So usually, as a normal application, made using active-merchant using any payment gateway, we provide a basic form to fill out the attributes:
cc = CreditCard.new(
:first_name => 'Steve',
:last_name => 'Smith',
:month => '9',
:year => '2010',
:brand => 'visa',
:number => '4242424242424242'
)
as specified in the documentation here.
So, all the cards which allow direct payments(just by providing their details) will go for a successful payment.
But what is the case for two-step authentication cards? As there is no provision for accepting user's OTP values or Online Secure password, will the transaction be processed successfully?
Card verification details (PAN, CVV) are enough to debit money from the account, while 2FA requirement is an extra layer of authorization required based upon regions card network rules and local legislature/ authority. e.g. OTP or 3D secure is a mandate given by RBI(Reserve Bank of India) and it is required for all domestic transactions for India based gateways.
So as yet in the markets where these gateways (PayPal, Braintree, Stripe) are available, international transactions can be processed without OTP. Plus, in a fraud prevention perspective, each of them has the risk models in terms of security
And because PINs cannot be accepted online, debit cards or EMV chip & PIN cards will always be run as credit.