It’s been more than two years since we last looked at SecureCode — MasterCard’s cardholder authentication system — and a fresh review has been long overdue. With the rise of mobile payments and the continuous growth of the e-commerce industry, the share of card-not-present transactions in MasterCard’s gross volume is rising rapidly and with it, the share of transactions resulting in cardholder disputes, and associated chargebacks.
Verifying the authenticity of a cardholder in a virtual type of transaction, as MasterCard itself is admitting, has proved very difficult and SecureCode is designed to help solve the problem. Here is why and how you should be using it.
2 Reasons to Use MasterCard SecureCode
The two biggest reasons to enroll in MasterCard SecureCode are:
- The program protects you from “cardholder unauthorized” chargebacks for all fully compliant MasterCard and Maestro transactions. This is a great benefit, considering that more than 70 percent of all chargebacks resulting from e-commerce transactions are designated with either reason code 4837 (No Cardholder Authorization) or reason code 4863 (Cardholder Not Recognized), according to MasterCard.
- Participation in SecureCode builds consumer trust. The SecureCode logo shows the visitors to your website that you are serious about fraud prevention.
As an added benefit, MasterCard allows merchants enrolled in its SecureCode program to place a free ad on its consumer website.
How to Enroll in SecureCode
MasterCard SecureCode is only available to your organization through your payment processor. To start using it, you need to:
- Confirm with your processor that they support SecureCode. If they do not, MasterCard tells you to send an e-mail to email@example.com, but the only real option you have is to look for a new processor.
- Install the SecureCode plug-in on your website. This is a 3-D Secure-compliant application, which will facilitate the processing of SecureCode authentication requests. A list of approved vendors that provide SecureCode integration is available on MasterCard’s website.
- Test your newly-installed SecureCode application with MasterCard to make sure it is working properly.
- Display the SecureCode logo on your website. This is mandatory, but you would be well-advised to let visitors to your website know that you support the authentication system anyway. After all, it is a trust symbol.
- Communicate all transaction authentication results to the card issuer through the authorization process.
Once SecureCode is deployed on your website and it’s been successfully tested, it is ready for use.
How SecureCode Works
The way merchants use MasterCard SecureCode has evolved over the years. When the program was first launched, the idea was to authenticate every single transaction involving a participating card. Lately, however, both merchants and issuers have begun adopting a more selective approach, using screening procedures to identify only the high-risk transactions, which are then authenticated, while the others are not.
Whatever your approach, the SecureCode authentication process goes through the following stages:
- The customer enters her card information in the checkout form to complete a purchase.
- A new window opens up, hosted on the card issuer’s website, asking the cardholder to enter their pre-selected SecureCode.
- The issuer verifies the code and confirms that the customer is authorized to use the card.
- The customer is taken back to the merchant’s website and the transaction is completed.
SecureCode authentication can only be performed if the card is registered with the program. Consumers can do that on their card issuer’s website, but registration can be initiated on your website as well.
The best thing about SecureCode is that it protects you against the type of chargebacks you are most likely to suffer from. There is really no good reason not to take advantage of that, especially considering that you can design your system in a way that allows low-risk transactions (for example transactions placed by repeat customers, for low purchase amounts, etc.), which don’t need authentication, to be processed straight through, bypassing SecureCode.
Be advised that a SecureCode authentication is not a substitute for an authorization approval. All card-not-present transactions, regardless of the amount, must be authorized, whether or not they’ve been SecureCode-authenticated.
Image credit: Flickr / Infusionsoft.