Maintenance Work Notice!

We will carry out maintenance work on this documentation on Tuesday, 15.06.2021 between 3 pm and 4 pm CEST. Thank you for your understanding.

Page tree

Search

Skip to end of metadata
Go to start of metadata

The ECI value is provided by the issuer ACS. It indicates the level of authentication that was performed on the transaction. The ECI value received from authentication is forwarded in the authorization request and also determines whether a transaction recieves liability protection.

Visa, American Express, Discover/Diners, JCB, Cartes Bancaires (VISA), UPI

ECIDescription3DS Version(s)Merchant Liability Shift
05Cardholder authentication successful (this includes successful authentication using risk-based authentication and/or a dynamic password)

3DS 1.0

EMV 3DS (2.0)

Yes
06

Merchant attempted to authenticate the cardholder

  • For 3DS 1.0.2, the ECI 06 value may be utilized as an authentication response from the Issuer ACS, at the issuer’s discretion. For example, issuers that use risk-based authentication may provide an ECI = 06 for a transaction that does not require step-up, also known as frictionless authentication. These issuers may reserve an ECI = 05 for transactions that were successfully stepped-up.
  • For 3DS 2.0, the ECI 06 value can only be used to indicate that a “Merchant attempted to authenticate the cardholder”.

3DS 1.0

EMV 3DS (2.0)

Yes
07

Non-authenticated e-commerce transaction

  • technical errors
  • improper configuration
  • card and Issuing Bank are not secured by 3DS

3DS 1.0

EMV 3DS (2.0)

No

MasterCard, Cartes Bancaires (Mastercard)

ECIDescription3DS Version(s)Merchant Liability Shift
00

Non-authenticated e-commerce transaction

  • technical errors
  • improper configuration
  • card and Issuing Bank are not secured by 3DS

3DS 1.0

EMV 3DS (2.0)

No
01

Merchant attempted to authenticate the cardholder and received authentication value (Accountholder Authentication Value (AVV))

3DS 1.0

EMV 3DS (2.0)

Yes
02Cardholder authentication successful (this includes successful authentication using risk-based authentication and/or a dynamic password)

3DS 1.0

EMV 3DS (2.0)

Yes
04Data share only: non-authenticated e-commerce transaction but merchants have chosen to share data via the 3DS flow with the issuer to improve authorization approval ratesEMV 3DS (2.0)No
06Acquirer exemptionEMV 3DS (2.0)No
07

Recurring payments might be applicable for initial or subsequent transaction)

  • If this value is received on initial recurring paqyments merchant will have liability shift
  • Subsequent transactions are considered as MIT and liability remains with the merchant
EMV 3DS (2.0)Yes