In modern Japan, online shopping has become more common. While many customers use credit cards to pay for purchases on ecommerce sites, fraudulent use of credit cards by third parties continues to rise.
The Ministry of Economy, Trade and Industry (METI) has decided to make 3D Secure 2.0 mandatory as a basic measure to prevent unauthorized use. This will require all ecommerce sites to introduce 3D Secure 2.0 by the end of March 2025. To comply, ecommerce sites are gradually introducing 3D Secure with the active encouragement of credit card companies and payment service providers (PSPs). However, if a user’s credit card is incompatible with 3D Secure 2.0, authentication will not be possible.
In this article, we introduce the credit card brands that support 3D Secure 2.0 along with the principles of this authentication protocol and things to watch out for when using supported cards.
What’s in this article?
- 3D Secure 2.0 (EMV 3-D Secure)
- Credit card brands that support 3D Secure 2.0
- Pre-registering for 3D Secure 2.0
- Important notes on using a card that supports 3D Secure 2.0
- Shopping online with confidence
3D Secure 2.0 (EMV 3-D Secure)
3D Secure 2.0 is used worldwide as a personal authentication system. It is recommended by international credit card brands and designed to prevent unauthorized use, such as identity theft. It is also designed to increase the security of credit card payments. International credit card brands consider it an effective and reliable authentication method as a security measure because it is a common identity authentication service. Its official name is EMV 3-D Secure.
3D Secure 1.0 has been updated to 3D Secure 2.0. It prevents unauthorized use such as “spoofing” (i.e., using stolen credit card information) by making risk judgments. These judgments are based on details such as the user’s device information, access region, and time zone. This is called risk-based authentication. If the risk level is low, additional certification is unnecessary, but if the risk level is high, the system will require additional certification.
When there must be additional authentication, one-time passwords—which have a higher level of security than fixed passwords—are the most common method. This one-time password is usually sent to the email address or phone number you used when signing up for the credit card.
With 3D Secure 2.0, there is less need to enter a password each time you make a payment, and you don’t need to remember a password. This makes it more secure and convenient and hopefully reduces the risk of 3D Secure shopping cart abandonment.
Please note that international credit card brands terminated support for 3D Secure 1.0 in October 2022.
Credit card brands that support 3D Secure 2.0
Currently, Visa, MasterCard, JCB, AMEX, Diners Club, and UnionPay are the international credit card brands that support 3D Secure 2.0 (EMV 3-D Secure). The name of 3D Secure 2.0 differs depending on the card brand.
Official page for 3D Secure 2.0 provided by each card brand
- VISA: Visa Secure
- MasterCard: Mastercard ID Check
- JCB: J/Secure
- AMEX: American Express SafeKey
- Diners Club: ProtectBuy
- UnionPay: 3D Secure 2.0
The authentication services provided by each credit card brand verify the user’s identity by a one-time password or code issued each time they make a credit card payment, preventing unauthorized use by third parties.
In addition to one-time passwords, some credit card brands also use other authentication methods such as biometric authentication.
Pre-registering for 3D Secure 2.0
Cardholders might need to pre-register to use 3D Secure 2.0. The method for registering for 3D Secure varies depending on the credit card issuer or company, but registration is simple.
The registration procedure is:
Log in to your account, and go to the authentication settings page: After logging in to the credit card issuer’s member-only site, access the authentication settings page on your homepage and follow the registration instructions.
Set and enable the authentication function: Enter either your email address or cell phone number to receive a one-time password, or download the app to enable the authentication function. Depending on the credit card issuer or company, you might be able to choose how you receive one-time passwords or codes, or you might be limited to email addresses or apps only.
If you have any questions about the registration process, you can contact your credit card company directly.
Important notes on using a card that supports 3D Secure 2.0
Ecommerce site compatibility
Your card must be compatible with 3D Secure 2.0 to use its risk-based authentication. You can check whether or not a company is compatible on their official website.
In addition to the above, the ecommerce site must also be compatible with 3D Secure 2.0 for customers to make payments smoothly. For this reason, it is also important to check whether the ecommerce site has enabled 3D Secure 2.0.
Phishing
Although 3D Secure 2.0 mainly uses one-time passwords and biometric authentication, there are still a significant number of cases where users need fixed passwords.
Therefore, if you mistakenly access a fraudulent link on a fake website or in a phishing email— and enter information such as your credit card number, expiration date, security code, ID, password, or phone number—there is a risk that the system will verify your identity even if you have registered for 3D Secure.
You should stay up to date with the methods used by malicious third parties, such as phishing, and never tell anyone your password. You should also be careful about how you store and manage your personal information.
Shopping online with confidence
Ecommerce companies are implementing more effective measures to prevent fraudulent credit card use, such as identity theft, with the introduction of 3D Secure 2.0.
Shop online more safely by deepening your understanding of 3D Secure 2.0. Check authentication methods and registration procedures on the credit card brand, credit card issuer, and ecommerce site. Consider using the authentication services provided.
From a security perspective, introducing 3D Secure 2.0 on an ecommerce site might not be enough. This is why it is also important for the owners of ecommerce sites to implement fraud prevention measures—such as fraud detection systems. This helps users shop online safely and securely.
Stripe, in line with the introduction of the 3D Secure 2.0 mandate, is working with all proprietors to implement a phased approach in line with the deadline for introduction. Stripe is also implementing thorough security measures for personal information and transaction data, such as data encryption (Secure Sockets Layer/Transport Layer Security [SSL/TLS] technology) to prevent unauthorized access.
In addition to this, Stripe provides a wide range of tools and functions that support the efficiency of payment operations, including the introduction of payment methods, information processing, and revenue management. For example, if you are currently considering setting up an ecommerce site, you can set up a payment environment that suits your business style without developing your own system by introducing Stripe Payments, which is flexible in terms of online payments.
The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accurateness, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent attorney or accountant licensed to practice in your jurisdiction for advice on your particular situation.