Spreedly incident

3DS2 Global Transactions Pending

Minor Resolved View vendor source →

Spreedly experienced a minor incident on January 27, 2026 affecting 3DS Global, lasting 21m. The incident has been resolved; the full update timeline is below.

Started
Jan 27, 2026, 07:08 PM UTC
Resolved
Jan 27, 2026, 07:29 PM UTC
Duration
21m
Detected by Pingoru
Jan 27, 2026, 07:08 PM UTC

Affected components

3DS Global

Update timeline

  1. investigating Jan 27, 2026, 07:08 PM UTC

    Spreedly has detected an issue potentially resulting in a high number of pending 3DS2 Global transactions. While we are providing an early notification in an effort to alert you as quickly as possible, we are still investigating the actual scope and impact and will provide an update as soon as more details are available. Thank you for your patience.

  2. monitoring Jan 27, 2026, 07:25 PM UTC

    We’ve implemented a fix and stabilized the 3DS2 Global transactions. Our team is monitoring the situation closely to ensure there are no additional impacts. Please continue to follow our StatusPage for the latest update.

  3. resolved Jan 27, 2026, 07:29 PM UTC

    After closely monitoring and confirming that all systems are stabilized and functioning as expected, this incident is considered resolved. No further customer impact is expected. We are completing our investigation concerning the causes of the incident and any residual impact. We apologize for any inconvenience or disruption.

  4. postmortem Feb 03, 2026, 03:38 PM UTC

    ### February 3rd, 2026 — 3DS2 Global Transactions Pending ‌ Between 5:40 pm UTC and 7:24 PM UTC on January 27, 2026 the latest version of the Spreedly iFrame \(`iframe-v1`\) was configured to use version 1.180 which contained a bug related to the handling of device fingerprinting for `Sca::Authentications` in an end user's browser. As a result there was an elevated number of `Sca::Authentications` stuck in a pending flow with a `required_action` of `device_fingerprint`. These transactions were held in a pending state and never completed. Our team identified the issue and updated the version of iFrame \(`iframe-v1`\) to utilize `1.179`. ### What Happened At 5:40 pm UTC on January 27th, 2026 a new version of iFrame was released \(1.180\) and updated the version to be used in the `iframe-v1.min.js` asset to point to `1.180`. This change was meant to improve the error handling for the loading of 3rd party critical SDKs however it caused the SDK to enter a permanently error-ed state when attempting to perform device fingerprinting due to a race condition with loading the SDKs. At 7:20 pm UTC on January 27th, 2026 the change was rolled back and by 7:24 pm UTC, 2026 the `iframe-v1.min.js` asset globally was pointing to version `1.179`. ### Next Steps We have identified a gap in our observability and alerting within the iFrame service related to the managing of 3DS lifecycle flows that we will be prioritizing. -The Spreedly Team