The successful liability shift for enrolled card is required to the point at which merchants are no longer held financially responsible for certain types of fraudulent transactions if they have met certain requirements for accepting chip-enabled cards. This shift helps to reduce the incidence of card fraud and encourages merchants to upgrade their card readers to accept chip cards. To be successful, merchants must ensure that they have implemented the necessary technology and processes to accept chip cards and that they are checking for the presence of the chip on the card before accepting a payment. Additionally, merchants must also follow the guidelines set by card networks, such as Visa and Mastercard, for processing chip card transactions.
Ensuring Successful Liability Shift for Enrolled Card is Required for maintaining the security
In response to online payments (CNP), there has been an increase in eCommerce volumes over the last year.
eCommerce fraud rates in 2015 were at 0.53%. However, this is still a significant amount when eCommerce sales are projected to exceed $2.3 billion by 2017. This means that eCommerce fraud may rise to $12 Billion.
CNP Fraud Makes up the Majority.
Internet fraud is rampant, but it’s not unexpected. CNP transactions can be more secure than others due to the difficulty in identifying the authorized cardholder.
While the protocol serves to protect the consumer by providing an authentication layer that verifies that the cardholder used it during the transaction, it also protects merchants in the event of fraudulent chargebacks.
This protection comes as a result of potential liability shifting from the merchant toward the card issuing Bank.
Note that this protection doesn’t cover claims made by consumers who are not fraudulent.
Everyone is different in the time at which liability shifts take place. It depends on several factors including the card issuer, and whether the card is already enrolled in 3D Secure, as well as the response to the authentication request.
How Does 3D Secure Work?
There are two steps that must be followed to determine if liability shifting in the current protocol (3DS1) is allowed.
To request information about the 3DS program, the merchant needs to install a merchant plug-in. This will handle authentication messaging between the bank and merchant using a 3D Secure vendor.
Enrolment queries will either receive a definitive response of ‘Yes or no’ unless the issuer is unable to give information about the card status. If this happens, the response from MasterCard and Visa will be ‘unavailable.
The third stage involves 3D Secure cardholder verification. This is done by returning a definitive answer (authentication failure) If an error occurs on the network or system, in which event the response could read as “Authentication error”/’Authentication attempted.
The results of step 1 (card registration) and step 2, (authentication status), will determine whether there is a liability shifting.
In general, here are the rules:
- Card issuers are able to confirm that a card was activated under 3D Secure. If the cardholder authentication passes under 3D Secure, then liability shifts from the merchant to the issuer (e.g., bank).
- When a card has been registered and the merchant attempts authentication but fails, then the card issuer is still responsible. The merchant can authorize payment
- If the cardholder authentication fails, and the issuer confirms enrolment then the merchant is liable. The merchant should not authorize any transaction.
- Any error during the authentication process (e.g. merchant is responsible for any error that occurs during the authentication process (e.g., network error, purchaser closing a popup/inline Window during the verification Step)
In such a situation, authentication is not failing.
- The merchant takes all responsibility if the card is not verified. It is up to the merchant to determine the threat level, and decide if the transaction should go ahead.
- It is necessary for the card issuer to verify that a particular card has not been registered. If they fail to do so, they can be held liable in fraud chargebacks.
Effects From 3D Secure 2 on Liability Shift
3DS2 could be adopted very early in the year. But it will mainly be a time for testing and refining the protocol before it is fully implemented.
The global program activation deadline is 12/04/2019. Prior to that, the existing liability shift rules in accordance with the original 3DS1 Protocol shall continue to be fully enforced.
3DS2 will go live with a minimal shift in liability shifts. This could provide merchants with significant advantages, protecting them from chargebacks.
In the current state, if a merchant attempts authorization but the issuer does not support 3DS2, the merchant will still benefit from fraud chargebacks.
The merchant is responsible even if 3DS2 does not support the issuing bank. This change takes effect on 12/04/2019 and merchants still have fraud protection.
3D Safe, which protects buyers from fraud, can be used for NPP buys.
This protection level is being increased with 3ds2 so that it can be irreplaceable in today’s online market.
How is a successful Liability Shift for Enrolled Card is Required to maintain the security and integrity of the payment system?
A successful liability shift for enrolled cards is required to maintain the security and integrity of the payment system because it helps to reduce the risk of fraudulent transactions. When a merchant has implemented certain security measures, such as EMV chip technology, they are less likely to be the target of fraud. This helps to protect both merchants and consumers from financial losses.
Why is the liability shift important for maintaining the security and integrity of the payment system?
Liability shift helps to incentivize merchants to implement the latest security measures, which in turn helps to reduce fraud and protect both merchants and consumers from financial losses.
What are some examples of security measures that can lead to a liability shift?
Examples of security measures that can lead to a liability shift include EMV chip technology, point-to-point encryption, and tokenization.
What happens if a merchant does not implement liability shift measures?
If a merchant does not implement liability shift measures, they may be held liable for fraudulent transactions that occur on their network. This can result in significant financial losses for the merchant.
What are the responsibilities of card issuers and merchants in the liability shift?
A card issuer is responsible for providing EMV chip-enabled cards to the customers and the merchant is responsible for upgrading the terminal to accept the EMV chip-enabled card.