If the customer is authenticated as part of the EMV 3-D Secure process and it is later determined that fraud has been committed, the card issuer will normally take financial responsibility for the chargeback.
Authentication with 3-D Secure version 1 was fully retired October 2022. If your solution has not been migrated to EMV 3DS (version 2) and you are located in a region where SCA is mandated, you may be liable for fraudulent chargebacks incurred on your account. Click here to learn how to enable EMV 3-D Secure version 2.
About ECI
ECI (Electronic Commerce Indicator) is a value returned following the EMV 3-D Secure process, indicating the outcome of the authentication attempted. The following values can be returned:
ECI value | Definition |
ECI 2 ECI 5 |
3-D Secure authentication was successful. Transaction is secured by 3-D Secure. |
ECI 1 ECI 6 |
3-D Secure authentication was attempted but not completed. |
ECI 0 ECI 7 |
3-D Secure authentication either failed or could not be attempted. Note: ECI 7 is also returned for successfully-authenticated recurring transactions using Mastercard-branded cards. |
ECI 4 | Data only transaction that can be sent to Mastercard. |
Following a transaction processed using 3-D Secure v2, in the event of a dispute with the transaction at a later date, the card issuer may take financial responsibility for the chargeback as indicated in the table below:
Successful authentication of a transaction does not guarantee the liability shift. The card issuer can still decline the payment.
The criteria used to determine the liability is determined by the acquirer and is subject to change. As such, the information presented here may be subject to exceptions, depending on the parties facilitating the payment. For clarification, we recommend contacting your acquirer.
Payment brand | Status | ECI | Liability | Notes |
![]() |
Y | 05 | Issuer | Transaction authenticated |
![]() |
Y | 02 | Issuer | Transaction authenticated |
![]() |
A (attempts) | 01 | Merchant | Transaction could not be authenticated |
![]() |
A (Mastercard stand-in) | 01 | Merchant | Transaction was successfully authenticated Low risk |
![]() |
A | 06 | Issuer | Attempted, Cardholder or Issuer not participating or ACS unavailable |
![]() |
I | 06 | Merchant | Applies to 3-D Secure v2.2 only Acquirer exemption was applied |
![]() |
N | 07 | Merchant | Not authenticated (CAVV not present) |
![]() |
I | 07 | Merchant | Informational only (CAVV present) 3DS requestor challenge preference acknowledged |
![]() |
U | 07 | Merchant |
Authentication could not be performed |
![]() |
C | 07 | - | Challenge required to authenticate cardholder |
![]() |
R | 07 | Merchant | Authentication rejected |
![]() |
Y | 07 | Issuer | Recurring (successfully authenticated by ACS) |
![]() |
U, O | 04 | Merchant | Data only transaction |
![]() |
N | 0 | Merchant | Transaction could not be authenticated (Attempts do not apply) |
![]() |
- | Blank, 01 or 04 | Merchant | MOTO (No 3-D Secure) |
![]() |
R | 00 | N/A | Rejected Authorisation should not be attempted |