Security (3-D Secure, liability shift)

What is 3-D Secure?

3-D Secure is an authentication procedure supported by Datatrans, which ensures that transactions made online are carried out by the legal cardholder. This security standard protects cardholders and merchants against the misuse of credit card data. Each credit card brand markets this standard under its own name, such as Mastercard SecureCode, Verified by Visa or American Express SafeKey.

3-D stands for "3 Domain Server", because three parties are involved in the 3-D Secure process:

  • The merchant (web shop)
  • The acquirer (the merchant’s financial institution)
  • The credit card issuer

During the payment process in the web shop, a window appears either for the cardholder to identify him- or herself by the card issuing bank. The identification is done by entering a password or a mobile TAN (similar to entering a PIN at an ATM). The payment can only be completed upon entry of the correct password, which is known exclusively to the cardholder and the issuing bank.

Below is a description of the various 3-D statuses shown in the Datatrans Web Administration Tool (back office):

  • A = Authorized, activation during shopping (prompted to subscribe the card to 3-D Secure program).
  • C = Blocked/freezed, authentication not completed (the bank forces the cardholder to participate in the program).
  • D = Authorized, normally protected by 3-D, merchant has fulfilled the 3-D obligation.
  • N = Rejected, authentication failed.
  • U = Rejected, transaction has no 3-D status, merchant is fully liable for the amount.
  • Y = Authorized, authentication successful.

If you have any further questions about 3-D Secure, please contact your acquirer or Datatrans support.

Can I deactivate 3-D Secure as a merchant?

It is possible to switch off the 3-D Secure procedure. It should be noted, however, that when 3-D Secure is not used, the merchant operating the web shop is always liable for improperly used credit cards (see also "Liability Shift"). If you still wish to offer payments without the 3-D Secure procedure, please contact your acquirer.

Datatrans can only deactivate 3-D Secure upon receipt of the acquirer’s written confirmation (e-mail is sufficient).

What does "liability shift" mean?

When transactions have been successfully verified by 3-D Secure and authorized by the acquirer/issuer, the liability shift for the payment applies.

This means that liability for losses caused by misuse of credit card data is transferred from the merchant to the card issuing bank. However, it should be noted that this protection does not relieve the merchant from all other duties of care that apply in relation to distance selling.

In rare cases, chargebacks can also take place on 3-D Secure authenticated transactions. In the case of a chargeback, the cardholder disputes the legality of the charge with his card-issuing bank (issuer). The issuer verifies the transaction (receipt request) with the help of your acquirer and subsequently decides whether the transaction was fraudulent or not and whether the liability shift should apply or not.

Please contact your acquirer for the exact conditions of their liability shift process or for any further questions regarding it.