How Does Liability Shift Work With 3d Secure?

How Does Liability Shift Work With 3d Secure?

A rise in eCommerce and mCommerce has led to a rise in fraud over the last few decades due to the card-not-present (CNP), nature of online payments.

In 2015, eCommerce fraud rates averaged 0.53% worldwide. This may seem small, but it’s a substantial amount considering eCommerce sales are expected to reach $2.3 billion by 2017. That means eCommerce fraud could increase to more than $12 Billion.

CNP transactions make up the majority of the fraud. CNP fraud represents a significant proportion of all fraud in countries where there are a lot of online merchants.

Online fraud is widespread, but it’s not surprising. CNP transactions are more secure than other types of transactions due to the difficulty in verifying the identity of the buyer and determining if they are the cardholder. Since 2001, 3D Secure Protocol, which is one the most trusted and established technologies in the fight against CNP Online Fraud, is available. While the protocol’s main purpose is to protect the cardholder, it provides an authentication layer to verify that they used their card for the transaction. It also protects merchants against fraudulent chargebacks. This protection is provided by a shift in liability from the merchant to the card issuing institution. It is important to note that this protection does not cover non-fraudulent consumer claims.

The point at which liability shift occurs is not always the same. It can vary depending on the card provider and whether or not a card is already enrolled in a 3D Secure program.

So How Does 3D Secure Work?

Two steps are required to determine if liability shifting is allowed in the current protocol (3DS1). In the first stage, the merchant will send a request to the issuing bank for information about whether a card has been registered in its 3DS program. To accomplish this, the merchant must install an approved merchant plug-in. This will handle the authentication messaging between the bank and the merchant, using a 3D Secure vendor. If the card issuer can’t provide the card status, then the response will be returned as ‘unavailable. Visa and MasterCard differ in the extent to which liability has passed from the merchant if the unavailability is indicated.

The third step involves the actual 3D Secure cardholder verification. Once again, the request is returned with a definitive Yes’ (authentication success) or a No’ (authentication failing). If there is a network or system error, the response could be ‘Authentication error’/’Authentication attempted.

If a liability shift is occurring, it will be determined by combining the results of step 1 (card enrolment), and step 2 (authentication status).

In general, these are the rules:

  • Card issuers can confirm that a card has been activated under 3D Secure. If the cardholder authentication passes, liability will shift from the merchant to the issuer (e.g. bank). These guidelines indicate that the merchant should authorize payment.
  • If the merchant attempts authentication but the issuing bank is unable to respond to the cardholder’s request, the card issuer can still assume liability.
  • If the merchant fails to authenticate the cardholder, and the issuer confirms that enrolment has been confirmed, it is the merchant’s responsibility.
  • The merchant is responsible for any error that occurs in the authentication process (e.g. network error, purchaser closing the popup/inline window during the verification step).

In this situation, there is no evident failure of authentication.

  • The merchant will be responsible for any card enrolment failures if the issuer can’t confirm it. The merchant is responsible for determining the threat level and deciding if the transaction should proceed.
  • The final situation occurs when the card issuer confirms a card is NOT enrolled. Major card companies, like MasterCard and Visa, will confirm that there has been a liability shift. The issuer will then be responsible for any fraudulent chargebacks.

Effects From 3D Secure 2 On LIABILITY SHIFT

The global program activation day is 12/04/2019. Until then, existing liability shift rules from the original 3DS1 Protocol will continue to be in full effect. After 3DS2 goes live, there will only be a minor shift in liability shifts. This could offer major benefits for merchants to protect them against fraudulent chargebacks.

How Does Liability Shift Work With 3d Secure?

As it stands now, merchants can try authentication with 3DS2 if the issuer is unable or unwilling to respond (system unavailable), and they will receive protection against fraudulent chargebacks.

If the issuing bank DOES not support 3DS2, there will be no liability shift and the merchant will still have to pay. This change will take effect on 12 April 2019 and merchants will still have full fraud protection.

3D Secure, a buyer authentication solution that uses 3D Secure to authenticate buyers, is still the best way of reducing fraud in CNP purchasing. It provides protection for both the consumer and the merchant, by shifting liability.

Leave a Reply

Your email address will not be published. Required fields are marked *

Boost Your Online Presence with Logibiz

With many years of rich experience in technology development, Logibiz Technologies aim to boost your online presence by offering 360-degree solutions related to Online Payments and its Security.

From Online Fraud Prevention solutions to White Label Payment Gateway Platform and complete 3DS testing environment, Logibiz has got your back. Additionally, we also offer consultancy services for all your EMVCo & Card Scheme certification needs.

We provide Free Demo & POC of our products which are certified globally and trusted by leading Financial Institutions worldwide.

Book a Free Consultation Call with our experts to discuss how we can help grow your online payments business.

Book a Free Trial

Try our solutions for free! Sign up now and see how we can help you.

Thank You, Form Submitted

Downloadable brochure

Explore our comprehensive services. Download our brochure for detailed information on our offerings and solutions.

What is a 3DS Server ?

The 3DS Server provides a functional interface between the Directory Server (DS) and the 3DS Requestor Environment flows. 3DS Server is responsible for gathering necessary data elements for 3-D Secure messages, authenticating the DS, validating the DS, the 3DS SDK, and the 3DS Requestor, safeguarding the message contents. The 3DS Server also helps to protect the message content while it is being transferred to DS and vice versa.