Page tree



Below you will find the different possible results during a 3D-Secure authentication for the steps of verification of enrollment and authentication of the transaction. These results appear in the 3DSECURE AND PAYMENT WARRANTY box at the bottom right of the Transaction Details page, and tell you the 3D-Secure status of the transaction.

We also tell you if the transfer of responsibility applies. This information is given on the basis of the 3D-Secure truth tables applied by the banks and that they transmit to us. Note, however, that some merchants tell us they receive unpaid invoices for transactions that are supposed to be covered by the transfer of liability. Caution is therefore required, especially with non-European cards and Authentications Test, very common with US cards, for example.

For the moment we will not indicate information concerning the transfer of responsibility for transactions made by 3DS v2.

Values ​​displayed in 3D-Secure

Authentication type (3DS v2)

CH: challenge (strong authentication)

FR : frictionless (authentification passive)


Y: enrolled

U: enrollment unavailable

N: not enrolled


Y: authenticated

U: authentication unavailable

N: not authenticated

A: Rejected (3DS v2)

Transfer of responsibility

Y: transfer applied

N: no transfer

The  liability shift rules

General principles

  • The liability shift requires a 3DSecure authentication request.
  • In general, MIT payment requests submitted without authentication token do not benefit from liability shift.

Refer to the paragraph relating to CB pre-orders for exceptions

Rules of transfer of responsibility according to the exemptions requested and granted.

The table below gives the general liability shift rules depending on the exemption requested by the merchant and the response from ACS.

Derogation requestedDS/ACS ResponseCBMastercardVisaAmerican Express
01 = No preferenceAllIssuer
02 = No challengeFrictionlessAcquirerIssuer
03 = Challenge RequestedAllIssuer
04 = Challenge Requested (mandate)ChallengeIssuer
05=  No Challenge RequestedFrictionlessAcquirerAcquirer
06 = Data share onlyN.A.N.A.
07= No Challenge Requested(strong consumer authentication is already performed)FrictionlessAcquirerIssuerAcquirer<TO BE SPECIFIED>
ChallengeIssuer<TO BE SPECIFIED>
08 = No Challenge Requested Trust ListFrictionlessAcquirerIssuerIssuer<TO BE SPECIFIED>
ChallengeIssuer<TO BE SPECIFIED>
09 = Challenge Requested (Trust list)ChallengeIssuer<TO BE SPECIFIED>

Case of pre-orders or late shipments with credit card

CB applies standard liability shift rules to MIT payment requests in the case of pre-orders or late shipments for MIT authorizations made during  the 30 days following the authentication.