Mastercard Identity CheckExploring Mastercard's Latest Big Move Against Fraud

Mastercard Identity Check: A Crucial Component of a Multilayered Fraud Management Strategy

Online shopping has seen unprecedented growth over the last few years. Unfortunately, the same could be said of online fraud.

Data from Mastercard themselves show that global chargeback volume reached 615 million in 2021. Something needs to be done to stem the rising tide of fraud. Mastercard Identity Check may provide an answer.

Mastercard Identity Check (sometimes referred to simply as Identity Check or MCID) offers an extra layer of protection against fraud. It’s designed to defend cardholders and merchants from the growing threat of online fraud. This global solution makes it a lot harder to use a Mastercard payment card that's been reported lost or stolen. 

Identity Check provides crucial protections. But is it enough for complete fraud mitigation? Let’s take a look.

What is Mastercard Identity Check?

Mastercard Identity Check

[noun]/ī • den • tə • tē • chək/

Mastercard Identity Check is the Mastercard-branded deployment of 3-D Secure 2.0 technology. The technology helps authenticate purchasers as authorized cardholders.

Mastercard Identity Check is an advanced security feature available from Mastercard. In simple terms, you can think of it as a more advanced version of an earlier tool known as Mastercard SecureCode.

Identity Check was created to make online Mastercard transactions as safe, fast, and convenient as purchases made in a store. This extra layer of verification helps protect both cardholders and merchants during checkout.

Learn More About 3-D Secure technology

The program works by verifying a customer's identity at the checkout stage, ensuring that transactions come from only authorized Mastercard card users. This 3-D Secure Mastercard deployment is the same technology used by other card networks like JCB, American Express, and Discover. Visa, for instance, refers to their 3DS product as Verified by Visa.

What's the Difference Between Identity Check and SecureCode?

As mentioned above, Identity Check is generally a more advanced version of SecureCode. While SecureCode was the Mastercard-branded 3DS 1.0 product, Identity Check is the Mastercard-branded version of 3DS 2.0.

The most noticeable difference is in the depth of their security measures. While SecureCode essentially gives you a private code for transaction validation, it doesn't offer much else.

Given the ever-evolving skills of cybercriminals, security solutions need to be equally adaptive and sophisticated. In response, the new tool goes beyond a single verification code, employing multiple data points for user identification. The system often validates the cardholder behind the scenes, making the process almost transparent to the user.

Rather than focusing solely on what the user knows — such as passwords — Identity Check emphasizes what the user has in their possession. It allows for more secure protection through two-factor biometric authentication like fingerprint or facial recognition. Moreover, it employs one-time passwords sent via SMS, streamlining the verification process without requiring you to remember complex codes.

How Does Mastercard Identity Check Work?

The updated protocol uses risk-based analysis to assess transaction risk. That means instead of a static password, the system compares over 100 different data points to verify shopper identity in real-time. In 95% of cases, buyers can be authenticated with no additional input, eliminating friction tied to older versions of 3DS technology.

Mastercard Identity Check only asks for secondary identification in about 5% of cases. This “frictionless flow” is faster, more accurate, and easier to use than SecureCode and other 3DS 1.0 technologies. It also reduces the risk posed by false positives if a Mastercard Identity Check authentication fails.

Why Should Merchants Use a 3-D Secure Solution?

Mastercard Identity Check delivers a smoother transaction process and higher security. That alone makes the product worth considering. However, there are additional features and benefits to consider.

Strong Customer Authentication (SCA), for instance, is an online payment security mandate integral to the Payment Services Directive (PSD2). SCA requires transactions in the European Union to have two forms of customer identification. Validating a customer’s identity using Identity Check (or another 3DS tool) fulfills this requirement.

3-D Secure represents the latest standard in global payment security, and the protocol is a requirement in order to accept credit cards in Europe. The technology involves such a robust transaction analysis that most transactions may be deemed SCA-compliant even without secondary identification.

Other benefits include:

Getting Started With Mastercard Identity Check

Merchant enrollment in Mastercard Identity Check is handled at the acquirer level. It is not something individual merchants can do on their own.

There are two methods that acquirers can use to enroll merchants in Mastercard Identity Check. First, they can use the bulk file load that is available through Mastercard Connect. Another option is to use the Merchant Enrollment API, which is a more efficient and streamlined option.

The Merchant Enrollment API from Mastercard lets acquirers manage merchant participation in the program. Acquirers can send enrollment data through API interfaces to add or delete merchants directly via Mastercard Identity Solutions Services Management (ISSM). Acquirers will also be notified about any activity that occurs tied to any of their registered BINs (bank identification numbers).

MCID: One Part of an Overall Strategy

Using MCID may lower a merchant's overall number of chargebacks. The technology is by no means “perfect,” though.

The underlying software was not designed to combat chargebacks. It is only aimed at detecting and preventing criminal fraud. So, while it's certainly a step in the right direction, Identity Check's chargeback prevention capabilities are limited in several areas:

• It can only be used for online transactions.
• It only prevents chargebacks associated with Mastercard transactions.
• A transaction can be authenticated, even if it was not authorized.
• It can deter unauthorized transactions, but has no effect on first-party fraud.

That last point is very important. Our research suggests that only a small portion of chargebacks are the product of genuine criminal fraud. Most chargebacks are the result of friendly fraud. Mastercard Identity Check has no effect on chargebacks resulting from merchant error or friendly fraud.

Mastercard Identity Check authentication does offer valuable protection against fraud. It works best, however, as part of a multi-level fraud and chargeback management strategy.

Merchants need a customized, end-to-end solution that employs the most effective tools where they will do the most good. If you’re interested in learning the role Identity Check can play in your overall chargeback management strategy, contact Chargebacks911® today.