How to Interpret 3DS-Verified Transactions
Exempting Customers from 3DS Processing
When to Exempt a User from 3DS
Exempting a user from 3DS allows transactions to process without additional authentication, reducing friction and improving conversion rates. This is typically applied to:
-
Low-risk transactions (e.g., small purchases)
-
Trusted, repeat customers
🚧Note: Some issuing banks, especially in the EU, enforce stricter fraud rules and may override 3DS exemptions, declining transactions instead.
How to Exempt a User from 3DS
Merchants can exempt a customer from 3DS by:
- Navigating to the customer's record
- Selecting Exempt 3DS Processing
How to Exempt a Customer from 3DS Processing
How to Interpret 3DS Transactions
Definitions
- CAVV: Cardholder Authentication Verification Value, a unique code confirming the cardholder's authorization.
- ECI: Electronic Commerce Indicator, indicating the outcome of the 3DS authentication.
- DS Transaction ID: A unique identifier for the transaction.
- Version: The version of the 3DS authentication protocol used.
- Authentication Status: The result of the authentication attempt (successful or failed).
- Transaction Status: The result of the issuer's authentication process.
- Transaction Status Reason - Codes which represent why a transaction was approved, rejected, or flagged.
- Reason Explanation - The explanation associated with the transaction status reason code.
- Access Control Server (ACS) refers to the 3DS authentication process that facilitates communication between the card issuer, the merchant, and the cardholder.
Breakdown of Transaction Statuses
| Status | Description | Scenarios |
|---|---|---|
| Y (Yes) | Authentication Successful: Liability typically shifts to the bank. | Returned when the cardholder successfully completes 3DS authentication. |
| A (Attempted) | Attempted but Not Fully Verified. Issuer didn’t fully authenticate the user. | Returned when authentication is attempted but not completed (e.g., issuer doesn’t support 3DS). Details on the A status. |
| N (No) | Authentication Failed. Merchant assumes liability. | Returned when the cardholder’s credentials are incorrect or authentication is denied. |
| U (Unavailable) | Authentication Could Not Be Performed. | Returned when the issuer’s authentication service is down or unreachable. |
| R (Rejected) | Authentication Rejected. Do not proceed with the transaction. | Returned when the issuer rejects the authentication request due to fraud or invalid data. |
| C (Challenge) | Challenge Required: Additional verification (OTP, biometrics, etc.) needed. | Returned when a second authentication step is required for higher-risk transactions. |
Details on the A (Attempted) Status
When Card Networks Return A (Attempted) Instead of the Issuer
If the issuer doesn’t support 3DS or has authentication issues, card networks (Visa, Mastercard, etc.) step in to assess the transaction using their own fraud detection tools.
- Issuer Doesn’t Support 3DS: The card network may return A (Attempted) or U (Unavailable) if the transaction can’t be authenticated.
- Card Network’s Role: The network evaluates factors like transaction amount, merchant category, and transaction history.
- Outcome: If the card network approves the transaction, the issuer assumes liability. If the transaction is rejected, A (Attempted) is returned, and the issuer assumes liability while the transaction fails.
Breakdown of Transaction Status Reasons and Explanations
| Reason Code | Reason Explanation |
|---|---|
| 00 | Authentication Successful: The cardholder’s identity was verified. |
| 01 | Card authentication failed |
| 02 | Unknown Device |
| 03 | Unsupported Device |
| 04 | Exceeds authentication frequency limit |
| 05 | Expired card |
| 06 | Invalid Card Number |
| 07 | Invalid transaction |
| 08 | No card record |
| 09 | Security failure |
| 10 | Stolen card |
| 11 | Suspected Fraud |
| 12 | Transaction not permitted to cardholder |
| 13 | Cardholder not enrolled in service |
| 14 | Transaction timed out at the ACS |
| 15 | Low confidence |
| 16 | Medium confidence |
| 17 | High confidence |
| 18 | Very High confidence |
| 19 | Exceeds ACS maximum challenges |
| 20 | Non-Payment transaction not supported |
| 21 | 3RI transaction not supported |
| 80 (Mastercard) | Identity Check Insights |
| 80 (Visa) | Error Connecting to ACS |
| 81 (Visa) | ACS Timed Out |
| 82 (Visa) | Invalid Response from ACS |
| 83 (Visa) | System Error Response from ACS |
| 84 (Visa) | Internal Error While Generating CAVV |
| 85 (Visa) | VMID not eligible for requested program |
| 86 (Visa) | Protocol Version Not Supported by ACS |
| 87 (Mastercard) | Transaction is excluded from Attempts Processing |
| 87 (Visa) | Transaction is excluded from Attempts Processing (e.g., non-reloadable pre-paid cards and NPAs) |
| 88 (Visa) | Requested program not supported by the ACS |
Visual Examples
Successful 3DS Transactions
Rejected 3DS Transactions
Updated 4 months ago