What is Mastercard SecureCode? How Does it Help Stop Fraud?
Mastercard SecureCode serves as an extra layer of protection designed to defend cardholders — and merchants — against the growing threat of fraudulent activity. This global solution makes it harder for a person to use a Mastercard credit or debit card without valid authentication.
Of course, like any fraud tool, there are advantages and disadvantages to using SecureCode. And, as a merchant, there are also best practices one can adopt to ensure that they get the most out of their efforts. Let’s take a closer look.
Recommended reading
- The Top 10 Fraud Detection Tools You Need to Have in 2024
- What are Velocity Checks? How Do They Stop Fraud Attacks?
- ECI Indicators: How to Understand 3DS Response Codes
- Proxy Piercing: How Merchants Can Use it to Prevent Fraud
- Card Verification Values: What Are CVVs & How Do They Work?
- Payment Authentication: How to Verify Buyers Before a Sale
What is Mastercard SecureCode?
- Mastercard SecureCode
Mastercard SecureCode is the Mastercard-branded deployment of 3-D Secure technology. The tool asks cardholders to validate their identities during the checkout process by entering a one-time-use password supplied by the card network.
[noun]/mas • tər • kard • sə • kyo͝or • kōd/SecureCode is the Mastercard-branded deployment of 3-D Secure technology, designd for use on the Mastercard network. The technology has multiple analogs across different card brands, including Verified by Visa, ProtectBuy from Discover, SafeKey by American Express, and J/Secure from JCB International.
Mastercard introduced this tool with the goal of making online transactions more secure, benefitting both merchants and consumers. The platform works behind the scenes to verify cardholders’ identities with the aim of ensuring that transactions come only from authorized Mastercard users.
Mastercard promotes the benefits of SecureCode for both consumers and merchants, including:
- Reduced fraud liability
- More secure eCommerce payments
- Improved cardholder security
- Reduced chargeback issuances (for merchants)
Mastercard SecureCode is an opt-in service on both ends of the transaction. It only applies to a transaction if both the merchant and the cardholder have opted into the service. We recommend speaking with your acquiring bank to ensure you’re taking advantage of the benefits of 3-D Secure.
Using SecureCode at Checkout
When Mastercard SecureCode was first launched in 2001, the intended purpose was to authenticate each incoming transaction involving a participating card. This, of course, added a fair amount of friction at checkout, which wasn’t great for merchants. Thus, the platform has undergone several updates in the last two decades.
Now, both issuers and merchants use more selective fraud detection and authentication tools that are designed to flag only high-risk transactions. What this means for consumers is a less stringent but more secure authentication process at checkout.
When SecureCode is enabled by both parties, the checkout process looks like this:
Remember, though, that a cardholder must be registered with the platform to use SecureCode. Cardholders who do not take this step will not be prompted to enter a code during the checkout process; to them, it’s as if the tool doesn’t exist at all.
Consumers can set up the tool on their bank's website. The merchant can also prompt the customer to sign up from their website, if they choose.
Merchant Benefits of SecureCode
There are obvious benefits to participating in SecureCode.
Merchants in the program typically experience a reduced number of fraudulent transactions. It’s easier to validate card-not-present transactions with SecureCode, which works as a secondary form of validation. It’s almost like having the benefit of a PIN code, but for online purchases.
Reduced fraud means the merchant sees fewer Mastercard chargebacks. Additionally, customers seeing the Mastercard symbol on a merchant's web page are likely to have greater confidence in the site's security. One can think of it as being like a “seal of approval,” helping verify legitimate businesses through their association with Mastercard.
Finally, because it is an opt-in program, the buyer should already know how to navigate the 3DS-facilitated checkout process. Thus, it has minimal impact on the customer experience (at least in theory).
Common Merchant Objections to SecureCode
All that said, perhaps the most common reason merchants choose not to participate is a fear that SecureCode may drive away potential buyers. That’s an understandable impulse; after all, implementing any kind of front-end-facing security technology means more friction during the checkout process. This carries an inherent risk of cart abandonment.
Even worse, a customer who only makes the occasional online transaction might forget about the tool. Getting an unexpected and interruptive prompt during the checkout process may cause that individual to assume the popup is fraudulent and abandon their purchase. They may even choose never to do business with the merchant again.
These were, at least in part, valid complaints under earlier versions of the technology. It was common to hear stories of buyers getting rerouted to a 3DS-enabled checkout page and abandoning their purchase.
Now, however, merchants have the benefit of 3-D Secure 2.0 technology. The newer, 3DS2-enabled version of SecureCode, makes for a much smoother process.
Is SecureCode Effective at Stopping Fraud?
In short: yes.
