Mastercard Identity Check: A Crucial Component of a Multilayered Fraud Management Strategy
Online shopping has seen unprecedented growth over the last few years. Unfortunately, the same could be said of online fraud.
Data from Mastercard themselves show that global chargeback volume reached 615 million in 2021. Something needs to be done to stem the rising tide of fraud. Mastercard Identity Check may provide an answer.
Mastercard Identity Check (sometimes referred to simply as Identity Check or MCID) offers an extra layer of protection against fraud. It’s designed to defend cardholders and merchants from the growing threat of online fraud. This global solution makes it a lot harder to use a Mastercard payment card that's been reported lost or stolen.
Identity Check provides crucial protections. But is it enough for complete fraud mitigation? Let’s take a look.
Recommended reading
- The Top 10 Fraud Detection Tools You Need to Have in 2024
- What are Velocity Checks? How Do They Stop Fraud Attacks?
- ECI Indicators: How to Understand 3DS Response Codes
- Proxy Piercing: How Merchants Can Use it to Prevent Fraud
- Card Verification Values: What Are CVVs & How Do They Work?
- Payment Authentication: How to Verify Buyers Before a Sale
What is Mastercard Identity Check?
- Mastercard Identity Check
Mastercard Identity Check is the Mastercard-branded deployment of 3-D Secure 2.0 technology. The technology helps authenticate purchasers as authorized cardholders.
[noun]/ī • den • tə • tē • chək/Mastercard Identity Check is an advanced security feature available from Mastercard. In simple terms, you can think of it as a more advanced version of an earlier tool known as Mastercard SecureCode.
Identity Check was created to make online Mastercard transactions as safe, fast, and convenient as purchases made in a store. This extra layer of verification helps protect both cardholders and merchants during checkout.
Learn More About 3-D Secure technologyThe program works by verifying a customer's identity at the checkout stage, ensuring that transactions come from only authorized Mastercard card users. This 3-D Secure Mastercard deployment is the same technology used by other card networks like JCB, American Express, and Discover. Visa, for instance, refers to their 3DS product as Visa Secure (formerly referred to as Verified by Visa).
What's the Difference Between Identity Check and SecureCode?
As mentioned above, Identity Check is generally a more advanced version of SecureCode. While SecureCode was the Mastercard-branded 3DS 1.0 product, Identity Check is the Mastercard-branded version of 3DS 2.0.
The most noticeable difference is in the depth of their security measures. While SecureCode essentially gives you a private code for transaction validation, it doesn't offer much else.
Given the ever-evolving skills of cybercriminals, security solutions need to be equally adaptive and sophisticated. In response, the new tool goes beyond a single verification code, employing multiple data points for user identification. The system often validates the cardholder behind the scenes, making the process almost transparent to the user.
Rather than focusing solely on what the user knows — such as passwords — Identity Check emphasizes what the user has in their possession. It allows for more secure protection through two-factor biometric authentication like fingerprint or facial recognition. Moreover, it employs one-time passwords sent via SMS, streamlining the verification process without requiring you to remember complex codes.
How Does Mastercard Identity Check Work?
The updated protocol uses risk-based analysis to assess transaction risk. That means instead of a static password, the system compares over 100 different data points to verify shopper identity in real-time. In 95% of cases, buyers can be authenticated with no additional input, eliminating friction tied to older versions of 3DS technology.
Here’s a quick breakdown of how Identity Check typically works:
Transaction Initiation:
A cardholder makes an online purchase at a participating retailer, The Mastercard Identity Check service activates automatically during the payment stage of the transaction.
Identity Verification:
Mastercard Identity Check will ask for additional verification. This usually comes in the form of a one-time password (OTP), a fingerprint, or facial recognition.
Notification:
The cardholder may receive an alert on their registered mobile device or email address. They’ll be prompted to provide a second factor of authentication to verify the transaction.
User Input:
The cardholder enters a one-time passcode (OTP), or confirms their identity using biometric data. The specifics will depend on the options available and what the customer has set up beforehand.
Transaction Completion:
Once the buyer’s identity has been verified, the payment will be authorized. The cardholder will receive confirmation, and the transaction will proceed as normal.
