Understanding ECI codes on Failed Payments

For: Prommt account administrators and anyone investigating a card payment failure.

ECI stands for Electronic Commerce Indicator. It's a two-digit code returned by your payment gateway after a card transaction — successful or failed — that tells you the outcome of the 3D Secure 2 (3DS2) authentication step.

In plain terms: the ECI code tells you whether the customer's bank verified the cardholder's identity before the payment was processed, and how that verification happened.

You'll see ECI codes appear in the Payment Gateway Response field on a payment request, or in your gateway's reporting dashboard (Adyen, FreedomPay, or similar).

For a more detailed view, check the transaction record in your payment gateway's back-office portal. Adyen's Customer Area and FreedomPay's merchant portal both surface ECI codes against individual transactions.

What it means: The cardholder successfully completed 3DS2 authentication. Their bank verified their identity — via a code, a banking app prompt, or biometric — before the transaction was approved.

Liability: Fraud liability shifts to the card issuer. Your business is protected from chargebacks on fraudulent transactions.

What to do: Nothing — this is the ideal outcome. The payment is fully authenticated and your business is covered.

What it means: 3DS2 authentication was attempted but the customer's bank doesn't support the full authentication flow, or the cardholder was not available to authenticate. The transaction proceeded on a best-efforts basis.

Liability: Partial — liability shift applies in some cases, but not as comprehensively as ECI 05/02. The level of protection depends on your gateway and card scheme rules.

What to do: The payment may still have gone through. Check the overall transaction status. If the payment is marked as paid and no fraud is suspected, no action is needed. If you're seeing a pattern of ECI 06 on a particular customer or card type, it's worth noting — repeated attempted-only authentication on high-value transactions carries more risk.

What it means: No 3DS2 authentication was attempted or completed. The transaction was processed without the additional verification step.

Liability: No liability shift — your business carries the fraud liability on this transaction, not the card issuer.

What to do: ECI 07/00 should not appear on Prommt-generated payment requests under normal circumstances, as Prommt applies 3DS2 to all card transactions. If you're seeing this code on a Prommt payment:

This code appearing consistently is a signal that something in the 3DS configuration needs to be reviewed.

What it means: The gateway didn't return an ECI code with the transaction response. This can happen when:

What to do: Check the full Payment Gateway Response for a more specific failure reason. If the ECI is missing alongside a gateway error or blank response, see Troubleshooting: all payments failing on your account. If you're unsure, contact Prommt Support with the payment reference.

Prommt applies 3D Secure 2 to every card payment request. When authentication completes successfully (ECI 05 or ECI 02), fraud liability shifts away from your business to the card issuer — meaning you're protected if a cardholder later disputes the transaction as fraudulent.

This is one of the most important protections Prommt provides. An ECI 05/02 on a payment is confirmation that protection is in place.

For more on how Prommt handles chargebacks, see Chargebacks and fraud protection.