American Express SafeKeyExamining 3DS Technology for Amex Cardholders
In a Nutshell
This article will examine American Express SafeKey. We’ll examine how Amex implements the technology, discuss some of the benefits SafeKey offers, and weigh them against potential downsides of the tool.
American Express SafeKey: How 3D Secure Works on the Amex Network
American Express SafeKey is an Amex-specific security solution that leverages 3D Secure technology to detect and reduce online fraud. SafeKey provides an extra layer of security when consumers shop through web browsers or in-app using their Amex card.
How does it benefit your business, though? Let’s delve into that.
3D Secure
Is 3D Secure the security solution you’ve been searching for or a one-way street to higher friction and abandoned carts? Here, we’ll explain everything you need to know about 3D Secure: what it is, how it works, how it’s branded differently across each card network, why you need it… and why it won’t be enough on its own.
How American Express SafeKey Works
SafeKey is a 3D Secure service specific to Amex that leverages real-time authentication software to verify card users before a transaction. This data is used to detect stolen cards, identify unauthorized users, and thwart fraud attempts before a transaction can be processed. This technology aims to help merchants improve their anti-fraud and chargeback prevention efforts.
Approved transactions with American Express SafeKey work like this:
Phase #1 | Authentication Requested
When a customer inputs their card information to make a purchase, this data is processed through Amex SafeKey. The technology evaluates the cardholder based on their login credentials, location, and transaction history to determine the likelihood of a fraudulent transaction. This entire process occurs in just seconds.
Phase #2 | Transaction Approval
If the cardholder’s credentials check out, SafeKey’s algorithm will approve the transaction in real-time. After being authenticated and authorized, the cardholder will be seamlessly directed to the confirmation page without delay.
What if the credentials provided by the buyer don’t check out, though? Transactions declined by American Express SafeKey work like this:
Phase #1 | Authentication Requested
Same as above, the cardholder submits credentials that run through SafeKey for verification. The technology evaluates the cardholder to determine the likelihood of a fraudulent transaction. Again, this entire process occurs in just seconds.
Phase #2 | Verification Email Trigger
Suppose the SafeKey algorithm cannot authenticate the cardholder’s credentials. In that case, the cardholder will be sent a temporary passcode via email or SMS that they can input into a pop-up field. This tends to happen if the cardholder is doing anything outside the norm, like buying in a far-flung locale that's thousands of miles from home. It may also happen if their identity cannot be verified, or they misspelled anything during the verification process.
Phase #3 | Transaction Decline
Suppose the passcode is not imputed correctly by the individual attempting to initiate the transaction or the code times out. In either case, the transaction will be denied, and an email explaining the reason for the decline will be sent to the cardholder.
Credit card numbers alone are not a foolproof method to commit fraud. In fact, many scammers buy their stolen card numbers in bulk and try as many as they can at a time, hoping one will work where ten might fail. Therefore, merchants who implement 3DS services in tandem with their regular fraud prevention systems can really make it difficult for the fraudster.
Benefits of American Express SafeKey
According to Amex, SafeKey 2.0 enables merchants and issuers to exchange detailed information, helping reduce fraud and minimize the need for a one-time passcode. This improves the user experience and helps prevent shopping cart abandonment.
Building consumer confidence can help expand your market reach. Enhanced fraud protection through SafeKey may encourage online customers to spend more and help grow your business. It can:
Potential Downsides to SafeKey
American Express SafeKey is a vast improvement over earlier fraud prevention tools. Unfortunately, there is still no such thing as a “foolproof” fraud prevention solution.
Programs like SafeKey can introduce friction at the secondary approval stage that can interrupt customers’ checkout process due to overly sensitive fraud triggers. As a consequence, some legitimate customers might be put off by the additional security measures and ultimately abandon their carts. Merchants should be aware that this happens often enough that friction will likely be an issue.
Additionally, all programs using 3DS are still largely ineffective against friendly fraud and other forms of first-party abuse. Since friendly fraud is a post-transactional act committed by the actual cardholder, 3DS will be rendered useless in these cases. This is a serious concern because friendly fraud accounts for the bulk of merchant chargebacks.
So, how can merchants combat these concerns and still get the most out of 3DS technologies like Amex SafeKey? The answer is to adopt a broader strategy to mitigate fraud.
Getting Started with American Express SafeKey
Unlike some card networks, American Express operates as both the network and a major issuer, which streamlines certain aspects of SafeKey implementation. However, merchants will still enable the service through their existing payment infrastructure, rather than directly with Amex.
The first step is contacting your 3DS server provider (also called an MPI provider) to enable SafeKey. If your provider is already certified with American Express, activation may be straightforward. You'll also need to coordinate with your acquirer or payment service provider to ensure SafeKey authentication data can be passed through in authorization requests.
Not sure if your MPI provider is certified with American Express? For a list of certified providers, you can visit amexenabled.com.
Merchants processing in-app transactions have an additional consideration: the 3DS SDK. This software component integrates into your mobile application to handle SafeKey authentication. SDK providers must enroll with American Express and demonstrate EMVCo certification before their solutions can process SafeKey transactions.
American Express does not charge merchants directly for SafeKey. But, your 3DS server provider may have associated costs for their services. Before implementation, confirm pricing with your provider and acquirer.
For merchants seeking direct certification or those with complex integration requirements, American Express recommends contacting your Amex representative. Technical specifications for directly acquired merchants are available at americanexpress.com/merchantspecs, and SafeKey documentation can be accessed through the AMEX Enabled dashboard after registration.
3DS: A Smart Addition to Any Fraud Prevention Strategy
3D Secure 2.0 technologies like American Express SafeKey work best as part of a multilayer fraud and chargeback management strategy.
Incorporating 3DS into a multi-faceted anti-fraud system can stop many fraud attacks in their tracks. Most fraudsters are unlikely to have all the data they need to combat these systems working in tandem with each other. That said, redundancies give you a tighter screening net, letting you identify more fraud attacks and generate better data.
American Express SafeKey is available to EMV-certified merchants (who can provide written certification verification) and PCI-DSS compliant. For true risk mitigation, though, you need a customized, end-to-end solution that can deploy the right tools and tactics where they will do the most good.
If you’re interested in learning more about 3-D Secure—or any other aspect of chargeback management—contact Chargebacks911® today. We can show you how to take chargebacks off your plate and increase your ROI.
