The ECI (Electronic Commerce Indicator) value is provided by the issuer (ACS). It indicates the level of authentication that has been performed on the transaction. The ECI value received from the authentication is transmitted in the authorization request and also determines whether a transaction benefits from liability protection.

Visa, American Express, Discover/Diners, JCB, Credit Cards (VISA), UPI


ECIDescriptionMerchant Liability Shift
05Cardholder authentication successful (this includes successful authentication using risk-based authentication and/or a dynamic password)Yes
06

Merchant attempted to authenticate the cardholder

  • For 3DS 1.0.2, the ECI 06 value may be utilized as an authentication response from the Issuer ACS, at the issuer’s discretion. For example, issuers that use risk-based authentication may provide an ECI = 06 for a transaction that does not require step-up, also known as frictionless authentication. These issuers may reserve an ECI = 05 for transactions that were successfully stepped-up.
  • For 3DS 2.0, the ECI 06 value can only be used to indicate that a “Merchant attempted to authenticate the cardholder”.
Yes
07

Non-authenticated e-commerce transaction

  • technical errors
  • improper configuration
  • card and Issuing Bank are not secured by 3DS
No

MasterCard, Credit cards (Mastercard)


ECIDescriptionMerchant Liability Shift
00

Non-authenticated e-commerce transaction

  • technical errors
  • improper configuration
  • card and Issuing Bank are not secured by 3DS
No
01

Merchant attempted to authenticate the cardholder and received authentication value (Accountholder Authentication Value (AVV))

Yes
02Cardholder authentication successful (this includes successful authentication using risk-based authentication and/or a dynamic password)Yes
04Data share only: non-authenticated e-commerce transaction but merchants have chosen to share data via the 3DS flow with the issuer to improve authorization approval ratesNo
06Acquirer exemptionNo
07

Recurring payments might be applicable for initial or subsequent transaction)

  • If this value is received on initial recurring paqyments merchant will have liability shift
  • Subsequent transactions are considered as MIT and liability remains with the merchant
Yes