3D Secure Liability Shift
Prepaid cards do not receive a liability shift.
Mastercard
Mastercard 4837: No Cardholder Authorization
A liability shift applies, which prevents issuers from opening chargebacks with reason code 4837 for transactions properly authenticated and identified through 3DS.
The liability shift applies to the following ECI values:
- ECI 01: Attempted
- ECI 02: Authenticated
The Mastercard fraud chargeback liability shift does not apply if the ECI is 00.
Visa
Visa 10.4: Other Fraud – Card-Absent Environment
The liability shift applies to the following ECI values (provided that the transaction does not meet any of the criteria for exclusions listed in the table below):
- ECI 05: Authenticated
- ECI 06: Attempted
The Visa fraud chargeback liability shift provided with 3DS does not apply under the following conditions:
| Scope | Restriction | ECI | Description |
|---|---|---|---|
| Global | 07 | Liability shift does not apply | |
| Global | Any | An Electronic Commerce Transaction in which the Issuer responded to an Authentication Request with either: - Unable-to-Authenticate Response - Authentication Denial | |
| Global | 05 or 06 | Merchants will receive a CAVV for authenticated and attempted authentication transactions which they must provide in the authorization message. For ECI 05 or ECI 06 transactions where a CAVV was not received in authorization, the ECI will be reclassified to ECI 07. | |
| Global | Non-Reloadable Prepaid | 06 | Non-reloadable Visa prepaid cards are not required to participate in the Visa Secure program, but issuers may elect to participate. In terms of liability: • Authentication—If a non-reloadable Visa prepaid card is authenticated during Visa Secure program (ECI 05), the merchant is protected against specific Dispute reason codes. • Attempted Authentication—If authentication is attempted on a non-reloadable Visa prepaid card (ECI 06), the merchant does not receive liability protection on e-commerce fraud-related Disputes. ECI is reclassified to 07. |
| Global | Visa Fraud Monitoring Program | 05 or 06 | Merchants are not protected if they have been identified in the program. |
| U.S. | Visa 3-D Secure Fraud Monitoring Program | 05 or 06 | Merchants are not protected if they have been identified in the program. |
| U.S | Merchant Restricted Merchant Category Codes (MCCs) | 05 or 06 | Merchants are not protected if their MCC is one of the following: • MCC 4829—Wire Transfer/Money Order • MCC 5967—Direct Marketing-Inbound Teleservices • MCC 6051—Non-Financial Institution-Foreign Currency, Money Order (not Wire Transfer), Travelers’ Cheques • MCC 7995—Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting and Wagers at Race Tracks • MCC 6540 - Non-Financial Institutions: Stored Value Card Purchase / Load • MCC 7801 - Government Licensed On-Line Casinos (On-Line Gambling) • MCC 7802 - Government-Licensed Horse/Dog Racing |
Updated 9 days ago