What is the liability shift for 3-D Secure?
Secure Trading believes the liability shift to be as follows:
Brand | Enrolled | Status | Liability |
---|---|---|---|
Visa | U | Merchant* | |
Visa | N | Card Issuer** | |
Visa | Y | Y | Card Issuer** |
Visa | Y | N | Merchant*** |
Visa | Y | A | Card Issuer** |
Visa | Y | U | Merchant |
MasterCard | U | Card Issuer** | |
MasterCard | N | Card Issuer** | |
MasterCard | Y | Y | Card Issuer** |
MasterCard | Y | N | Merchant*** |
MasterCard | Y | A | Card Issuer** |
MasterCard | Y | U | Card Issuer** |
* Important note: If the brand is Visa and enrolled or status is returned as a “U” (Unknown), it means that the merchant is not covered by the 3-D Secure scheme. In this case the merchant is still liable for any fraudulent transactions.
** Important note: There are some cases where the liability is not covered by the card issuer; for example some commercial cards under both brands. For more information please contact your acquirer.
*** Important note: In this case it is strongly recommended that the transaction does not proceed. This means the password entered did not match.
This is a high level overview of the liability shift. Please bear in mind we facilitate the process; we do not create or enforce the rules. If you are unsure of any transaction status that you may see, we would recommend that you contact your acquirer.
I am getting a 30000 FieldError for a field I do not want validated (e.g. telephone number or email address).
We recommend allowing your customers to correct any invalid data they enter if you receive this error. This means the transaction will be processed with valid data instead of storing invalid data which isn’t of use to anyone. However, if you do not wish to validate an optional field then it may be omitted in the request to Secure Trading (either by not including the XML tags or leaving the value blank).
I get “401 Authorization Required” when sending a Web Services request. What is the issue?
Either the password or username is wrong in the request, or you may be using a username that has not been setup for use with Web Services (EG: your Site Admin username). Please contact support and we can create a specific username for use with Web Services.
I get “Invalid Site Reference for Alias” when sending a Web Services request. What is the issue?
Please ensure that the “alias” you pass in the XML request is your Web Services username, rather than the Site Reference of your account.