MasterCard SecureCode Explained

Martin Brinkmann
Aug 19, 2011
Updated • May 18, 2014

I just tried to make a credit card payment at a merchants website that was using 2Checkout as the payment processor.

The process on first glance looked like any other checkout process on the Internet. I first had to enter my personal information, and then on a second page my credit card number, verification code and expiration date.

Instead of redirecting me to a final page with my order details, I was redirected to an intermediary page that was asking me to create a MasterCard SecureCode. MasterCard was the credit card company that I used to pay the merchant.

This never happened to me before and I suspected foul play for a short period of time. The screen asked me to enter my birthday and the last four digits of the associated bank account. To make matters worse, the setup returned an error and I could not complete the transaction.

I then decided to do some research on MasterCard SecureCode to find out what it was all about, and to monitor my credit card statement more closely in the coming weeks.

MasterCard SecureCode is explained on the MasterCard website. It is a private code to make online transactions more secure. The code is entered during transactions as a secondary means of authorization. Unlike the credit card number, expiration date and verification code, it is not submitted to the merchant, but to MasterCard directly.

It looks like a two-factor authentication on first glance. When you look closer though, you will notice that merchants benefit way more from it than credit card owners. Why? If someone steals your credit card information, they can still use the card in places and locations that do not support SecureCode.

Merchants on the other hand that have implemented SecureCode as part of their checkout process, know that the actual owner of the credit card is making that transaction. That is, unless the thief managed to steal the MasterCard SecureCode as well from the user, for instance if the owner wrote it on the card.

Credit card owners know on the other hand can be sure that a merchant is legit if SecureCode is supported, provided that they are not on a website that is faking all of that.

MasterCard owners can sign up for a Securecode at the MasterCard website, or during the checkout process (which did not work for me). I suggest you sign-up on ther MasterCard website directly, as you can be sure that you are setting it up on a legitimate site.

Have you encountered MasterCard SecureCode yet on an online shipping tour?

What is MasterCard's SecureCode used for?
Article Name
What is MasterCard's SecureCode used for?
Provides information about MasterCard's Secure Code authentication scheme that is used to improve the security of online transactions.

Previous Post: «
Next Post: «


  1. Anonymous said on March 26, 2018 at 11:59 pm

    I rather not have the code, but I am super glad to find out it wasn’t a scam because I was extremely concerned that I had made a huge mistake.

  2. Jeff said on November 30, 2017 at 12:57 pm

    I’m quite sure that any cost savings from fraud, if they are not eaten up by the profits of the third party vendor running the verification service, will never have an impact on the consumer.

  3. iZakaroN said on January 11, 2017 at 9:59 pm

    Not only that there is no less fraud because if your CC is stolen also you 3D securty pass can be, but there is even bigger chances for fraud as fake sites can legitimate theirself as “Verified” while they not and benefit from your trust! Why Visa and MasterCard do not make 3d security mandatory for any transaction with confirmation on a specific secured site so no phising sites can benefit from it? Why there is no SMS confirmation which is much more secure? I personally removed my 3d security the next day I created it, so there will be no execuses from bank when there is a fraud. 3d security is pure joke with customers and “welocme” for thiefs!

  4. Lola said on January 2, 2013 at 10:49 pm

    I have it signed up for securecode, and have been denied purchases online because of it. Too bd, I’ll just take my business elsewhere.

  5. keith said on August 19, 2011 at 9:18 pm

    Can someone tell me if the securecode is the same as the password you use when you register a card? I’m 100% sure that the number I enter when asked for the securecode is the password I used when registering, but I continiously get an ‘invalid code’ response ……

  6. Sophie said on August 19, 2011 at 4:42 pm

    Interesting read-

    1. Martin Brinkmann said on August 19, 2011 at 4:49 pm

      Agree, thanks for the link.

  7. DanTe said on August 19, 2011 at 3:29 pm

    I ran across this on occasions and I always by-pass it. Transaction still works. I’m not about to key in any more personal info than necessary on a website that I’m not sure if it’s a cross-script hack or not.

  8. Paul said on August 19, 2011 at 1:48 pm

    The first (and only) time I came across SecureCode it raised doubts in my mind about the validity of it as I had never heard of it before.
    I cancelled the transaction as I was not prepared to supply the requested information without finding out more.
    I contacted my credit card supplier and they explained what it was about but I came to the conclusion that it was just one more thing that needed to be remembered and until it becomes more widely, if not universally used I shall avoid it.
    As I said at the beginning I have never found myself in that situation again which I think speaks volumes for how little the scheme is currently used.
    The original transaction? I bought the product but from another site and if I should find myself in that situation again I would simply look elsewhere.

    I am all for increased security in such dealings but with the limited number of companies that have so far adopted this method it seems to me to be a waste of time at the moment.
    If there is a genuine desire for increased security by the credit card companies this seems to be a very half-hearted way of going about it.

  9. Dave Alan Caruana said on August 19, 2011 at 11:22 am

    The advantage of 3d Secure (VISA) / SecureCode (Mastercard) is less fraud. Card fraud is a cost both to the client (when a card number is stolen) and the merchant (when a service has been provided and the later turns out to be fraudulent). No individual merchant can verify card ownership with the same strength as 3d Secure / SecureCode, so without these systems the cost of card fraud gets passed on to legitimate clients.

    1. Martin Brinkmann said on August 19, 2011 at 11:26 am

      Card fraud remains a problem if a card is stolen as Secure Code is not used everywhere. So owners do not gain anything by that. And I highly doubt it that credit card companies will reduce the fees or the fee increases just because of the success of their new security system. As I said, it is great for merchants and the company, but that is it.

      1. Dave Alan Caruana said on August 19, 2011 at 11:34 am

        You are correct that the main benefit of 3D Secure / SecureCode is to the merchant, however it does provide an extra level of security to the client (ie. a scam site would not have SecureCode for sure) and certain business sectors have levels of fraud so high they wouldn’t be able to operate without SecureCode eg. Online gambling. Less fraud will eventually result in lower card fees, however the saving I am talking about is that that results from less chargebacks ie. costs to the merchant due to fraudulent transactions that eventually get passed back to clients to be recouped in the form of higher markups.

        Implementing 3D Secure / SecureCode is actually not that difficult for the merchant – there are various companies that provide middleware for this function – and as the technology becomes more widespread the benefits to the client will become more apparent.

        (and thanks for commenting on my comment)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.