credit cards
debitAll debit cards
const session = await client.checkoutSessions.create({
  product_cart: [{ product_id: 'prod_123', quantity: 1 }],
  allowed_payment_method_types: ['credit', 'debit'],
  return_url: 'https://example.com/success'
});
Include both credit and debit unless you have a specific reason to exclude one. Debit cards are preferred by many customers and often have lower fees.

3D Secure Authentication

3D Secure (3DS) adds an authentication layer that reduces fraud and chargebacks by verifying the cardholder’s identity.

When 3DS is Triggered

3DS is automatically triggered when:
  • Required by the card network
  • Required by regional regulations (e.g., PSD2 in Europe)
  • The transaction is flagged as high-risk

Force 3DS

You can require 3DS on all transactions: 
const session = await client.checkoutSessions.create({
  product_cart: [{ product_id: 'prod_123', quantity: 1 }],
  force_3ds: true,
  return_url: 'https://example.com/success'
});
Enabling 3DS for all transactions reduces fraud but may slightly decrease conversion as some customers abandon during authentication.

Handling Authentication Failures

When a payment needs 3DS authentication, the payment moves through intermediate states before it succeeds or fails:
StatusMeaningWhat to do
requires_customer_actionThe customer must complete a 3DS challengeHave the customer complete authentication during checkout
requires_payment_methodThe customer never provided a payment method (didn’t enter details or abandoned the prompt) — usually a drop-off, not a declineRe-engage the customer to complete checkout; see Abandoned Cart Recovery
If authentication does not complete, the payment fails with one of these decline codes:
  • AUTHENTICATION_FAILURE — the customer could not be authenticated.
  • AUTHENTICATION_REQUIRED — authentication is required but was not performed.
  • AUTHENTICATION_TIMEOUT — the customer did not respond in time.
See the Transaction Failures reference for the recommended action for each.

At Checkout vs. on Renewal

  • At checkout (customer present): The customer is present, so the 3DS challenge is shown during checkout. If it fails, ask them to retry or use another card.
  • On subscription renewal (customer not present): The customer is not present, so a 3DS challenge cannot be displayed in real time. If a renewal requires authentication, the subscription moves to on_hold. Recover it by prompting the customer to return and update their payment method — see Handle Payment Failures and Subscription Dunning.

Saved Payment Methods

Customers can save their cards for faster future checkouts.

Tokenized

Original card numbers never stored.

PCI Compliant

Dodo handles all compliance.

Customer-Scoped

Cards tied to specific customers.

Enable Saved Cards

const session = await client.checkoutSessions.create({
  product_cart: [{ product_id: 'prod_123', quantity: 1 }],
  show_saved_payment_methods: true,
  customer: { customer_id: 'cus_existing_123' },
  return_url: 'https://example.com/success'
});

One-Click Purchases

// Get customer's saved payment methods
const methods = await client.customers.retrievePaymentMethods('cus_123');

// Use saved card for instant checkout
const session = await client.checkoutSessions.create({
  product_cart: [{ product_id: 'prod_123', quantity: 1 }],
  customer: { customer_id: 'cus_123' },
  payment_method_id: methods.items[0].payment_method_id,
  confirm: true,
  return_url: 'https://example.com/success'
});

Testing

RegionBrandCard NumberExpiryCVV
USVisa424242424242424206/32123
USMastercard555555555555444406/32123
IndiaVisa457623891277145006/32123
IndiaMastercard540916266938103406/32123
Test cards only work in test mode. Never use them for production transactions.

Security & Compliance

FeatureDescription
PCI DSS Level 1Highest level of certification
TokenizationCard numbers immediately tokenized
Fraud ScoringReal-time risk assessment
AVSAddress Verification Service
CVV ValidationSecurity code verification
3D SecureCardholder authentication

Best Practices

Don’t restrict card types unless necessary. Customers expect their preferred card to work.
Show Visa, Mastercard, Amex logos on your checkout to build trust.
Show clear error messages. Don’t expose raw error codes to customers.
Saved payment methods significantly boost conversion for repeat purchases.

Troubleshooting

Causes: Insufficient funds, card expired, incorrect CVV, bank fraud protection.Solution: Ask customer to verify details or try a different card. Look up the specific decline Error Code and its recommended action in the Transaction Failures reference, and see Handle Payment Failures for programmatic handling.
Causes: Customer abandoned, bank system unavailable, timeout.Solution: Retry or ask customer to contact their bank. See Handling Authentication Failures for the payment states and decline codes involved.
Causes: Regional card not supported, prepaid restrictions.Solution: Customer should try a different card from a major network.

Payment Methods Overview

All supported payment methods.

Upsells & Downsells

One-click purchases with saved cards.

Testing Process

Complete testing guide.

Subscriptions

Recurring billing with cards.
Last modified on June 17, 2026