Authentication Result
Authentication in the context of 3D-Secure has several possible outcomes, depending on the authentication protocol used and the card issuer requirements. Here are some of the key results of an authentication:
- Authentication Passed: Transaction authentication is successful either automatically (frictionless) or by flag, using a similar process to ‘stand-in’, known as attempt.
- Authentication Denied: Authentication fails, and is denied. This may occur if the cardholder entering incorrect information if additional authentication is not completed correctly or if there is a problem connecting to the authentication server. In this case, Anti fraud settings can be made to complement the analyzes and allow other ways of validating these challenges.
- Challenged Authentication: In some cases, authentication may be challenged, which means you need to provide additional information or go through an additional authentication step to confirm the legitimacy of the transaction. This may involve the use of passwords, PINs, security codes sent via SMS or other authentication methods.
- Authentication rejected by the Issuer: In this case, the issuer, by having specific rules for validate authentication, you can reject the authentication for reasons ranging from card status or specific validations per client. Each issuer may have specific rules for these validations.
It is important to note that the results of an authentication may vary depending on the rules and policies established by the card issuer, as well as the specific implementation of 3D-Secure by the merchant and the card brand. Remembering that after the authentication process, we still have every step related to authorization of the transaction, which would be the approval, or not, of the transaction, according to the rules of each issuer.
ECI Table#
The ECI (Electronic Commerce Indicator) is a code returned by card networks and indicates the result of the cardholder's 3DS authentication with the issuer or card network. Check the following table for the corresponding ECIs for each card network and the authentication result.
| Mastercard | Visa | Elo | Amex | Authentication Result | Was the transaction authenticated? |
|---|---|---|---|---|---|
| 02 | 05 | 05 | 05 | Authenticated by the issuer - chargeback risk becomes the responsibility of the issuer. | Yes |
| 01 | 06 | 06 | 06 | Authenticated by the card network - chargeback risk becomes the responsibility of the issuer. | Yes |
| Diferente de 01, 02, 04 | Diferente de 05 e 06 | Diferente de 05 e 06 | Diferente de 05 e 06 | Not authenticated - chargeback risk remains with the merchant. | No |
| 04 | - | - | - | Not authenticated, transaction characterized as Data Only - chargeback risk remains with the merchant. | No |