Changes to liability

 3-D Secure v1 will be sunset starting October 2021 (fully retired October 2022). In the interest of security, and to ensure your transactions meet the PSD2 mandate, you must immediately migrate your solution to use 3-D Secure version 2 (EMV 3DS). Click here to learn how.

Migrating to EMV 3DS will likely lead to an increase in authentication approvals on your site, as improvements to security checks performed in the background reduce the need to challenge customers to take additional steps to prove their identity. Challenges have also been made faster and easier for legitimate customers to complete, as EMV 3DS can allow them to authorise a transaction using their banking app, or through biometric security such as fingerprint/facial recognition (if their bank supports it), and exemptions can be applied to bypass authentication in certain lower-risk scenarios (contact your acquiring bank for further information on exemptions).

  The following information is provided for your convenience and is known to be correct at time of publishing. However, the dates shown are subject to change and there may be additional changes that need to be considered that have not been included below. For the latest information, we always recommend checking with your acquirer.

Payment brand Date Description
3ds-liability-mastercard.png 30th April 2021 Mastercard will no longer allow 3-D Secure v1.0 account range or Merchant ID enrolments unless the customer is already enrolled on EMV 3-D Secure.
3ds-liability-mastercard.png 1st October 2021 Mastercard will no longer generate Attempts transactions from the Mastercard 3-D Secure v1.0 network. 3-D Secure v1.0 fully authenticated transactions will continue to be supported.
3ds-liability-visa.png 16th October 2021

If customer authentication is attempted using 3-D Secure v1.0.2, but the card issuer does not participate, the liability will no longer be with the issuer (ECI 06). It will instead be with the merchant (ECI 07).

This change does not impact the following:

  • When customers are fully authenticated.
  • Transactions where customer authentication is attempted with participating card issuer, but ACS is unavailable at the time.
  • The response is VERes = N.
3ds-liability-mastercard.png 30th April 2022 Mastercard will no longer allow 3-D Secure v1.0 account range or Merchant ID enrolments.
3ds-liability-mastercard.png 14th October 2022 3-D Secure v1.0 sunset for Mastercard-branded cards.

Mastercard 3-D Secure v1.0.2 transactions will no longer be supported on the Mastercard network.

3ds-liability-visa.png 15th October 2022 3-D Secure v1.0 sunset for Visa-branded cards.

Payments processed with Visa cards can only be authenticated with EMV 3-D Secure (3DS version 2.x).

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request