Liability Shift

Liability shift moves financial responsibility for a fraudulent chargeback from the merchant to the card issuer after successful 3D Secure authentication.

Liability shift is the moment financial responsibility for a fraudulent chargeback moves from you, the merchant, to the cardholder's issuing bank. It happens when a payment is authenticated with 3D Secure (3DS) and the issuer accepts that authentication — the bank has vouched for the cardholder, so the bank owns the fraud risk.

How liability shift works

When Stripe attempts 3DS authentication and the transaction is authenticated (either the customer completes a challenge or the issuer approves a frictionless flow), the authentication result is passed to the issuing bank. From that point, if the cardholder later claims the charge was fraudulent, the issuer — not you — is liable for the loss.

If 3DS isn't used, fails, or is unavailable, no shift occurs and you remain liable. This is one reason Strong Customer Authentication (SCA) rules in Europe push so many payments through 3DS.

What liability shift does not cover

The protection is narrow. It applies only to fraud disputes — chargebacks filed under fraud reason codes like Visa 10.4 or Mastercard 4837. It does not cover other reasons:

  • "Product not received" or "not as described"
  • Subscription and cancellation disputes
  • Duplicate or processing-error claims

You are still fully liable for those, and you'd defend them with dispute evidence. Even on an authenticated charge, ignoring an inquiry can trigger a "no-reply" chargeback that invalidates the shift — so you still respond.

Why it matters

Liability shift is the concrete payoff of authentication: fewer fraud chargebacks you have to eat. Weighed against the friction 3DS adds at checkout, it's a core lever in balancing conversion against fraud loss.

Related terms

Updated July 6, 2026