3D Secure Liability Shift


Prepaid cards do not receive a liability shift.



Mastercard 4837: No Cardholder Authorization

A liability shift applies, which prevents issuers from opening chargebacks with reason code 4837 for transactions properly authenticated and identified through 3DS.

The liability shift applies to the following ECI values:

  • ECI 01: Attempted
  • ECI 02: Authenticated

The Mastercard fraud chargeback liability shift does not apply if the ECI is 00.



Visa 10.4: Other Fraud – Card-Absent Environment

The liability shift applies to the following ECI values (provided that the transaction does not meet any of the criteria for exclusions listed in the table below):

  • ECI 05: Authenticated
  • ECI 06: Attempted

The Visa fraud chargeback liability shift provided with 3DS does not apply under the following conditions:

Global07Liability shift does not apply
GlobalAnyAn Electronic Commerce Transaction in which the Issuer responded to an Authentication Request with either:

- Unable-to-Authenticate Response
- Authentication Denial
Global05 or 06Merchants will receive a CAVV for authenticated and attempted authentication transactions which they must provide in the authorization message. For ECI 05 or ECI 06 transactions where a CAVV was not received in authorization, the ECI will be reclassified to ECI 07.
GlobalNon-Reloadable Prepaid06Non-reloadable Visa prepaid cards are not required to participate in the Visa Secure program, but issuers may elect to participate.
In terms of liability:
• Authentication—If a non-reloadable Visa prepaid card is authenticated during Visa Secure program (ECI 05), the merchant is protected against specific Dispute reason codes.
• Attempted Authentication—If authentication is attempted on a non-reloadable Visa prepaid card (ECI 06), the merchant does not receive liability protection on e-commerce fraud-related Disputes. ECI is reclassified to 07.
GlobalVisa Fraud Monitoring Program05 or 06Merchants are not protected if they have been identified in the program.
U.S.Visa 3-D Secure Fraud Monitoring Program05 or 06Merchants are not protected if they have been identified in the program.
U.SMerchant Restricted Merchant Category Codes (MCCs)05 or 06Merchants are not protected if their MCC is one of the following:
• MCC 4829—Wire Transfer/Money Order
• MCC 5967—Direct Marketing-Inbound
• MCC 6051—Non-Financial Institution-Foreign Currency, Money Order (not Wire Transfer), Travelers’ Cheques
• MCC 7995—Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting and Wagers at Race Tracks
• MCC 6540 - Non-Financial Institutions: Stored Value Card Purchase / Load
• MCC 7801 - Government Licensed On-Line Casinos (On-Line Gambling)
• MCC 7802 - Government-Licensed Horse/Dog Racing