The Electronic Commerce Indicator (ECI) is a code in card-not-present authorization messages that tells the issuer how authentication was performed: fully authenticated, attempted, merchant-risk, tokenized, and other scheme-specific values. ECI is not decorative metadata; issuers and acquirers use it in fraud models and interchange qualification.
Network token transactions carry ECI values that signal token-based authentication distinct from vanilla PAN entry. Pairing the wrong ECI with a TAVV, UCAF, or AEVV cryptogram is a frequent integration bug: the cryptogram says “token” while the ECI still says “unauthenticated e-commerce,” and the issuer downgrades the transaction.
Each scheme assigns its own ECI codebook. Visa, Mastercard, and Amex mappings do not translate one-to-one. Multi-scheme platforms must branch on card network when building authorization requests, even if the merchant-facing API is unified.
Veliro sets scheme-appropriate ECI values when returning cryptograms so your forward-to-PSP payload is coherent. Correct ECI handling is part of realizing network token approval benchmarks; without it, tokens devolve into expensive aliases for PAN traffic.
Regression tests should assert ECI plus cryptogram pairs per scheme in CI fixtures, not only in production monitoring. A PSP adapter change that strips ECI is one of the most common silent regressions after acquirer migrations.