From a merchant’s perspective, the greatest asset offered by 3DS is protection against liability in the event of fraud. If a criminal manages to defeat the technology and complete an online purchase, Mastercard will shift liability away from the merchant and onto the issuer.
This liability shift essentially provides merchants with the same cover that brick-and-mortar sellers receive if a fraudster manages to defeat EMV chip technology. The merchant is protected against "cardholder unauthorized" or "cardholder not recognized" chargebacks. This minimizes overall chargeback exposure, reducing mid- to long-term chargeback losses and processing expenses.
SecureCode doesn’t just shift liability, though. It actively helps stop fraudulent transactions from being completed.
To illustrate how the tool helps fight fraud: imagine you’re a consumer whose debit card credentials were stolen by a skimmer at a gas pump. Entirely without your knowledge, that information was advertised and sold to someone on the dark web. The buyer then uses that information to make purchases online. While CVV checks are designed to impede activity like this, CVV is less effective for online purchases that don’t feature this safeguard, swiped transactions, or for individuals with access to a physical card.
SecureCode helps to prevent scenarios like this because it isn’t entered like a credit card number on a merchant’s website. Instead, 3DS2 is an intermediary field between the credit card issuer and the cardholder. If the individual using the card online lacks the correct code or fails to enter the code, the transaction is declined.
Weakpoints of Mastercard SecureCode
Remember: SecureCode doesn’t replace traditional authorization approval. It’s an additional step in the authentication process that helps to secure card-not-present transactions.
SecureCode may lower one’s overall chargeback issuances, but the technology is not perfect by any means. The underlying software — the 3-D Secure technology powering SecureCode — was designed to detect and prevent criminal fraud rather than combat chargebacks. While it's certainly a step in the right direction, the protections still fall short in several areas that we should address:
That last point is very important. Our research suggests less than 10% of all chargebacks are the product of genuine criminal fraud. Most chargebacks are the result of friendly fraud rather than criminal activity. SecureCode has no effect on chargebacks resulting from friendly fraud, or from common merchant errors in service, fulfillment, or technological deployment.
Multi-Tiered Strategies Are Best
Enrolling in Securecode is a great start for any fraud prevention plan. However, both merchants and consumers must beware of falling into a false sense of security while using the tool.
What Consumers Should Do
We recommend the following best practices to help cardholders protect themselves against criminal fraud:
What Merchants Should Do
SecureCode is just one small part of fraud prevention, and fraud prevention itself is just one small part of overall chargeback management. Efficient chargeback prevention and risk mitigation require a multi-tiered approach aimed at combating the root causes of chargebacks.
For example, merchants can amplify SecureCode’s effectiveness by adding a chargeback alert program. Alerts give one the opportunity to refund customers who have instigated a transaction dispute based on an unauthorized transaction claim. In cases where SecureCode can’t protect against a bad transaction, a chargeback alert can still save you the trouble and expense of a chargeback.
Even more important, though, is an overall strategy to encourage long-term chargeback reduction and ultimately prevent chargebacks. Most merchants already understand the benefits of using all the fraud prevention tools available to them, but remember: these aren’t problems that you can prevent solely through anti-fraud technology or automation.
Chargebacks911® offers the industry’s only comprehensive chargeback management solution backed by a performance-based ROI. Click below and find out how much you could save today.
FAQs
What is Mastercard SecureCode?
Mastercard SecureCode is the Mastercard-branded deployment of 3-D Secure technology. The tool asks cardholders to validate their identities during the checkout process by entering a one-time-use password supplied by the card network.
How do I get my MasterCard SecureCode?
Like other 3-D Secure tools, SecureCode is an opt-in service. Cardholders must enroll in the program by contacting their issuing bank. Cardholders who do not take this step will not be prompted to enter a code during the checkout process; to them, it’s as if the tool doesn’t exist at all.
Do all MasterCards have SecureCode?
Mastercard SecureCode is an opt-in service on both ends of the transaction. It only applies to a transaction if both the merchant and the cardholder have opted into the service. We recommend speaking with your bank to ensure you’re taking advantage of the benefits of 3-D Secure technology.
Is Mastercard SecureCode free?
Yes. SecureCode is free and it is available to all Mastercard credit and debit card users. However, to utilize the platform, both the cardholder and merchant must opt-in.
What is a secure code transaction?
SecureCode requires participating shoppers to enter a unique, one-time-use personal identification code during checkout. If the cardholder’s issuing bank authenticates the code, the shopper can continue with the checkout process. If authentication fails, the transaction is automatically terminated.
Does SecureCode prevent chargebacks?
SecureCode can help deter some chargebacks, but as with most network-backed programs, lacks the framework to identify and resolve instances of friendly fraud.