3DS2 Global Transactions Pending

February 3rd, 2026 — 3DS2 Global Transactions Pending

‌

Between 5:40 pm UTC and 7:24 PM UTC on January 27, 2026 the latest version of the Spreedly iFrame (iframe-v1) was configured to use version 1.180 which contained a bug related to the handling of device fingerprinting for Sca::Authentications in an end user's browser. As a result there was an elevated number of Sca::Authentications stuck in a pending flow with a required_action of device_fingerprint. These transactions were held in a pending state and never completed. Our team identified the issue and updated the version of iFrame (iframe-v1) to utilize 1.179.

What Happened

At 5:40 pm UTC on January 27th, 2026 a new version of iFrame was released (1.180) and updated the version to be used in the iframe-v1.min.js asset to point to 1.180. This change was meant to improve the error handling for the loading of 3rd party critical SDKs however it caused the SDK to enter a permanently error-ed state when attempting to perform device fingerprinting due to a race condition with loading the SDKs. At 7:20 pm UTC on January 27th, 2026 the change was rolled back and by 7:24 pm UTC, 2026 the iframe-v1.min.js asset globally was pointing to version 1.179.

Next Steps

We have identified a gap in our observability and alerting within the iFrame service related to the managing of 3DS lifecycle flows that we will be prioritizing.

-The Spreedly Team