Content
Introduction
Below you will find the different possible results during a 3D-Secure authentication for the steps of verification of enrollment and authentication of the transaction. These results appear in the 3DSECURE AND PAYMENT WARRANTY box at the bottom right of the Transaction Details page, and tell you the 3D-Secure status of the transaction.
We also tell you if the transfer of responsibility applies. This information is given on the basis of the 3D-Secure truth tables applied by the banks and that they transmit to us. Note, however, that some merchants tell us they receive unpaid invoices for transactions that are supposed to be covered by the transfer of liability. Caution is therefore required, especially with non-European cards and Authentications Test, very common with US cards, for example.
For the moment we will not indicate information concerning the transfer of responsibility for transactions made by 3DS v2.
Values displayed in 3D-Secure
| Authentication type (3DS v2) | CH: challenge (strong authentication) FR : frictionless (authentification passive) |
|---|---|
Enlisted | Y: enrolled U: enrollment unavailable N: not enrolled |
Authenticated | Y: authenticated U: authentication unavailable N: not authenticated A: Rejected (3DS v2) |
Transfer of responsibility | Y: transfer applied N: no transfer |
The liability shift rules
General principles
- The liability shift requires a 3DSecure authentication request.
- In general, MIT payment requests submitted without authentication token do not benefit from liability shift.
Refer to the paragraph relating to CB pre-orders for exceptions
Rules of transfer of responsibility according to the exemptions requested and granted.
The table below gives the general liability shift rules depending on the exemption requested by the merchant and the response from ACS.
| Responsible | |||||
|---|---|---|---|---|---|
| Derogation requested | DS/ACS Response | CB | Mastercard | Visa | American Express |
| 01 = No preference | All | Issuer | |||
| 02 = No challenge | Frictionless | Acquirer | Issuer | ||
| Challenge | Issuer | ||||
| 03 = Challenge Requested | All | Issuer | |||
| 04 = Challenge Requested (mandate) | Challenge | Issuer | |||
| 05= No Challenge Requested | Frictionless | Acquirer | Acquirer | ||
| Challenge | Issuer | Issuer | |||
| 06 = Data share only | N.A. | N.A. | |||
| 07= No Challenge Requested(strong consumer authentication is already performed) | Frictionless | Acquirer | Issuer | Acquirer | <TO BE SPECIFIED> |
| Challenge | Issuer | <TO BE SPECIFIED> | |||
| 08 = No Challenge Requested Trust List | Frictionless | Acquirer | Issuer | Issuer | <TO BE SPECIFIED> |
| Challenge | Issuer | <TO BE SPECIFIED> | |||
| 09 = Challenge Requested (Trust list) | Challenge | Issuer | <TO BE SPECIFIED> | ||
Case of pre-orders or late shipments with credit card
CB applies standard liability shift rules to MIT payment requests in the case of pre-orders or late shipments for MIT authorizations made during the 30 days following the authentication.