"MasterCard SecureCode" - Rogers; possibly others? | Credit card reward programs | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
"MasterCard SecureCode" - Rogers; possibly others?
July 4, 2019
10:04 pm
Loonie
Member
Members
Forum Posts: 5547
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

I feel like I must have missed a step because I've never encountered this before, although it appears it's been around a few years.

This evening, I went to make an online purchase from a merchant I've shopped with many times before, and I wanted to use my Rogers MC. I've used the Rogers card with this merchant several times before without incident.

Tonight, however, after I'd entered my CC info, a page came up that said that Rogers MC "wants" me to use "MasterCard SecureCode". Logos for MC SecureCode and Rogers both appeared on the page. It was a page from BorderFree, who provides cross-border brokerage services to this merchant and has done so for quite some time. The link to Terms & Conditions for MC SecureCode was dead. I did not proceed as I didn't know what this was or why I should want to do it or why Rogers wanted me to or if it did. Accordingly, my transaction was blocked. I had to call and place the order by phone, which meant I lost my ebates rebate and the transaction changed from CDN to USD.

After I hung up from the merchant's CSR, I found this:
https://www.rogersbank.com/legaldocs/en/mastercard_securecode_terms_and_conditions_oct2013.pdf

I remain mystified by this document and this "service". The service seems vague to me and is not explained to my satisfaction. It appears to have been in place since 2013, so why has Rogers never told me about it? why are they suddenly insisting on it? do other MC providers insist on it also?

It's not entirely clear what this offers or how it does it. There is a suggestion that there might at some point be a fee. What is clear, more or less, is that if I use it, I am obligated, under threat of losing my card, to constantly update Rogers on any changes in answers to questions which have not yet been revealed to me. It also appears I am supposed to tell them about other CCs I may hold, and I must agree to share all of this with unspecified third parties, or so it seems. I presume the latter would be the credit agencies (which I assume they already use to check on me now and then, so what else are they looking for?), but there are no restrictions; could be located in another country, subject to other laws unknown to me, etc.

I am not inclined to sign up for this, but am wondering what others think and whether it is a sign of things to come. Have you had this experience? If so, what did you make of it and what did you do?

July 5, 2019
5:12 am
rodeworthy
Member
Members
Forum Posts: 30
Member Since:
February 1, 2016
sp_UserOfflineSmall Offline

Loonie thanks for posting this information. We have not encountered SecureCode requirement for any of our Rogers MC transactions.

It is a bit tricky to find further information on SecureCode but I did find these:

MasterCard SecureCode information

MasterCard SecureCard FAQ

It would appear that the SecureCode is a MasterCard requirement - not originated by Rogers Bank.

Could it be this came up only because it was an International transaction? [edit[ see below

We have not used the cards for any International purchases. We have U.S. accounts for purchases in USA. Have not completely gone through the information in the links but passing this on for your further enlightenment on the matter. I look forward to further discussion on this topic.

Edit: 10:15 AM

Further reading on the subject indicates that SecureCode is probably a good thing. It is akin to a PIN number and is controlled by your Financial Institution. It offers another level of security for the merchant and the customer. I must admit the legalize in the document Loonie linked to seemed to be one-sided pro-Rogers protection with very vague protection for the cardholder. Not unusual for a legal script.

In order for SecureCode to be invoked it appears to require two things:
1. The vendor must sign up to participate in the program;
2. The cardholder must have filled out the SecureCode application for a personal code.

Both parties receive an added level of protection with the program.

I don't know what happens when the vendor signs up and then encounters a customer who has not registered for SecureCode.

SecureCode is available for all Mastercards.

The important thing to note is that the SecureCode is between you and your Financial Institution. Similar to a PIN, the vendor never sees that number.

I don't recall signing anything related to a SecureCode when we applied for Rogers Bank MasterCard. I will look into it since I think it does add more security for online purchases.

Loonie, sorry it did not register with me the first time that this was not the first time you have used the card with this vendor. Could it be that they signed up for the service since the last time you used it? Do you recall filling out information for SecureCode when you applied for Rogers Bank MasterCard?

Hope this helps...

July 5, 2019
7:31 am
Norman1
Member
Members
Forum Posts: 2561
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

MasterCard SecureCode and Verified by Visa are an extra layer of security for card-not-present purchases done over the Internet. They have been around for a while. I've encountered the MasterCard SecureCode some years ago. Not recently, though.

They will kick in when both the card issuer and the merchant have implemented support for them. This is from Microsoft Skype: What are Verified By Visa and MasterCard SecureCode?:

What are Verified By Visa and MasterCard SecureCode?

Some financial institutions use an extra security step known as “Verified by Visa” or “MasterCard SecureCode” to authenticate internet purchases. If your financial institution uses these services, you will be redirected to their site in order to complete the purchase.

If you have not previously set up your Verified By Visa or MasterCard SecureCode account, you'll need to provide information to your card issuer to confirm your identity and then create your password. When making future purchases, only your Verified by Visa or MasterCard SecureCode password will be required during checkout.

