Mastercard SecureCode: What It Is & How To Use It

You may have seen mentions of “SecureCode” around, on TV and elsewhere. After all, when Hugh Jackman (aka Wolverine) stands on a scenic rooftop and asks if we know that SecureCode is a more secure way to pay, it’s hard to ignore.

But what the heck is SecureCode?

Simple! Mastercard’s SecureCode is a private code known only to the account holder that provides an additional layer of security for online purchases. The program is free for consumers as well as merchants. 

The Claim:

Mastercard SecureCode ostensibly comes with these benefits:

• Reducing fraud
• Guaranteeing e-commerce payments
• Reduced chargeback risk to merchant
• Improved cardholder confidence 

With online payment security an ever-present concerns for both online shoppers and merchants alike, these Mastercard SecureCode claims deserve a closer look. Keep in mind that both the merchant and the cardholder need to opt into the program for either party to benefit from it. 

Whether you are a cardholder who is thinking about setting up a SecureCode yourself, or you are a curious business owner who wants to know how you can improve security for online purchases, read on for an explanation of how SecureCard works and whether it’s right for you!

How SecureCode Works For Online Shoppers

The basic concept of Mastercard SecureCode is very similar to using a PIN to process a debit payment at the checkout. Just like during a debit transaction, where the PIN is kept private, the SecureCode should always remain private to the account holder.

When your customer fills their cart with your wares and begins the checkout process, they will also enter their Mastercard SecureCode to verify their identity as the cardholder. But there is one major caveat. Instead of sharing their SecureCode directly with you, the merchant, an issuer-provided inline window appears with a personal greeting that is only known by the cardholder. If the customer recognizes their personal greeting, they enter their SecureCode. In just a few seconds, the issuer verifies that the true cardholder is making the transaction and the checkout process continues. 

How Can Cardholder Enroll?

Mastercard customers who have cards issued from participating financial institutions can enroll in SecureCard and register any of their debit or credit cards. To find out if you can enroll, can contact your institution or view the list of participating financial institutions updated by Mastercard. 

Mastercard SecureCode For Businesses

If you are a merchant wondering why you should bother offering SecureCode, it makes sense to take the time to understand more about it. From a merchant standpoint, Mastercard SecureCode can give your current and future customers greater confidence and security while shopping online with you. This extra layer of authentication and security also protects you from fraudulent use and some types of chargebacks (more on that below).

It is important to note that if you decide to go with SecureCode, it’s not mandatory for all of your customers to enter in a code to finish the sale with you. Authentication with a personal code is only required for customers who have already signed up for SecureCode. Whenever a customer connects a card with SecureCode and the merchant is also signed up, the SecureCode is required, however. But if you decide to offer SecureCode and your customer isn’t signed up, they’ll enter their credit card information just like they would with any other sale, and it is processed as usual. 

For SecureCode transactions, merchants can gain protection from unauthorized cardholder chargebacks, and customers who have activated SecureCode get more protection, too.

How To Offer Mastercard SecureCode

If you are a business owner who is ready to get this new layer of security live on your site, here is what you need to know: Your transaction processor may already support the Mastercard SecureCode program, so give them a call first and see if they can get you started.

The setup process is fairly simple if you’re used to maintaining your website yourself, and involves installing a plug-in to your site. After everything is up and running successfully, Mastercard also provides you with a logo you can put on your site to identify your program involvement.

It’s also worth mentioning that many processing companies, including Stripe, offer an extra layer of authentication through 3D Secure  (sometimes abbreviated as 3DS). 3D Secure is a security protocol that bundles Mastercard SecureCode with the Visa equivalent, Verified by Visa. It gets its name from the fact that a third party, the card network, is involved in verifying the credit card purchase. In some regions, 3D Secure authentication also includes American Express SafeKey. Your merchant account provider may offer 3DS authentication as part of its service, though you might also need to configure this option in your payment options if it isn’t enabled by default.

How SecureCode Reduces Fraud & Guarantee eCommerce Payments

Mastercard claims that SecureCode helps reduce fraud and guarantees ecommerce payments. Let’s say a hacker manages to lift someone’s card number from a skimming device or a compromised website and they post it on the Dark Web. Another scammer buys it and then tries to make a purchase with the card details. A CVV check (another common ecommerce security feature) might stop some transactions, but CVV checks aren’t universally used in ecommerce. Plus, we often give away our CVVs when we place an order over the phone (Chinese takeout, anyone?) — if that business has a shady employee who lifts customers’ numbers, they now also have your CVV. And of course, if a fraudster does get a physical card, they have everything they need to start making purchases.

