3-D Secure v2 Liability

If the customer is authenticated as part of the EMV 3-D Secure process and it is later determined that fraud has been committed, the card issuer will normally take financial responsibility for the chargeback.

  3-D Secure transactions are processed using the latest protocol version supported by both the customer’s card issuer and your payment solution. This means that if you have enabled 3-D Secure version 2, but the issuer for a transaction only supports 3-D Secure version 1, 3-D Secure version 1 would be used to authenticate the customer.

About ECI

ECI (Electronic Commerce Indicator) is a value returned following the EMV 3-D Secure process, indicating the outcome of the authentication attempted. The following values can be returned:

ECI value Definition
ECI 2
ECI 5
3-D Secure authentication was successful.
Transaction is secured by 3-D Secure.
ECI 1
ECI 6
3-D Secure authentication was attempted but not completed.
ECI 0
ECI 7
3-D Secure authentication either failed or could not be attempted.
Note: ECI 7 is also returned for successfully-authenticated recurring transactions using Mastercard-branded cards.
ECI 4 Data only transaction that can be sent to Mastercard.

 

Following a transaction processed using 3-D Secure v2, in the event of a dispute with the transaction at a later date, the card issuer may take financial responsibility for the chargeback as indicated in the table below:

  Successful authentication of a transaction does not guarantee the liability shift. The card issuer can still decline the payment.

  The criteria used to determine the liability is determined by the acquirer and is subject to change. As such, the information presented here may be subject to exceptions, depending on the parties facilitating the payment. For clarification, we recommend contacting your acquirer.

Payment brand Status ECI Liability Notes
3ds-liability-visa.png Y 05 Issuer Transaction authenticated
3ds-liability-mastercard.png Y 02 Issuer Transaction authenticated
3ds-liability-mastercard.png A (attempts) 01 Issuer Transaction could not be authenticated
3ds-liability-mastercard.png A (Mastercard stand-in) 01 Issuer Transaction was successfully authenticated
Low risk
3ds-liability-visa.png A 06 Issuer Attempted, Cardholder or Issuer not participating or ACS unavailable
3ds-liability-mastercard.png I 06 Merchant Applies to 3-D Secure v2.2 only
Acquirer exemption was applied
3ds-liability-visa.png N 07 Merchant Not authenticated (CAVV not present)
3ds-liability-visa.png I 07 Merchant Informational only (CAVV present)
3DS requestor challenge preference acknowledged
3ds-liability-visa.png U 07 Merchant

Authentication could not be performed
(technical or other problem)

3ds-liability-visa.png C 07 - Challenge required to authenticate cardholder
3ds-liability-visa.png R 07 Merchant Authentication rejected
3ds-liability-mastercard.png Y 07 Issuer Recurring (successfully authenticated by ACS)
3ds-liability-mastercard.png U, O 04 Merchant Data only transaction
3ds-liability-mastercard.png N 0 Merchant Transaction could not be authenticated (Attempts do not apply)
3ds-liability-visa.png - Blank, 01 or 04 Merchant MOTO (No 3-D Secure)
3ds-liability-mastercard.png R 00 N/A Rejected
Authorisation should not be attempted

  3-D Secure transactions are processed using the latest protocol version supported by both the customer’s card issuer and your payment solution. This means that if you have enabled 3-D Secure version 2, but the issuer for a transaction only supports 3-D Secure version 1, 3-D Secure version 1 would be used to authenticate the customer.

Click here for 3-D Secure version 1 liability shift information.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request