As digital payments become an increasingly popular way to pay, the ecosystem is working to standardize security around remote payment methods.
The changing world of payments seems to be a constant struggle between innovation and standardization. Payments have evolved at a breakneck speed and continue to surprise with new methods that inch closer to an invisible experience. We’ve seen payments at the physical point of sale evolve as EMV chip & PIN technology was rolled out in the US and as contactless gained momentum. Digital payments have continued to gain traction as the internet of things (IoT) and connected devices enable everyday ways to pay. Global ecommerce is expected to rise 20.7% by year-end, reaching $3.535 trillion—driving closer to the anticipated $5 trillion ecommerce will hit b7 2021.
This growth requires enhanced security. The volume of transactions occurring via various channels has thrust security issues into the spotlight, especially as we endure the era of mega retail breaches. The payments space continues its tightrope walk across convenience and security, aiming to simplify payments experiences for consumers while enhancing security and making authentication a seamless, behind-the-scenes event. This is especially important with the rise of credential-on-file (CoF) payments (aka card-on-file), where consumers authorize a retailer or other business to store their payment credentials (account number and expiration date) and to bill the consumer using those stored credentials.
Consumer preferences shift and evolve daily. In addition to overarching trends that are impacted by advancements in technology and new ways to pay, consumers tend to favor different payment methods for different types of purchases. People are likely to use ACH for recurring expenses like rent and more likely to use credit cards on discretionary retail spending. That said, Visa notes that intent to use CoF payments will increase, though the rate of increase will depend upon consumer perceptions of security
Amazon presents a good example as a Deloitte study showed that the vast majority (96%) of respondents believed the online marketplace to be moderately or highly secure. As a result, half of respondents also said they are extremely likely or likely to increase CoF payments with merchants like Amazon. Mobile apps have a steeper learning curve as their perception among consumers was as low or not very secure. Consequently, far fewer respondents reported that they were likely to increase the use of CoF via mobile apps.
One of the ways the payments ecosystem is trying to ease the tightrope walk around digital payments is through the development of authentication frameworks. EMVCo created the EMV® Secure Remote Commerce (SRC) framework to facilitate a virtual payment terminal. This would serve as a foundation for processing ecommerce transactions in a more streamlined, standardized manner in remote-checkout environments. Consumers would be able to more easily make payments from smartphones, tablets, and other connected devices without having to jump through complex authorization hoops and merchants and issuers would enjoy simpler integration processes. More specifically, the EMV® SRC Specifications enable:
Subsequently, Visa has its own implementation of EMV® Secure Remote Commerce standard: Visa Secure Remote Commerce. Visa SRC uses the Visa Token Service to streamline payment detail collection and enhance the digital payment experience. Visa Token Service adds a layer of security to card-not-present (CNP) transactions by replacing sensitive data (like account numbers) with a token, or unique digital identifier. This token is then used for the payment, eliminating the need to expose the more sensitive payment data. Visa Tokens improve authorization rates 3.2% on average and lower fraud rates by 67%.
Visa Token Service offers another layer of security by replacing sensitive cardholder information, such as personal account numbers, with a unique digital identifier (a “token”) that can be used for payment without exposing a cardholder’s more sensitive account information. Transactions taking place with Visa Tokens allow for additional information such as device data that, on average, improved authorization rates 3.2%(1) and lowered fraud count rates 67%(2).
The entire payments ecosystem stands to benefit from the standardization of SRC protocol. The most obvious benefit is enhanced security. As PAN entry and storage is eliminated and replaced with stored Visa (or other) Tokens, fraud rates drop significantly. The potential impact of a data breach also decreases. In many cases, this tokenization can be augmented with device-binding, consumer authentication tools, and other security measures that boost security even more.
Standardization of secure remote commerce also simplifies the user experience (UX). Standards-based solutions that customers are familiar with can improve the card-based payments experience, both for consumers and within merchant checkout environments. As a result, SRC can lead to better conversion and authorization approval rates. Early testing of Visa DCP revealed that password-less experiences converted at rates as high as 92-94%. An additional benefit is the merchant’s ability to save a customer’s account on file, with consent.