Google Pay – Enabling liability shift for eligible Visa device token transactions globally
Posted by Dominik Mengelt– Developer Relations Engineer, Payments and Florin Modrea – Product Solutions Engineer, Google Pay
We are excited to announce the general availability [1] of liability shift for Visa device tokens for Google Pay.
For Mastercard device tokens the liability already lies with the issuing bank, whereas, for Visa, only eligible device tokens with issuing banks in the European region benefit from liability shift.
What is liability shift?
If liability shift is granted for a transaction, the responsibility of covering the losses from fraudulent transactions is moving from the merchant to the issuing bank. With this change, qualifying Google Pay Visa transactions done with a device token will benefit from this liability shift.
How to know if the liability was shifted to the issuing bank for my transaction?
Eligible Visa transactions will carry an eciIndicator value of 05. PSPs can access the eciIndicator value after decrypting the payment method token. Merchants can check with their PSPs to get a report on liability shift eligible transactions.
“gatewayMerchantId”: “some-merchant-id”,
“messageExpiration”: “1561533871082”,
“messageId”: “AH2Ejtc8qBlP_MCAV0jJG7Er”,
“paymentMethod”: “CARD”,
“paymentMethodDetails”: {
“expirationYear”: 2028,
“expirationMonth”: 12,
“pan”: “4895370012003478”,
“authMethod”: “CRYPTOGRAM_3DS”,
“eciIndicator”: “05”,
“cryptogram”: “AgAAAAAABk4DWZ4C28yUQAAAAAA=”
}
}
A decrypted payment token for a Google Pay Visa transaction with an eciIndicator value of 05 (liability shifted)
Check out the following table for a full list of eciIndicator values we return for our Visa and Mastercard device token transactions:
eciIndicator value
Card Network
Liable Party
authMethod
“” (empty)
Mastercard
Merchant/Acquirer
CRYPTOGRAM_3DS
“02”
Mastercard
Card issuer
CRYPTOGRAM_3DS
“06”
Mastercard
Merchant/Acquirer
CRYPTOGRAM_3DS
“05”
Visa
Card issuer
CRYPTOGRAM_3DS
“07”
Visa
Merchant/Acquirer
CRYPTOGRAM_3DS
“” (empty)
Other networks
Merchant/Acquirer
CRYPTOGRAM_3DS
Any other eciIndicator values for VISA and Mastercard that aren’t present in this table won’t be returned.
How to enroll
Merchants may opt-in from within the Google Pay & Wallet console starting this month. Merchants in Europe (already benefiting from liability shift) do not need to take any actions as they will be auto enrolled.
In order for your Google Pay transaction to qualify for enabling liability shift, the following API parameters are required:
totalPrice
Make sure that totalPrice matches with the amount that you use to charge the user. Transactions with totalPrice=0 will not qualify for liability shift to the issuing bank.
totalPriceStatus
Valid values are: FINAL or ESTIMATED
Transactions with the totalPriceStatus value of NOT_CURRENTLY_KNOWN do not qualify for liability shift.
Not all transactions get liability shift
Ineligible merchants
In the US, the following MCC codes are excluded from getting liability shift:
4829
Money Transfer
5967
Direct Marketing – Inbound Teleservices Merchant
6051
Non-Financial Institutions – Foreign Currency, Non-Fiat Currency (for example: Cryptocurrency), Money Orders (Not Money Transfer), Account Funding (not Stored Value Load), Travelers Cheques, and Debt Repayment
6540
Non-Financial Institutions – Stored Value Card Purchase/Load
7801
Government Licensed On-Line Casinos (On-Line Gambling) (US Region only)
7802
Government-Licensed Horse/Dog Racing (US Region only)
7995
Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting, Wagers at Race Tracks and games of chance to win prizes of monetary value
Ineligible transactions
In order for your Google Pay transactions to qualify for liability shift, make sure to include the above mentioned parameters totalPrice and totalPriceStatus. Transactions with totalPrice=0 or a hard coded totalPrice (always the same amount but the users get charged a different amount) will not qualify for liability shift.
Processing transactions
Google Pay API transactions with Visa device tokens are qualified for liability shift at facilitation time if all the conditions are met, but a transaction qualified for liability shift can be downgraded by network during transaction authorization processing.
Getting started with Google Pay
Not yet using Google Pay? Refer to the documentation to start integrating Google Pay today. Learn more about the integration by taking a look at our sample application for Android on GitHub or use one of our button components for your web integration. When you are ready, head over to the Google Pay & Wallet console and submit your integration for production access.
Follow @GooglePayDevs on X (formerly Twitter) for future updates. If you have questions, tag @GooglePayDevs and include #AskGooglePayDevs in your tweets.
[1] For merchants and PSPs using dynamic price updates or other callback mechanisms the Visa device token liability shift changes will be rolled out later this year.
