Understanding who bears the responsibility for fraudulent activity or unauthorized charges — known as the liability shift — is vital for customers and merchants. This section examines two scenarios: one where a customer initiates a transaction with 3D Secure (3DS) and subsequent transactions without it, and another involving non-3DS transactions initiated by either party.

Liability shift to the customer:

In scenarios where the customer initiates a 3DS transaction, they assume liability for any fraudulent or unauthorized charges. Completing the 3DS verification typically reduces their risk of fraud. However, should the merchant process subsequent non-3DS transactions under a payment agreement referencing the customer's initial 3DS transaction, the customer might retain liability.

Example: A customer makes a verified online purchase via 3DS, reducing their fraud liability. Yet, if the merchant processes later non-3DS transactions under the same agreement and fraud occurs, the customer could be held accountable.

Liability shift to the merchant

Conversely, when a non-3DS transaction is customer-initiated, such as a "card not present" transaction, the merchant often assumes liability for any unauthorized or fraudulent charges. If a non-3DS transaction is later contested as fraudulent, the merchant typically bears the financial loss or chargebacks.

Example: A customer completes an online purchase without 3DS verification. If they dispute subsequent charges as unauthorized, liability usually shifts to the merchant, who must handle the financial repercussions and any chargebacks.

It's crucial for both parties to understand the implications of the liability shift in payment transactions. Merchants and customers must follow industry best practices and maintain robust security to minimize fraud and uphold a secure payment ecosystem, recognizing their obligations and the associated risks.