Mastercard 3-D Secure explained: how to stay safe when shopping online
Ever wondered how banks protect your online payments? Learn how Mastercard 3-D Secure technology uses two-factor authentication to keep your money safe when buying online.
7 min read
In today’s climate, more people are shopping online more than ever. But with so many transactions and huge sums of money changing hands, having the right security in place is crucial. That’s where Mastercard 3-D Secure comes in.
To help you buy online with total peace of mind, we’ll break down how 3-D Secure technology provides you with an extra layer of protection for online payments, leaving you free to enjoy the ease and convenience of online shopping.
What is 3-D secure?
3-D Secure (“3-domain structure”) is an authentication step for online payments, or for any other transactions where your card isn’t physically present. It might sound complicated, but 3-D Secure simply enhances the safety of your online transactions when shopping online, be it from large retailers or smaller bespoke websites. The three “domains” in these transactions are the customer’s bank, the merchant’s bank, and the payment system, who all communicate with each other behind-the-scenes to validate the legitimacy of your online transactions.
What is 3-D Secure 1.0?
The original 3-D Secure 1.0 technology (3DS1.0) was first introduced in 2001, and required customers to enter an unique Mastercard SecureCode PIN to verify their purchase and complete an online transaction. This meant that if someone stole your card details, your bank account would still be protected—without knowing your unique SecureCode PIN, it wouldn’t be possible to make an online payment.
Since 2001, this method has successfully reduced online fraud, but that doesn’t mean it’s perfect. Customers were often redirected to another web page to manually enter their SecureCode PIN, which is time-consuming. Not to mention, if you forget your PIN as most of us do from time to time, you’d have to contact your bank—not ideal if you want to make a snap purchase because your favorite retailer just announced a flash sale.
What is frictionless 3-D Secure 2.0?
Luckily for keen online shoppers, the next generation of payment security offers a solution. 3-D Secure 2.0 was developed by an organization called EMVCo, made up of six major card networks, including Mastercard. Authentication for payment with this system is automatic, and doesn’t require the customer to be redirected to another web page or enter a pin—hence the “frictionless” transaction.
Instead, like a cyber detective, 3-D Secure 2.0 uses state-of-the-art technology to assess the “risk” of the transaction. In the checkout process, 3-D Secure 2.0 exchanges 10 times the amount of data when compared to 3-D Secure 1.0, including the shipping location, the type of purchase, and the device ID. If the transaction is deemed to be at higher risk of potential fraud, the buyer has to follow an extra two-factor authentication step, such as entering an one-time password that’s sent to a paired smartphone, or confirming the online payment within their banking app.
Because the magic happens behind the scenes, the shopping experience is hassle-free for the customer. And because of the reliability of data involved, most transactions go through straight away without needing an additional authentication step. Considering that e-commerce transactions account for trillions of dollars globally each year, that’s a lot of time saved for online shoppers around the world.
What is Mastercard Identity Check?
Mastercard Identity Check is the brand name for Mastercard’s 3-D Secure 2.0 technology, which uses state-of-the-art technology to assess the risk of online transactions. Mastercard Identity Check allows the customer to go through two-factor authentication and verify their online payments using advanced technology—such as biometric identification or one-time passwords. The end result? A smooth, seamless checkout process for the millions of customers shopping online across the world.
How does Mastercard Identity Check work?
For the customer, using Mastercard Identity Check and 3-D Secure technology can be as simple as confirming their online purchase within their bank app with a tap, then returning to the merchant’s website to complete their checkout process. But behind-the-scenes, things can get a little more complex. Here’s what happens when you go through the checkout process on a website with Mastercard Identity Check and 3-D Secure 2.0 processes in place.
Step 1: the customer visits a merchant’s website, such as Zalando or Amazon.
Step 2: when ready to place an order, the customer enters their card details, billing address and shipping information. This information may be saved if you visit a website regularly.
Step 3: information about the online transaction is sent to your bank, where it’s processed for risk assessment and 3-D Secure verification.
Step 4: the risk assessment will either approve or challenge the online transaction.
If the online transaction is approved because it’s deemed to be at low risk of fraud, the payment will be made from the customer’s Mastercard.
If the online transaction is challenged because it’s deemed to be at high risk of fraud, the customer will have to complete an additional 3-D Secure two-factor authentication step, such as entering a one-time password sent to their phone, or confirming their online payment within their bank app.
Step 5: the transaction is approved, and the customer can complete the checkout process.
What’s the difference between Mastercard SecureCode and Mastercard Identity Check?
Mastercard SecureCode is the brand name for Mastercard’s 3-D Secure 1.0 technology, and Mastercard Identity Check is the brand name for Mastercard’s 3-D Secure 2.0 technology system. Both of these are brand names for secure online payment systems that are offered by Mastercard for its cardholders.
Mastercard SecureCode uses an unique PIN code known only to the customer to verify online transactions. Mastercard Identity Check uses advanced technology to request two-factor authentication by the customer if a transaction is considered to be at higher risk of fraud. The customer may be required to enter a one-time password that’s sent to a linked device, or confirm their purchase within their banking app.
How does Mastercard Identity Check and 3-D Secure 2.0 reduce online fraud?
Mastercard Identity Check and 3-D Secure 2.0 reduces online fraud by verifying that the transaction is being made by the cardholder. When you make an online payment with your Mastercard, data is sent to your bank as your “digital footprint”, including your Internet Protocol (IP) address.
Your bank’s risk assessment process then uses this information to decide whether to ask for two-factor authentication to verify that it’s really you—the cardholder—who is making the payment. For example, if you live in Germany and a transaction is issued from the Philippines, it may be flagged as a high-risk transaction due to the difference in locations.
Because Mastercard Identity Check with 3-D Secure 2.0 requires you to enter a one-time password or otherwise prove your identity from a device that you own—such as a smartphone that’s linked to your bank account—it makes it highly unlikely that a hacker could pass the two-factor authentication step and succeed at making a fraudulent purchase. Especially in cases where your bank app allows you to use biometric identification—such as fingerprint recognition or FaceID—it would be very difficult for a hacker to access your biometric data.
How can I use Mastercard Identity Check and 3-D Secure 2.0?
Many banks and card issuers automatically equip your debit and credit cards with 3-D Secure 2.0, while for others you may need to choose to opt-in. Although 3-D Secure 2.0 is more recent technology, a rising number of banks choose to adopt this advanced security measure for online payments because it means a higher level of protection from fraud for their customers. At N26, we automatically equip every bank account and N26 Mastercard with Mastercard Identity Check and 3-D Secure 2.0 technology, without the need to opt-in. When prompted, N26 customers are able to enjoy a simple two-factor authentication process right from the N26 app, by simply tapping a button to confirm their purchase. Shopping online with peace of mind has never been easier.
Your security at N26
At N26, the security of your bank account is our top priority. With innovative security features such as instant push-notifications and Mastercard 3D Secure technology already built-in to every N26 bank account, you can rest assured that your money remains safe while shopping online. Interested to learn more? Follow our Technology and Security blogs here.
The Mobile Bank
Related postsThese might also interest you
Online fraudsters are increasingly looking for so-called "app testers" on job platforms. Read on to find out what methods N26 uses for prevention and how you can protect yourself.
You can use a password generator to create strong passwords, or you can follow some simple guidelines to create your own passwords and stay a step ahead of hackers.
CEO Valentin Stalf talks about the future of banking and how we can make the most of the opportunities offered by digitalization.