Published:
December 16, 2024
Reading time:
3 minute read
Written by:
Forter Team
The Credit Transaction Security Measures Council of the Japan Credit Association (JCA) has mandated the use of EMV 3D Secure on Japanese credit cards beginning in April 2025.
As fraud becomes increasingly sophisticated and prevalent in Japan, the mandate aims to mitigate risks by encouraging merchants to implement fraud prevention and account protection measures across the entire customer lifecycle. These measures address key stages, including account creation, login, card registration, and checkout.
Key Requirements and Scope
The Ministry of Economy, Trade, and Industry (METI) has outlined the key requirement: all eCommerce credit card transactions processed in Japan — whether domestic or cross-border — must implement 3DS by the end of March 2025.
This mandate applies universally to all credit card types and remains valid regardless of any other payment security measures currently in place. If a merchant has multiple entities, this legislation only applies to the Japanese one.
Customer Friction Impact
Although authentication can be a tool for combating fraud, it can also have several negative effects, such as reducing merchant conversion and completion rates due to added customer friction. In Europe, where PSD2 mandated 3DS usage in 2020, merchants typically see a 20% to 25% drop-off in transactions that leverage 3DS due to the additional friction.
Luckily, the mandate outlines transactions that are excluded from this authentication mandate. Merchants who can take advantage of these exclusions will be able to minimize customer friction for their good customers to maintain high conversion rates.
Transactions Excluded from the 3DS Mandate
Certain transaction types are excluded from the 3DS mandate. These include:
- Prepaid cards or debit cards
- Payment via or through devices that do not support 3DS, such as game consoles and smart speakers
- Mail Order/Telephone Order (MO/TO) transactions
- Merchant Initiated Transactions (MIT)
- Internal or B2B transactions in dedicated environments, such as corporate cards used exclusively on specific websites
- Google Pay and Apple Pay transactions
How Merchants Should Use 3DS
In addition to the above list, the JCA has established guidelines for when to use authentication for sign-up/login and credit card transactions. Different recommendations require merchants to meet specific conditions.
The JCA outlined three possible scenarios with their requirements. Merchants can reach out to their acquirer or processor to learn more about how to qualify for each of the scenarios.
- Scenario 1: Merchant-Determined Authentication. Under the premise that the merchant has implemented comprehensive measures and systems that are as effective or better than 3DS.
- Scenario 2: Authentication Only for New Cards. 3DS at time of card registration, with appropriate account take over measures, and up to merchant decision for subsequent transactions.
- Scenario 3: Authentication at card registration and point of checkout, for merchants unable to meet Scenario 1 and 2 requirements.
Merchants who can adapt to take advantage of scenario 1 or 2 will be able to reduce friction for their customers. This will unlock the ability to provide a frictionless customer experience to good customers — creating a competitive advantage.
Recommendations
Although the legislation does not take effect until late March 2025, the JCA encourages merchants to implement this guidance as soon as possible.
Here are a few recommendations to consider:
- Secure Accounts: Strong protection to minimize fake account creation and prevent account-takeovers.
- Prevent Fraud: Minimize fraud at checkout, for both guest and account checkout.
- Leverage smart 3DS: If merchants qualify for the specific conditions to exempt 3DS, they should consider leveraging a smart 3DS solution that balances consumer, processor, and issuer preferences while ensuring regulations are met to route each transaction in a manner that optimizes conversion. For example, some Japanese issuers may prefer 3DS for specific segments, and the authorization rate will be much higher when utilized.
- Keep your card vault up-to-date: Network tokens and account updater solutions help avoid authorization declines when a card becomes outdated. They also remove the 3DS friction when consumers update the card themselves.
Forter Solution for Japan
Forter’s Trust Platform empowers merchants to reduce friction for legitimate customers while maintaining full compliance with regulatory requirements. Our platform offers solutions that meet the stringent account protection and fraud management standards outlined by the Japan Credit Association (JCA).
With Forter, merchants can also strategically implement 3D Secure (3DS) to optimize the balance between security and customer experience. By applying 3DS selectively and intelligently, merchants can minimize disruptions for trustworthy customers while taking advantage of liability shift protections. This approach enhances customer satisfaction and strengthens fraud prevention and compliance efforts.