How Does Liability Shift Work With 3d Secure?

An increase in eCommerce and mCommerce has caused fraud to rise over the last few years due to the card-not-present ( CNP), nature of online payments.

eCommerce fraud rates averaged 0.53 percent worldwide in 2015. It might seem small, but this is still a lot considering that eCommerce sales will reach $ 2.3 billion by 2017. eCommerce fraud could reach more than $ 12 billion.

CNP transactions are the most common form of fraud. The majority of fraud committed in countries with a lot of online merchants is.

It is not unusual for online fraud to be common. CNP transactions offer greater security than other types of transactions because it is more difficult to verify the identity and determine if the cardholder is the buyer.

3D Security Protocol has been in use since 2001. This technology is the most trusted and proven to be effective against CNP Online Fraud.

While the protocol serves to protect the cardholder’s card, it also provides an authentication layer to ensure that the cardholder actually used the card for the transaction. It protects merchants also from fraudulent chargebacks.

This protection comes from a shift in liability between the merchant and the card issuing organization.

It is important that you note that this protection doesn’t cover claims made by non-fraudulent consumers.

Not all cases will result in liability shifting at the same time. It may vary depending on the card provider or whether a card has been enrolled in a 3D Secure Program.

SO HOW DOES 3-D SECURE WORK

Two steps are needed to determine if the current protocol allows liability shifting (3DS1).

The merchant will ask the issuing banks for information regarding whether a card was registered in its 3DS program. A merchant plug-in must be installed to complete this process. This will handle the authentication messaging from the bank to the merchant using a 3D Secure vendor.

If the card issuer doesn’t have the card status information, the response will return an “unavailable”. The merchant is not liable if Visa or Mastercard are indicated.

The third stage involves the actual 3D Secure cardholder validation. Once again, the request is answered with a definitive “Yes” (authentication success), or “No” (authentication failing). If there is a network or system error, the response could be ‘Authentication error’/’Authentication attempted.

If there is a risk shift, the results of step 1 will be combined with step 2 (authentication status).

These are the general rules.

• Card issuers can verify that a card has already been activated with 3D Secure. If the cardholder authentication passes then liability will shift from merchant to issuer (e.g. bank). These guidelines require that the merchant authorize payment.
• If the merchant tries to authenticate the cardholder but is not able to do so, the card issuer is still liable.
• If the merchant cannot authenticate the cardholder or the issuer confirms that the enrolment has been confirmed then it is the merchant’s responsibility.
• The merchant is responsible if an error occurs during the authentication process. Network error, purchaser closing the popup/inline during the verification step

In this scenario, there is no apparent failure in the authentication.

• If the issuer fails to confirm, it will be the merchant who is responsible for card enrolment problems. It is the responsibility of the merchant to determine the threat level and decide whether or not the transaction should proceed.
• When the card issuer confirms that a card is not registered, this is the final situation. Major card companies, such as MasterCard or Visa, will confirm that there have been liability shifts. Any fraudulent chargebacks are then the responsibility of the issuer.

EFFECTS OF THE 3D SETURE2 LIABILITY SHIFT

12/04/2019 will be the global program activation deadline. Prior to that date, the existing liability shift rules of the original 3DS1 Protocol remain in full force.

After goes online, there will be a small shift in liability shifts. This could have major benefits for merchants, as it will protect them from fraudulent chargebacks.

As it stands right now, merchants may use 3DS2 to authenticate if the issuer fails to respond (system unavailable), and they’ll be protected from fraudulent chargebacks.

If the issuing banks do not support there will be no liability shift. However, the merchant will still have the obligation to pay. The merchants will still enjoy full fraud protection, and this change will take effect on the 12th of April 2019.

3D Secure, a buyer verification solution that uses 3D Secure in order to authenticate buyers is still the best option for reducing fraud when purchasing CNP. This protects both the buyer and the merchant by shifting responsibility.