American Express SafeKey: How 3-D Secure Works on the Amex Network
American Express SafeKey is an Amex-specific security solution that leverages 3-D Secure technology to detect and reduce online fraud. SafeKey provides an extra layer of security when consumers shop through web browsers or in-app using their Amex card.
How does it benefit your business, though?
This article will examine American Express SafeKey. We’ll examine how Amex implements the technology, discuss some of the benefits SafeKey offers, and weigh them against potential downsides of the tool.
Recommended reading
- What is 3-D Secure? Fraud Prevention Solution Explained
- What are Velocity Checks? How Do They Stop Fraud Attacks?
- ECI Indicators: How to Understand 3DS Response Codes
- What You Should Know About EMV Fraud Prevention in 2024
- Visa Secure: What This Tool Does & How to Get Started
- Account Takeover Protection: Best Practices for Businesses
What is 3-D Secure Technology?
Let’s start with the basics.
3-D Secure is a customer authentication protocol created for eCommerce. The system is used to validate buyers at checkout, creating an additional layer of security for online transactions. Card networks recommend that both issuing banks and merchants support the protocol.
You can enroll in 3DS programs through each card brand. If you’re uncomfortable doing this yourself, contact your processor or merchant account provider to see if they offer 3DS and can help you deploy it in your eCommerce store. Some third-party providers can help you implement 3-D Secure verification as part of a chargeback management plan.
Learn more about 3-D Secure
How American Express SafeKey Uses 3DS Tech
SafeKey is a 3-D Secure service specific to Amex that leverages real-time authentication software to verify card users before a transaction. This data is used to detect stolen cards, identify unauthorized users, and thwart fraud attempts before a transaction can be processed. This technology aims to help merchants improve their anti-fraud and chargeback prevention efforts.
Approved transactions with American Express SafeKey work like this:
Phase 1 | Authentication Requested
When a customer inputs their card information to make a purchase, this data is processed through Amex SafeKey. The technology evaluates the cardholder based on their login credentials, location, and transaction history to determine the likelihood of a fraudulent transaction. This entire process occurs in just seconds.
Phase 2 | Approval
If the cardholder’s credentials check out, SafeKey’s algorithm will approve the transaction in real-time. After being authenticated and authorized, the cardholder will be seamlessly directed to the confirmation page without delay.
What if the credentials provided by the buyer don’t check out, though? Transactions declined by American Express SafeKey work like this:
Phase 1 | Authentication Requested
Same as above, the cardholder submits credentials that run through SafeKey for verification. The technology evaluates the cardholder to determine the likelihood of a fraudulent transaction. Again, this entire process occurs in just seconds.
Phase 2 | Verification Email Trigger
Suppose the SafeKey algorithm cannot authenticate the cardholder’s credentials. In that case, the cardholder will be sent a temporary passcode via email or SMS that they can input into a pop-up field. This tends to happen if the cardholder is doing anything outside the norm, like buying in a far-flung locale that's thousands of miles from home. It may also happen if their identity cannot be verified, or they misspelled anything during the verification process.
Phase 3 | Transaction Decline
Suppose the passcode is not imputed correctly by the individual attempting to initiate the transaction or the code times out. In either case, the transaction will be denied, and an email explaining the reason for the decline will be sent to the cardholder.
3DS technology can stop many fraud attacks. But…what about those it can’t stop?
It’s important to recognize that most genuine cases of credit card fraud result from card information being bought and sold on the dark web. Fraudsters use card details acquired through data breaches, phishing attacks, identity theft, and ATO fraud to commit all sorts of criminal acts.
Credit card numbers alone are not a foolproof method to commit fraud. In fact, many scammers buy their stolen card numbers in bulk and try as many as they can at a time, hoping one will work where ten might fail. Therefore, merchants who implement 3DS services in tandem with their regular fraud prevention systems can really make it difficult for the fraudster.
Benefits of American Express SafeKey
According to Amex, SafeKey 2.0 enables merchants and issuers to exchange detailed information, helping reduce fraud and minimize the need for a one-time passcode. This improves the user experience and helps prevent shopping cart abandonment.
Building consumer confidence can help expand your market reach. Enhanced fraud protection through SafeKey may encourage online customers to spend more and help grow your business. It can:
Potential Downsides to SafeKey
American Express SafeKey is a vast improvement over earlier fraud prevention tools. Unfortunately, there is still no such thing as a “foolproof” fraud prevention solution.
Programs like SafeKey can introduce friction at the secondary approval stage that can interrupt customers’ checkout process due to overly sensitive fraud triggers. As a consequence, some legitimate customers might be put off by the additional security measures and ultimately abandon their carts. Merchants should be aware that this happens often enough that friction will likely be an issue.
Additionally, all programs using 3DS are still largely ineffective against friendly fraud and other forms of first-party abuse. Since friendly fraud is a post-transactional act committed by the actual cardholder, 3DS will be rendered useless in these cases. This is a serious concern because friendly fraud accounts for the bulk of merchant chargebacks.
So, how can merchants combat these concerns and still get the most out of 3DS technologies like Amex SafeKey? The answer is to adopt a broader strategy to mitigate fraud.
3DS: A Smart Addition to Any Fraud Prevention Strategy
3-D Secure 2.0 technologies like American Express SafeKey work best as part of a multilayer fraud and chargeback management strategy.
Incorporating 3DS into a multi-faceted anti-fraud system can stop many fraud attacks in their tracks. Most fraudsters are unlikely to have all the data they need to combat these systems working in tandem with each other. That said, redundancies give you a tighter screening net, letting you identify more fraud attacks and generate better data.
American Express SafeKey is available to EMV-certified merchants (who can provide written certification verification) and PCI-DSS compliant. For true risk mitigation, though, you need a customized, end-to-end solution that can deploy the right tools and tactics where they will do the most good.
If you’re interested in learning more about 3-D Secure—or any other aspect of chargeback management—contact Chargebacks911® today. We can show you how to take chargebacks off your plate and increase your ROI.