July 5, 2019
12:22 pm
file
Member
Members
Forum Posts: 44
Member Since:
August 1, 2015
sp_UserOfflineSmall Offline

American Express also has a similar thing called SafeKey. I've had it come up during a Skip The Dishes order (they recently changed payment companies, now on Stripe which supports it). I believe in their case it sent me a one time use number to my email address on file with Amex that I then had to input in SafeKey.

July 5, 2019
2:20 pm
Londonguy
Member
Members
Forum Posts: 271
Member Since:
May 27, 2016
sp_UserOfflineSmall Offline

Used to get blocked by the MasterCard SecureCode thing going back at least 10 years when trying to buy VIA train tickets online. IIRC the need to jump through the extra hoop seemed isolated to the VIA website. It was a pain in the butt for my wife to deal with so we just drove around it by using a VISA card instead.

My most recent experience was that I got temporarily blocked by Verified by VISA about a year ago trying to buy about $40 worth of auto parts (a replacement side mirror) from Rock Auto out of the USA using my HT Preferred VISA. In that case I just followed their second level of verification exercise and the purchase was eventually approved. Still a PITA though, especially for a $40 transaction

July 8, 2019
12:24 am
Loonie
Member
Members
Forum Posts: 5547
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

Made a phone call to Rogers. They agreed that it's a real "thing" but could not explain why it had kicked in at this time. They said they do not require it for this kind of transaction, even though that's what the screen alleged, i.e. "your card issuer wants you to...". They said it is normally used for what sounded like commercial purposes involving airlines and such, but not sure if the person we talked to knew what he was talking about. He said I did the right thing by not accepting it. ???
I am really uncomfortable being lied to, which I clearly was - either by the borderfree website which alleged that Rogers "wants" me to do this, or by the person at Rogers who said they don't.
I can't help wonder if this is being insisted upon somehow because it's a card that is often used for foreign transactions.
The merchant form whom I ordered is not an obscure one that nobody ever heard of.. And I've been doing business with them for a very long time. One doesn't encounter this hurdle when ordering by phone, which I finally did., using the same card.

I don't know the way forward, but I know I don't like the T&C.

I'm now waiting to see what will happen with the package as it no longer is coming through their broker, who manages Customs and also rreturns.

July 8, 2019
9:27 pm
Norman1
Member
Members
Forum Posts: 2561
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

There's a good chance all this about MasterCard SecureCode will soon be moot.

The SecureCode signup pages I've found seem to be now non-functioning!

MasterCard may be in the process of replacing fixed-answer SecureCode verification with Mastercard Identity Check verification that uses dynamic one-time PIN's. Kind of like what EQ Bank uses when one calls in.

This is from ATB Financial: Mastercard® Identity Check™ :

Here’s how it works:​

  1. When you shop with a participating online merchant, you’ll be prompted to enter a unique, one-time PIN code.
  2. You can then indicate whether [I think that should be "how"] you’d like to receive the PIN code
  3. Confirm your purchase and complete your checkout by entering the PIN code you received via email*, SMS text*, or an automated phone call​.
  4. The purchase will be authorized with the merchant, and your purchase transaction will be approved.

Voila! No passwords to remember, and it’s still simple and secure.

July 8, 2019
9:34 pm
Loonie
Member
Members
Forum Posts: 5547
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

That's encouraging! Sure hope you're right, Norman.

July 8, 2019
9:46 pm
Norman1
Member
Members
Forum Posts: 2561
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

MasterCard's transition from SecureCode to Identity Check is actually part of a credit card industry transition from 3D Secure 1.0 to 3D Secure 2.0.

The transition is described in Payments Journal: A Credit Union’s Guide to 3D Secure 2.0:

Verified by VISA (VBV), Mastercard SecureCode, American Express SafeKey, Discover ProtectBuy, Secure Online Transactions (SOT), EMV 3-D Secure, and Mastercard Identity Check are just a few of the monikers this security protocol has worn since its inception in 1999.

3D Secure 1.0 relied on features like static passwords, pop-up boxes, and user registration to verify and authenticate cardholders. However, this created barriers for legitimate customers, leading to frustration and cart abandonment. Credit unions and banks ramped up their fraud strategies, but this led to higher rates of false declines, which only added to customer frustration.

3D Secure 2.0 does away with these onerous user requirements. Say goodbye to pop-ups and hello to Risk Based Authentication. Static security keys are being swapped out for one-time passwords (OTPs). And no longer will legitimate customers bear the burden of registering their card with Visa or MasterCard to receive the benefits of the security protocol.

Another key difference with the new version is the amount of data behind each decision. 3D Secure 2.0 pulls information like IP address, shipping address, device information, and more info about customers themselves, allowing issuers to improve risk scores and make better authentication decisions.

July 8, 2019
11:59 pm
Loonie
Member
Members
Forum Posts: 5547
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

It seems strange that BorderFree has only just got around to implementing what appears to be a dying technology at this time. It's only been a few weeks since my last order to this merchant, using the same CC without any issues.

