American Express SafeKey
American Express SafeKey leverages the global industry standard, 3D Secure, to detect and reduce online fraud by adding an extra layer of security when Card Members shop online. After a card holder has entered their card details on the payment page and clicked pay now, they will be directed to the banks SafeKey authentication page where they will complete the authentication process.
A look at the transaction flow.
- Cardholder makes a purchase at an online Merchant and clicks checkout. The cardholder is directed to the payment page and will enter their Amex card details on the payment page and click “pay now”.
- The transaction will be processed to MyGate’s 3D Secure API and will communicate with Amex directory server to check if the American Express Card is enrolled in SafeKey.
- Amex directory server will communicate with the Card issuer Access Control Server (ACS) to check if the Card is enrolled in SafeKey. ACS will respond with a status of “Y” if Card is enrolled along with the ACS URL where the cardholder is sent for authentication.
- Merchant application will redirect the webpage for the cardholder to ACS (authentication page).
- ACS displays the password frame where the cardholder inputs the password. ACS verifies the cardholder password and responds back to Merchant with the authentication result.
- The MPI validates the signature and advises Merchant application with the authentication result.
- Merchant application then sends or fails transaction for authorisation based on the authentication result
Is there any risk?
Chargebacks can still occur so you need to ensure that you review each of the AMEX transaction that you process. From within MyGate reporting, you can see if a AMEX transaction was fully authenticated. Bear in mind, not all AMEX cards have been enrolled with SafeKey and therefore if the card is not enrolled by the bank then full authentication cannot take place.
How do I activate SafeKey?
If you are interested in setting up American Express SafeKey on your MyGate account, please e-mail firstname.lastname@example.org to request this.