3D Secure 2 Results and Liability Shift
Paysafe Group is compliant to 3D Secure version 2.2.0.
To get the best results from your 3D Secure integration, see our 3D Secure 2 Best Practices and Acceptance Guidelines.
When 3D Secure 2 is used in conjunction with an authorization request through the Card Payments API – requiring the customer to authenticate the card used in the transaction – a major advantage to the merchant is that with disputed payments the financial liability can shift from the merchant to the card issuer. Many factors affect whether this liability shift occurs, so merchants should contact their account manager for advice.
To encourage merchants to use 3D Secure 2, card issuers who participate in the 3D Secure 2 program offer merchants a guarantee of payment for successful online transactions that have also been authenticated using 3D Secure 2. This means that if there is a dispute or chargeback for a transaction for fraud reasons (e.g., customer disputes that they made or authorized the transaction) the merchant will typically not be liable for the dispute/chargeback costs, and will not have transaction funds taken from their account and returned to the customer. This is referred to as "liability shift". There are some differences in the treatment of liability shift by the different card brands, as outlined below.
Mastercard
ThreeDResult | ECI | CAVV | Authentication Experience | Liability * | Recommended Action |
---|---|---|---|---|---|
* for disputed transactions or chargebacks | |||||
Y - Authentication successful | 2 | Present | Challenge/Frictionless | Card Issuer | Proceed to Card Authorization |
A - Authentication attempted | 1 | Present | Frictionless | Card Issuer | Proceed to Card Authorization |
N - Authentication failed | 0 | Not Present | Challenge/Frictionless | Merchant | No liability shift; do not proceed with the transaction |
U - Authentication unavailable | 0 | Not Present | Challenge/Frictionless | Merchant | No liability shift; consider whether to proceed with the transaction |
R - Authentication rejected | 0 | Not Present | Frictionless | Merchant | No liability shift; do not proceed with the transaction |
Visa
ThreeDResult | ECI | CAVV | Authentication Experience | Liability * | Recommended Action |
---|---|---|---|---|---|
* for disputed transactions or chargebacks | |||||
Y - Authentication successful | 5 | Present | Challenge/Frictionless | Card Issuer | Proceed to Card Authorization |
A - Authentication attempted | 6 | Present | Frictionless | Card Issuer | Proceed to Card Authorization |
N - Authentication failed | 7 | Not Present | Challenge/Frictionless | Merchant | No liability shift; do not proceed with the transaction |
U - Authentication unavailable | 7 | Not Present | Challenge/Frictionless | Merchant | No liability shift; consider whether to proceed with the transaction |
R - Authentication rejected | 7 | Not Present | Frictionless | Merchant | No liability shift; do not proceed with the transaction |
AmEx
ThreeDResult | ECI | CAVV | Authentication Experience | Liability * | Recommended Action |
---|---|---|---|---|---|
* for disputed transactions or chargebacks | |||||
Y - Authentication successful | 5 | Present | Challenge/Frictionless | Card Issuer | Proceed to Card Authorization |
A - Authentication attempted | 6 | Present | Frictionless | Card Issuer | Proceed to Card Authorization |
N - Authentication failed | 7 | Not Present | Challenge/Frictionless | Merchant | No liability shift; do not proceed with the transaction |
U - Authentication unavailable | 7 | Not Present | Challenge/Frictionless | Merchant | No liability shift; consider whether to proceed with the transaction |
R - Authentication rejected | 7 | Not Present | Frictionless | Merchant | No liability shift; do not proceed with the transaction |
- In some cases liability is not covered by the card issuer, for example, with some commercial cards. For more information, please contact Customer Support.
- There is NO liability shift for non-fraud related chargeback reasons.
- The merchant should always take additional steps to check the identity of the customer and reduce the risks of fraud by applying Risk Rules – such as Velocity Checks, IP restrictions, Blacklists, CVV/CV2 matching, and the Address Verification Service (AVS). To enable any of these features for your account, please contact Customer Support.
- The above table and recommendations are provided as a reference only. Merchants should always rely on the official guidance provided by your acquirer. Paysafe Group is not responsible for the card scheme rules relating to 3D Secure.
What to Do After an Unsuccessful Authentication
What should a merchant do if the cardholder cannot be authenticated, e.g., if the service is unavailable or the cardholder failed authentication (closed the authentication window without entering their password or provided incorrect authentication details)? In these circumstances it is the merchant's responsibility to decide how to proceed. Below are some options that you could consider. The best solution will depend on your business and the type of goods and services sold.
- Ask the customer to pay using a different payment method.
- If the authentication service is unavailable or an error occurred during authentication, you may consider requesting that the customer repeats the transaction or performs additional security checks to verify the customer's identity; but be aware that you will not benefit from liability shift and may be held liable for fraudulent transactions.
- If the cardholder failed authentication you are strongly advised not to proceed, particularly for high-value goods or services.