3DS Lithic Decisioning
Learn about leveraging Lithic's 3DS decisioning model to participate in 3DS.
Overview
3DS Lithic Decisioning delegates authentication decisions to Lithic's automated risk model. When a 3DS authentication request arrives for a card in your program, Lithic evaluates the transaction against proprietary risk signals and responds automatically on your organization's behalf. This model requires no real-time integration or decisioning infrastructure from your organization.
Lithic's decisioning model analyzes network-provided authentication data to determine whether to approve or decline each authentication request. The model continuously evolves based on fraud trends across Lithic's network while maintaining compliance with network-mandated approval thresholds.
How Lithic Decisioning Works
%%{init: { "theme": "base", "themeVariables": { "primaryColor": "#FF6600", "primaryTextColor": "#FFFFFF", "primaryBorderColor": "#993D00", "secondaryColor": "#00CC88", "tertiaryColor": "#9944FF", "background": "#FFFFFF", "mainBkg": "#FF6600", "secondBkg": "#00CC88", "lineColor": "#000000", "textColor": "#000000", "actorBkg": "#FF6600", "actorBorder": "#993D00", "actorTextColor": "#FFFFFF", "actorLineColor": "#000000", "signalColor": "#000000", "signalTextColor": "#000000", "labelBoxBkgColor": "#FF6600", "labelBoxBorderColor": "#993D00", "labelTextColor": "#FFFFFF", "loopTextColor": "#FFFFFF", "activationBorderColor": "#00859B", "activationBkgColor": "#00CCEE", "sequenceNumberColor": "#FFFFFF", "noteBkgColor": "#AA8855", "noteTextColor": "#FFFFFF", "noteBorderColor": "#725A37" } }}%% sequenceDiagram participant C as Cardholder participant M as Merchant/<br/>Acquirer participant N as Network participant L as Lithic participant P as Card Program C->>M: Initiates<br/>e-commerce<br/>transaction M->>N: 3DS authentication<br/>request N->>L: 3DS authentication<br/>request Note over L: Evaluates with<br/>risk-based<br/>fraud model L-->>N: 3DS authentication<br/>response<br/>(approve/decline/challenge) N-->>M: 3DS authentication<br/>response M-->>C: Authentication<br/>result L->>P: three_ds_authentication<br/>.created webhook
When a cardholder initiates an e-commerce transaction at a 3DS-enabled merchant:
- The merchant's acquirer sends a 3DS authentication request to Lithic's Access Control Server (ACS)
- Lithic's fraud detection model evaluates the authentication data against risk indicators
- The model generates an approve or decline (or challenge, if enabled) decision
- Lithic returns the authentication response to the merchant through the network
- Lithic simultaneously sends a
three_ds_authentication.created
webhook to your organization containing the authentication details and outcome
Your organization receives comprehensive authentication data through webhooks but does not participate in the real-time decisioning process. This separation allows you to monitor authentication patterns and outcomes without maintaining high-availability infrastructure.
Authentication Data Access
While Lithic makes the authentication decisions, your organization receives detailed transaction data through the three_ds_authentication.created
webhook. This data includes transaction details, merchant information, risk indicators, and authentication outcomes that can inform your subsequent authorization decisioning.
For the complete list of available fields and their descriptions, see the 3DS Authentication Created webhook specification.
Augmenting Decisions with 3DS Auth Rules
Organizations can make Lithic's authentication decisions more restrictive by implementing 3DS Auth Rules. These rules evaluate authentication attributes and can decline transactions that Lithic's model would approve, providing an additional layer of custom control without requiring a full Customer Decisioning implementation.
Lithic applies the strictest decision across all evaluation models. If your 3DS auth rule declines an authentication that Lithic's model would have otherwise approved, the authentication will be declined. However, because the strictest decision is applied, 3DS auth rules cannot approve authentications that Lithic's model has declined.
3DS Auth Rules can target various authentication attributes including merchant category codes, countries, currencies, transaction amounts, and risk scores. For the complete list of targetable attributes and rule configuration options, see the Auth Rules API specification.
Network Compliance
Lithic's decisioning model maintains compliance with network-mandated approval thresholds while protecting against fraud. Mastercard requires a minimum 70% approval rate for frictionless 3DS authentications (MC Data Integrity Monitoring Program (Edit 1)). Lithic's model is calibrated to meet this threshold while maximizing fraud prevention.
In certain circumstances, Lithic may decline authentications to protect the payment ecosystem, such as during detected card testing attacks or exceptional merchant fraud events.
Integration with Authorization Decisioning
The authentication data provided from the 3DS authentication process can be used to make better decisions during the transaction authorization process. The cardholder_authentication
object in authorization requests includes:
liability_shift
: Indicates whether fraud liability has shifted from the merchant to your organizationauthentication_result
: The outcome of the 3DS authentication (approve/decline)decision_made_by
: Confirms the decision was made byLITHIC_RULES
three_ds_authentication_token
: Correlates the authentication with its subsequent authorization
The full cardholder_authentication
object can be found in the ASA request API specification.
When liability shifts to your organization following a successful 3DS authentication, you forfeit chargeback rights for fraud claims on that transaction. Lithic advises that your authorization logic should incorporate this liability shift signal along with the authentication outcome to make informed approval decisions.
Next Steps
Contact your Implementation Manager or Customer Success Manager to configure 3DS Lithic Decisioning for your card program.
For programs requiring more control over authentication decisions or the ability to implement custom risk rules, see 3DS Customer Decisioning. For programs interested in adding challenge capabilities, see 3DS Challenge Flows.
Updated 10 days ago