3DS is Powerful…But It’s Not A Silver Bullet for 3D Secure Chargeback Prevention
Implementing 3D Secure at one of the most fraud-prone points of the buying journey — your checkout environment — can help you deter and prevent the bulk of third-party fraud.
That can go a long way in helping you stop some chargebacks. But 3D Secure isn’t a cure-all measure. While extra authentication at the point-of-sale can help prevent chargebacks that stem from fraud or unauthorized activity, this measure can’t help you stop all types of chargebacks.
Notably, you remain just as vulnerable as before to friendly fraud. 3D Secure can’t stop transactions authorized by a legitimate cardholder that later winds up morphing into a chargeback due to cardholder confusion, buyer’s remorse, or another illegitimate reason.
In this article, we take a closer look at what 3D Secure does — and doesn’t — protect your business against.
Recommended reading
- Reduce Chargebacks TODAY With These Tips & Tactics
- What are Chargeback Alerts? The Merchant's Guide for 2026
- Chargeback Protection: What are Your Options for 2026?
- Troubleshooting Statement Descriptors: A 2026 Guide
- 10 Simple Strategies to Optimize Your Statement Descriptor
- How to Test Your Statement Descriptors
How the 3D Secure Liability Shift Works
Sellers who use 3D Secure at checkout can potentially shift liability for any fraud-related chargebacks they do receive on to the issuing bank.
3D Secure can help protect your checkout environment against fraud and unauthorized activity. It’s not perfect; sophisticated criminals who conduct SIM swapping attacks, for instance, can successfully defeat second-factor challenges. If this happens, though, you may still be protected.
Say a fraud attack like the one I just described happens. You can shift liability for a 3D Secure chargeback onto the cardholder’s issuing bank. As long as you deployed 3D Secure at checkout, you’re safe.
In technical terms, that means you need to be able to furnish an electronic commerce indicator (ECI) and cardholder authentication verification value (CAVV) showing the transaction was fully authenticated. For example, an ECI value of 05 for a Visa transaction, or 02 for a Mastercard transaction, shows the transaction was fully authenticated by 3D Secure. You’ll need to demonstrate that the issuer authorized the transaction following 3D Secure authentication.
Each major card network has a branded version of 3D Secure with slightly different rules. For example, merchants who are involuntarily enrolled in the Visa Acquirer Monitoring Program (VAMP) are not eligible for a liability shift, even if they use Visa Secure, the Visa-branded version of 3D Secure.
Which Chargebacks Does 3DS Protect Against?
3D Secure protects against chargebacks that result from criminal fraud or unauthorized activity.
Liability for fraud defaults to the least-secure party in a transaction. Shifting liability for chargebacks involving purchases that are successfully authenticated via 3D Secure is the issuer’s way of taking responsibility for having falsely verified the cardholder’s identity.
In a sense, 3DS provides a guarantee to the merchant: help stop fraud using this tool, and you’ll be protected from fraud-related chargebacks. Pretty good deal, right? Well, remember that it doesn’t work against every chargeback.
Let’s say a chargeback happens on a transaction that was authenticated by 3D Secure and subsequently authorized by the issuer in the manner described in the previous section. You’re eligible for liability shift protection against that chargeback if it carries any of the following reason codes:
Visa — 10.4
Card-Absent Environment
Mastercard — 4837
No Cardholder Authorization
American Express — F29
Card Not Present
Discover — UA02
Fraud: Card-Not-Present Transaction
The common denominator here is that 3D Secure protects against “unauthorized transaction” claims, which are disputes that stem from third-party (or “true”) fraud. You remain on the hook for any disputes filed using a different reason code, though, even if the transaction was 3DS authenticated.
Which Chargebacks Does 3DS NOT Protect Against?
3D Secure only protects fraud-related chargebacks. Notably, disputes surrounding service issues, merchant errors, or friendly fraud chargebacks aren’t protected by 3D Secure.
Like I said in the last section, most disputes are not eligible for liability shift protection. You’re still responsible for chargebacks filed using any of the following reasons:
Prepaid card transactions, even those successfully authenticated via 3D Secure and authorized by the issuer, typically aren’t eligible for liability shift protection.
There’s Only One Way to “Chargeback-Proof” Your Business.
Learn the secret to true chargeback prevention today.
Request a Demo
Are There Situations When the Liability Shift Doesn’t Apply (Even With 3DS)?
Yes. Incomplete or unsuccessful 3D Secure authentication is the most common reason a transaction winds up ineligible for liability shift protection.
Just because you have 3D Secure enabled at checkout doesn’t mean you’re automatically guaranteed protection. Specifically, you won’t be protected if:
- An ECI or CAVV value shows the authentication was attempted but not successful
- You use 3D Secure in “data only” mode
- You whitelist a customer or skip 3DS authentication due to a low-value purchase
- You initiated the transaction (e.g. a card-on-file transaction or a recurring payment)
- Your system encountered a technical error, resulting in incomplete authentication
The “data only” mode of 3D Secure authentication means the tool shares 3D Secure data with issuers, but doesn’t initiate an authentication challenge to the customer.
