3D Secure is the authentication protocol used by card brands, such as Visa and Mastercard, to enable merchants to gain protection from fraud in a Card Not Present (CNP) environment and to comply with European Strong Customer Authentication (SCA) regulations set in Payment Services Directive 2 (PSD2).
When 3D Secure 2 is used with an Authorization request requiring the customer to authenticate the card used in a transaction, the financial liability can shift from the merchant to the Issuer in the event of a fraud-related chargeback.
Many factors affect whether a 3D Secure liability shift occurs, so check with your Account Manager for more specific information.
Card brand liability shifts
There are some differences in the liability shift offered by Mastercard, Visa, and American Express (AMEX). The following tables include the transaction status, Electronic Commerce Indicator (ECI), authentication value, authentication flow, liability, and recommendation for each card brand.
Mastercard
| Transaction Status | ECI | Authentication Value | Authentication Flow | Liability | Recommendation |
|---|---|---|---|---|---|
| Authentication Successful | 2 | Present | Challenge/Frictionless | Issuer | Proceed to Authorization |
| Authentication Attempted | 1 | Present | Frictionless | Issuer | Proceed to Authorization |
| Authentication Unavailable | 0 | Not Present | Challenge/Frictionless | Merchant | No liability shift; consider whether to proceed to Authorization |
| Authentication Failed/Rejected | 0 | Not Present | Challenge/Frictionless | Merchant | No liability shift; do not proceed to Authorization |
Visa
| Transaction Status | ECI | Authentication Value | Authentication Flow | Liability | Recommendation |
|---|---|---|---|---|---|
| Authentication Successful | 5 | Present | Challenge/Frictionless | Issuer | Proceed to Authorization |
| Authentication Attempted | 6 | Present | Frictionless | Issuer | Proceed to Authorization |
| Authentication Unavailable | 7 | Not Present | Challenge/Frictionless | Merchant | No liability shift; consider whether to proceed to Authorization |
| Authentication Failed/Rejected | 7 | Not Present | Challenge/Frictionless | Merchant | No liability shift; do not proceed to Authorization |
AMEX
| Transaction Status | ECI | Authentication Value | Authentication Flow | Liability | Recommendation |
|---|---|---|---|---|---|
| Authentication Successful | 5 | Present | Challenge/Frictionless | Issuer | Proceed to Authorization |
| Authentication Attempted | 6 | Present | Frictionless | Issuer | Proceed to Authorization |
| Authentication Unavailable | 7 | Not Present | Challenge/Frictionless | Merchant | No liability shift; consider whether to proceed to Authorization |
| Authentication Failed/Rejected | 7 | Not Present | Challenge/Frictionless | Merchant | No liability shift; do not proceed to Authorization |
Next steps
Check out the following guides to learn how to integrate 3D Secure 2 into your application or website.
Use our SDKs & Libraries or JSON API to perform an end-to-end 3D Secure transaction for the Hosted Payment Page (HPP).
Learn to use our 3DS Mobile SDK Solution with Netcetera to authenticate customers within an app.
Learn to generate authentication data without the customer’s involvement in the transaction.
Verify and authenticate the customer's identity outside of their interaction with the merchant's website or app.
Learn how to use this field to send customized information to the Issuer.
Generate a report on transaction authentication using our Authentication Reporting API.
Use EOS to identify customer exemptions and avoid unnecessary authentications.
Learn how to flag an exemption in an authorization message for low-risk customers.
Determine what exemptions are available according to European PSD2 regulations and how to best flag them.