Protecting Yourself from Fraud with American Express SafeKey
When it comes to fighting online fraud, merchants need the best help they can get. Third-party providers can offer valuable tools and resources, but some of the most effective methods of fraud prevention come from the big card networks themselves.
One such solution is American Express SafeKey, a service that creates an additional layer of security during the transaction process. With SafeKey active, customers are unobtrusively authenticated in a way that can stop the majority of credit card fraudsters in their tracks. How can merchants use American Express SafeKey to prevent fraud and avoid chargebacks?
Every credit card issuer is required by law to offer chargebacks to their customers when fraudulent, unauthorized transactions occur. Merchants can’t fight valid chargebacks like these after the fact—the only way to avoid them is to prevent them from happening in the first place.
As a card network, American Express operates a little differently than Visa or Mastercard, and the anti-fraud resources provided by those networks and their partner vendors may be of little help when it comes to stopping American Express chargebacks.
American Express SafeKey was created to protect merchants from unauthorized transactions. This service is an implementation of 3D Secure, a security protocol that identifies fraudulent transaction attempts while they’re happening.
Participating in SafeKey can ensure that merchants have anti-fraud coverage across all of the card brands they accept, reducing the number of unauthorized transactions that sneak past their defenses and preventing the expensive and harmful chargebacks that would otherwise follow.
What is American Express SafeKey?
Merchants who choose to enable SafeKey can benefit from its protection any time a customer uses an American Express card to make a purchase.
It works like this: when a cardholder makes a transaction with a merchant who has SafeKey active, their data is transmitted to American Express for instant, real-time analysis of various factors such as their device, location, purchasing habits, and other context-dependent information. Based on this data, SafeKey will determine whether or not the transaction shows any signs of being fraudulent.
If everything looks proper, SafeKey will approve the transaction and the customer will proceed to the next step in the checkout process without any noticeable delay or friction.
Most card transactions will pass the SafeKey check without incident, making the process invisible to the cardholder. However, if SafeKey’s fraud detection algorithm thinks the transaction is too risky, a frame or window will pop up asking the cardholder to verify their identity.
They can do this by responding to a notification from their Amex App, or if they don’t have that installed, by inputting a one-time code sent via text message or email.
SafeKey works because most online fraudsters are trying to extract value as expeditiously as possible from a large set of stolen card numbers, many of which will already have been reported stolen and rendered useless even before the fraudster acquires them.
To successfully pass a SafeKey security check, the fraudster would need access to the cardholder’s email account or personal devices. Once SafeKey is triggered and sends its one-time code to the contact channel the cardholder has on file with American Express, the fraudster has no way to complete the transaction.
What is 3D Secure Technology?
SafeKey is the American Express version of 3D (Three Domain) Secure technology, a protocol maintained by the EMV consortium to increase the security of online credit card transactions. Every card network has their own implementation of 3D Secure: Verified by Visa, Mastercard SecureCode, and Discover ProtectBuy. Despite the different branding, each of these services functions in essentially the same way.
The three domains referred to by 3D Secure are the merchant and their acquirer, the issuing bank, and the system of interoperability that enables them to negotiate card payments with each other. To use a 3D Secure service, the merchant must install a software plug-in that communicates with the issuer while transactions are taking place.
The merchant securely transmits the customer data to the issuer, then the issuer authenticates the cardholder and sends a response back to the merchant that tells them whether or not the transaction is approved.
The first version of 3D Secure used static passwords for authentication, instead of the one-time codes that version 2.0 uses. The latest version of 3D Secure is also billed as frictionless technology, as it permits issuers to authenticate cardholders by analyzing their transaction data and only demands codes from cardholders who are flagged as high risk. This version of 3-D Secure meets the standards for strong customer authentication that are legally required in the EU and other regions.
What Else Should Merchants Know about American Express SafeKey and 3D Secure Technology?
SafeKey is a powerful and effective tool for stopping fraud on American Express cards, but there are a few things that merchants should keep in mind. First, it is true that SafeKey and other 3D Secure implementations can cause some unwanted friction during checkout.
Customers who aren’t familiar with 3D Secure popups may mistake it for malware, or some unwanted third-party service, and abandon their cart out of confusion or impatience. Fortunately, the new frictionless version of 3D Secure means that most customers won’t have their checkout experience impacted.
It’s also important to remember that 3D Secure is only effective against unauthorized card use—in other words, fraudsters trying to make purchases with stolen payment credentials.
Friendly fraud, account takeover fraud, and high-tech identity spoofing attacks can still bypass 3D Secure’s protections, so merchants should always try to deploy a varied array of anti-fraud tools chosen to address their specific vulnerabilities.
SafeKey, along with all the other network-branded 3D Secure services, can make a big difference in stopping fraud and lowering your chargeback rate. The average fraudster has no way to outmaneuver strong customer authentication procedures.
Remember that if you’re having a hard time implementing 3-D Secure solutions and integrating them into your overall fraud prevention strategy, a good chargeback management firm can always assist in determining which tools will have the most beneficial effect and help you get them up and running.