Across both in-person and online payments, consumer demands have significantly increased. Easy, interconnected payment solutions are now expected, leaving merchants constantly looking for ways to provide a seamless checkout experience and increase revenues. One difficulty that merchants face is that cart abandonment is extremely high, with over two thirds of purchases cancelled before checkout. Some of these purchases are not completed due to frustration caused by the long or complex checkout process.
What’s more, merchants need to adapt to changing consumer needs, which have altered dramatically over the course of the pandemic. The volume of e-commerce transactions increased by 33.6% over the course of 2020, and this trend looks set to outlast the pandemic. However, where money goes, fraudsters follow, with instances of fraud increasing by a fifth over the past year. This highlights that merchants need to balance security with convenience to ensure that transactions are safe and easy to make both in-store and online.
Biometrics – You are your password
One authentication method that continues to grow is biometrics. A user’s face, iris, fingerprint or even voice can be used to authenticate a payment. Users have become more familiar with this technology in recent years, as it has overtaken PIN authentication to secure access to mobile devices. We are now seeing this success transfer to payment authentication.
One example of its success is the huge increase in the use of mobile wallets such as Google Pay and Apple Pay. This technology allows consumers to use their face or fingerprint to authenticate a payment on their mobile device for an in-store or remote payment. When using this payment method in store, users can ‘tap into’ both the hygiene and convenience benefits of contactless while feeling confident about the security of their transaction.
Another use case that combines the ease of contactless with the security of biometrics is payment cards with fingerprint sensors. These cards allow consumers to tap and pay without having to worry about contactless spending limits. The security of these cards far exceeds that of traditional contactless cards, while also having the potential to be linked to loyalty schemes, increasing the likelihood of repeat purchases. With the significant growth of contactless payments in recent years leading to even more banks trialing this technology, we can expect to see an increased uptake of this.
EMV® 3DS – Secure and seamless
EMV®* 3-D Secure (EMV 3DS) is another technology that is gaining traction globally. It takes the form of a messaging protocol, which is used to identify and verify cardholders for card-not-present transactions with data.
To confirm that the consumer making the purchase is the actual cardholder, the merchant sends data about the transaction, payment method and device information to the issuer. The issuer then reviews the data, performs the type of authentication needed and processes the transaction.
This process results in increased transaction approval rates, reduced fraud and a better user experience. Globally, EMV 3DS transactions have grown by 79% over the past 18 months. And, with the specification constantly being updated to meet evolving industry requirements, we can expect that adoption to continue. For example, EMVCo recently released guidelines on the EMV 3DS user interface (UI) and user experience (UX) design to help card issuers, merchants and solution providers to take a consistent, familiar and efficient approach. This instils consumer trust in the authentication process and optimizes the checkout experience. EMVCo has also recently published the EMV 3DS Payment Token Message Extension. This assists card issuers and merchants in improving the authentication experience for online shoppers when EMV Payment Tokens are in use, further enhancing the fraud-prevention benefits that EMV 3DS provides.
A changing landscape
This growth of both EMV 3DS and biometric authentication can be attributed to more than just the requirement for secure and seamless shopping experiences throughout the pandemic. Regulation also plays a part. Payments stakeholders in Europe must now ensure that they are compliant with Strong Customer Authentication (SCA) as part of the European Union’s Payment Services Directive 2 (PSD2). SCA is a mandate that requires payments authentications to use two or more elements of the following:
- Knowledge – something the user knows (e.g., a password).
- Possession – something the user has (e.g., a smartphone).
- Inherence – something the user is (e.g., a biometric authenticator such as a fingerprint).
Payments that don’t meet these requirements will be rejected, meaning that stakeholders must build additional layers of authentication into their checkout flows. But with specifications to adhere to, regulations to navigate and technical complexities to consider, it can be hard to know where to start.
It is also worth noting that no authentication technology itself is a ‘silver bullet’. There are multiple considerations to be made to ensure that an effective online transaction risk assessment process is in place. A consultant with a broader view of the payments ecosystem can ensure the bigger picture is considered from the start of projects.