3-D Secure v2 Liability

If the customer is authenticated as part of the EMV 3-D Secure process and it is later determined that fraud has been committed, the card issuer will normally take financial responsibility for the chargeback.

About ECI

ECI (Electronic Commerce Indicator) is a value returned following the EMV 3-D Secure process, indicating the outcome of the authentication attempted. The following values can be returned:

ECI value Definition
3-D Secure authentication was successful.
Transaction is secured by 3-D Secure.
3-D Secure authentication was attempted but not completed.
3-D Secure authentication either failed or could not be attempted.
Note: ECI 7 is also returned for successfully-authenticated recurring transactions using Mastercard-branded cards.
ECI 4 Data only transaction that can be sent to Mastercard.


Following a transaction processed using 3-D Secure v2, in the event of a dispute with the transaction at a later date, the card issuer may take financial responsibility for the chargeback as indicated in the table below:

  Successful authentication of a transaction does not guarantee the liability shift. The card issuer can still decline the payment.

  The criteria used to determine the liability is determined by the acquirer and is subject to change. As such, the information presented here may be subject to exceptions, depending on the parties facilitating the payment. For clarification, we recommend contacting your acquirer.

Payment brand Status ECI Liability Notes
S20-EN.png Y 05 Issuer Transaction authenticated
S21-EN.png Y 02 Issuer Transaction authenticated
S21-EN.png A (attempts) 01 Merchant Transaction could not be authenticated
S21-EN.png A (Mastercard stand-in) 01 Merchant Transaction was successfully authenticated
Low risk
S20-EN.png A 06 Issuer Attempted, Cardholder or Issuer not participating or ACS unavailable
S21-EN.png I 06 Merchant Applies to 3-D Secure v2.2 only
Acquirer exemption was applied
S20-EN.png N 07 Merchant Not authenticated (CAVV not present)
S20-EN.png I 07 Merchant Informational only (CAVV present)
3DS requestor challenge preference acknowledged
S20-EN.png U 07 Merchant

Authentication could not be performed
(technical or other problem)

S20-EN.png C 07 - Challenge required to authenticate cardholder
S20-EN.png R 07 Merchant Authentication rejected
S21-EN.png Y 07 Issuer Recurring (successfully authenticated by ACS)
S21-EN.png U, O 04 Merchant Data only transaction
S21-EN.png N 0 Merchant Transaction could not be authenticated (Attempts do not apply)
S20-EN.png - Blank, 01 or 04 Merchant MOTO (No 3-D Secure)
S21-EN.png R 00 N/A Rejected
Authorisation should not be attempted
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request