Understanding ECI values – An important step in your authentication strategy

The Electronic Commerce Indicator (ECI) is a value returned by the Directory Server and ACS indicating the outcome of authentication requested on transactions for EMV® 3-D Secure. Merchants can use ECI values to determine whether to proceed to authorization or not. The ECI value (along with other data elements) is required to be sent in authorization to receive merchant benefits. ECI values also tie together with the authentication responses shown below.  

 

Here’s what your response may mean:

ECI: 05/02 

Authentication successful – the issuer has verified the cardholder and EMV 3DS and its benefits apply to all parties.
Status code: Y

 

ECI: 06/01 

Authentication attempted – authentication was not available at the issuer, but the network directory server stands in, which generates proof the merchant attempted authentication.
Status code: A

 

ECI: 07/00 

Authentication failed – the issuer could not authenticate the cardholder for various reasons – the information could have been entered incorrectly, the cardholder cancelled the authentication page, or other reasons.
Status code: N

 

Authentication could not be permitted – the authentication request could not be completed for various reasons – the card type is excluded from attempts, the ACS is not able to handle the authentication request message, or other reasons.
Status code: U

 

Authentication rejected – the authentication request was rejected by the issuer and deemed a high risk of fraud due to risk rule analysis and are too risky enough to even step-up or challenge.
Status code: R (Status code “R” is not used frequently and is not represented on the chart below).  

 

The below charts tie the ECI values you may receive based on the network program(s) you choose to support. There are other ECI values that you may encounter from time to time. If you have questions on any values not represented here, feel free to reach out any time. 

Understanding ECI values is an important part of building your authentication strategy. If you receive an ECI code that isn’t listed here, or want help understanding and optimizing your ECI strategy, reach out to your Customer Success Manager or [email protected]. We’re here to help. 

*eftpos: Cobranded, but will receive ECI codes of 05/06/07 

*UnionPay International: BIN ranges overlap, will receive both ECI values (05/06/07 and 02/01/00). 

*Cartes Bancaires (CB): CardinalCommerce provides an ECI value for CB. However, this value is not supported and should not be sent into authorization.  

Related news + trends

industry news

The latest version of EMV® 3-D Secure – a deeper dive

EMV 3DS can help manage PSD2 SCA’s exemptions. See if they’ll work for you.

read more
our stories

2020 What is happening and what is to come at Cardinal

At Cardinal, our 2020 resolution is all about building our existing capabilities and expanding our reach in the latest protocols. See what we've got planned for 2020.

read more
case study

Clothing and Footwear Benchmark

Learn how authentication affects Card-not-Present authorization rates and key statistics on fraud in the clothing and footwear industry.

read more
mandates

Is your shopping cart ready for PSD2 SCA?

Authentication is core to payment processing in Europe, so if your digital transactions are not authenticated, you will be expected to implement a solution before your business is impacted.

read more