3-D Secure transaction handling for merchants using Monek's TransactDirect platform

3-D Secure, also known as Verified by Visa/MasterCard SecureCode is the highest level of verification available for online transactions.

There are two stages of the 3DS process. Enrolment and Authentication. The Status of each stage, the Liability Shift it represents for you and subsequent Default Handling at both stages of the process are noted below.

Enrolment Stage*

Enrolment Status	Description	****Liability Shift	***Default Handling
Enrolment Status is Yes	Card Issuer supports the check	Yes	The customer was re-directed to their bank's 3DS authentication page
Enrolment Status is No	Card Issuer does not support the check	Yes	The customer was allowed to proceed with standard card checks
Enrolment Status is Error	An error was experienced obtaining the enrolment status of the card	No, but you may accept the risk, if you wish, and/or if your Acquirer is happy for you to do so. Please check specific terms with your Acquirer.	The transaction is failed but this can be over-ridden by merchant

Authentication Stage**

Authentication Status	Description	****Liability Shift	***Default Handling
Authentication Status is Yes	Card issuer is fully authenticated	Yes	Transaction information is sent through to the banks to complete authorisation. Please note that the transaction may still be declined at this stage but that would be due to non-3DS factors.
Authentication Status is Attempted	Authentication was attempted but could not be completed. Evidence of the attempt is available.	Yes	Transaction information is sent through to the banks to complete authorisation. Please note that the transaction may still be declined at this stage but that would be due to non-3DS factors.
Authentication Status is Error	An error occurred while attempting to complete the authentication.	No, but you may accept the risk, if you wish, and/or if your Acquirer is happy for you to do so. Please check specific terms with your Acquirer.	The transaction is failed but this can be over-ridden by merchant.
Authentication Status is No	Authentication failed, not the cardholder	No	The transaction is failed.

*Enrolment is the part where we contact Visa/MasterCard to establish whether the card issuer supports the verification. If they do, we are then re-directed to the card issuer's 3DS page - each card issuer hosts this independently - and once we reach this location, the 'Authentication' stage can commence.

**Authentication is where the customer is authenticated using a secure password. At this stage of the transaction, it is within the bank's remit to review other factors of the transaction and provide the stamp of authentication without actually requiring for the password to be entered. This is so that the purchasing experience can be made as seamless as possible while continuing to provide the most security. You, as the merchant, are still fully secured even where password is not physically entered by the cardholder - the card issuer has taken on any associated risks.

***Default Handling is detailed out within the tables above, set at the highest level of security possible. In our experience, these 3DS settings are a perfect balance between security and customer experience. In the unlikely scenario that you find your failure rate to be unusually high due to 3DS declines, you have the option to over-ride the default handling for some instances - please contact us for more information on how to update your messaging accordingly. It is strongly recommended that you speak to your Acquirer to verify that they are happy with the way you handle 3DS verified transactions as while Monek has set the default handling of these transactions based on Visa/MasterCard recommended settings, it is your Acquirer that ultimately sets the conditions under which you may or may not receive Liability Shift.

****Liability Shift - one of the main benefits of 3-D Secure for merchants is Liability Shift, where the liability for the chargeback loss shifts from the merchant to the card issuer for e-commerce transactions that are deemed fraudulent (those transactions where the cardholder denied involvement in the transaction). The card issuer, in most cases, is not allowed to pass liability for such a transaction onto the merchant.