Mastercard SecureCodeLayer Up Your Defenses Against Fraud & Chargebacks With 3DS Technology

What is Mastercard SecureCode? How Does it Help Stop Fraud?

Once upon a time, credit card purchases required an actual plastic credit card. Then along came the internet, where cardholders could buy stuff using just their name and account number.

That makes things fast and convenient for you and your customers… but it also makes it a lot easier for fraudsters, too.

Mastercard’s SecureCode was designed to address that. But what is this program, exactly?

In this post, we took a look at why this program exists, how it works, and how it helps put a lid on credit card fraud.

What is Mastercard SecureCode?

Mastercard SecureCode

[noun]/mas • tər • kard • sə • kyo͝or • kōd/

Mastercard SecureCode is a Mastercard-branded tool built on 3-D Secure technology. It helps validate cardholder identities during the checkout process by entering a one-time-use password supplied by the card network.

Think about it: unless you see a person actually paying with a physical card, you have no idea if the buyer is the cardholder or someone else. Enter Mastercard SecureCode, a free tool that adds an extra layer of security to online customers. 

SecureCode is based on 3-D Secure technology. As you might’ve guessed based on the name, the tool sends a unique Mastercard “secure code” that identifies and authorizes Mastercard users when they attempt to make a purchase online.

Only the cardholder knows this one-time code. Without it, unauthorized use is blocked, saving the customer from identity theft and protecting you from fraudulent sales and chargebacks.

Mastercard SecureCode is an opt-in service on both ends of the transaction. It only applies to a transaction if both the merchant and the cardholder have opted into the service.

How Does Mastercard SecureCode Work?

First, a cardholder must register for Mastercard SecureCode, the process is similar to using a PIN at a physical card reader or ATM. After entering all their typical card information – name, card number, expiration date, CVV, etc. – the cardholder will receive a one-use pass code automatically sent by the issuer. The program requires the customer to provide the passcode before the transaction can be completed.

If the code is entered correctly, the issuing bank will confirm the customer's identity and allow the transaction to go through. Without the code, however, the sale will be denied.

To minimize checkout friction whenever possible, SecureCode is only triggered by higher-risk transactions. In situations where fraud is less likely, such as smaller charges or recurring billing, cardholders won’t receive the passcode. Ultimately, that means a more streamlined user experience for your customers without denying fraud protection.

Consumers can set up the tool on their bank's website. The merchant can also prompt the customer to sign up from their website, if they choose.

Merchant Benefits of SecureCode

There are obvious benefits to participating in SecureCode.

Merchants in the program typically experience a reduced number of fraudulent transactions. It’s easier to validate card-not-present transactions with SecureCode, which works as a secondary form of validation. It’s almost like having the benefit of a PIN code, but for online purchases.

Reduced fraud means the merchant sees fewer Mastercard chargebacks. Additionally, customers seeing the Mastercard symbol on a merchant's web page are likely to have greater confidence in the site's security. One can think of it as being like a “seal of approval,” helping verify legitimate businesses through their association with Mastercard.

• Reduced fraud liability
• More secure eCommerce payments
• Improved cardholder security
• Reduced chargeback issuances

Finally, because it is an opt-in program, the buyer should already know how to navigate the 3DS-facilitated checkout process. Thus, it has minimal impact on the customer experience (at least in theory).

Common Merchant Objections to SecureCode

All that said, some merchants remain skeptical. They fear anything that might add even a slight amount of friction at checkout, believing it might drive away potential buyers. That’s not unreasonable: implementing any kind of front-end-facing security technology causes some friction and carries a risk of cart abandonment.

Even worse, a new or occasional customer might forget about the SecureCode process. That unexpected prompt during checkout could be mistaken for some type of fraudulent activity.

To some extent, these were valid complaints under earlier versions of the 3DS technology. It was common to hear stories of buyers getting rerouted to a 3DS-enabled checkout page and abandoning their purchase.

With the benefit of 3-D Secure 2.0 technology, though, you can rest easy. Identity Check, which is the successor to SecureCode, makes for a much smoother and user-friendly experience.

Learn more about Mastercard Identity Check

Is SecureCode Effective at Stopping Fraud?

In short: yes.

From a merchant’s perspective, the greatest asset offered by 3DS is protection against liability in the event of fraud. If a criminal manages to defeat the technology and complete an online purchase, Mastercard will shift liability away from the merchant and onto the issuer.

This liability shift essentially provides merchants with the same cover that brick-and-mortar sellers receive if a fraudster manages to defeat EMV chip technology. The merchant is protected against "cardholder unauthorized" or "cardholder not recognized" chargebacks. This minimizes overall chargeback exposure, reducing mid- to long-term chargeback losses and processing expenses.

SecureCode doesn’t just shift liability, though. It functions as a layer of protection to actively help stop fraudulent transactions from being completed. The individual using the card must have the correct code to go forward.

No code? No sale.

Weakpoints of Mastercard SecureCode

SecureCode may lower one’s overall chargeback issuances, but the technology is not perfect by any means. The underlying software — the 3-D Secure technology — was designed to detect and prevent criminal fraud rather than combat chargebacks. While it's certainly a step in the right direction, the protections still fall short in several areas that we should address:

That last point is very important. Our research suggests less than 10% of all chargebacks are the product of genuine criminal fraud. Most chargebacks are the result of friendly fraud rather than criminal activity. SecureCode has no effect on chargebacks resulting from friendly fraud, or from common merchant errors in service, fulfillment, or technological deployment.

Multi-Tiered Strategies Are Best

Enrolling in Securecode is a great start for any fraud prevention plan. However, both merchants and consumers must beware of falling into a false sense of security while using the tool.

SecureCode is just one small part of fraud prevention, and fraud prevention itself is just one small part of overall chargeback management. Efficient chargeback prevention and risk mitigation require a multi-tiered approach aimed at combating the root causes of chargebacks.

For example, merchants can amplify SecureCode’s effectiveness by adding a chargeback alert program. Alerts give one the opportunity to refund customers who have instigated a transaction dispute based on an unauthorized transaction claim. In cases where the program can’t protect against a bad transaction, a chargeback alert can still save you the trouble and expense of a chargeback.

Even more important, though, is an overall strategy to encourage long-term chargeback reduction and ultimately prevent chargebacks. Most merchants already understand the benefits of using all the fraud prevention tools available to them, but remember: these aren’t problems that you can prevent solely through anti-fraud technology or automation.

Chargebacks911® offers the industry’s only comprehensive chargeback management solution backed by a performance-based ROI. Click below and find out how much you could save today.