If the customer is authenticated as part of the EMV 3-D Secure process and it is later determined that fraud has been committed, the card issuer will be liable in the event of a fraudulent chargeback in the majority of cases. Please refer to the below for further information:
If you would like to add rules that automatically block payments where you would be held liable in the event of fraud, please contact our Support Team to discuss.
Such rules are not supported if your solution processes transactions that are exempt from SCA because the liability shift cannot be applied to SCA exemptions.
Mastercard
| Description | Status | CAVV Leading Indicator | ECI | Liability |
| Transaction successfully authenticated by ACS - Frictionless | Y | kA | 02 | Issuer |
| Transaction successfully authenticated by ACS - Challenge | Y | kB | 02 | Issuer |
| Transaction successfully authenticated by Mastercard Smart Authentication - Stand-In - Frictionless (low risk) | Y | kC | 02 | Issuer |
| Transaction successfully authenticated by Mastercard Smart Authentication - Stand-In - Frictionless (non-low risk) | A | kE | 01 | Issuer |
| Transaction could not be authenticated by either the ACS or Mastercard Smart Authentication - Stand-In - Attempts | A | kF | 01 | Issuer |
|
Transaction successfully authenticated by the ACS without challenging the cardholder using Trusted Merchant Listing Exemption (3DS Requestor Challenge Indicator = 08) |
Y | kR | 02 | Issuer |
| Transaction successfully authenticated by the ACS with challenge using Decoupled Authentication | Y | kS | 02 | Issuer |
|
Transaction was not authenticated by either ACS or Mastercard as Acquirer SCA Exemption was applied because of TRA exemption (3DS Requestor Challenge Indicator = 05) |
I | kN | 06 | Merchant |
|
Transaction was not authenticated by either ACS or Mastercard as Acquirer SCA Exemption was applied because an SCA was already performed (3DS Requestor Challenge Indicator = 07) |
I | kN | 06 | Merchant |
|
Transaction was not authenticated by either ACS or Mastercard as it was an Information Only / Data Share Only message (3DS Requestor Challenge Indicator = 06) |
I | kN | 06 | Merchant |
|
Transaction was not authenticated by either ACS or Mastercard as Smart Authentication Direct for Acquirer Exemption (SADAE) was applied (3DS Requestor Challenge Indicator = 05/07) |
I | kN | 06 | Merchant |
| Transaction successfully authenticated by Mastercard Identity Check Express (IDCX) service | Y | kD | 02 | Issuer |
| Transaction could not be authenticated - Attempts doesn't apply | N | None | 00 | Merchant |
| Transaction rejected by issuer - Authorisation should not be attempted | R | None | 00 | N/A |
Visa
| Description | Status | CAVV Present? | ECI | Liability |
| Authentication Successful | Y | Y | 05 | Issuer* |
| Authentication Attempted | A | Y | 06 | Issuer* |
|
Informational only: 3DS Requestor challenge preference acknowledged |
I | Y | 07 | Merchant |
|
Authentication Failed; Not Authenticated; Transaction Denied |
N | N | 07 | Merchant |
| Authentication could not be performed; Technical or other problem | U | N | 07 | Merchant |
| Authentication Rejected | R | N | 07 | Merchant |
| Challenge Required to authenticate the cardholder | C | N/A | N/A | N/A |
|
Challenge Required; Decoupled Authentication confirmed |
D | N/A | N/A | N/A |
| No CAVV present | [ Any ] | N | [ Any ] | Merchant |
*Where a valid CAVV is submitted but the transaction does not qualify for Visa’s 3-D Secure program, the merchant is liable for any resulting fraud chargebacks.
Mastercard - Not currently supported
| Description | Status | CAVV Leading Indicator | ECI | Liability |
| Recurring transaction successfully authenticated by ACS - Frictionless | Y | kA | 02 | Issuer |
| Recurring transaction successfully authenticated by ACS - Challenge | Y | kB | 02 | Issuer |
| Recurring transaction successfully authenticated by Mastercard Smart Authentication - Stand-In - Frictionless (low risk) | Y | kC | 02 | Issuer |
| Recurring transaction successfully authenticated by Mastercard Smart Authentication - Stand-In - Frictionless (non-low risk) | A | kE | 01 | Issuer |
| Recurring transaction could not be authenticated by either the ACS or Mastercard Smart Authentication - Stand-In - Attempts | A | kF | 01 | Issuer |
| Subsequent Recurring transaction (3RI Payments) successfully authenticated by ACS - Frictionless | Y | kO | 07 | Issuer |
| Subsequent Recurring transaction (3RI Payments) successfully authenticated by ACS - Challenge using Decoupled Authentication | Y | kP | 07 | Issuer |
| Identity Check Insights - No Authentication performed by either the ACS or Mastercard Smart Authentication | U | kX | 04 | Merchant |
| 3RI Identity Check Insights - No Authentication performed by either the ACS or Mastercard Smart Authentication | U | kX | 04 | Merchant |
