Click here to search

Liability shift for cards

From the date you're enabled for 3DS authentication, you are no longer liable for certain fraudulent chargebacks when a cardholder denies they made the purchase.

Liability shift rules

This table shows the general eligibility of transactions for liability shift, involving both personal cards and commercial cards. These rules apply to Visa and Mastercard for any region, to American Express for SafeKey supported regions, and to JCB for J/Secure supported regions:

  Scenario MPI Response Is the transaction eligible for liability shift? Result (<ThreeDSecureResult>)
3D Secure Issuer participating Fully authenticated PARes = Y Yes Cardholder authenticated
Attempted authentication PARes = A Yes Authentication offered but not used
Authentication failed PARes = N No Authentication Failed
Authentication error PARes = U, VERes = U No


Issuer not participating VERes = N Yes Authentication offered but not used
Not 3D Secure Not applicable No Ecommerce

Warning:  Exceptions to the rules may exist for certain schemes in certain territories under certain programs. These exceptions may also depend on your integration or services with Worldpay. If Worldpay is your acquirer, contact your Relationship Manager or Customer Support Manager. Otherwise, contact your acquirer.

Chargebacks and liability shift

For Visa, Maestro, Mastercard, JCB and American Express, card protection may be contingent upon you taking reasonable measures to control fraud. If your fraud levels are unreasonably high you may forfeit the benefits of chargeback protection.

Restrictions to our authentication service

These restrictions apply to Visa, Maestro, Mastercard, JCB and American Express:

Installation or Service type Reason
Corporate Gateway Call Centre (MOTO) The cardholder isn't able to enter their authentication details.
Recurring Payments (PayAsOrder) Except for the first transaction (or if a cardholder changes their card details and makes an immediate payment), the cardholder isn't present to enter their authentication details.
C - level, S - level or A - level service

On these service levels you may be using your own acquirer, and so you may need to contact them to enable the service.

Service levels are explained in the payment process.