American Express SafeKey®

Partner with American Express to grow your online business while protecting against online fraud.

Overview

The growth of digital commerce has placed greater emphasis on Merchants and Issuers to enhance their fraud prevention techniques while ensuring their customers can transact quickly and easily on whatever device they choose.  

 

American Express SafeKey 2.0 is a security solution that leverages the global industry standard, EMV® 3-D Secure, to detect and reduce online fraud—providing an extra layer of security when consumers shop through web browsers or in-app. 

 

SafeKey 2.0 enables Merchants and Issuers to exchange detailed information, which helps reduce fraud and minimize the need for a one-time passcode—improving the user experience and reducing shopping cart abandonment.  

 

Building consumer confidence can help expand your market reach. Enhanced fraud protection through SafeKey may encourage online customers to spend more and help grow your business. Enroll in SafeKey today! 

 

EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo.

Benefits

Merchants

Reduce Fraud Liability 

  • Transfers liability for fraud chargebacks on SafeKey authenticated and attempted transactions to the Issuer 

  • Works alongside other tools to manage fraud 

Increase Profitability 

  • Helps customers feel more secure about online purchases potentially increasing their confidence to spend 

Reduce Shopping Cart Abandonment 

  • Allows Issuers to use additional data elements already part of the checkout process to authenticate a Card Member without a ‘challenge’* reducing friction, leading to a higher conversion of sales 

*A ‘challenge’ is when an Issuer can request the Card Member to prove his/her identity, e.g. by use of a One-Time Passcode (OTP).

Issuers

Reduce Fraud 

  • Lowers fraud with an extra layer of security 

  • Leverages richer data to make smarter, more sophisticated risk decisions 

Increase Sales 

  • Helps increase Card Member confidence by reducing friction leading to reduced  
    cart abandonment 

Authenticate Securely 

  • Richer data allows targeting of higher risk transactions where stronger customer authentication would be beneficial  

  • Supports a variety of Card Member authentication methods, including one-time passcodes, biometrics, and out-of-band

Card Members

  • Helps protect against the fraudulent use of Card Member details  

  • Simplifies enrollment as Issuers will do this automatically for Card Members 

  • Expands protection of SafeKey from web browsers to include in-app purchases

SafeKey 1.0/2.0 Comparison

Features SafeKey 1.0.2 SafeKey 2.0
Based on industry-standard 3-D Secure
Extra layer of security at checkout
Payment authentication
Browser-based authentication
Flexibility for Issuers to use a variety of authentication methods (i.e. one-time passcodes, risk-based decisioning, etc.)
Support for more data elements promoting frictionless authentications Available in the US & its territories
App-based (in-app) enablement
Nonpayment authentication
Token-based transactions
Out-of-band authentication

How It Works

Enrollment and Implementation

Merchant & Wallet Provider

  1. Engage 3DS Server (MPI) Provider 

    • See www.amexenabled.com for list of certified providers 

    • Integrate 3DS Server’s authentication flow into Merchant’s website 

    • Access the SafeKey Brand Guidelines & Logo pack here

  2. Click here to complete SafeKey enrollment form

    Enroll

  3. Receive email from SafeKey Merchant Enrollment Team with next steps

  4. SafeKey Merchant Enrollment Team seeks approval from Acquirer

  5. Merchant, Acquirer, 3DS Server (MPI) Provider and SafeKey Merchant Enrollment Team complete required technical setup

  6. Receive email notification of SafeKey ID when process is complete 

    • Merchant will use SafeKey ID for their 2.0 transactions

SDK

A Merchant’s app processes SafeKey transactions using a Software Development Kit (SDK).  SDK Providers are required to enroll with American Express to provide proof of their EMVCo certification.

 

  1. Click here to register your company with the AMEX Enabled Program

  2. Confirmation email contains link to enrollment form

  3. Complete enrollment form, provide your EMVCo SDK Reference Number

  4. Enroll users to access the AMEX Enabled Dashboard

  5. Access security certificates from AMEX Enabled

ACS & 3DS Server (MPI) Provider

  1. Click here to register your company with the AMEX Enabled Program

  2. Confirmation email contains link to product enrollment form

  3. Complete product enrollment form

  4. Enroll one or more users to access the AMEX Enabled Dashboard

  5. Log in to the AMEX Enabled Dashboard to access certification documentation

  6. Access SafeKey Test Lab from AMEX Enabled to complete testing and certification of your solution

Acquirer

  1. Click here to engage the SafeKey Certification Team

  2. Receive email from Certification Team with your SafeKey ID and next steps

  3. Complete test cases and submit results

  4. Receive Compliance letter from American Express

  5. Certification complete

Issuer

  1. Click here to engage the certification team

  2. Receive email from SafeKey Certification Team with your SafeKey ID and next steps

  3. Complete test cases and submit results

  4. Receive Compliance letter from American Express

  5. Certification complete