# Security and Fraud Prevention
source: https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/index.md

Security and fraud management are core capabilities of the Mastercard Gateway, designed to help protect merchants, payment providers, and consumers across the entire transaction lifecycle.

This section covers key security and fraud concepts, tools, and controls available through the Mastercard Gateway APIs. Use this section to understand how merchant and payer authentication, risk assessment, and fraud prevention work when you process payments through the Gateway.

## Recommended paths {#recommended-paths}

Select the path that matches your role and integration requirements.

|                                 If you are a...                                  |                                Then focus on...                                |                                                                                                                                        Recommended reading                                                                                                                                         |
|----------------------------------------------------------------------------------|--------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Acquirer**, a bank or acquiring institution that enables merchants             | Reducing fraud exposure and ensuring authentication coverage across merchants. | -                                                                                                                                                                                                                                                                                                  |
| **Payment service provider**, a PSP, aggregator, or payment facilitator          | Applying consistent security and authentication across multiple merchants.     | * [Authentication](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/index.md) * [EMV 3‑D Secure](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/3d-secure-auth/index.md)                   |
| **Enterprise merchant**, a large merchant integrating directly with Gateway APIs | Reducing fraud while maintaining conversion rates and customer experience.     | * [Authentication](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/index.md) * [Token Authentication Service](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/token-auth-service/index.md) |
| **Software vendor**, an ISV embedding payment flows into platforms               | Embedding secure, fraud-reducing payment flows into platforms.                 | * [Authentication](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/index.md) * [Token Authentication Service](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/token-auth-service/index.md) |

## API reference {#api-reference}

Authentication tools available through the Gateway reduce fraud. These tools include EMV 3‑D Secure and Token Authentication Service. You can also pass authentication data within transaction requests.

You process authentication through transaction endpoints such as [Initiate Authentication](https://mtf.gateway.mastercard.com/api/documentation/apiDocumentation/nvp/version/100/operation/Authentication%3a%20%20Initiate%20Authentication.html?locale=en_US) and [Authenticate Payer](https://mtf.gateway.mastercard.com/api/documentation/apiDocumentation/nvp/version/100/operation/Authentication:%20%20Authenticate%20Payer.html?locale=en_US). These transactions include security-related request and response fields.

For a complete list of supported APIs, see [API Reference](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/index.md).

## Versions {#versions}

These versions apply to security and fraud features.

|             If you need...              |                                                                                            Then...                                                                                            |
|-----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **To integrate to an API**              | Use Version 100 of the Mastercard Gateway API for all new integrations.                                                                                                                       |
| **Support for an existing integration** | Refer to the [API Reference](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/index.md) for the minimum API version that supports security and fraud features. |

## FAQs {#faqs}

These questions address common topics about security and fraud features.
Security and fraud controls span multiple payment flows and transaction types. Managing these controls as a dedicated set of concepts, rather than as individual API calls, makes them easier to understand and apply. Not all tools are mandatory. Available options depend on region, payment method, acquirer requirements, and merchant risk profile. Fraud mitigation is a shared responsibility. The Gateway provides tools and data, while integration choices and operational practices also play a key role.