How do I block all transactions that did not go through 3DS / do not have liability shift?
Do you have the right user role?
Please check whether you have the following user role:
Management Dynamic 3D Secure Rules
If you have your Dynamic 3D Secure settings set to ALWAYS, this means that whenever possible we route the transaction through 3D Secure. However, when an issuer or the shoppers' card doesn't yet support 3DS, we will still try to authorise it without 3D Secure. In case you do not want to authorise transactions that either did not get fully authenticated and / or did not have the liability shift applied, you can block these using the liability shift status rule. This rule triggers if a transaction has not been authenticated using 3D Secure, and you can either increase the risk score or fully block all transactions triggered by this rule by increasing the risk score with 100 points.
To configure this rule:
Go to Risk > Risk profiles > Find the Liability shift status rule > Click on Configure rule options. Set the configurations:
- Choose Only 3D Secure Transactions to block all transactions where 3D Secure was attempted, but the liability shift has not taken place. An example scenario is when 3D secure is only applied above a specified payment amount. The transactions beneath this amount will not be analysed and thus accepted by this check. Other type of transactions like Recurring (ContAuth) are allowed.
- Choose Only 3D Secure Transactions without technical errors to block transactions under the same circumstances as above, unless there is a technical error which prevented 3D Secure authorisation, in which case the transaction is not analysed and thus accepted.
- Choose All E-Commerce Credit Card Transactions to additionally block also non-recurring credit card transactions where 3D has not been attempted at all. Only select this option if all transactions on this account should be processed with 3D secure. An example scenario for this case is where after the initial transaction (with 3D secure) One-Click and Recurring (ContAuth) are allowed.
Note that this check will only be triggered for E-Commerce transactions. Recurring (ContAuth) transactions have no liability shift by definition, thus will not be analysed and thus accepted by this check.
Update your setup
Ready to update your setup? We'll direct you to the right place.Go to your Customer Area