Mastercard SecureCode

Preventing ecommerce fraud requires a multilayer approach, and having the right anti-fraud tools at your disposal can make all the difference in the world. Some of these tools come from third-party vendors, and others are created directly by the major card networks.

One option offered by Mastercard is SecureCode, which promises to provide frontline security against credit card fraud at the transaction level. With SecureCode, unauthorized charges from fraudsters are prevented through the use of an additional layer of cardholder authentication. How does Mastercard SecureCode work, and can it protect merchants as well as it does cardholders?

New call-to-action

Credit card fraud has been on the rise in recent years, and the COVID-19 pandemic has only made things worse as consumers and merchants alike shift toward eCommerce as a primary mode of doing business.

This sudden surge in online shopping has presented fraudsters with a plethora of potential new victims, and it’s easy for merchants who don’t have prior experience with ecommerce to rack up lots of true fraud chargebacks while they’re still figuring out how to defend themselves.

For many merchants, the best defenses consist of tools and technology that block fraudulent transactions before they can happen.

It’s hard to overstate the importance of a proactive approach to fraud that aims to identify fraudulent transactions before they can be completed. Once a fraudulent transaction goes through, a chargeback is the only recourse, and these chargebacks cannot be contested after the fact. For merchants to protect their revenue and keep their chargeback ratio out of the danger zone, the right tools must be deployed.

What is Mastercard SecureCode?

SecureCode should be familiar to any merchant who has used 3-D Secure technology: SecureCode is simply Mastercard’s version of it. It works by requiring cardholders to authenticate themselves a second time, through their device, whenever they make a credit card transaction with SecureCode protection.

To use SecureCode, both the merchant and the cardholder need to have enrolled in the service, which is offered for free. When a cardholder attempts to make a SecureCode transaction, they first provide their Mastercard payment card credentials.

The checkout process then activates SecureCode, which sends a one-time code via SMS to the cardholder’s phone. Once the cardholder enters the code, the transaction will be approved to go through and the checkout process can be completed.

Credit card fraudsters may be able to obtain full sets of payment credentials on the dark web, but very few fraudsters have access to their victims’ phones. By requiring the receipt of a text message in order to confirm the transaction, SecureCode can effectively shut down the vast majority of card thieves.

If there’s a downside to SecureCode, it’s that it adds an undeniable layer of friction to the checkout process.

Any time you slow down a customer who’s trying to complete a purchase, there’s a chance that they’ll get frustrated and abandon their shopping cart.

For merchants who sell big-ticket items that require some thought and research, this might be a problem. Merchants who depend more on impulse shoppers may have to weigh the costs and benefits of purposely adding friction to the customer experience. It’s important to remember, however, that a chargeback can be much more costly and damaging than a lost sale.

How Does Mastercard SecureCode Benefit Merchants?

Manage Chargeback In-House Or OutshoreMastercard asserts that SecureCode will prevent unauthorized charges and reduce fraud. It’s based on a proven technology that has demonstrated effectiveness against online credit card fraud.

SecureCode also includes another important benefit just for merchants: if fraud is reported on a transaction that was authenticated with SecureCode, liability for the chargeback shifts from the merchant to the issuing bank.

In a sense, SecureCode and other 3-D Secure implementations can be likened to an ecommerce version of the EMV chip. It’s an added technology layer that changes the checkout process somewhat, but offers such strong protection against credit card fraud that the card networks incentivize its adoption by granting exemptions from chargeback liability when it is used properly.

While SecureCode transactions that turn out to be true fraud are likely to be somewhat rare, this is an important protection for merchants that no third-party anti-fraud tool can offer.

Since SecureCode only applies to Mastercard transactions, merchants who want to obtain the full benefit of this technology will also want to look into the brand-specific implementations offered by the other card networks: Visa Secure, American Express SafeKey, and Discover ProtectBuy.

Can Mastercard SecureCode Prevent Chargebacks?

Mastercard SecureCode is an effective solution for preventing true fraud chargebacks on Mastercard-branded cards, with the caveat that only enrolled cardholders are required to use it.

Whether or not SecureCode will make a significant difference in any individual merchant’s chargeback rate depends on the nature and source of their chargebacks, which can only be learned by tracking and analyzing chargeback data over a period of time.

Indirectly, SecureCode can offer some protection against friendly fraud chargebacks that claim unauthorized card use, due to the liability shift. This can help merchants avoid losses from “family fraud” scenarios where the unauthorized user has access to the cardholder’s devices.

SecureCode is a valuable service that offers clear benefits for most merchants, but it’s no smoking gun against chargebacks. Merchants should look at it as one of many tools they can use in a strategic and considered way, as part of an overall plan for fraud and chargeback prevention informed by data analytics. 


Merchants have a lot of choices when it comes to anti-fraud tools, and the right tools for one merchant may just add unnecessary friction and complexity for another.

Tools based on 3-D Secure technology are widely recommended for most merchants and reflect a growing understanding that the risks of making checkouts too fast and too easy are simply too great to maintain, and that the overall payments ecosystem will benefit from a more accepting attitude toward multi-factor authentication protocols.

If your chargeback data is telling you that true fraud disputes are eating into your revenue and causing your chargeback ratio to go up, Mastercard SecureCode may have an important role to play in blocking unauthorized transactions and protecting your customers from fraud.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to:

Download 'Why Chargebacks are No Longer a Cost of Doing Business' now.

Ready to Start Reducing Chargebacks?