Mastercard SecureCodeLayer Up Your Defenses Against Fraud & Chargebacks With 3DS Technology

January 5, 2023 | 10 min read

Mastercard SecureCode 3DS

In a Nutshell

Mastercard SecureCode adds an additional layer of protection between cardholders, merchants, and a finalized transaction. But if authentication is already in place, why is this necessary? This article will explain everything you need to know about SecureCode, including why it exists, how both parties can opt-in, and whether or not it actually works.

What is Mastercard SecureCode? How Does it Help Stop Fraud?

Mastercard SecureCode serves as an extra layer of protection designed to defend cardholders — and merchants — against the growing threat of fraudulent activity. This global solution makes it harder for a person to use a Mastercard credit or debit card without valid authentication.

Of course, like any fraud tool, there are advantages and disadvantages to using SecureCode. And, as a merchant, there are also best practices one can adopt to ensure that they get the most out of their efforts. Let’s take a closer look.

What is Mastercard SecureCode?

Mastercard SecureCode

[noun]/mas • tər • kard • sə • kyo͝or • kōd/

Mastercard SecureCode is the Mastercard-branded deployment of 3-D Secure technology. The tool asks cardholders to validate their identities during the checkout process by entering a one-time-use password supplied by the card network.

SecureCode is the Mastercard-branded deployment of 3-D Secure technology, designd for use on the Mastercard network. The technology has multiple analogs across different card brands, including Verified by Visa, ProtectBuy from Discover, SafeKey by American Express, and J/Secure from JCB International.

Mastercard introduced this tool with the goal of making online transactions more secure, benefitting both merchants and consumers. The platform works behind the scenes to verify cardholders’ identities with the aim of ensuring that transactions come only from authorized Mastercard users.

Merchants: are you deploying the right tools to stop fraud and protect your revenue? Find out now.REQUEST A DEMO

Mastercard promotes the benefits of SecureCode for both consumers and merchants, including:

  • Reduced fraud liability
  • More secure eCommerce payments
  • Improved cardholder security
  • Reduced chargeback issuances (for merchants)

Mastercard SecureCode is an opt-in service on both ends of the transaction. It only applies to a transaction if both the merchant and the cardholder have opted into the service. We recommend speaking with your acquiring bank to ensure you’re taking advantage of the benefits of 3-D Secure.

Using SecureCode at Checkout

When Mastercard SecureCode was first launched in 2001, the intended purpose was to authenticate each incoming transaction involving a participating card. This, of course, added a fair amount of friction at checkout, which wasn’t great for merchants. Thus, the platform has undergone several updates in the last two decades. 

Now, both issuers and merchants use more selective fraud detection and authentication tools that are designed to flag only high-risk transactions. What this means for consumers is a less stringent but more secure authentication process at checkout. 

When SecureCode is enabled by both parties, the checkout process looks like this:

Remember, though, that a cardholder must be registered with the platform to use SecureCode. Cardholders who do not take this step will not be prompted to enter a code during the checkout process; to them, it’s as if the tool doesn’t exist at all.

Consumers can set up the tool on their bank's website. The merchant can also prompt the customer to sign up from their website, if they choose.

Merchant Benefits of SecureCode

There are obvious benefits to participating in SecureCode.

Merchants in the program typically experience a reduced number of fraudulent transactions. It’s easier to validate card-not-present transactions with SecureCode, which works as a secondary form of validation. It’s almost like having the benefit of a PIN code, but for online purchases.

Reduced fraud means the merchant sees fewer Mastercard chargebacks. Additionally, customers seeing the Mastercard symbol on a merchant's web page are likely to have greater confidence in the site's security. One can think of it as being like a “seal of approval,” helping verify legitimate businesses through their association with Mastercard.

Finally, because it is an opt-in program, the buyer should already know how to navigate the 3DS-facilitated checkout process. Thus, it has minimal impact on the customer experience (at least in theory).

Common Merchant Objections to SecureCode

All that said, perhaps the most common reason merchants choose not to participate is a fear that SecureCode may drive away potential buyers. That’s an understandable impulse; after all, implementing any kind of front-end-facing security technology means more friction during the checkout process. This carries an inherent risk of cart abandonment.

Even worse, a customer who only makes the occasional online transaction might forget about the tool. Getting an unexpected and interruptive prompt during the checkout process may cause that individual to assume the popup is fraudulent and abandon their purchase. They may even choose never to do business with the merchant again.

These were, at least in part, valid complaints under earlier versions of the technology. It was common to hear stories of buyers getting rerouted to a 3DS-enabled checkout page and abandoning their purchase.

Now, however, merchants have the benefit of 3-D Secure 2.0 technology. The newer, 3DS2-enabled version of SecureCode, makes for a much smoother process. 

Is SecureCode Effective at Stopping Fraud?

In short: yes.

From a merchant’s perspective, the greatest asset offered by 3DS is protection against liability in the event of fraud. If a criminal manages to defeat the technology and complete an online purchase, Mastercard will shift liability away from the merchant and onto the issuer.

This liability shift essentially provides merchants with the same cover that brick-and-mortar sellers receive if a fraudster manages to defeat EMV chip technology. The merchant is protected against "cardholder unauthorized" or "cardholder not recognized" chargebacks. This minimizes overall chargeback exposure, reducing mid- to long-term chargeback losses and processing expenses.

