3D Secure response parameters

DocsCurrentAdvancedLast updated: November 7th 2023, @ 9:47:43 am


You can see the response of the 3D Secure flow by viewing the LiabilityShift, EnrollmentStatus, and Authentication_Status fields in the payload your server returns to your client.

If you've integrated with the JavaScript SDK, you receive the LiabilityShift parameter only.

Supported parameters

LiabilityShift

LiabilityShift signals whether the issuing bank may accept liability for the transaction.

You can find LiabilityShift in the payload your server returns to your client. This is a client and server-side parameter.

ResponseDescriptionRecommended action
POSSIBLELiability might shift to the card issuer.Continue with authorization.
YESLiability has shifted to the card issuer.Continue with authorization.
NOLiability is with the merchant.Do not continue with authorization.
UNKNOWNThe authentication system isn't available.Do not continue with authorization. Request the cardholder to retry.

EnrollmentStatus

EnrollmentStatus shows whether the card type and issuing bank are ready to complete a 3D Secure authentication. This is a server-side parameter.

ResponseDescription
YCard type and issuing bank are ready to complete a 3D Secure authentication.
NCard type and issuing bank are not ready to complete a 3D Secure authentication.
USystem is unavailable at the time of the request.
BSystem has bypassed authentication.

Authentication_Status

Authentication_Status indicates the result of the authentication challenge. This is a server-side parameter.

ResponseDescription
YSuccessful authentication.
NFailed authentication
RRejected authentication.
AAttempted authentication.
UUnable to complete authentication.
CChallenge required for authentication.
IInformation only.
DDecoupled authentication.

Recommended action

Based on the results of EnrollmentStatus and Authentication_Status, a LiabilityShift response is returned. The LiabilityShift response determines how you might proceed with authentication.

EnrollmentStatusAuthentication_StatusLiabilityShiftRecommended action
YYPOSSIBLEContinue with authorization.
YYYESContinue with authorization.
YNNODo not continue with authorization.
YRNODo not continue with authorization.
YAPOSSIBLEContinue with authorization.
YUUNKNOWNDo not continue with authorization. Request cardholder to retry.
YUNODo not continue with authorization. Request cardholder to retry.
YCUNKNOWNDo not continue with authorization. Request cardholder to retry.
YNODo not continue with authorization. Request cardholder to retry.
NNOContinue with authorization.
UNOContinue with authorization.
UUNKNOWNDo not continue with authorization. Request cardholder to retry.
BNOContinue with authorization.
UNKNOWNDo not continue with authorization. Request cardholder to retry.

Deprecated parameters

Note: If you integrated 3D Secure prior to June 2020, the liabilityShifted, authenticationStatus, and AuthenticationReason parameters continue to work on the server, but are no longer supported.

liabilityShiftedauthenticationStatusAuthenticationReasonReasonNext steps
undefinedundefinedundefinedYou have not required 3D Secure for the buyer or the card network did not require a 3D Secure. You can continue with authorization and assume liability. If you prefer not to assume liability, ask the buyer for another card.
trueYESSUCCESSFULBuyer successfully authenticated using 3D Secure. Buyer authenticated with 3D Secure and you can continue with the authorization.
falseERRORERRORAn error occurred with the 3D Secure authentication system. Prompt the buyer to re-authenticate or request for another form of payment.
falseNOSKIPPED_BY_BUYERBuyer was presented the 3D Secure challenge but chose to skip the authentication. Do not continue with current authorization. Prompt the buyer to re-authenticate or request buyer for another form of payment.
falseNOFAILUREBuyer may have failed the challenge or the device was not verified. Do not continue with current authorization. Prompt the buyer to re-authenticate or request buyer for another form of payment.
falseNOBYPASSED3D Secure was skipped as authentication system did not require a challenge. You can continue with the authorization and assume liability. If you prefer not to assume liability, ask the buyer for another card.
falseNOATTEMPTEDCard is not enrolled in 3D Secure. Card issuing bank is not participating in 3D Secure. Continue with authorization as authentication is not required.
falseNOUNAVAILABLEIssuing bank is not able to complete authentication. You can continue with the authorization and assume liability. If you prefer not to assume liability, ask the buyer for another card.
falseNOCARD_INELIGIBLECard is not eligible for 3D Secure authentication. Continue with authorization as authentication is not required.

In scenarios where liabilityShifted was either false or undefined, you have the option to complete the payment at your own risk, meaning that the liability of any chargeback has not shifted from the merchant to the card issuer.