La valeur ECI est fournie par l'émetteur (ACS). Il indique le niveau d'authentification qui a été effectué sur la transaction. La valeur ECI reçue de l'authentification est transmise dans la demande d'autorisation et détermine également si une transaction bénéficie d'une protection de responsabilitéThe ECI (Electronic Commerce Indicator) value is provided by the issuer (ACS). It indicates the level of authentication that has been performed on the transaction. The ECI value received from the authentication is transmitted in the authorization request and also determines whether a transaction benefits from liability protection. Visa, American Express, Discover/Diners, JCB, Cartes Bancaires Credit Cards (VISA), UPI
| ECI | Description | Merchant Liability Shift |
|---|
| 05 | Cardholder authentication successful (this includes successful authentication using risk-based authentication and/or a dynamic password) | Yes | | 06 | Merchant attempted to authenticate the cardholder - For 3DS 1.0.2, the ECI 06 value may be utilized as an authentication response from the Issuer ACS, at the issuer’s discretion. For example, issuers that use risk-based authentication may provide an ECI = 06 for a transaction that does not require step-up, also known as frictionless authentication. These issuers may reserve an ECI = 05 for transactions that were successfully stepped-up.
- For 3DS 2.0, the ECI 06 value can only be used to indicate that a “Merchant attempted to authenticate the cardholder”.
| Yes | | 07 | Non-authenticated e-commerce transaction - technical errors
- improper configuration
- card and Issuing Bank are not secured by 3DS
| No |
MasterCard, Cartes Bancaires Credit cards (Mastercard)
| ECI | Description | Merchant Liability Shift |
|---|
| 00 | Non-authenticated e-commerce transaction - technical errors
- improper configuration
- card and Issuing Bank are not secured by 3DS
| No | | 01 | Merchant attempted to authenticate the cardholder and received authentication value (Accountholder Authentication Value (AVV)) | Yes | | 02 | Cardholder authentication successful (this includes successful authentication using risk-based authentication and/or a dynamic password) | Yes | | 04 | Data share only: non-authenticated e-commerce transaction but merchants have chosen to share data via the 3DS flow with the issuer to improve authorization approval rates | No | | 06 | Acquirer exemption | No | | 07 | Recurring payments might be applicable for initial or subsequent transaction) - If this value is received on initial recurring paqyments merchant will have liability shift
- Subsequent transactions are considered as MIT and liability remains with the merchant
| Yes |
| 