Direct Support Site

Results for

icon-search-large No search results yet
Enter your search query above

1. Introduction

With the introduction of the PSD2 guideline, it is more important than ever to keep track of your 3-D Secure transactions.

Regardless of the our integration mode(s) you use, we make this really easy for you. Use this guide to learn where to look and how to read the available information.

Become a 3-D Secure expert in no time!

2. Understand 3-D Secure statuses

Apart from clearly defined exclusions and excemptions, any of your customers will have to pass a 3-D Secure authentication check. The transaction reaches both a 3-D Secure status (which is the outcome of the authentication check) and a global transaction status (which indicates the outcome of the authorisation request).

Hence, both are the result of two different steps:

  • 3-D Secure status: First, your customer has to prove that s/he is the rightful owner of the credit card used for the transaction. This authentication check takes place on your customer’s issuer online portal
  • Global transaction status: Second, your acquirer checks by consulting your customer’s issuer whether enough funds are available for the transaction, resulting in an (un)successful authorisation. Learn more about the global transaction status and all possible outcomes

You can look up the results via a GetPayment/GetPaymentDetails request to our platform. Properties paymentOutput.cardPaymentMethodSpecificOutput.threeDSecureResults.eci and statusOutput.statusCode contain the 3-D Secure status and the global transaction status respectively

Not all financial institutions are already fully compliant with PSD2 (which is also called 3-D Secure Version 2). In a case like this, our platform rolls out version 1 instead. GetPayment/GetPaymentDetails property paymentOutput.cardPaymentMethodSpecificOutput.threeDSecureResults.version indicates the 3-D Secure version rolled out for each transaction. Regardless of the integration mode(s) you use, we roll out v1 automatically for you in such a scenario

The table below gives you a full overview of possible scenarios and how our platform displays them to you in either way:

3-D Secure status GetPayment/GetPaymentDetails in property eci Global transaction status GetPayment/GetPaymentDetails in property statusCode Description
5 Depending on the authorisation result by your acquirer either
2
5
9
Your customer has passed the authentication check via 3-D Secure V1 or V2 (challenge or frictionless flow). In case of fraudulent chargebacks, the issuer is liable
6
12
Depending on the authorisation result by your acquirer either
2
5
9
Your customer did not have the opportunity to perform the authentication check.
In case of fraudulent chargebacks, the issuer is liable
91 2 Your customer did not pass the authentication check because of i.e. incorrect password/PIN. Our platform does not execute the authorisation step at all, abondoning the transaction
92 2 Authentication was not possible due to a technical error.
Our platform does not execute the authorisation step at all, abondoning the transaction (statusCode=2)
Property paymentOutput.cardPaymentMethodSpecificOutput.threeDSecureResults.liability indicates the liability shift for fraudulent transactions. Be aware that this is only an indication, as the definite accountability depends on various factors

3. Partial end of liability shift

All the major schemes listed below are aligned and determined to ensure that the official 3DS v1 switch off happens in October 2022:

  • VISA
  • Mastercard
  • American Express
  • JCB
  • Diners Discover

VISA and Mastercard already announced a transition period towards EMV 3DS. 

Essentially, only fully authenticated transactions will be supported by both VISA and Mastercard, resulting in a decrease of fraud liability protection for merchants using 3DS v1.

You will be able to see this in in our response to CreatePayment/CreateHostedCheckout requests in properties payment.paymentOutput.CardPaymentSpecificOutput.threeDSecureResults.version=v1 and payment.paymentOutput.CardPaymentSpecificOutput.threeDSecureResults.eci=12.

For version=v1 and eci=6, the liability shift still applies.

Visa

Visa Secure 3DS V1 Before 16th October 2021 After 16th October 2021
Fully Authenticated (issuer participates) Fraud liability shifts to the issuer (eci=5) No change
Attempted authentication (issuer not participating) Fraud liability shifts to the issuer (eci=12) Fraud liability with the merchant (eci=12)
payment.paymentOutput.
CardPaymentSpecificOutput.
threeDSecureResults.
liability="merchant"

Mastercard

Mastercard Identity Check 3DS V1 Before 5th October 2021 After 5th October 2021
Fully Authenticated (issuer participates) Fraud liability shifts to the issuer (eci=5) No change
Attempted authentication (issuer not participating) Fraud liability shifts to the issuer (eci=12) Fraud liability with the merchant (eci=12)
payment.paymentOutput.
CardPaymentSpecificOutput.
threeDSecureResults.
liability="merchant"