3D Secure 2 Results and Liability Shift

Paysafe is compliant to 3D Secure version 2.1.0.

When 3D Secure 2 is used in conjunction with an authorization request through the Card Payments API – requiring the customer to authenticate the card used in the transaction – a major advantage to the merchant is that with disputed payments the financial liability can shift from the merchant to the card issuer. Many factors affect whether this liability shift occurs, so merchants should contact their account manager for advice.

To encourage merchants to use 3D Secure 2, card issuers who participate in the 3D Secure 2 program offer merchants a guarantee of payment for successful online transactions that have also been authenticated using 3D Secure 2. This means that if there is a dispute or chargeback for a transaction for fraud reasons (e.g., customer disputes that they made or authorized the transaction) the merchant will typically not be liable for the dispute/chargeback costs, and will not have transaction funds taken from their account and returned to the customer. This is referred to as "liability shift". There are some differences in the treatment of liability shift by the different card brands, as outlined below.

Mastercard

ThreeDResult

ECI CAVV Authentication Experience Liability * Recommended Action
* for disputed transactions or chargebacks
Y - Authentication successful 2

Present

Challenge/Frictionless Card Issuer Proceed to Card Authorization
A - Authentication attempted 1 Present Frictionless Card Issuer Proceed to Card Authorization
N - Authentication failed 0 Not Present Challenge/Frictionless Merchant No liability shift; do not proceed with the transaction
U - Authentication unavailable 0 Not Present Challenge/Frictionless Merchant No liability shift; consider whether to proceed with the transaction
R - Authentication rejected 0 Not Present Frictionless Merchant No liability shift; do not proceed with the transaction

Visa

ThreeDResult

ECI CAVV Authentication Experience Liability * Recommended Action
* for disputed transactions or chargebacks
Y - Authentication successful 5

Present

Challenge/Frictionless Card Issuer Proceed to Card Authorization
A - Authentication attempted 6 Present Frictionless Card Issuer Proceed to Card Authorization
N - Authentication failed 7 Not Present Challenge/Frictionless Merchant No liability shift; do not proceed with the transaction
U - Authentication unavailable 7 Not Present Challenge/Frictionless Merchant No liability shift; consider whether to proceed with the transaction
R - Authentication rejected 7 Not Present Frictionless Merchant No liability shift; do not proceed with the transaction

AMEX

ThreeDResult

ECI CAVV Authentication Experience Liability * Recommended Action
* for disputed transactions or chargebacks
Y - Authentication successful 5

Present

Challenge/Frictionless Card Issuer Proceed to Card Authorization
A - Authentication attempted 6 Present Frictionless Card Issuer Proceed to Card Authorization
N - Authentication failed 7 Not Present Challenge/Frictionless Merchant No liability shift; do not proceed with the transaction
U - Authentication unavailable 7 Not Present Challenge/Frictionless Merchant No liability shift; consider whether to proceed with the transaction
R - Authentication rejected 7 Not Present Frictionless Merchant No liability shift; do not proceed with the transaction
  • In some cases liability is not covered by the card issuer, for example, with some commercial cards. For more information, please contact Customer Support.
  • There is NO liability shift for non-fraud related chargeback reasons.
  • The merchant should always take additional steps to check the identity of the customer and reduce the risks of fraud by applying Risk Rules – such as Velocity Checks, IP restrictions, Blacklists, CVV/CV2 matching, and the Address Verification Service (AVS). To enable any of these features for your account, please contact Customer Support.
  • The above table and recommendations are provided as a reference only. Merchants should always rely on the official guidance provided by your acquirer. Paysafe is not responsible for the card scheme rules relating to 3D Secure.

3D Secure 1 Fallback Results and Liability Shift

If the bank does not support 3D Secure 2, the API will automatically fall back to 3DS 1.0.2 and the threeDEnrollment parameter will replace threeDResult to handle the required enrollment check. See the threeDEnrollment parameter for more details.

Mastercard

Enrollment Status

ECI CAVV Authentication Status Signature Status Liability * Recommended Action
* for disputed transactions or chargebacks
Y - Enrolled 2 Present Y - Authentication successful Y Card Issuer Proceed to Card Authorization
Y - Enrolled 1 Present A - Authentication attempted Y Card Issuer Proceed to Card Authorization
Y - Enrolled 0 Not present N - Authentication failed Y Merchant No liability shift; do not proceed with the transaction
Y - Enrolled 0 Not present U - Authentication unavailable Y Merchant No liability shift; consider whether to proceed with the transaction
N - Not Enrolled 0 Not present - - Merchant No liability shift; consider whether to proceed with the transaction
U - Unavailable 0 Not present - - Merchant No liability shift; consider whether to proceed with the transaction
Y - Enrolled All possible values Present/Not present All possible values N Merchant No liability shift; consider whether to proceed with the transaction

Visa

Enrollment Status

ECI CAVV Authentication Status Signature Status Liability * Recommended Action
* for disputed transactions or chargebacks
Y - Enrolled 5 Present Y - Authentication successful Y Card Issuer Proceed to Card Authorization
Y - Enrolled 6 Present A - Authentication attempted Y Card Issuer Proceed to Card Authorization
N - Not Enrolled 6 Not present - - Card Issuer Proceed to Card Authorization
Y - Enrolled 7 Not present N - Authentication failed Y Merchant No liability shift; do not proceed with the transaction
Y - Enrolled 7 Not present U - Authentication unavailable Y Merchant No liability shift; consider whether to proceed with the transaction
U - Unavailable 7 Not present - - Merchant No liability shift; consider whether to proceed with the transaction
Y - Enrolled All possible values Present/Not present All possible values N Merchant No liability shift; consider whether to proceed with the transaction

AMEX

Enrollment Status

ECI CAVV Authentication Status Signature Status Liability * Recommended Action
* for disputed transactions or chargebacks
Y - Enrolled 5 Present Y - Authentication successful Y Card Issuer Proceed to Card Authorization
Y - Enrolled 6 Present A - Authentication attempted Y Card Issuer Proceed to Card Authorization
Y - Enrolled 7 Not present N - Authentication failed Y Merchant No liability shift; do not proceed with the transaction
Y - Enrolled 7 Not present U - Authentication unavailable Y Merchant No liability shift; consider whether to proceed with the transaction
N - Not Enrolled 7 Not present - - Merchant No liability shift; consider whether to proceed with the transaction
U - Unavailable 7 Not present - - Merchant No liability shift; consider whether to proceed with the transaction
Y - Enrolled All possible values Present/Not present All possible values N Merchant No liability shift; consider whether to proceed with the transaction

What to Do After an Unsuccessful Authentication

What should a merchant do if the cardholder cannot be authenticated, e.g., if the service is unavailable or the cardholder failed authentication (closed the authentication window without entering their password or provided incorrect authentication details)? In these circumstances it is the merchant's responsibility to decide how to proceed. Below are some options that you could consider. The best solution will depend on your business and the type of goods and services sold.

  • Ask the customer to pay using a different payment method.
  • If the authentication service is unavailable or an error occurred during authentication, you may consider requesting that the customer repeats the transaction or performs additional security checks to verify the customer's identity; but be aware that you will not benefit from liability shift and may be held liable for fraudulent transactions.
  • If the cardholder failed authentication you are strongly advised not to proceed, particularly for high-value goods or services.

Did you find this page useful?