Challenge, Frictionless and Responsibility
For transactions subject to 3DS authentication, the merchant can send a preference as to authentication type : threeDSInfo.challengeInd parameter in doWebPayment and verifyEnrollment.
In any case, the authentification server decide.
According to bank card regulations, liability in fraud event depends on preference expressed by the merchant and authentication required by authentification server (ACS).
The matrix below defines the person responsible in fraud event for different combinations :
Merchant preference | ||||
No choice | No challenge | Challenge | ||
---|---|---|---|---|
Authentication server | No challenge | Issuer | Acquier | Issuer |
Challenge | Issuer | Issuer | Issuer |
Data related to authentication server risk analysis
The authentication server risk analysis is based on information provided by merchant in doWebPayment and verifyEnrollment.
The merchant who wishes to obtain frictionless must do their best to provide the information requested by authentication server.
No data is mandatory.
This information is distributed in Payline interface objects :
- card ;
- order ;
- buyer ;
- threedsInfo
- Web service settings
These objects are formally described in web services API.
We give you examples of valuation below.