July 9, 2019
2:59 pm
Save2Retire@55
Member
Members
Forum Posts: 586
Member Since:
January 3, 2013
sp_UserOfflineSmall Offline

I haven't encountered this in the past but in a recent vacation to Europe while purchasing tickets for different places I had to always enter the Secure Code. This doesn't happen when I use the card in other sites like Walmart, Amazon, AliExpress, etc.

August 21, 2019
8:58 pm
Loonie
Member
Members
Forum Posts: 5547
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

I don't want to agree to the Mastercard condition. I tried Visa recently, but that didn't work either for reasons I can't specifically remember.

So, I thought that next time I would try PayPal since that is an accepted means of payment with this particular retailer.
I've had an account with them for a while but have used it rarely. It's linked to the Rogers credit card. The PayPal fine print says the charge the 2.5% exchange fee on foreign transactions.

So, now my question is, if I buy something in USD through PayPal, what will I actually be paying?

I think I know the answer, but can't find any confirmation online. so I'm interested in what others think.

My best guess is that I would be liable for the 2.5% to PayPal without any compensation, and that it would then be billed to Rogers in CDN, so the fee would not be compensated by Rogers either. Do you agree?
Do you see any way around this?

thx

August 21, 2019
9:07 pm
GICinvestor
Member
Members
Forum Posts: 268
Member Since:
April 26, 2019
sp_UserOfflineSmall Offline

I think so. PayPal will convert US$ to Canadian $ and charge that converted amount to your credit card.

I removed a credit card from PayPal. I don’t like a third party using my credit card.

I transfer money from my savings account to my checking account and my PayPal debits my checking account. I don’t have overdraft on my checking account.

August 21, 2019
9:29 pm
Peter
Admin
Forum Posts: 1061
Member Since:
May 15, 2007
sp_UserOfflineSmall Offline

You are not forced to use PayPal's conversion fee.

When you pay, you should have an option to change this:

convert_currency_change.png

Then, you can select "Convert with card issuer":

convert_with_card_issuer.png

The USD to CAD PayPal conversion fee is even worse than you think for payments -- it's 3.0%.

August 21, 2019
10:13 pm
Loonie
Member
Members
Forum Posts: 5547
Member Since:
October 21, 2013
sp_UserOfflineSmall Offline

Thanks, guys. This should be very helpful.
And it gets me out of that nasty 'MasterCard SecureCode" business, which i find unacceptable.
And I will be able to continue to save money! sf-smile

August 22, 2019
8:44 pm
Joe
Member
Members
Forum Posts: 144
Member Since:
June 3, 2015
sp_UserOfflineSmall Offline

Loonie said
Thanks, guys. This should be very helpful.
And it gets me out of that nasty 'MasterCard SecureCode" business, which i find unacceptable.
And I will be able to continue to save money! sf-smile  

Funny that....I am reluctant to use my MC without SecureCode or my Visa without VerifiedbyVisa

September 1, 2019
2:42 pm
Yatti420
Canada
Member
Members
Forum Posts: 326
Member Since:
July 10, 2011
sp_UserOfflineSmall Offline

It's integrated into most transactions i've done and just bypassed automatically.. Also I saw paypal confirm a transaction via text which ofcourse is kind of scary.. It was a legit transaction however.. .

September 25, 2019
8:32 am
Rick
Member
Members
Forum Posts: 838
Member Since:
February 17, 2013
sp_UserOfflineSmall Offline

GICinvestor said
I think so. PayPal will convert US$ to Canadian $ and charge that converted amount to your credit card.

I removed a credit card from PayPal. I don’t like a third party using my credit card.

I transfer money from my savings account to my checking account and my PayPal debits my checking account. I don’t have overdraft on my checking account.  

I'm the opposite. PP is a sleazy operation with no real oversight or the accountability of a bank, and they do whatever they want. Too many horror stories about funds/accounts being frozen for any or no reason. I sell a lot on epay using PayPal ( really no other choice), and would rather give them access to my credit card than bank account. Their access is two way so you could wake up one morning to find they helped themselves to your cash. I do have my Coast Capital linked to withdraw my funds, but other than that, the account is usually emptied as soon as the money arrives there. Doesn't seem to be a hold period for funds pushed out of PayPal. I would rather have to deal with Home Trust Visa than PP to try to recover money PP took from my account.
Peter is right. You can have your credit card convert your ForEx instead of PayPal, but is not obvious unless you know how, and you have to do it EVERY time you make a purchase. I've been caught a few times forgetting to change the conversion option on a purchase and yes, it cost more to have them do it instead of my CC.
Until recently, they wouldn't even let you choose if you had funds sitting in your PP account. You would have to let them convert (all my sales are in USD) at their rate and then you could put the rest on your card. I phoned and complained and they said to move any remaining funds to your bank before you pay. I must not have been the only one to complain because, surprisingly, my last purchase they let me put it on my card even though I had funds in my account with them (earning 0% interest).
Unfortunately, there are not many widely accepted alternatives to PP, and since epay owns them, they push hard to limit payment options.

Please write your comments in the forum.