Skip to content

Table of Contents

Payment liability shift: What merchants should know

Every ecommerce order carries a small amount of uncertainty: Is this the cardholder? Or could it be fraud?

For merchants, payment liability shift — often discussed in ecommerce as chargeback liability shift — helps decide that, and it’s one of the most undervalued levers for profitable growth. Retailers chasing customer lifetime value (CLTV) tend to focus on trust and personalization first, but embracing liability shift belongs on that same list considering it’s what lets you say yes to more orders without inheriting more fraud risk.

TL;DR

  • Liability shift can help merchants approve more good orders. When merchants can transfer fraud liability on qualifying transactions, they can say yes to more borderline orders without automatically taking on more fraud risk.
  • EMV and 3D-Secure authentication (3DS) shift liability through authentication. EMV chips prove the physical card was present. 3DS helps verify the cardholder during online checkout. But authentication is not the same as order intelligence, and a failed step-up does not always mean the order was fraud.
  • 3DS can create unwanted friction and present downsides for both the consumer, who is inconvenienced, and the merchant, who sees lower acceptance rates and risks being penalized for sending the bank high-risk transactions. 
  • Guaranteed fraud protection’s liability shift dramatically reduces false declines by relying on sophisticated machine learning, a large network and by evaluating full order data.

What is a payment liability shift?

Payment liability shift is the transfer of financial responsibility for a fraudulent or disputed transaction away from the merchant to a card issuer, a bank or a specialized fraud protection provider. When liability shifts, the retailer keeps the sale and doesn’t absorb the chargeback if the order turns out to be fraud.

In ecommerce, merchants often talk about this as a chargeback liability shift, asking: Who absorbs the cost if an approved order later becomes a fraud chargeback?

Why it matters and how it affects merchants

With the rapid growth of the early 2020s in the rearview mirror, online merchants need to adapt to a world of decent, but slower, growth. Think 10% year-over-year rather than 30% year-over-year. That means that missing out on sales from good customers is no longer an option — it’s more important than ever that retailers optimize the orders they do get. And that of course includes the step of accepting more orders in the first place and avoiding first-party fraud chargebacks in the second place. After all, chargeback liability doesn’t always stop at checkout. Fraudulent payment disputes are one part of the equation, but merchants also have to manage other abuse claims, like false item-not-received (INR) and significantly-not-as-described (SNAD) disputes.

The stakes are only getting more complicated. A growing share of orders are being influenced (and in some instances, placed) by AI agents on shoppers’ behalf, and card networks are already racing to define new liability rules for exactly that scenario.

Today’s liability shift coverage doesn’t automatically account for an agent-led order, which means brands like yours need to understand the mechanisms even more closely, not less.

What are EMV vs. 3DS liability shift mechanisms?

EMV and liability shift

For card-present transactions, liability used to sit with the card issuer by default. That changed once EMV (a standard created by Europay, Mastercard and Visa) chip cards gave retailers a more secure way to process in-person payments.

Here’s how it works: If a retailer doesn’t support EMV chip technology and a fraudulent transaction happens on an EMV-enabled card, liability moves from the issuer to the retailer. Flip it around, and if the retailer does support EMV but the card itself isn’t chip-enabled, liability stays with the issuer.

3DS and liability shift

3DS is the most widely recognized liability shift mechanism, especially in Europe, where it helps satisfy the requirements of Strong Customer Authentication (SCA). In the U.S., it’s more talked about than widely used, with only about 3% of orders being subject to the process, according to Datos Research.

Here’s how it works: At checkout, 3DS can trigger a step-up challenge. The customer might have to re-enter card or bank details, answer a challenge question or provide biometric proof to verify their identity. If it clears, the transaction is approved and chargeback liability shifts from the retailer to the card issuer for qualifying fraud disputes.

The friction challenge of 3DS as a liability shift mechanism

Step-up authentication interrupts checkout. And Interruptions cost sales — sometimes because a real customer simply gives up, sometimes because they fail the challenge itself. In fact, 36% of UK consumers surveyed by Signifyd said they couldn’t complete a transaction because of 3DS-powered SCA. 

In the U.S., 3DS orders can become a red flag for certain issuers. That’s because brands using 3DS in the U.S. tend to move only their riskiest orders through its rails. The thinking goes: “As the merchant I don’t want to risk shipping it. So, why not see if it can clear the 3DS step-up?” If the order clears the step-up the merchant gets the conversion, and the worst that can happen is the order was declined from fear of fraud.

