ECI value indicates the level of authentication performed on the transaction, which is forwarded to the authorization request and determines whether the transaction receives liability protection.
To get three_ds
object with
eci
value use:
- check order status API request
- order status Webhook notification
Additionally, it is possible to retrieve an three_ds
object in one of processing operations responses under certain conditions.
Visa, American Express, JCB, Discover/Diners, Cartes Bancaires (VISA), UPI
Value | Description |
---|---|
05 | Cardholder authentication is successful. |
06 |
Authentication was attempted but could not be completed.
|
07 | Non-authenticated e-commerce transaction. |
Mastercard, Cartes Bancaires (Mastercard)
Value | Description |
---|---|
00 | 3DS1 and EMV 3DS: 3DS authentication either failed or could not be attempted. Possible reasons include either the card or its issuing bank not yet participating in 3DS or the cardholder running out of time to authorize. |
01 | 3DS1 and EMV 3DS: 3DS authentication was attempted but could not be completed. Possible reasons include either the card or its issuing bank having yet to participate in 3DS or the cardholder running out of time to authorize. |
02 | 3DS1 and EMV 3DS: 3DS authentication is successful. Both card and issuing bank are secured by 3DS. |
04 | EMV 3DS: Data share only, non-authenticated e-commerce transaction, but merchants have chosen to share data via the 3DS flow with the issuer to improve authorization approval rates. |
06 | EMV 3DS: Acquirer exemption. |
07 | EMV 3DS: Recurring payments might be applicable for the initial or subsequent transaction. If this value is received on initial recurring payments, the merchant will have a liability shift. Subsequent transactions are considered as MIT and liability remains with the merchant. |
ECI for digital wallets
Apple Pay offers a secure and convenient payment option for iOS users.
Apple Pay
and
Google Pay enhances checkout experiences on Android and web platforms.
Google Pay
handle the ECI value to determine transaction authentication and liability in case of fraud.
Apple Pay
Merchants that
Decrypt and handle Apple Pay tokens for payments.
decrypt
Apple Pay tokens on their side must send the ECI code when initiating an Apple Pay transaction without it being altered or hardcoded.
Apple Pay supports liability shift globally for all major networks. However, for Visa, the liability shift applies globally only to devices running iOS 16.2+ or European-issued cards for earlier iOS versions.
Google Pay
Google Pay supports liability shift to issuers for qualified facilitated transactions that use Mastercard and Visa Android device tokens. For non-EU Visa cards, additional actions are required by merchants.
Liability shift moves fraud responsibility from the merchant to the issuing bank. Eligible Visa transactions carry ECI
05
after the token is
Decrypt and handle Google Pay tokens for payments.
decrypted
.
You can opt into liability shift Reference through the Google Pay & Wallet console. European merchants are automatically covered by a Visa exception with liability protection for eligible transactions made with the cards issued by European issuers.