What Merchants Should Know: Japan Credit Association (JCA) EMV 3DS Mandate

Blog
Galit Shani-Michel, Vice President of Payments, Forter
Jan 23, 2025
Blog

The Credit Transaction Security Measures Council of the Japan Credit Association (JCA) has announced a new mandate requiring the implementation of 3DS authentication for all credit card transactions processed under Japanese entities by the end of March 2025.

As fraud becomes increasingly sophisticated and prevalent in Japan, the mandate aims to mitigate risks by encouraging merchants to implement fraud prevention measures across the entire customer lifecycle. These measures address key stages, including account creation, login, card registration, and checkout.

 

Key Requirements and Scope

The Ministry of Economy, Trade, and Industry (METI) has outlined the key requirement: all eCommerce credit card transactions processed in Japan — whether domestic or cross-border — must implement 3DS by the end of March 2025. This mandate applies universally to all credit card types and remains valid regardless of any other payment security measures currently in place.

 

Customer Friction Impact

Although 3DS can be a tool for combating fraud, it can also lead to several negative effects, including customer friction. In Europe, where PSD2 mandated 3DS usage in 2020, merchants typically saw a 20 to 25% drop-off in transactions that leverage 3DS due to the additional friction. This drop-off has a negative impact on merchant conversion and completion rates.

The JCA, however, has outlined exclusions to help minimize this customer friction. Merchants who can adapt to specific conditions outlined by the JCA will most likely be able to exclude a portion of their transactions from 3DS. This will unlock the ability to provide a frictionless customer experience to good, legitimate customers — creating a competitive advantage.

 

Transactions Excluded from the 3DS Mandate

Certain transaction types are excluded from the 3DS mandate. These include:

  • Prepaid or debit cards
  • Payment via or through devices that do not support 3DS, such as game consoles and smart speakers
  • Mail Order/Telephone Order (MO/TO) transactions
  • Merchant Initiated Transactions (MIT)
  • Internal or B2B transactions in dedicated environments, such as corporate cards used exclusively on specific websites
  • Google Pay and Apple Pay transactions

 

How Merchants Should Use the 3DS

In addition to the above list, the JCA has established guidelines for when to apply authentication for sign-up/login and credit card transactions. Different recommendations require merchants to meet specific conditions.

The JCA outlined three possible scenarios with their requirements:

  • Scenario 1: Merchant-Determined Authentication
  • Scenario 2: Authentication Only for New Cards 
  • Scenario 3: Authentication on Every Touchpoint

Merchants can reach out to their acquirer to learn more about how to qualify for each of the scenarios.

Merchants who can adapt to take advantage of scenario 1 or 2 will be able to reduce friction for their customers.

 

Recommendations

To comply with the new mandate while minimizing the impact to customer completion rates, consider the following:

 

Meet JCA Requirements to Minimize Customer Friction

Complying with scenario 1 or 2 exemptions will significantly reduce the amount of customer friction this legislation will introduce.

 

Track Issuer Responses

Each issuer will approach the new mandate differently. To optimize conversion, it’s essential to understand whether an issuer will require a challenge, accept frictionless 3DS, or authorize without 3DS.

 

Secure Payment Cards

Merchants will need to authenticate users when registering a new card. The use of agnostic tokenization and account updater to store and maintain valid card credentials will allow merchants to avoid authentication for returning customers – minimizing friction. 

 

 

About Forter

Forter is the Trust Platform for digital commerce. We make accurate, instant assessments of trustworthiness across every step of the buying journey. Our ability to isolate fraud and protect consumers is why Nordstrom, Instacart, Adobe, Priceline and leaders across industries have trusted us to process more than $1 trillion in transactions. Our deep understanding of identity and use of automation helps businesses prevent fraud, maximize revenue and deliver superior experiences for their consumers. Visit Forter to learn more.

 

Tagged:
Blue-tinted background of a man watching a webinar

Host a Webinar with the MRC

Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request

Publish Your Document with the MRC

Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document

Related Resources

View All Resources