The Electronic Commerce Indicator (ECI) is a value returned by the Directory Server and ACS indicating the outcome of authentication requested on transactions for EMV® 3-D Secure. Merchants can use ECI values to determine whether to proceed to authorization or not. The ECI value (along with other data elements) is required to be sent in authorization to receive merchant benefits. ECI values also tie together with the authentication responses shown below.
Here’s what your response may mean:
Authentication successful – the issuer has verified the cardholder and EMV 3DS and its benefits apply to all parties.
Status code: Y
Authentication attempted – authentication was not available at the issuer, but the network directory server stands in, which generates proof the merchant attempted authentication.
Status code: A
Authentication failed – the issuer could not authenticate the cardholder for various reasons – the information could have been entered incorrectly, the cardholder cancelled the authentication page, or other reasons.
Status code: N
Authentication could not be permitted – the authentication request could not be completed for various reasons – the card type is excluded from attempts, the ACS is not able to handle the authentication request message, or other reasons.
Status code: U
Authentication rejected – the authentication request was rejected by the issuer and deemed a high risk of fraud due to risk rule analysis and are too risky enough to even step-up or challenge.
Status code: R (Status code “R” is not used frequently and is not represented on the chart below).
The below charts tie the ECI values you may receive based on the network program(s) you choose to support. There are other ECI values that you may encounter from time to time. If you have questions on any values not represented here, feel free to reach out any time.
Understanding ECI values is an important part of building your authentication strategy. If you receive an ECI code that isn’t listed here, or want help understanding and optimizing your ECI strategy, reach out to your Customer Success Manager or [email protected]. We’re here to help.
*eftpos: Cobranded, but will receive ECI codes of 05/06/07
*UnionPay International: BIN ranges overlap, will receive both ECI values (05/06/07 and 02/01/00).
*Cartes Bancaires (CB): CardinalCommerce provides an ECI value for CB. However, this value is not supported and should not be sent into authorization.
EMV 3DS can help manage PSD2 SCA’s exemptions. See if they’ll work for you.
At Cardinal, our 2020 resolution is all about building our existing capabilities and expanding our reach in the latest protocols. See what we've got planned for 2020.
Learn how authentication affects Card-not-Present authorization rates and key statistics on fraud in the clothing and footwear industry.
Authentication is core to payment processing in Europe, so if your digital transactions are not authenticated, you will be expected to implement a solution before your business is impacted.
You'll be the first to hear about new products, features, and company updates.