The Credit Transaction Security Measures Council of the Japan Credit Association (JCA) has mandated the use of EMV 3D Secure on Japanese credit cards beginning in March 2025. The JCA recently published updated guidance to its members on how the EMV 3D Secure implementation will work in practice.
At the heart of this regulation, the JCA seeks to leverage 3DS to combat fraud and abuse across the customer journey, including before payment, at checkout, and after purchase, to create a safe and secure credit card usage environment.
JCA is calling all members, including acquirers and processors, to ensure widespread awareness of the guideline.
Will 3DS be required on Japanese card transactions?
With this new regulation, 3DS will become required for any credit card payment processed by a Japanese entity to reduce the risk of fraud. If a merchant has multiple entities, this legislation only applies to the Japanese one.
As fraud becomes more sophisticated and increases rapidly in Japan, the guideline’s basic principle is to reduce the risk by ensuring that merchants consider fraud measures across the customer lifecycle with EMV-3DS, including account registration, login, checkout, and post-purchase.
Which transactions will be excluded from the 3DS requirement?
The guideline also outlines exceptions and exemptions for transactions that require 3DS. The details have not yet been disclosed, but merchants can inquire to their PSP or acquirer to receive specific information about exceptions and exemptions.
How do we deliver an excellent customer experience while meeting regulatory compliance?
Although 3DS can be a tool for combating fraud, it can also lead to several negative effects, including customer friction. In Europe, where PSD2 mandated 3DS usage in 2020, merchants typically see a 20 to 25% drop-off in transactions that leverage 3DS due to the additional friction. This drop-off has a negative impact on merchant conversion and completion rates.
Merchants who can adapt to specific conditions outlined by the JCA will most likely be able to exempt a portion of their transactions from 3DS. This will unlock the ability to provide a frictionless customer experience to good customers — creating a competitive advantage.
Recommendations
The JCA encourages merchants to implement this guidance as soon as possible, but the legislation does not take effect until March 2025. Here are a few recommendations to consider:
- Implement a holistic fraud prevention solution: To meet the basic principle of the guideline, look for a fraud solution that leverages identity insights to tackle fraud and abuse across the entire customer journey. The ability to identify and detect fraud both before and after checkout is the main principle from the guideline.
- Leverage smart 3DS: If merchants qualify for the specific conditions to exempt 3DS, they should consider leveraging a smart 3DS solution that balances consumer, processor, and issuer preferences while ensuring regulations are met to route each transaction in a manner that optimizes conversion. For example, some Japanese issuers may prefer 3DS for specific segments, and the authorization rate will be much higher when utilized.
- Keep your card vault up-to-date: Network tokens and account updater solutions help avoid authorization declines when a card becomes outdated. They also remove the 3DS friction when consumers update the card themselves.
Forter has helped European merchants successfully navigate PSD2 regulations since they came into effect. We’re closely monitoring the JCA regulations to ensure we can help merchants doing business in Japan meet these new requirements and ensure their businesses thrive when implemented next year.