SecureCode prevents unauthorized use in these types of situations because unlike a credit card number, SecureCode isn’t entered on a business’ site or shared over the phone. The SecureCode acts like a PIN between the issuing credit card company and the customer. If the person using the card doesn’t provide the correct code, or doesn’t enter any code, the transaction can’t go through. 

Keep in mind that SecureCode doesn’t take the place of authorization approval; it is simply an additional authentication step. Every card-not-present transaction, no matter how small, will be authorized by the issuing bank.

How SecureCode Reduces Chargebacks

We’ve already talked about how SecureCode protects against unauthorized card use. It also provides protection against friendly fraud via chargebacks. 

For a business owner, a chargeback is a loss of revenue (both in terms of the money refunded to the customer and the fees charged by the processor for the chargeback), and too many chargebacks can negatively affect your standing with your credit card processing company. In essence, a chargeback happens whenever a customer files a dispute with their bank, saying that a charge was not authorized by the customer. 

Despite the somewhat innocent-sounding name, friendly fraud can cause a lot of grief. Friendly fraud refers to a type of chargeback that happens when a customer falsely claims they didn’t make a purchase in order to get their money back. They may have changed their mind or filed a chargeback claim directly with their credit card company instead of returning the product to you. Whether the customer’s intent was purposely malicious or not, these types of chargeback claims can be a big problem for any online retailer. They actually account for the majority of chargebacks.

If you’re a merchant, the great thing about SecureCode’s extra authentication step is that it’s much harder for a customer to claim they never ordered from you if they authenticated their purchase with their private code. You can make a stronger case when it comes to proving your customer actually made the purchase, so much of the liability in these types of “friendly fraud” or chargeback cases shifts away from you and to the user and their bank — which means you don’t lose out on the money from that purchase. 

If you want to read up a little bit more on chargebacks and what you can do as an online merchant, visit our post, The Complete Guide to Preventing and Winning Chargebacks.

How SecureCode Improves Cardholder Confidence

In the past, Mastercard cardholders and merchants alike had some issues with the user experience because SecureCode used a pop-up window. Business owners were rightfully concerned because customers are naturally suspicious of pop-ups. The last thing any business owner wants when they try to improve security is also to increase cart abandonment. Mastercard took these concerns to heart and improved the experience by switching to an inline window rather than a pop-up for the SecureCode authentication. 

Now, the streamlined experience ensures that the entire checkout and verification process is embedded directly in the merchant site. When you offer SecureCode on your site, it gives your shoppers an added layer of security, too. Especially for smaller businesses, having this added layer of security helps to legitimize your site and improve overall confidence. 

More International Buying & Selling Opportunities

As if adding security in an insecure world wasn’t enough, the Mastercard SecureCode program may help you expand your business internationally! When you add SecureCode to your website checkout, you can start processing payments from customers overseas who use  Maestro cards (owned by Mastercard). This factor can potentially help you expand to Europe and other countries abroad where shoppers use debit cards much more frequently than credit. In countries like Germany, Maestro has replaced the Eurocheque system. All of this gives you extra reach when it comes to processing payments.  

Should I Use SecureCode On My Site?

Now more than ever, payment security is the subject of much focus and debate. While customers expect things to be streamlined and convenient, the truth is that they also expect their data to be secure. In a world where the cost of fraud continues to increase, adding solutions to protect everyone involved makes sense— especially when they involve no extra costs for you or your customers. While it may take a few extra moments for a customer to enter in their personal code, authenticating their identity can prevent fraud and save everyone a lot of heartaches (and headaches).

The truth is that merchants are the ones that shoulder the cost of chargebacks and fraud, so finding better solutions to protect yourself, your time, and your sanity is a very smart business move. However, not all eCommerce processors are the same. Some have robust solutions that keep up with the current threats, and some lag behind. I encourage you to take the time to find out what your merchant account is doing for you in regards to security, and if you don’t love it, find something that is better. We have a plethora of resources for you here at Merchant Maverick.

If you want to find a better payment processor that specializes in online businesses, we recommend checking out our post, How To Choose An eCommerce Merchant Account.