Important Updates for Visa, MasterCard and Amex for November 2021

Posted On: Friday, November 26th, 2021

Visa, MasterCard and Amex all announced the sunset dates for 3DSecure Version 1.0.2 with other important dates and exceptions.

Welcome to another industry updated on 3DSecure. All Card schemes have announced a date for decommissioning of 3DSecure Version 1.0.2. The effective dates are 14th Oct 2022 for MasterCard and Amex (with the exception of India) and 15th October 2022 for Visa.

MasterCard will also stop the enrollment of new merchants for Version 1 from March 31 2022; this means that any new merchants must go into production with Version 2.

Below is a summary of important dates and notification from all 3 schemes, with some of these deadlines already now in effect.


The latest Authentication Guide for Europe is now Version 1.4.

REMINDER: Effective 2 November 2021, MasterCard has re-enabled kX AAVs for Identity Check Insights transactions functionality.  Please refer to AN 4882 Introduction of Accountholder Authentication Values for Identity Check Insights and Non-Payment Transactions for more information.

REMINDER – 2.2 MANDATE, EUROPE: MasterCard is announcing revised Standards for EMV 3D-Secure (3DS) version 2.2 specifications implementation for all card-not-present (CNP) transactions on MasterCard and Maestro account ranges. The revised Standards will require issuers and acquirers in the Europe region to support cardholder authentication using EMV 3DS version 2.2, effective 14 October 2022.

REMINDER:  Per the Identity Check Program Guide, requirement 149, ACS operators must challenge a request to add a Card-on-File (COF) regardless if it is requested using a non-payment or payment transaction.  There are further details in the Program Guide with respect to specific data elements and values in the AReq that indicate this type of transaction.


3DS1 Decommissioning

  • March 31 2022 MasterCard will no longer allow 3DS 1.0 account range or Merchant ID enrollments.
  • October 14 2022 MasterCard will no longer process any 3DS 1.0 transactions for cardholder authentication. Any transaction submitted to the MasterCard 3DS 1.0 Directory Server will result in an error response.


Effective 15 October 2022, Visa will discontinue support of 3-D Secure 1.0.2 and related technology.

Effective 16 October 2021, Visa will continue to support 3DS 1.0.2 transaction processing, including the 3DS 1.0.2 Directory Server (DS), but will stop support of 3DS 1.0.2 Attempts Server for non-participating issuers. After 15 October 2021, Visa will respond with a Verify Enrollment Response (VERes) = N to all authentication requests when the issuer does not support 3DS 1.0.2 (e.g. BIN range does not have an access control server [ACS] URL listed in the DS).

If an issuer continues to support 3DS 1.0.2 after 15 October 2021, it will be able to respond to merchants with a fully authenticated response and Cardholder Authentication Verification Value (CAVV), and merchants will obtain fraud liability protection. These transactions will be blocked from fraud-related disputes1 in Visa Resolve Online. Issuers wishing to stop support of 3DS 1.0.2 must request that their Bank Identification Number (BIN) ranges be removed from the Visa Secure DS.

The follow table for Fraud Liability applies:

Visa Secure Using 3DS 1.0.2 Prior to 16 October 2021 Beginning 16 October 2021
Fully authenticated (Issuer participates) Fraud liability with Issuer (Electronic Commerce Indicator (ECI) 05) No Change
Attempted authentication (Issuer participates and ACS is unavailable or responses VERES = N) Fraud liability with Issuer (ECI 06) No Change
Attempted authentication (Issuer does not participates) Fraud liability with Issuer (ECI 06) Fraud liability with merchant (ECI 07)


The SafeKey 1.0 product will be terminated on 14 October 2022, with the exception of participants in India, where SafeKey 1.0 will sunset on 13 October 2023.

ACS providers in India should retain the 1.0 ACS service until October 2023 and contact the American Express SafeKey Team on to discuss next steps.

  • MPIs and 3DSS servicing merchants in India should retain their MPI service until October 2023 and contact the American Express SafeKey Team on to discuss next steps.
  • Global ACS providers can choose to retain the 1.0 ACS service to allow for any inbound spend in India until October 2023.

Full support for major card brands and banks

Making eCommerce Safe

Be in the know

Industry news, events and major releases.

Endeavour will participate at Singapore Fintech Festival
Posted on: Friday 10th November, 2023

Let's talk Authentication and Tokenization in Singapore.

Benefits of Network Tokenization
Posted on: Wednesday 8th November, 2023

How Network Tokenization Leads to Higher Authorization Rates and a Better Customer Experience.

Endeavour is Attending Seamless Asia
Posted on: Tuesday 20th June, 2023

Let's talk Authentication and Tokenization in Singapore

Here to help

Questions? We've got answers.

Kindly note that we do not support cardholders wanting to activate 3D Secure on their card. Please contact your bank directly using the phone number provided on the back of your card.