Good payment security shouldn’t mean bad customer experience, argues Neira Jones
Payment friction has always been described as near-fatal to e-commerce success. In the early days of online shopping, it was certainly a major challenge. Clunky authentication systems and shopping cart technology, plus consumer impatience, impacted sales and drove up cart abandonment. But things have changed. Today, customers are often more security aware, and the technology itself has evolved with a much bigger focus on the customer experience (CX).
Merchants don’t need to worry about friction, as long as they understand their customers and choose the right solutions to streamline CX. But first, they must close the gap between what they think is best for consumers and what their customers really want.
A brief history of 3DS
The evolution of the 3D Secure (3DS) protocol tells us a lot about how far payment authentication technology has come over the past two decades. The first iteration back in 2001 certainly helped to reduce fraud by requiring a second factor of authentication for paying consumers. But it was inflexible, unavailable on mobile devices and did not support exemptions or biometrics.
Roll on to v2.2 unveiled in 2018 and there’s plenty to reduce friction including support for:
- The ability for customers to whitelist trustworthy merchants
- Merchant initiated authentication (3RI) that enables authentication without customer input
- Delegated authentication (like one-click payments)
- Decoupled authentication (for MOTO and other transactions)
- Exemptions under the new PSD2 Strong Customer Authentication (SCA) rules
The protocol’s latest iteration is proof that industry can get it right — that strong security and great customer experience (CX) can co-exist. And it’s just as well, as cybersecurity and fraud threats have never been more acute. Cyber-attacks now rank as the number one risk of doing business in the US and UK and second in Europe, according to the World Economic Forum (WEF). And a British think tank recently branded the UK’s fraud epidemic a threat to national security. All of this comes as a major influx of first-time users hits the web as a result of COVID-19 — perhaps with less security savvy than seasoned online shoppers.
Closing the perception gap
However, while it’s reassuring to see 3D Secure and the PSD2’s SCA provisions offering opportunities to enhance CX and security, merchant awareness and adoption has largely failed to keep pace. A big part of this is the gap between what they think consumers want and the reality. A study from Pymnts/Cybersource earlier this year found consumers top three digital features to be rewards, free shipping and data protection. Merchants thought they wanted profiles, live help and price matching.
It’s interesting that shoppers actually prioritise extra security — perhaps a knock-on effect of the various data protection regulations and the extra awareness they have created. Yet merchants flagged-up digital profiles — which require an often frustrating extra “account creation” step in the purchasing process, which can create unnecessary friction. perhaps a knock-on effect of the various data protection regulations and the extra awareness they have created
The reality is that UK consumers want to feel valued, they expect convenience and they want their data to be protected at all times. But merchants aren’t keeping up. Less than 1% of transactions last year were classed as “frictionless” (ie they took less than 5 seconds to authenticate), versus 43% in Brazil.
There’s a major new opportunity with the coming SCA part of PSD2 for merchants to overhaul their approach to risk management, streamline the payment process and enhance security. 3D Secure v2.2 is a great way to do it, but there are others. It’s disappointing that barely a third plan to seek exemptions or even to understand what they are.
In the meantime, consumers will continue to be guided by convenience. But what they don’t trust, need or like will be rapidly discarded. Merchants must adapt accordingly.
Neira Jones, Evangelist at ZeroRisk.
Main image courtesy of iStockPhoto.com