The SecureCode program comprises two parts: the merchant end and the customer end. Merchants can enroll their online store in SecureCode to enable the extra verification for cardholders enrolled in the program. If a cardholder with SecureCode shops at an eCommerce website without SecureCode, or vice versa, the extra verification will not appear. If merchant and customer are both enrolled, the additional SecureCode authentication will be needed and the transaction will be protected from fraud.
Not only does SecureCode protect cardholders from unauthorized use of their card number, it also protects against phishing attempts by displaying a customer's "personal greeting" — a customizable message the customer creates themselves — in the pop-up box where the customer needs to enter their SecureCode. If the personal greeting is wrong, the customer will know not to enter their SecureCode.