In recent years, more and more people have been using e-commerce sites in addition to shopping in physical stores. In particular, the COVID-19 pandemic, which began in 2020, led to a surge in demand for e-commerce sites. Customers who had rarely used e-commerce before began to shop online. In Japan, the demand for e-commerce sites continues to grow, and with the large number of e-commerce sites now in existence, using them has become a more common way to make purchases.

As the market for ec-ommerce sites rapidly expands, the number of victims of credit card fraud also increases every year. Strengthening security and preventing unauthorised use of credit cards are extremely important issues, especially for e-commerce sites where credit card payments are not made face-to-face. In this context, the introduction of 3D Secure authentication by the Japanese government is attracting attention.

In this article, we explain the current status of 3D Secure authentication in Japan and the reasons for its slow adoption, as well as the background of the mandatory adoption of 3D Secure 2.0 announced by the Ministry of Economy, Trade and Industry (METI).

What’s in this article?

• 3D Secure penetration rate in Japan
  
• 3D Secure 2.0 mandate for e-commerce businesses
  
• Why hasn’t 3D Secure been widely adopted in Japan?
  
• Future 3D Secure adoption rates
  

3D Secure penetration rate in Japan

According to the METI’s “Strengthening measures against fraudulent use of credit card numbers, etc.” (p. 29), 3D Secure 2.0 has been introduced at almost all e-commerce businesses in the EU. However, in Japan, adoption of 3D Secure 2.0 has lagged behind the EU.

The details of the penetration rate of 3D Secure are currently unknown because reliable data is not publicly available. However, with many businesses concerned about the possibility of cart abandonment due to 3D Secure, many customers might never have seen an e-commerce site that supports 3D Secure authentication – suggesting that the adoption of 3D Secure is not significantly progressing.

3D Secure 2.0 mandate for e-commerce businesses

The number of fraudulent online credit card payments increases sharply each year, so the importance of security measures grows. In response, METI has announced that all e-commerce businesses must implement 3D Secure 2.0. The deadline for the introduction of 3D Secure 2.0 is the end of March 2025, and businesses involved in credit card payment are required to adopt 3D Secure 2.0 as soon as possible.

The introduction of 3D Secure on all e-commerce sites is expected to minimise the occurrence of fraudulent credit card use in the future.

Why hasn’t 3D Secure been widely adopted in Japan?

The reasons for the slow adoption of 3D Secure include the following concerns for service providers.

Cost burden of 3D Secure 2.0

Since 3D Secure 2.0 is a fee-based service in some cases, some business owners are concerned about the various fees and other burdens they will have to bear. For example, even if there is no initial cost or monthly usage fee at the time of installation, businesses might incur a fee for each payment transaction.

Inability to customise risk assessment

3D Secure 2.0 verifies the risk of fraudulent use based on a variety of information, including the credit card number and expiration date, as well as the user’s device information and access area (risk-based authentication). If the verification process identifies a high-risk transaction, the system will ask for additional authentication, such as a one-time password.

In other words, businesses are not free to change the details of risk assessment in consideration of the unit price of goods and products. Therefore, customers might be required to perform identity authentication for every transaction, even if the transaction is legitimate.

Potential for fraud to slip through

3D Secure cannot detect all fraudulent use. As fraud techniques become more sophisticated each year, they could pass through 3D Secure 2.0’s risk-based authentication. Therefore, it is important to understand that even with 3D Secure 2.0, there is still a risk that a slip-through might occur.

Risk of basket abandonment

Generally, e-commerce customers want to enjoy online shopping and easily purchase the products they want. They might feel that unfamiliar 3D Secure identity authentication at the time of payment is a hassle. They also might give up on the purchase due to failure of 3D Secure authentication. Many businesses are concerned about the possibility of basket abandonment from customers, making it difficult for business owners to support introducing such a system.

Future 3D Secure adoption rates

Since the announcement of the 3D Secure 2.0 mandate, 3D Secure is gradually being introduced in Japan. Since all e-commerce businesses are required to comply with this mandate, the penetration rate is expected to increase further by the end of March 2025, the deadline for introduction.

Although the adoption rate has been steadily increasing, not all e-commerce businesses have completed the implementation. Therefore, companies are required to take proactive measures to further promote 3D Secure in the future. For customers to enjoy credit card shopping with peace of mind, businesses should build a payment environment that combines convenience and security. They can do so by implementing appropriate security measures such as 3D Secure 2.0 and other fraud detection systems that allow companies to set their own rules.

Stripe is taking steps to comply with the 3D Secure mandate in accordance with the implementation deadline and is enacting thorough security measures for personal information and transaction data, including data encryption – such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology – to prevent unauthorised access.

For those considering launching an e-commerce site and implementing a payment system, Stripe Payments can handle a wide range of e-commerce site payment needs, allowing you to create a payment environment that fits your business style without having to develop your own system.