If the customer is authenticated as part of the EMV 3-D Secure process and it is later determined that fraud has been committed, the card issuer will normally take financial responsibility for the chargeback.
Authentication with 3-D Secure version 1 was fully retired October 2022. If your solution has not been migrated to EMV 3DS (version 2) and you are located in a region where SCA is mandated, you may be liable for fraudulent chargebacks incurred on your account. Click here to learn how to enable EMV 3-D Secure version 2.
ECI (Electronic Commerce Indicator) is a value returned following the EMV 3-D Secure process, indicating the outcome of the authentication attempted. The following values can be returned:
|3-D Secure authentication was successful.
Transaction is secured by 3-D Secure.
|3-D Secure authentication was attempted but not completed.|
|3-D Secure authentication either failed or could not be attempted.
Note: ECI 7 is also returned for successfully-authenticated recurring transactions using Mastercard-branded cards.
|ECI 4||Data only transaction that can be sent to Mastercard.|
Following a transaction processed using 3-D Secure v2, in the event of a dispute with the transaction at a later date, the card issuer may take financial responsibility for the chargeback as indicated in the table below:
Successful authentication of a transaction does not guarantee the liability shift. The card issuer can still decline the payment.
The criteria used to determine the liability is determined by the acquirer and is subject to change. As such, the information presented here may be subject to exceptions, depending on the parties facilitating the payment. For clarification, we recommend contacting your acquirer.
|A (attempts)||01||Merchant||Transaction could not be authenticated|
|A (Mastercard stand-in)||01||Merchant||Transaction was successfully authenticated
|A||06||Issuer||Attempted, Cardholder or Issuer not participating or ACS unavailable|
|I||06||Merchant||Applies to 3-D Secure v2.2 only
Acquirer exemption was applied
|N||07||Merchant||Not authenticated (CAVV not present)|
|I||07||Merchant||Informational only (CAVV present)
3DS requestor challenge preference acknowledged
Authentication could not be performed
|C||07||-||Challenge required to authenticate cardholder|
|Y||07||Issuer||Recurring (successfully authenticated by ACS)|
|U, O||04||Merchant||Data only transaction|
|N||0||Merchant||Transaction could not be authenticated (Attempts do not apply)|
|-||Blank, 01 or 04||Merchant||MOTO (No 3-D Secure)|
Authorisation should not be attempted