This site requires javascript to be enabled.

3D Secure

Results for

Results for search.results.searching

3D Secure is an abbreviation for Three Domain Secure, which is the payment industry’s Internet Authentication Standard. All major credit card brands support this standard under their own label:

  • Visa -  Verified by Visa
  • MasterCard -  MasterCard SecureCode
  • Amex -  SafeKey
  • Diners & Discover -  ProtectBuy

Consumer Enrollment

A one-time process the cardholder undergoes to participate in the 3D Secure scheme. Pending the type of method supported by the issuer, the cardholder will either use static or dynamic (via token or mobile/smartphone) authentication credentials.

Authentication

During online shopping a prompt from the card issuer appears and requests the cardholder to enter the authentication credentials . The card issuer checks the credentials and the identity of the cardholder, and provides unique authentication values to the merchant.

Liability Shift

If both the cardholder and the merchant are participating in the 3D Secure scheme and the transaction has been successfully authenticated, the liability of a chargeback shifts from the merchant to the cardholder’s issuing bank. Please note that the liability shift only applies for chargebacks based on a fraud reason code. Any reason codes related to other types disputes are not covered by the liability shift. 

Key Benefits

  • Enhance trust and confidence for your consumer’s online shopping experience 
  • Additional layer of protection against fraud 
  • Especially valuable for high transaction amounts
  • In case of a fraud chargeback reason code, the liability shifts to the card issuing bank if the obtained authentication values were used during the authorization and settlement. 

Supported Card Types

Verified by Visa Securecode Amex SafeKey Protectbuy
Visa Credit MasterCard Credit Amex Credit Diners
Visa Debit MasterCard Debit Amex Commercial Discover
Visa Electron Maestro
Visa Commercial MasterCard Commercial

Process Flows

3D Secure

ECI & CAVV

The authentication values provided by the issuer are exchanged in the authorization and settlement messages. It consists if the following Elements:

  • Electronic Commerce Indicator (ECI): This indicator shows the value of the result of the authentication. 
  • Cardholder Authentication Verification Value (CAVV): This value is the end-2-end reference generated by the issuer to recognize that the authentication has taken place. 

Please be advised that there are scenario's where a Liability Shift applies, even if the transaction was only partially authenticated. An example of such scenario is you are participating in the authentication, but the cardholder is not participating. Please find more information about these scenario's in below tables. 

Reporting

The WebCollect Payment Console (WPC) displays the Authentication result. Screenshot 3D WPC

Additional Information

Liability Shift Protection

Depending on where the card is issued and the level of authentication liability shift may or may not be applicable. Below tables will help you to determine whether you are liability shift is applicable. 

Liability Shift: Visa 

Region & card type
Authentication
CAVV
ECIVisa
Description /Scenario
Liability Shift
Exceptions
All regions No 7 Issuer not participating or cardholder not enrolled No
Full Yes 5 Authentication successful  Yes
  • All Regions - Merchant in Fraud Monitoring Program
  • US - Restricted MCCs 4829/5967/6051/7995/6540/7801/7802
  • US - Transaction does not meet Custom Payment System requirements
Full No 5 Authentication successful but no CAVV provided by the issuer No

Attempt Yes 6 Issuer not participating or cardholder not enrolled
CAVV is provided in the authorization

No (with 3DS V1)

Yes (with 3DS V2)

  • All Regions - Non reloadable prepaid
  • All Regions - Merchant in Fraud Monitoring Program
  • US - Restricted MCCs 4829/5967/6051/7995/6540/7801/7802
  • US - Transaction does not meet Custom Payment System requirements
Attempt Yes 6 CAVV is provided by Visa Attempts Service because Issuer's ACS is not available Yes
  • All Regions - Non reloadable prepaid
  • All Regions - Merchant in Fraud Monitoring Program
  • US - Restricted MCCs 4829/5967/6051/7995/6540/7801/7802
  • US - Transaction does not meet Custom Payment System requirements
Attempt No 6 Authentication attempt but no CAVV provided by issuer or Visa No

Unable No 7 Issuer is unable to authenticate, issuer did not respond No
Failed No Empty Authentication failed (status 180) No

Liability Shift and COF Transactions

COF Transaction
Description/Scenario
Liability Shift
First Recurring  When consumer is present, the transaction can be authenticated Liability applies according to the matrix above
Subsequent Recurring Merchant Initiated Transaction No liability shift applies
First UCOF When consumer is present, the transaction can be authenticated Liability applies according to the matrix above
UCOF Subsequent CIT When consumer is present, the transaction can be authenticated Liability applies according to the matrix above
UCOF Subsequent MIT Merchant Initiated Transaction No liability shift applies

Liability Shift: MasterCard/Maestro

Region & card type
Authentication
AAV
ECIMC
Description /Scenario
Liability Shift
All regions—consumer cards 0 or empty Issuer not participating or cardholder not enrolled. No
Full Yes 2 Authentication successful Yes
Full No 2 Authentication successful but no AAV provided by issuer No
Attempt Yes 1 Issuer not participating or cardholder not enrolled
AAV is provided in the authorization
Yes
Attempt No 1 Authentication attempt but no AAV provided by issuer Yes
Unable No Issuer is unable to authenticate No
Failed No Authentication failed(status 180) No

Liability Shift: Amex

Region & card type
Authentication
AEVV
ECIMC
Description /Scenario
Liability Shift
All regions No 7/Empty Issuer, card range, or cardholder not enrolled. No
Full Yes 5 Authentication successful Yes
Full No 5 Authentication successful but no CAVV provided by issuer No
Attempt Yes 6 Cardholder not enrolled
CAVV is provided in the authorization
Yes
Attempt No 6 Authentication attempt but no CAVV provided by issuer No
Unable No 7 Issuer is unable to authenticate, issuer did not respond No
Failed No Empty Authentication failed(status 180) No

Liability shift: Diners & Discover

  • The Issuer, Merchant/Acquirer, and Card Member are enrolled in ProtectBuy and the authentication response is either Full Authentication or Attempts Authentication.
  • Only the Issuer and Merchant/Acquirer are enrolled in ProtectBuy and the Card member is not participating. This includes when a Card Member opts-out of Activation During Shopping (ADS) or ADS is not offered. Liability shift occurs when the authentication response is Attempts Authentication.
  • The Issuer and Merchant/Acquirer are both participating but the Issuer’s Access Control Server (ACS) is unreachable, requiring the DCI Attempts ACS to perform stand-in authentication, and the authentication response is Attempts Authentication. This may occur whether or not the Card Member is enrolled.

Chargeback Reason Codes

Visa

Reason code Chargeback conditions
75 The cardholder states that he does not recognize the transaction.
83 The transaction was processed without the permission of the cardholder, or a fictitious card account number was used and the transaction was not authorized.

MasterCard

Reason code Chargeback conditions
37 The cardholder states that he did not participate in the transaction, or that he did not perform the transaction.
63 The cardholder states that he does not recognize the transaction. Or the cardholder insists that he did not authorize the transaction.

Maestro

Reason code Chargeback conditions
22 The cardholder states that he did not initiate the transaction himself.

Diners 

Reason code Chargeback conditions
C42 Card member did not authorize or participate in a card not present transaction - OR - any fraudulent charge where the Card is not present and the authorization data indicated that the Card was present.