Stop fraud. Eliminate chargebacks. Get started today.REQUEST A DEMO

SecureCode doesn’t just shift liability, though. It actively helps stop fraudulent transactions from being completed.

To illustrate how the tool helps fight fraud: imagine you’re a consumer whose debit card credentials were stolen by a skimmer at a gas pump. Entirely without your knowledge, that information was advertised and sold to someone on the dark web. The buyer then uses that information to make purchases online. While CVV checks are designed to impede activity like this, CVV is less effective for online purchases that don’t feature this safeguard, swiped transactions, or for individuals with access to a physical card. 

SecureCode helps to prevent scenarios like this because it isn’t entered like a credit card number on a merchant’s website. Instead, 3DS2 is an intermediary field between the credit card issuer and the cardholder. If the individual using the card online lacks the correct code or fails to enter the code, the transaction is declined. 

Weakpoints of Mastercard SecureCode

Remember: SecureCode doesn’t replace traditional authorization approval. It’s an additional step in the authentication process that helps to secure card-not-present transactions

SecureCode may lower one’s overall chargeback issuances, but the technology is not perfect by any means. The underlying software — the 3-D Secure technology powering SecureCode — was designed to detect and prevent criminal fraud rather than combat chargebacks. While it's certainly a step in the right direction, the protections still fall short in several areas that we should address:

SecureCode can only be used for digital transactions

Brick-and-mortar merchants will have to find other fraud prevention methods.

Cardholders must opt into the service

Many Mastercard users will not participate in this service, which limits the tool’s effectiveness.

SecureCode only helps with Mastercard transactions

Merchants are still vulnerable to chargebacks from other credit card companies.

Unauthorized transactions may still slip through the cracks

For example, a child might have access to a parent’s mobile device and thereby defeat SecureCode protections to make an unauthorized purchase.

SecureCode only helps deter unauthorized transactions

Merchants are still susceptible to disputes resulting from other chargeback triggers.

That last point is very important. Our research suggests less than 10% of all chargebacks are the product of genuine criminal fraud. Most chargebacks are the result of friendly fraud rather than criminal activity. SecureCode has no effect on chargebacks resulting from friendly fraud, or from common merchant errors in service, fulfillment, or technological deployment.

Multi-Tiered Strategies Are Best

Enrolling in Securecode is a great start for any fraud prevention plan. However, both merchants and consumers must beware of falling into a false sense of security while using the tool.

What Consumers Should Do

We recommend the following best practices to help cardholders protect themselves against criminal fraud:

Know the signs

Familiarize yourself with the signs of account phishing and other tactics that scammers use to compromise your personal information.

Keep your information safe

Never give out personal information online. Shred sensitive documents like ATM receipts, deposit slips, and checks.

Check your credit regularly

Review your credit reports for unfamiliar activity. Report anything that seems suspicious to one of the three credit bureaus.

Contact the seller

Contact the merchant to get clarification about any unfamiliar transaction on your statement. It might be a legitimate purchase that you just don’t recognize.

What Merchants Should Do

SecureCode is just one small part of fraud prevention, and fraud prevention itself is just one small part of overall chargeback management. Efficient chargeback prevention and risk mitigation require a multi-tiered approach aimed at combating the root causes of chargebacks.

For example, merchants can amplify SecureCode’s effectiveness by adding a chargeback alert program. Alerts give one the opportunity to refund customers who have instigated a transaction dispute based on an unauthorized transaction claim. In cases where SecureCode can’t protect against a bad transaction, a chargeback alert can still save you the trouble and expense of a chargeback.

Even more important, though, is an overall strategy to encourage long-term chargeback reduction and ultimately prevent chargebacks. Most merchants already understand the benefits of using all the fraud prevention tools available to them, but remember: these aren’t problems that you can prevent solely through anti-fraud technology or automation.

Chargebacks911® offers the industry’s only comprehensive chargeback management solution backed by a performance-based ROI. Click below and find out how much you could save today.


What is Mastercard SecureCode?

Mastercard SecureCode is the Mastercard-branded deployment of 3-D Secure technology. The tool asks cardholders to validate their identities during the checkout process by entering a one-time-use password supplied by the card network.

How do I get my MasterCard SecureCode?

Like other 3-D Secure tools, SecureCode is an opt-in service. Cardholders must enroll in the program by contacting their issuing bank. Cardholders who do not take this step will not be prompted to enter a code during the checkout process; to them, it’s as if the tool doesn’t exist at all.

Do all MasterCards have SecureCode?

Mastercard SecureCode is an opt-in service on both ends of the transaction. It only applies to a transaction if both the merchant and the cardholder have opted into the service. We recommend speaking with your bank to ensure you’re taking advantage of the benefits of 3-D Secure technology.

Is Mastercard SecureCode free?

Yes. SecureCode is free and it is available to all Mastercard credit and debit card users. However, to utilize the platform, both the cardholder and merchant must opt-in.

What is a secure code transaction?

SecureCode requires participating shoppers to enter a unique, one-time-use personal identification code during checkout. If the cardholder’s issuing bank authenticates the code, the shopper can continue with the checkout process. If authentication fails, the transaction is automatically terminated.

Does SecureCode prevent chargebacks?

SecureCode can help deter some chargebacks, but as with most network-backed programs, lacks the framework to identify and resolve instances of friendly fraud.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form
Embed code has been copied to clipboard