As you can see, there are a lot of edge cases that can disqualify you for liability shift protection. I recommend that you regularly take a peek under the hood to verify that transactions are being successfully authenticated by 3D Secure and authorized by the issuer. In practice, this means measuring your:
Authentication Rate
This is the total percentage of transactions that are successfully authenticated via 3D Secure, as a subset of all transactions attempted using 3DS.
Challenge Rate
This is the percentage of transactions that are presented with a multi-factor authentication challenge, instead of being frictionlessly authenticated on the back-end.
Checkout Abandonment Rate
The share of customers who arrive at checkout, only to exit after encountering a 3D Secure authentication challenge. You can use your checkout abandonment rate to gauge how much revenue you might be leaving on the table.
A high challenge rate occurs when issuers flag a large number of transactions. It’s problematic because authentication challenges dramatically increase buyer friction, which in turn, makes buyers more likely to abandon purchases.
Optimize Chargeback Prevention on 3DS-Validated Transactions
To prevent 3D Secure chargebacks, try keeping a repository of 3D Secure data on hand, automatically share authentication records with the issuer, and manually re-presenting chargebacks (if necessary).
If you’ve implemented 3D Secure at checkout, you may still receive disputes. Here’s what you can do to make you don’t find yourself on the receiving end of a dispute that you think should’ve been 3D Secure chargeback protected:
Look at Your Authentication Logs
Even if you authenticate transactions at checkout, it won’t matter if you don’t have proof. You’ll want to capture and store ECI data, CAVV/AAV values, transaction IDs, and purchase timestamps so that, in the event of a 3D Secure chargeback, you have the compelling evidence you need.
Leverage Automated Defense Mechanisms
Some payment processors let you automatically deflect fraud-related disputes by routing 3D Secure data to the issuer. Taking advantage of this feature can help you automate a portion of your chargeback management workload.
Re-Present Transaction Information Manually
When automation is unavailable, you’ll need to roll up your sleeves. Specifically, you can manually represent 3D Secure chargebacks by forwarding authentication data to the issuer via your acquiring bank. This can help you prove the transaction was authenticated and absolve you of liability.
Work with your merchant service provider to ensure that both you and the issuer can readily access your 3D Secure authentication data. Doing so will help you get credit for using 3D Secure and benefit from the liability shift protection that you’re eligible for.
Before investing resources into re-presenting a dispute, assess the chargeback reason code first. If the reason code doesn’t have anything to do with fraud, your 3D Secure authentication data will not be compelling in context. It won’t be worth challenging the dispute unless you have additional evidence, such as proof of signed delivery or images of the product prior to shipping.
Building a Complete Chargeback Prevention Strategy
If there’s one thing to take away, it’s that 3D Secure — even when used successfully — is only effective at protecting you against a narrow subset of fraud-related chargebacks. You’re still vulnerable to merchant error disputes, service-related chargebacks, and, of course, friendly fraud.
While 3D Secure can help you stop a large number of chargebacks at the source, you’ll need to manage the rest with other tools in your dispute defense arsenal.
For example, complementing 3D Secure with chargeback deflection tools, like Ethoca Alerts or Verifi CDRN, can alert you to pending chargebacks. This, in turn, lets you pre-emptively refund the cardholder to prevent the chargeback from going through. Operational enhancements, like proactive post-purchase customer communication and a pro-buyer eCommerce return policy that encourages buyers to seek hassle-free refunds in place of filing chargebacks, can likewise help you prevent avoidable disputes.
Sounds complicated? Well, you don’t have to take it on alone.
At Chargebacks911®, our chargeback remediation and loss recovery experts have decades of experience fighting criminal fraud and friendly fraud disputes. Contact us and get the help you need today.
FAQs
Does 3-D Secure prevent all chargebacks?
No. 3D Secure is a powerful deterrent against true fraud-related chargeback at checkout. In many cases, merchants who use 3D Secure can also shift liability for any fraud-related chargebacks back to the issuer. Neither of these features, however, completely prevent criminal fraud, let alone all chargebacks.
What are common problems with 3-D Secure?
Added buyer friction, which can heighten false declines and result in lost revenue from legitimate customers, is arguably the biggest and most common problem with 3D Secure.
Why did I get a chargeback if 3DS authentication was successful?
Even if 3DS authentication was successful, you may have received a chargeback because it was not fraud-related. For example, merchant errors on your part, or friendly fraud on the part of a genuine cardholder, can result in chargebacks.
What is the 3DS liability shift?
The 3DS liability shift allows merchants who use 3D secure at checkout to shift responsibility for any fraud-related chargebacks they incur onto the issuing bank.
Should I enable 3-D Secure?
Yes. It’s considered best practice to enable 3D Secure at checkout so that you can prevent fraud-related chargebacks and shift liability for those that slip through onto the issuing bank.
Does 3DS protect against friendly fraud?
No. While 3DS protects against most criminal or true fraud chargebacks, it cannot protect against friendly fraud. That’s because transactions involved in friendly fraud chargebacks are authorized by legitimate cardholders at the point of sale and only become fraudulent due to buyer motivations later.
What evidence do I need to fight a chargeback on a 3DS transaction?
Proof of successful 3DS authentication, including AVS/CVV matches, IP addresses logs, and supporting documentation such as correspondence with the cardholder, can help you fight a chargeback on a 3DS transaction.
