Mastercard Identity Check
Everybody has a role to play in fighting fraud, from the store clerks who scrutinize suspicious transactions closely to the big global card networks who hand down rules and resources designed to thwart fraudsters. One of Mastercard’s offerings, Mastercard Identity Check, provides merchants with an easily implemented solution for strong customer authentication during the checkout process.
When deployed properly, Mastercard Identity Check should present an insurmountable obstacle for credit card fraudsters without causing too much friction for good customers. What is Mastercard Identity Check, and what do merchants need to know about using it effectively?
Payment card fraud cost banks and merchants more than $28 billion last year, but merchants don’t need to lose staggeringly high dollar amounts in order for fraud to become an existential problem.
Even a small fraudulent transaction will still turn into a chargeback eventually, cost you chargeback fees, and nudge your chargeback ratio upward.
Fraud is unacceptable at any scale, but fraud attempts keep becoming more prevalent. That’s why the card networks are doing their part to protect the payment card ecosystem by creating fraud prevention tools.
Mastercard Identity Check is based on 3-D Secure technology, which many merchants will be familiar with if they’ve spent any time trying to get a true fraud chargeback problem under control. The chargebacks that result from credit card fraud are completely valid under the law and cannot be contested by the merchant. Because the only way to fight these chargebacks is to stop them preemptively, tools like Mastercard Identity Check can serve a crucial role in filling out a chargeback defense strategy that covers all avenues of attack.
What Is Mastercard Identity Check?
Mastercard Identity Check is an implementation of the 3-D Secure 2.0 protocol for use with Mastercard payment cards. It works by taking an additional step to verify the cardholder’s identity at checkout before the transaction can be completed.
To assess the risk of any given transaction, Mastercard Identity Check uses behavioral analytics and artificial intelligence. Often, it will be able to determine that the cardholder does not need to provide any additional input in order to verify their identity.
When a transaction does present some suspicious signs, Mastercard Identity Check will prompt the cardholder to verify their identity through their issuer’s online banking interface.
This can be accomplished in various ways, such as through a biometric scan or by entering a one-time verification code sent to the cardholder’s phone or email address. Once the cardholder has done so, the transaction can proceed.
Mastercard Identity Check is particularly difficult to circumvent. Credit card numbers and other payment credentials are easy to find—they’re sold cheaply in bulk on the dark web—but to get past Mastercard Identity Check, you need access to the cardholder’s device, email account, or maybe even their fingerprints. The average fraudster is always looking for the path of least resistance, not going to superhuman efforts to try and crack open any particular account.
How Does 3-D Secure Technology Work?
The technology underpinning Mastercard Identity Check is known as Three Domain Secure, or more commonly 3-D Secure, and every major card network has a version of it. There’s Verified by Visa, American Express SafeKey, and Discover ProtectBuy. Mastercard’s earlier solution, based on the 3-D Secure 1.0 version, is called SecureCode.
The idea behind 3-D Secure is that the merchant uses a secure plug-in that exchanges information with the issuing bank during the transaction process. The merchant can send some data about the cardholder and their transaction, and the issuer can analyze it and determine whether or not they think the transaction is fraudulent or not.
In the original version of 3-D Secure, cardholders would have to register and set up a special password with their issuer that they could use to prove their identity during checkout. This is how SecureCode works. The problem with 3-D Secure 1.0 is that passwords, like credit card numbers, are relatively easy to steal and share.
The first major innovation in 3-D Secure 2.0 is the adherence to strong customer authentication standards, which means that the verification can’t just be something the cardholder knows, like a password, but must also involve something they possess (like their device, hence the use of one-time codes) or something they inherently are (hence the use of biometrics). The side benefit to this is that 3-D Secure 2.0 solutions fulfill the strong customer authentication requirements in laws like the EU’s Revised Payment Services Directive.
The other innovation is that 3-D Secure 2.0 allows for frictionless verification, meaning that the 3-D Secure solution works invisibly behind the scenes to verify the customer’s identity without asking them to input additional information. It only requests biometric or code input if there isn’t enough contextual data to safely classify the transaction as low-risk.
Why Should Merchants Use a 3-D Secure Solution?
Merchants need a strong frontline defense against true fraud, because there’s nothing to be done about them once they turn into chargebacks. Backed by one of the biggest card networks and powered by the industry standard anti-fraud technology, Mastercard Identity Check is a clear choice for merchants who need extra protection against credit card fraud.
The only downside to be wary of is that 3-D Secure can slow down the customer’s checkout experience.
While the frictionless process will kick in most of the time and verification is relatively quick and painless, there are always customers who will feel put out that they have to take some extra steps to complete their transaction.
If you’re already dealing with a large number of software tools designed to protect you from fraud, chargebacks, and account takeover, you might be side-eyeing a solution that only protects against a specific type of fraud occurring on a specific card brand. However, it is often the case that narrowly-targeted tools can be some of the most effective.
Having a comprehensive chargeback defense strategy mapped out can make it easier to see which tools you need to prioritize, but chargeback management can still get overwhelming at times. Remember that there is always expert help out there to assist you in choosing the right tools and getting them integrated with your existing systems.