Mastercard Identity Check only asks for secondary identification in about 5% of cases. This “frictionless flow” is faster, more accurate, and easier to use than SecureCode and other 3DS 1.0 technologies. It also reduces the risk posed by false positives if a Mastercard Identity Check authentication fails.
Why Should Merchants Use a 3-D Secure Solution?
Mastercard Identity Check delivers a smoother transaction process and higher security. That alone makes the product worth considering. However, there are additional features and benefits to consider.
Strong Customer Authentication (SCA), for instance, is an online payment security mandate integral to the Payment Services Directive (PSD2). SCA requires transactions in the European Union to have two forms of customer identification. Validating a customer’s identity using Identity Check (or another 3DS tool) fulfills this requirement.
3-D Secure represents the latest standard in global payment security, and the protocol is a requirement in order to accept credit cards in Europe. The technology involves such a robust transaction analysis that most transactions may be deemed SCA-compliant even without secondary identification.
Other benefits include:
The Mastercard Chargeback Guide specifies that successful transactions using Identity Check are not eligible for a chargeback involving any of the following reason codes:
4837: No Cardholder Authorization
4849: Questionable Merchant Activity
4863: Cardholder Does Not Recognize—Potential Fraud
Even with chargebacks using other reason codes, the use of Identity Check could still be used as compelling evidence.
Getting Started With Mastercard Identity Check
Merchant enrollment in Mastercard Identity Check is handled at the acquirer level. It is not something individual merchants can do on their own.
There are two methods that acquirers can use to enroll merchants in Mastercard Identity Check. First, they can use the bulk file load that is available through Mastercard Connect. Another option is to use the Merchant Enrollment API, which is a more efficient and streamlined option.
The Merchant Enrollment API from Mastercard lets acquirers manage merchant participation in the program. Acquirers can send enrollment data through API interfaces to add or delete merchants directly via Mastercard Identity Solutions Services Management (ISSM). Acquirers will also be notified about any activity that occurs tied to any of their registered BINs (bank identification numbers).
Learn more about bank Mastercard reason codes
MCID: One Part of an Overall Strategy
Using MCID may lower a merchant's overall number of chargebacks. The technology is by no means “perfect,” though.
The underlying software was not designed to combat chargebacks. It is only aimed at detecting and preventing criminal fraud. So, while it's certainly a step in the right direction, Identity Check's chargeback prevention capabilities are limited in several areas:
- It can only be used for online transactions.
- It only prevents chargebacks associated with Mastercard transactions.
- A transaction can be authenticated, even if it was not authorized.
- It can deter unauthorized transactions, but has no effect on first-party fraud.
That last point is very important. Our research suggests that only a small portion of chargebacks are the product of genuine criminal fraud. Most chargebacks are the result of friendly fraud. Mastercard Identity Check has no effect on chargebacks resulting from merchant error or friendly fraud.
Mastercard Identity Check authentication does offer valuable protection against fraud. It works best, however, as part of a multi-level fraud and chargeback management strategy.
Merchants need a customized, end-to-end solution that employs the most effective tools where they will do the most good. If you’re interested in learning the role Identity Check can play in your overall chargeback management strategy, contact Chargebacks911® today.
FAQs
What is Mastercard Identity Check?
Mastercard Identity Check is the Mastercard-branded deployment of 3-D Secure technology. The technology helps authenticate purchasers as authorized cardholders. In simple terms, you can think of it as a more advanced version of an earlier tool known as Mastercard SecureCode.
Why do I get a Mastercard ID Check?
Cardholders receive Mastercard ID Check requests because they’ve previously enrolled in the program. Some banks may require enrollment in Identity Check in order to make Mastercard purchases online.
What is the difference between Mastercard Identity Check and SecureCode?
Rather than focusing solely on what the user knows— such as passwords— Identity Check emphasizes what the user has in their possession. It offers a more secure layer of protection through two-factor biometric authentication like fingerprint or facial recognition. Moreover, it employs one-time passwords sent via SMS, streamlining the verification process without requiring you to remember complex codes.
Is Mastercard Identity Check mandatory?
Mastercard Identity Check is generally not mandatory for all transactions, but it may be required by certain merchants or financial institutions or for specific types of high-risk transactions. Its use can also depend on the policies of the card-issuing bank. Opting in for the service is usually at the discretion of the cardholder, although it's recommended for enhanced security.