Online payments whether made from a traditional PC or any mobile device must be secure, strongly resistant to fraud, and convenient.
Currently online payments suffer from a couple of key issues relating to ease of use and security;
· Extra security features such as 3DS (3D Secure) provide a frustrating consumer experience. This leads to consumers abandoning shopping carts and merchants disabling the feature where they are provided the option to do so.
· False rejections of payments by the issuers, again this provides a terrible user experience and shopping cart abandonment.
Both of the above issues lead to frustrating situations. Examples of these are when people forget their 3DS credentials, or when you call your bank to be told the rejection was because of the merchant, then the merchant says it was the bank!
In addition to this the upcoming EU rules on electronic payments authentication, how we verify that the person who is paying is the right person, are likely to add to this complexity.
These regulations are the Revised Payment Services Directive (PSD2). They have three objectives: harmonization, innovation and security.
On security, PSD2 requires ‘strong customer authentication’ to be applied for all electronic payments in Europe. Strong authentication in this case refers to using at least two of these three factors;
· something you know such as a password,
· something you have such as a card
· something you are, for example, a biometric.
The EBA (European Banking Authority) is responsible for the regulatory technical standards to deliver strong customer authentication.
The above issues and potentially increasing complexity leads to a poor experience and shopping baskets being abandoned. This is due to either friction in the process or false rejections of payments by the issuers.
So how can this situation be improved upon? We need a solution that meets the needs of consumers, merchants and issuers as well as the intent of the proposed PSD2 regulations?
Breaking these down;
Consumers want a safe, seamless and reliable payments ecosystem.
Merchants want a safe, seamless and reliable payments ecosystem that maximises consumer spending and minimises fraud.
Issuers want a safe, seamless and reliable payments ecosystem that maximises consumer spending and minimises fraud.
The EU and EBA want a safe, seamless and reliable payments ecosystem that maximises consumer spending and minimises fraud. Additionally they specify through PSD2 that we must verify that the payer is the correct person using ‘strong authentication’.
As you can see the needs of the majority of people in the payments ecosystem are basically the same, safe, seamless and reliable payments!
Can we solve this and provide a solution that will minimise fraud, improve acceptance rates while maintaining or improving the customer experience. The short answer is YES.
By combining advanced authentication solutions with card details it is possible to provide strong assurance that a user and card are correctly linked and that a payment is genuine.
Utilising relatively simple code and an authentication solution fast enough to be in the online transaction flow enables us to reliably link a card to a device. Note when I say device I include laptops / desktops as well as phones and tablets etc.
By doing this we can immediately identify multiple attributes about the card, device and behaviour such as;
- Have we seen this device and card combination successfully used before?
- Have we seen the same name on a different card from this device before?
- Does this behaviour align with previous successful payments from this combination such as volume, velocity, amounts etc?
- Where were these payments made from?
This is in addition to all the traditional fraud analytics applied to the card behaviour alone.
3DS can still be incorporated if required, even with all this additional information. However its use can be minimised by asking questions such as;
- Have we seen successful 3DS from this device and card combination within a predefined period?
- have we seen the same name on a different card from this device successfully authenticate with 3DS?
If so then trust this as if it was a 3DS payment. This would enable the ability to provide the assurance of 3DS, while minimising it’s adverse impact.
This requires some innovation and for the issuers, schemes and processors to work together, along with the EBA recognising that this meets the intent of their proposed regulations.
What are the next steps?
Schemes and issuers, work with the processors to enable these benefits. Accept greater assurances and risk based decisions from processors. A higher payment acceptance rate and lower fraud, all with minimal effort clearly benefits everyone.
To the EU, EBA and those writing PSD2, engage in the discussion and realise there are ways to meet your intent without adversely affecting the payments ecosystem. Intelligence and innovation can provide ‘strong authentication’ without the need for any extra complexity in the payments process. We can in fact reduce the friction while improving the security.
Everyone involved in the payments ecosystem wants pretty much the same things, let’s be innovative and achieve these in ways that improve the experience for merchants and consumers. This ultimately improves things for everyone!
Feel free to contact me via this blog, or find me on LinkedIn to discuss further and if you’d like to know some more details around how this really can work in practice.