3DS1: fraud liability and sunsetting of solution globally

Mastercard and Visa 09/09/2021

What’s changing?

Both Visa and Mastercard are taking measures that impact you when using 3DS1:

  • Visa only: fraud liability of some of your transactions that you authenticate via 3DS1 will stay with you, since Visa is changing their support of the solution.
  • Mastercard and Visa: a full change to 3DS2 is prepared by announcing a global sunset of the 3DS1 solution.

What does the change mean?

Fraud liability

With the implementation of SCA at the beginning of the year, all parties in the card payment space are moving away from authenticating transactions via 3DS1 and have started using 3DS2 instead. Visa will stop supporting 3DS1 attempts in case an issuer has stopped participating in 3DS1 and has chosen to fully move towards 3DS2. If you decide to authenticate a transaction via 3DS1 and the issuer has stopped participating, the fraud liability for this transaction will remain with you (whereas all liability used to be with the issuer until now). Note that, in case an issuer still participates in 3DS1, the fraud liability of any 3DS1 attempt will stay with the issuer.

Global sunsetting of 3DS1 solution

On the longer term (starting October 16, 2022) both Mastercard and Visa will sunset the 3DS1 solution. This means that they will no longer process any transactions with a 3DS1 authentication request. All transactions that require authentication will be declined in case they are submitted with 3DS1. In order to avoid declines, you must send the authentication request via 3DS2.

Please be aware that these measures are effective globally, meaning that it will also affect transactions from cardholders outside of the EEA.

How will this affect you?

  • Use 3DS2 to initiate authentications of all your transactions. Be aware that, if you decide to use 3DS1, fraud liability will be on your side if the issuer is not participating in 3DS1.
  • When initiating a 3DS2 authentication request:
    • If the issuer is participating in 3DS2, the authentication will go through and the liability of the transaction is with the issuer
    • If the issuer is not participating in 3DS2, the transaction automatically will be downgraded to 3DS1 and the fraud liability continues to be on the issuer side.
  • You should progressively ramp up 3DS2 authentication outside of EEA and completely stop using 3DS1 authentication solution by 15th October 2022 to avoid declines.

Effective date

October 16, 2021 (fraud liability, Visa) and October 16, 2022 (global sunset, Visa and Mastercard)

Need more info? Please feel free to reach out to your dedicated Account Manager, or the Payvision customer service team at customerservice@payvision.com