We are excited to announce the general availability [1] of liability shift for Visa device tokens for Google Pay.
For Mastercard device tokens the liability already lies with the issuing bank, whereas, for Visa, only eligible device tokens with issuing banks in the European region benefit from liability shift.
If liability shift is granted for a transaction, the responsibility of covering the losses from fraudulent transactions is moving from the merchant to the issuing bank. With this change, qualifying Google Pay Visa transactions done with a device token will benefit from this liability shift.
Eligible Visa transactions will carry an eciIndicator
value of 05
. PSPs can access the eciIndicator value after decrypting the payment method token. Merchants can check with their PSPs to get a report on liability shift eligible transactions.
{
"gatewayMerchantId": "some-merchant-id",
"messageExpiration": "1561533871082",
"messageId": "AH2Ejtc8qBlP_MCAV0jJG7Er",
"paymentMethod": "CARD",
"paymentMethodDetails": {
"expirationYear": 2028,
"expirationMonth": 12,
"pan": "4895370012003478",
"authMethod": "CRYPTOGRAM_3DS",
"eciIndicator": "05",
"cryptogram": "AgAAAAAABk4DWZ4C28yUQAAAAAA="
}
}
A decrypted payment token for a Google Pay Visa transaction with an eciIndicator value of 05 (liability shifted)
Check out the following table for a full list of eciIndicator values we return for our Visa and Mastercard device token transactions:
Any other eciIndicator values for VISA and Mastercard that aren't present in this table won't be returned.
Merchants may opt-in from within the Google Pay & Wallet console starting this month. Merchants in Europe (already benefiting from liability shift) do not need to take any actions as they will be auto enrolled.
In order for your Google Pay transaction to qualify for enabling liability shift, the following API parameters are required:
In the US, the following MCC codes are excluded from getting liability shift:
In order for your Google Pay transactions to qualify for liability shift, make sure to include the above mentioned parameters totalPrice
and totalPriceStatus
. Transactions with totalPrice=0
or a hard coded totalPrice
(always the same amount but the users get charged a different amount) will not qualify for liability shift.
Additionally, the currency used when initializing Google Pay must match the currency during the authorization. Non matching currencies could lead to declined transactions.
Google Pay API transactions with Visa device tokens are qualified for liability shift at facilitation time if all the conditions are met, but a transaction qualified for liability shift can be downgraded by network during transaction authorization processing.
Not yet using Google Pay? Refer to the documentation to start integrating Google Pay today. Learn more about the integration by taking a look at our sample application for Android on GitHub or use one of our button components for your web integration. When you are ready, head over to the Google Pay & Wallet console and submit your integration for production access.
Follow @GooglePayDevs on X (formerly Twitter) for future updates. If you have questions, tag @GooglePayDevs and include #AskGooglePayDevs in your tweets.
[1] For merchants and PSPs using dynamic price updates or other callback mechanisms the Visa device token liability shift changes will be rolled out later this year.