Japan 3DS Mandate. What To Know One Year In.

On April 1st, 2025, Japan’s 3DS mandate went into effect. In the year that has followed its roll-out, the impact has been widespread across the payments landscape. 

In this article, we discuss how things look a year into the mandate for transactions, customer friction, and fraud. We also explore how merchants can make sure that they’re well positioned to meet the challenges and opportunities of Japan’s 3DS reality.

Japan’s 3DS Mandate

In response to rising fraud, Japan’s Ministry of Economy, Trade and Industry (METI), and the Japan Credit Association (JCA) made EMVCo’s 3D Secure protocol mandatory for eCommerce credit card transactions processed in Japan.

This applied to both domestic and cross-border transactions, and the stated goal was to get 100% of registered merchants using dynamic authentication such as biometrics or one time passwords in place of static passwords. 

To minimize friction and help the shift away from static passwords, there was an additional goal of having credit card issuers encourage their cardholders to enroll in 3DS. The mandate aimed to have 80% of cardholders enrolled.  

Japanese merchants and issuers worked hard to achieve this shift successfully. The question now is – what impact has the mandate had?

3DS Exemptions

To understand the context of the impact, it’s important to note that Japan’s 3DS mandate doesn’t insist that 3DS be applied to every single transaction. As Forter has explained, there are exemptions for certain types of cards, devices, and payment methods. 

Merchants can also take advantage of certain limitations within the 3DS mandate. For example, while a customer does need to go through 3DS to sign up for a subscription, the merchant doesn’t need to use 3DS every time they take the monthly payment after that. 

Using a solution like Forter can also help merchants to both meet the high standards outlined by the JCA, and ensure that good customers experience as little friction as possible.

Fraud Continues to Rise

METI and the JCA introduced the 3DS mandate because of rising online fraud. Forter’s data suggests that stolen credit card fraud (the primary fraud type 3DS is designed to stop) as a share of fraud risk dropped by roughly ~40% from May 2025 to Nov 2025 and has stayed at around that lower level. That’s significant. 

At the same time, however, Forter’s data shows that account takeover attacks (ATO) doubled by October 2025, compared to before the rollout. And they’ve stayed at that elevated level.

2025 also saw record amounts lost in online banking fraud. Companies, in particular, experienced far more loss — more than quadruple the previous year. Numbers of fake websites reported increased significantly. 

It seems that the introduction of 3DS in Japan is following a pattern familiar from other countries. 

What’s happening is that the fraud pressure on stolen credit card fraud has reduced, but instead of disappearing, it’s moving elsewhere.

Fraud is Like the Air in a Balloon

The “balloon explanation” for online fraud illustrates what’s happening with the move to 3DS and fraud. Essentially, fraud is like the air in a balloon. When you squeeze part of the balloon — making it harder to commit third-party credit card fraud — the air shifts to another part of the balloon. 

Fraudsters have responded to 3DS by leaning into social engineering, phishing, account takeover, and so on. Some, of course, find more sophisticated ways to commit third-party credit card fraud that can outwit 3DS. This is similar to what many merchants reported in Europe when PSD2 came in.

For merchants, that means that understanding the impact of 3DS on their business is not just a matter of payments analysis. It’s equally important to examine forms of fraud that 3DS doesn’t combat, such as account takeover, and ensure you and your customers are protected. 

The rise in fraud is particularly challenging for eCommerce merchants because the 3DS mandate came with some additional details. Any merchant that experiences three consecutive months with fraudulent chargebacks of 500,000 JPY or above in each month, becomes a “fraud-exposed” merchant.

Fraud-exposed merchants need to use 3DS, with far less flexibility on exempting certain transactions. As well, they need to use an additional authentication method for their transactions. This could be:

• Requiring customers to provide their CVV or similar code
• Using a mechanism to match billing and shipping addresses
• Working with some fraud detection systems

So if the incentive of keeping fraud losses down isn’t enough by itself, merchants also need to worry about the possibility of fraud chargebacks necessitating more friction for good customers.

3DS Merchant Impact in Japan

As with PSD2 in Europe, 3DS in Japan has had a significant impact on conversion rates. 

• Transactions that don’t use 3DS have a completion rate of about 94%.
• In the first ~6 months of the rollout, transactions that used 3DS had a completion rate of ~75%.

While some of this represents fraud prevented, numbers this drastic suggest that 3DS is acting as a conversion killer in Japan for merchants who apply it too broadly. 

