As digital commerce expands, so does the challenge of securing online payments while delivering a seamless customer experience. In response, Mastercard has announced changes to its Identity Check Program (AN8808) and is introducing new standards for issuers in certain countries in Europe, the Middle East, and Africa.
Mastercard has also announced AP 9321.2, a similar mandate for Asia Pacific (excluding India). With compliance deadlines upon us, Mastercard will expect issuers to improve frictionless authentication rates for transactions meeting low-risk criteria as defined by Mastercard Smart Authentication score.
Entersekt’s 3-D Secure Access Control Server (ACS) is equipped to help issuers meet these evolving requirements with ease. We enable issuers to optimize user experience through data-rich, multi-layered authentication methods that can allow them to achieve the frictionless thresholds without increasing fraud, while also improving transaction success rates.
Our ACS also has Mastercard Smart Authentication score already integrated, so it is simple for issuers to activate. Furthermore, issuers can subscribe to a Mastercard Data Integrity Monitoring Report, which shows them how they are performing against the frictionless rate at any given time, allowing them to adjust risk settings in advance of Mastercard’s measurement periods.
Mandate AN8808 & AP 9321.2: What issuers need to know now
Mastercard’s Identity Check program aims to improve the security and user experience of 3-D Secure payment authentication. The following table shows the key dates and frictionless requirements for these mandates:
For issuers, adopting the new Mastercard standards can lead to immediate, measurable business benefits including:
Reduced checkout abandonment: By improving authentication accuracy and reducing friction, issuers can expect fewer dropped transactions and higher customer satisfaction.
Higher approval rates: A more efficient, layered authentication system boosts transaction approval rates, which can drive increased transaction volumes.
Lower operational costs: Research indicates that biometric authentication has significantly reduced fraud by as much as 32% compared to SMS-based OTPs. While not a requirement of the mandates, Entersekt encourages issuers to enable biometric authentication, which can significantly reduce their reliance on SMS OTPs, cutting down on associated costs and improving operational efficiency.
How Entersekt’s advanced 3-D Secure ACS supports compliance
Entersekt’s 3-D Secure ACS is well positioned to meet the AN8808 and AP 9321.2 Mandate requirements. Our ACS has integrated Smart Authentication into our ACS, as well as a suite of risk-based authentication (RBA) tools, delivering robust security without adding friction to low-risk transactions.
Mastercard uses its Smart Authentication Score to identify “low-risk” transactions, defined as a score between 0 and 300. However, relying on Smart Authentication alone is not sufficient for issuers aiming to balance security with user convenience.
Fortunately, Entersekt provides a comprehensive approach to authentication by enabling issuers to add other key risk parameters, such as known bad merchants, MCCs or IPs, transaction value thresholds, user behavior pattern analysis, and device information assessment capabilities.These factors work in tandem with Smart Authentication Score, equipping issuers with a richer dataset to make more informed authentication decisions.1
The role of biometrics in payment authentication
Biometrics have become a powerful tool in payment authentication, offering both security and ease of use. Unlike one-time passwords, biometrics offer a more permanent identifier and are less susceptible to being intercepted or tampered with.
With Mastercard’s new Identity Check standards, biometric authentication is highly encouraged due to its effectiveness in reducing fraud and providing a smoother customer experience.
These key advantages are associated with implementing biometrics as part of the authentication process:
Fraud reduction: According to Mastercard, issuers who adopt biometric authentication experience a 32% reduction in fraud compared to SMS OTPs.
Seamless authentication: Biometrics simplify the user experience and provide more effective security than OTPs and push notification for moderate risk transactions.
Enhanced success rates: Biometric-enabled transactions see higher approval rates due to improved data accuracy and reduced friction, leading to fewer transaction drop-offs.
Cost savings: Reducing dependency on SMS OTPs minimizes operational expenses and enhances transaction speed.
At Entersekt, we’ve integrated biometric capabilities into our ACS, enabling issuers to incorporate face or fingerprint recognition seamlessly within the authentication flow.
Compliance and beyond: The Entersekt difference
Mastercard’s Identity Check update underscores the importance of proactive fraud prevention that doesn’t compromise the consumer experience. Entersekt’s ACS solution aligns seamlessly with this mandate, delivering a robust toolkit for issuers that includes:
Flexible, modular design: Entersekt’s ACS solution is built to adapt, allowing issuers to layer in the specific RBA features they need to meet compliance and their own internal risk thresholds.
Real-time risk assessment: Our ACS evaluates each transaction in real-time, dynamically adjusting authentication requirements based on a composite view of risk factors.
Enhanced biometric integration: Entersekt’s biometric capabilities are designed to help issuers streamline the step-up process and reduce fraud on challenged transactions.
For issuers looking to comply with Mastercard’s Identity Check standards, Entersekt offers a clear path to readiness. Our comprehensive ACS and RBA capabilities position issuers to meet the low-risk thresholds, respond frictionlessly to authentication requests, and incorporate biometric capabilities that supports issuers to defend against emerging fraud and deliver best-in-class customer experiences.
The upcoming mandate sets a high bar, but it also creates an opportunity for issuers to enhance their digital payment security frameworks, reduce fraud, and provide an improved experience for cardholders. With Entersekt’s expertise and advanced ACS solution, issuers can achieve compliance and ensure that their customers enjoy seamless, secure digital transactions.
1. Some of these features are included in Entersekt’s core ACS package, while others are available through an upgraded RBA module for issuers who require more advanced fraud detection and prevention capabilities.
Next steps for issuers
If you’re ready to explore how Entersekt can support your journey to compliance and customer-centric security, reach out to us today. We’re here to help you navigate the changes, adopt best practices, and realize the benefits of secure, streamlined payments using 3-D Secure.
If you are not sure if your country is included in these mandates, please contact your Mastercard representative or get in touch with us.