Mastercard SecureCode

March 8, 2021 | 7 min read

Mastercard SecureCode

How to Prevent Fraud & Chargebacks With Mastercard SecureCode

Mastercard SecureCode serves as an extra layer of protection designed to defend cardholders—and merchants—against the growing threat of fraudulent activity. This global solution makes it harder for a person to use a Mastercard credit or debit card without valid authentication.

Of course, like any fraud tool, there are certain advantages and disadvantages to using SecureCode, and best practices to ensure that you get the most out of your efforts. Let’s take a closer look at the ins and outs of using this fraud-blocking asset, and how you can get the best results.

What is SecureCode?

Mastercard SecureCode

[noun]Mæs • tɚ • kɑrd • sɪ • kjʊr • koʊd

Mastercard Securecode is the Mastercard-branded deployment of 3-D Secure technology. The tool asks cardholders to validate their identities during the checkout process by entering a one-time-use password supplied by the card network.

Securecode is the Mastercard-branded deployment of 3-D Secure technology. The technology has multiple analogs across different card brands, including Verified by Visa, ProtectBuy from Discover, American Express SafeKey, and J/Secure from JCB International.

Mastercard introduced this tool with the goal of making online transactions more secure, benefitting both merchants and consumers. It works behind the scenes to verify cardholders’ identities with the aim of ensuring that transactions come only from authorized Mastercard users.

Securecode requires participating shoppers to enter a unique, one-time-use personal identification code during checkout. If the cardholder’s issuing bank authenticates the code, the shopper can continue with the checkout process. If authentication fails, the transaction is automatically terminated.

Mastercard Securecode Steps

STEP 1: Cardholder enrolled with Securecode initiates the checkout process.

STEP 2: Issuing bank sends the cardholder a one-time-password/PIN (OTP) via SMS message.

STEP 3: Cardholder enters OTP code to complete the purchase.

It’s important to note that, like other 3-D Secure tools, Securecode is an opt-in service: cardholders must enroll in the program with their issuing bank. Cardholders who do not take this step will not be prompted to enter a code during the checkout process; to them, it’s as if the tool doesn’t exist at all.

Prevent Fraud. Recover Revenue.

Chargebacks911® offers the industry’s only top-to-bottom solution for fraud and chargebacks. Click below and find out how much you could save.


Should I Use Mastercard SecureCode?

Mastercard Securecode is an opt-in service on both ends of the transaction. It only applies to a transaction if both the merchant and if the cardholder has opted into the service. We recommend speaking with your acquiring bank to ensure you’re taking advantage of the benefits of 3-D Secure.

There are obvious benefits to participating in Securecode. For instance, merchants in the program typically experience a reduced number of fraudulent transactions and Mastercard chargebacks. Additionally, customers seeing the Mastercard Securecode symbol on a merchant's web page are likely to have greater confidence in the site's security. Think of it as a “seal of approval,” helping verify legitimate businesses through their association with Mastercard.

SecureCode also has minimal impact on the customer experience…at least in theory. That said, perhaps the most common reason merchants choose not to participate is that they don’t want to drive away potential buyers.

That’s an understandable impulse: after all, implementing any kind of frontend-facing security technology means more friction during the checkout process, which carries an inherent risk of cart abandonment.

Even worse, a customer who only makes the occasional online transaction might forget about the tool. Getting an unexpected and interruptive prompt during the checkout process may cause that individual to assume the popup is fraudulent and abandon their purchase … or possibly refuse to do business with the merchant again.

These were valid complaints under earlier versions of SecureCode technology. Now, however, merchants have the benefit of 3-D Secure 2.0 technology, which makes for a smoother process. Plus, as eCommerce becomes increasingly dominant, buyers unfamiliar with the SecureCode-facilitated checkout process are becoming rarer, and therefore less of a concern for merchants.

Mastercard SecureCode

Mastercard Changes: Navigating the Chargeback Rule Changes in 2019 and Beyond

Like Visa with 2018’s VCR, Mastercard is implementing sweeping changes to its chargeback and dispute systems. Download our whitepaper to learn what changes are coming, and how to prepare.

Free Download

Mastercard Securecode & Chargeback Liability

Another great asset offered by SecureCode is protection against liability in the event of fraud. If a criminal manages to defeat SecureCode and complete an online purchase, Mastercard will shift liability away from you and onto the issuer.

This liability shift essentially provides you the same cover that brick-and-mortar merchants receive if a fraudster manages to defeat EMV chip technology. You’re protected against "cardholder unauthorized" or "cardholder not recognized" chargebacks. This reduces your overall chargeback exposure, potentially reducing chargeback losses and processing expenses in the mid-to long-term.

Securecode may lower your overall chargeback issuances. However, the technology is by no means perfect.

The underlying software—the 3-D Secure technology powering SecureCode—was designed to detect and prevent criminal fraud, rather to combat chargebacks. While it's certainly a step in the right direction, Securecode's chargeback prevention capabilities nevertheless fall short in several areas that we should address:

Securecode can only be used for digital transactions.

Securecode can only be used for digital transactions.

Brick-and-mortar merchants will have to find other fraud prevention methods.

Cardholders must opt into the service.

Cardholders must opt into the service.

Many Mastercard users will not participate in this service, which limits the tool’s effectiveness.

Securecode only helps with Mastercard transactions.

Securecode only helps with Mastercard transactions.

Merchants are still vulnerable to chargebacks from other credit card companies.

Some unauthorized transactions could slip through the cracks.

Some unauthorized transactions could slip through the cracks.

For example, a child might have access to a parent’s mobile device, and thereby defeat Securecode protections and make an unauthorized purchase.

Securecode only helps deter unauthorized transactions.

Securecode only helps deter unauthorized transactions.

Merchants are still susceptible to disputes resulting from other chargeback triggers.

That last point is very important. Our research suggests less than 10% of all chargebacks are the product of genuine criminal fraud. Most chargebacks are the result of friendly fraud, rather than criminal activity, and Securecode has no effect on chargebacks resulting from friendly fraud. It also has no impact on chargebacks resulting from common merchant errors.

One Part of an Overall Strategy

So far, we’ve talked about what Mastercard SecureCode is and how it can protect you against fraud. We’ve also learned about some of the tool’s limitations, specifically as related to the chargeback process.

Enrolling in Securecode is a great start for any fraud prevention plan. However, you must beware of falling into a false sense of security while using the tool.

SecureCode is just one small part of fraud prevention, and fraud prevention itself is just one small part of overall chargeback management. Efficient chargeback prevention and risk mitigation requires a multi-tiered approach aimed at combating the root causes of chargebacks.

Consider this, for example: you could amplify SecureCode’s effectiveness by adding a chargeback alert program. Alerts give you the opportunity to refund customers who have instigated a transaction dispute based on an unauthorized transaction claim. In cases where SecureCode can’t protect you against a bad transaction, a chargeback alert can still save you the trouble and expense of a chargeback.

Even more important, though, is an overall strategy to encourage long-term chargeback reduction, and to ultimately prevent chargebacks. You already understand the benefits of using all the fraud prevention tools available to you, but remember: these aren’t problems that you can prevent completely through anti-fraud technology or automation.

Chargebacks911® offers the industry’s only comprehensive chargeback management solution backed by a performance-based ROI. Click below and find out how much you could save today.

We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form