The gap between 94% and 75% represents a significant hit for merchant revenue. Effectively, it’s losing nearly $1 out of every $5 that customers come to a site trying to spend. 

It seems that issuers have learned to take 3DS as a sign that something may be suspicious about the transaction, leading them to take a more conservative approach that increases false declines.

Moreover, the conversion impact varies depending on the issuer, as banks perceive 3DS in different ways and have different approaches to how to handle it. Merchants who do not know this, or how to leverage that nuance, also stand to lose good transactions to issuer over-caution.

Japanese Merchants Are Feeling the Pain

Over the last year, Forter has been on the front lines talking to merchants about the 3DS impact and their experience of it. It was common for merchants to attempt adding 3DS to all or most traffic at the start, until the reduction in conversions and increased false declines led them to search for a better alternative. 

• One airline saw fraudsters learn to pass 3DS challenges, so chargebacks continued to rise even on authenticated transactions; issuers then pushed them to add further countermeasures.
• A major rail-ticketing platform reported that sending every transaction through 3DS still allowed sophisticated fraud through, which drove them to look for higher-precision fraud controls in addition to 3DS.
• A large sportswear brand combined a legacy tool, partial 3DS, and manual review, but found this created too much mental strain and motivation impact for staff who had to review “suspicious” 3DS traffic every day.
• A hobby/e-commerce retailer similarly explained that acquirer queries on “suspicious” transactions created constant manual review work, which they struggled to scale.
• A large media / online retail group said that if they apply 3DS to all transactions on popular items, lost revenue from cart abandonment reaches tens of millions of yen.
• A major tax-donation marketplace found that after moving to 3DS on all transactions their payment success rate dropped by roughly 17%-18%.

What Merchants Need to Know

These results can sound like a problem, but while they represent a challenge, it’s also an opportunity. Merchants who approach it as such can minimize customer friction while reducing fraud and liability. 

This is illustrated by the success that Forter has had with Japanese merchants in relation to 3DS, by taking a sensitive yet serious approach. 

Japanese merchants using Forter, on average, only apply 3DS on 2% of their traffic, drastically limiting the impact of the 3DS friction.

When they do use it, however, it’s to potentially save transactions that they would otherwise decline.

A Smart Approach to 3DS: 3DS2

3DS historically had a bad reputation with merchants, because it was associated with high levels of friction and false positives for customers. The introduction of 3DS2 made a big difference to that. 

Soon, the option of 3DS2.3 will make this trend even more pronounced, as the latest version enables merchants to send more data as part of the flow. That should increase confidence in transactions, making higher approvals possible and reducing the need for friction. 

With Forter, merchants in Japan can avoid using 3DS for transactions that don’t need it, and reserve 3DS for borderline transactions that would otherwise be rejected. It can be simple:

• Fraudulent transactions are caught and rejected pre-auth, so 3DS never comes into play and the bank does not come to assume that your 3DS transactions are risky
• Low-risk legitimate transactions go through without the need for 3DS, due to the confidence provided by Forter’s global identity network
• Borderline transactions are sent to 3DS. If they pass 3DS, that’s both a strong signal of legitimacy and a way to shift liability to the issuer (assuming that the transaction was successfully authenticated, and chargebacks are fraud-based).

Merchants in Japan who have embraced the smart 3DS approach with Forter report being extremely satisfied with this “best of both worlds” solution, which enables them to be fully compliant, shift liability when practical, regain some transactions that would be declined, and avoid a decline in conversion rate.

Keep a Focus on Fraud

3DS throws a lot of attention onto payments and conversion, and that’s certainly important. At the same time, it’s vital that merchants don’t let that emphasis detract from fraud fighting efforts. 

The 3DS mandate has shifted the fraud landscape in Japan, and fraud teams need to make sure that they’re covering the entire payments journey, from account creation to login to post-purchase, in order to protect their companies from the new pressures that have appeared.

3DS is Here to Stay – So Make it Work for You

A year in, it’s clear that the 3DS mandate in Japan has changed eCommerce. Third-party stolen credit card fraud has reduced. ATO has risen. Conversion rates are more challenging. 

To thrive in the new reality, merchants in Japan need to approach 3DS not as a one-size-fits-all hammer, but as a delicate tool to be used intelligently in the ways that best benefit your business. If you’d like expert help, we’d love to talk.