But what if the failed step-up wasn’t true fraud? An OTP that doesn’t arrive, a biometric prompt that fails on an unfamiliar device, a knowledge-based question the customer gets wrong — any of these can trip up a legitimate cardholder just as easily as a fraudster. The result? A false decline, which costs merchants $118 billion in the U.S. alone each year, according to a Mastercard estimate.

As you can imagine, genuine consumers don’t love being turned away when they’re trying to spend their money. In fact, Signifyd found that 36% of U.S. online shoppers said that they stopped patronizing a merchant after having an order declined for no apparent reason.

Chart for liability shift post that shows why consumers stop buying from retailers

The level of tolerance for bad online experiences was similar in the UK, where 37% of online consumers surveyed on behalf of Signifyd said they’d leave a retailer for good after one or two bad experiences. In France and Italy, shoppers were even more impatient, with 58% in each country saying they would stop shopping with an online merchant after one or two bad experiences. Can we stipulate that having a legitimate order turned down for fear of fraud qualifies as a bad experience?

Chart showing % abandonment with 2 or fewer bad experiences — less likely with liability shift

The 3DS false-decline problem isn’t just a 3DS-specific flaw. It’s a symptom of a much bigger issue: Static, rules-based fraud tools produce false positives because their logic was built to catch bad orders, not to look for reasons to approve good ones. A step-up challenge is one version of that logic. Checkout rules that block certain geographies, automatically reject agent-led orders or flag apparent CVV or AVS irregularities, are another. Either way, the result is the same: A real order gets treated like a threat.

So what if you could let these orders through and not have additional friction? In other words, what if you could still transfer liability, while still providing a frictionless checkout experience? This is where the new breed of guaranteed fraud prevention with a liability shift comes in.

How to approve more good orders with guaranteed fraud protection

Guaranteed fraud protection exists to solve exactly the problem described above: Rules built to catch bad orders end up catching good ones too. Instead of running every order through a static fraud protection rulebook or an authentication challenge, it evaluates each order on its own merits — pulling in third-party data (device fingerprint, IP and geolocation signals, order velocity, historical fraud patterns, identity-matching data, etc.) and running it through a machine learning model trained to find reasons to approve, not just reasons to decline. Orders that fall into ambiguous territory get routed to manual review, where a human analyst adds context the model can’t capture on its own.

The result is a liability shift that works differently from EMV or 3DS. Once an order is approved under this model, the transfer is contractual rather than cryptographic: The provider guarantees the transaction and absorbs the chargeback if it turns out to be fraud, regardless of whether an authentication value was ever generated. That means retailers can say yes to more borderline orders — the ones a step-up challenge or a CVV mismatch might have screened out — without taking on more risk themselves.

What really sets the guarantee apart from authentication-based liability shift is what it actually covers financially. Signifyd’s guarantee for fraud protection, for example, reimburses the chargeback amount and the associated costs, too. That’s a much wider safety net than 3DS or EMV, both of which only address payment fraud at the authentication step.

How Signifyd’s guaranteed fraud protection works: Any order passed through Signifyd’s Commerce Protection Platform for a decision receives an instant approve/decline call, and merchants can layer on Complete Chargeback Protection for any or all of those orders. On the technical side, the system leverages machine learning and behavioral analytics to assess transaction risk, with automated order review distinguishing legitimate purchases from potentially fraudulent ones

Start using liability shifts as revenue levers

Shifting payment liability is one of the clearest levers you have for turning “maybe” into “yes” without taking on more risk. Sure, EMV and 3DS move that risk by proving who’s on the other end of the transaction. But Signifyd’s guaranteed fraud protection aims to transfer it by proving something different: That the order itself, and everything around it, adds up to a genuine sale.

For merchants building toward a stronger CLTV, that distinction is the whole point. Every order a mechanism screens out for the wrong reasons is a customer who may not come back. Every order it approves correctly is a sale, a data point and a step toward the kind of trust that keeps shoppers returning.

Photo by iStock


Want to learn more about how guaranteed fraud protection can help you confidently approve more orders?

Channing Lovett

Channing Lovett

Channing is a writer and strategist for Signifyd. With a decade of experience in B2B technology across ecommerce, fintech and IT security, she explores the topics that matter most to retailer growth, including fraud prevention, customer experience and authorization performance. Her work helps ecommerce leaders protect revenue, strengthen customer trust and stay ahead of emerging shifts in commerce.