A 3DS check may end up with one of the following outcomes.

  • 3DS check successful
    fz.sca.success event is triggered by fatzebra.js. If you own your own payments form and use the verifyCard method of fatzebra.js to perform 3DS checks, 3DS result data will be provided in the fz.sca.success event payload. Using this 3DS result data in your Purchase or Refund API call will qualify that transaction for liability shift.

  • Please note: The edge case is when the enrolled field (ver) comes back as 'N' (3DS success - Not Enrolled), which means "No, Bank is not participating in 3-D Secure protocol". If the Enrolled value is equal to N, then the Consumer is NOT eligible for Authentication (No liability shift).

  • 3DS check unsuccessful
    fz.sca.error event is triggered by fatzebra.js. An error code will be returned in the event payload indicating the reason for the error. This could be due to the card issuer not support 3DS2 or if the cardholder was unable to verify their card when prompted with a 3DS challenge flow (e.g. they entered the wrong one-time pin that was sent to their mobile device).

  • Server Error or timeout.
    fz.sca.error event is triggered by fatzebra.js. No error code will be returned in the event payload. In this event we recommend that you prompt your users to retry the 3DS check/payment.

Test cards

FatZebra provides a number of test cards to simulate various 3DS scenarios in the Sandbox environment. Each of the following card numbers will simulate a predetermined outcome:

Successful 3DS2 check

Successful frictionless authentication
Cardholder being authenticated by their Card Issuer
Liability shift
Visa: 4000000000001000
Mastercard: 5200000000001005
Amex: 340000000001007
Attempts processing frictionless authentication
Cardholder is enrolled in 3DS however the Issuer is not supporting the program, resulting in a stand-in authentication experience
Liability shift
Visa: 4000000000001026
Mastercard: 5200000000001021
Amex: 340000000001023
Successful step-up authentication
Successful OTP challenge
Liability shift
Visa: 4000000000001091
Mastercard: 5200000000001096
Amex: 340000000001098

fz.sca.success sample payload

  "message": "FatZebra.3DS: 3DS success - Successful Frictionless Authentication",
  "data": {
    "cavv": "xxx",
    "par": "xxx",
    "sli": "xxx",
    "xid": "xxx",
    "ver": "xxx",
    "directoryServerTxnId": "xxx",
    "threedsVersion": "xxx" 

Unsuccessful 3DS check

ScenarioCardError code
Unsuccessful enrolment check
Enrolment failed by card issuer
No liability shift
Unsuccessful frictionless authentication
Authentication failed by card issuer without challenge
No liability shift
Visa: 4000000000001018
Mastercard: 5200000000001013
Amex: 340000000001015
Unavailable frictionless authentication
Authentication is unavailable from the issuer at the current time.
No liability shift
Visa: 4000000000001034
Mastercard: 5200000000001039
Amex: 340000000001031
Rejected frictionless authentication
Authentication rejected by the issuer.
No liability shift
Visa: 4000000000001042
Mastercard: 5200000000001047
Amex: 340000000001049
Authentication not available on lookup
Unable to verify 3DS enrolment status with the issuer due to system error.
No liability shift
Visa: 4000000000001059
Mastercard: 5200000000001054
Amex: 340000000001056
Server Error
No liability shift
Visa: 4000000000001067
Mastercard: 5200000000001062
Amex: 340000000001064
No liability shift
Visa: 4000000000001075
Mastercard: 5200000000001070
Amex: 340000000001072
Bypassed authentication
This is related to a feature that is currently not available. We will look at providing merchants the ability to configure rules to determine whether authentication is required for a transaction.
No liability shift
Visa: 4000000000001083
Mastercard: 5200000000001088
Amex: 340000000001080
Unsuccessful step-up authentication
Unsuccessful authentication due to failed OTP (one time password) challenge.
No liability shift
Visa: 4000000000001109
Mastercard: 5200000000001104
Amex: 340000000001106
Unavailable step-up authentication
The card holder is enrolled for 3DS, but authentication is not available with that issuer.
No liability shift
Visa: 4000000000001117
Mastercard: 5200000000001112
Amex: 340000000001114

fz.sca.error sample payload

  "errors": [
    "FatZebra.3DS: 3DS error - Rejected Frictionless Authentication"
  "data": {
    "errorCode": "005"