3D Secure Results and Liability Shift

When 3D Secure is used in conjunction with an authorization request through the Card Payments API – requiring the customer to authenticate the card used in the transaction – a major advantage to the merchant is that with disputed payments the financial liability can shift from the merchant to the card issuer. Many factors affect whether this liability shift occurs, so merchants should contact their account manager for advice.

Paysafe is compliant to 3D Secure version 1.0.2.

The values of the PARes status code (the threeDResult returned by the API) and the Electronic Commerce Indicator (eci) have a bearing on the situation, and are summarized below.

PARes status code

Description

Recommendation

Note

Y Authentication successful Proceed with authorization Cardholder passed authentication
A Authentication attempted Proceed with authorization Liability shift in most cases
N Authentication failed Do not proceed with authorization Cardholder failed authentication
U Authentication unavailable Decision to proceed with authorization at merchant's discretion No liability shift
E Error Do not proceed with authorization No liability shift

The Electronic Commerce Indicator (eci), returned within the threeDResult parameter, indicates the level of cardholder authentication used in the online transaction. No eci is returned with N, U or E PARes status responses.

The ECI value returned by the API do not have a preceding zero unlike the values in the 3DS standard.

Liability Shift with 3D Secure

3D Secure authentication provides a means for card issuers to verify the identity of the cardholder, typically by asking them to enter a password or secret code that only the cardholder should know. This adds an additional layer of security to the online transaction, since even if the customer's card number and card details are fraudulently obtained, it is less likely that a fraudster would also have access to the customer's secret password. For a successfully authenticated cardholder, the risks of fraud are therefore significantly reduced.

To encourage merchants to use 3D Secure, card issuers who participate in the 3D Secure program offer merchants a guarantee of payment for successful online transactions that have also been authenticated using 3D Secure. This means that if there is a dispute or chargeback for a transaction for fraud reasons (e.g. customer disputes that they made or authorized the transaction) the merchant will typically not be liable for the dispute / chargeback costs, and will not have transaction funds taken from their account and returned to the customer. This is referred to as "liability shift". There are some differences in the treatment of liability shift by the different card brands, as outlined below.

Card Brand

Enrollment Status

Authentication Status Liability * Recommended Action
Is card enrolled in 3DSecure? * for disputed transactions or chargebacks
Visa U - Unavailable - Merchant No liability shift; consider whether to proceed with the transaction
Visa N - Not Enrolled - Card Issuer Proceed to Card Auth
Visa Y - Enrolled Y - Authentication Successful Card Issuer Proceed to Card Auth
Visa Y - Enrolled N - Authentication Failed Merchant No liability shift; do not proceed with the transaction
Visa Y - Enrolled A - Authentication attempted Card Issuer Proceed to Card Auth
Visa Y - Enrolled U - Authentication unavailable Merchant No liability shift; consider whether to proceed with the transaction
Visa Y - Enrolled E - Authentication error Merchant No liability shift; consider whether to proceed with the transaction
Mastercard N - Not Enrolled - Merchant No liability shift; consider whether to proceed with the transaction
Mastercard Y - Enrolled Y - Authentication Successful Card Issuer Proceed to Card Auth
Mastercard Y - Enrolled N - Authentication Failed Merchant No liability shift; do not proceed with the transaction
Mastercard Y - Enrolled A - Authentication attempted Card Issuer Proceed to Card Auth
Mastercard Y - Enrolled U - Authentication unavailable Merchant No liability shift; consider whether to proceed with the transaction
Visa Y - Enrolled E - Authentication error Merchant No liability shift; consider whether to proceed with the transaction
  • In some cases liability is not covered by the card issuer; for example with some commercial cards. For more information please contact Customer Support.
  • There is NO liability shift for non-fraud related chargeback reasons.
  • The merchant should always take additional steps to check the identity of the customer and reduce the risks of fraud, by applying Risk Rules – such as Velocity Checks – IP restrictions, Blacklists, CVV/CV2 matching and the Address Verification Service (AVS). To enable any of these features for your account, please contact Customer Support.
  • The above table and recommendations are provided as a reference only. Merchants should always rely on the official guidance provided by your acquirer. Paysafe is not responsible for the card scheme rules relating to 3D Secure.

What to Do After an Unsuccessful Authentication

What should a merchant do if the cardholder cannot be authenticated? For example, if the service is unavailable or the cardholder failed authentication (closed the authentication window without entering their password or provided incorrect authentication details). In these circumstances it is the merchant's responsibility to decide how to proceed. Below are some options that you could consider. The best solution will depend on your business and the type of goods and services sold.

  • Ask the customer to pay using a different payment method.
  • If the authentication service is unavailable or an error occurred during authentication, you may consider requesting that the customer repeats the transaction or performs additional security checks to verify the customer's identity; but be aware that you will not benefit from liability shift and may be held liable for fraudulent transactions.
  • If the cardholder failed authentication you are strongly advised not to proceed— particularly for high-value goods or services.

Did you find this page useful?