In today’s increasingly digital society, consumers are not only spending more time online, but also more of their hard-earned money. In the Global Payment Cards 2013-2019 study, RBR reported that both the volume and value of e-commerce transactions are increasing more rapidly than any other card payments and predicted that e-commerce card payments will almost treble to 34 billion transactions worth $3.8 trillion by 2019. These figures are not insignificant, and where consumers spend substantial amounts, inevitably fraudsters will follow. With card-not-present fraud accounting for 66% of all fraudulent card transactions (European Central Bank, 2015), it is clear that this problem needs to be addressed.
Industry professionals and regulatory bodies are constantly looking to stay one step ahead of ever-more intelligent fraudsters, continuously updating standards and mandates to protect new technology that could be vulnerable to evolving fraud attacks. To protect a customer’s personal data from breaches, financial institutions utilise multiple layers of security to comply with industry data standards, from setting limits and customer notifications to stringent internal access rights, as well as various additional methods of customer authentication. However, whilst the preventative measures in an FI’s arsenal in the fight against fraud are becoming more robust, increased security can cause friction and be detrimental to the overall customer experience.
According to Baymard Institute, 68.53% of all online shopping carts are abandoned. Whilst there are numerous reasons consumers leave a website without checking out, including unexpected costs, finding a better price and unsuitable delivery options, many resonate with the payment process. Card-not-present transactions are generally viewed as higher risk than card-present transactions due to the increased risk of chargebacks. Therefore, the CNP nature of online transactions means that to pay for goods and services via the Internet, consumers have a host of additional steps to go through and an extensive amount of personal information to input.
Many consumers have to sign up or register with the individual websites, which in itself can deter potential customers and make them abandon their cart. However, if they do get past that initial hurdle, merchants are encouraged to obtain a lot of information from the consumer to enable them to make a payment - the cardholder’s billing and shipping addresses, contact information, as well as the full payment card data (as it appears on the card) for card-not-present transactions. The input of this amount of data can be pretty lengthy for the consumer, and with the increase in popularity of using mobile phones and tablets to make purchases online, things start to get even trickier. The smaller screens coupled with websites that haven’t necessarily been optimised for use on a mobile device mean making transactions through them can be clunky and frustrating for consumers, as fingers hit the wrong buttons and automatic tab to the next data field hasn’t been set up. Even if the website is mobile optimised, the chance is that the issuer’s 3D Secure page is not, making the page difficult to read and the boxes to input a password incredibly small on a mobile device.
Surveys in the US indicate that shopping cart abandonment can exceed 50% on 3D Secure transactions. Whilst 3D Secure schemes such as Verified by Visa, MasterCard SecureCode and American Express SafeKey offer increased security for consumers by providing an additional layer in the customer authentication process, they are often criticised for inconveniencing the customer and are generally believed to have a negative impact on online conversion rates.
As merchants are more susceptible to fraud through card-not-present transactions, it is clear why they would want to implement 3D Secure on their website - it shifts the liability from the merchant to the issuing bank in the case of a fraudulent transaction taking place. However, whilst consumers want a secure checkout experience, their experiences of 3D Secure transactions are not frictionless. Though a well-documented annoyance for many consumers, Verified by Visa claims its product increases online shopping, and suggests customers are more willing to purchase through a site that uses 3D Secure. The issue therefore may lie more with educating consumers of its necessity and how it is there to protect them. In the UK, where 3D Secure is more established, shoppers have grown more accustomed to the procedure and the impact is therefore much less dramatic than it is in other markets. In response to concerns around 3D Secure, MasterCard and Visa have announced the planned rollout of 3D Secure 2.0. Whilst the specifics are yet to be released, it is claimed that 3DS2 will move away from the pop up window and password approach and instead aim for ‘invisible authentication.’
Of course, card-not-present transactions do not only exist online, but also cover mail and telephone orders. Whilst 3D Secure authentication is not an issue, paying for goods and services through these channels are not without friction or security issues for the consumer. They still have to provide a third party with their payment data, writing it out or verbally giving the information. Not only is this a lengthy process, especially when compared to simply paying with a card in a shop, consumers also have the additional concern about whether their data is being handled and stored securely or simply written on a notepad and consequently more accessible. Whilst 3D Secure authentication may be more inconvenient, it certainly mitigates the worries that come with supplying personal information to potentially untrustworthy third parties and is therefore definitely the lesser of two evils.
Card-not-present transactions via any channel are not frictionless, but can they be? Consumers want a secure payment experience without having to input copious amounts of personal data in order to be authenticated. Many companies are trying to address this by at least reducing the friction for consumers, for example online payment provider Klarna hopes to reduce cart abandonment by enabling consumers to purchase goods and services online using just their email address and postcode, whilst many online merchants allow a customer to save their payment details online, with big retailers like Amazon offering 1-click ordering. However, these services still require the customer to log in to make purchases which certainly is not as quick as typing in a four-digit pin or tapping a contactless card. The introduction of 3D Secure 2.0 will see the protection revamped without static passwords, instead using biometric and token-based prompts, which should also help to reduce friction.
Regardless of these initiatives, the industry still has a long way to go to before all merchants will be able to offer secure card-not-present transactions that are as frictionless as authenticating a card-present transaction, especially since the advent of contactless payments.
By Kirsty Berry, Senior PR & Communications Manager, Compass Plus.