Catching up on this thread now. Just a comment that as of September 2021, every single ecommerce transaction needs to go through 3DS, or else we must decline it as per SCA regulation. This date has been pushed back about 3 times by now… 
This is not 100% true, since we may choose not to challenge the customer based on low transaction value and/or low fraud risk.
If you really want to get technical, feel free to read this document from the European Banking Authority. My team’s job was turning this into code.