Ecommerce has always been subject to more fraud than point-of-sale transactions; however, new technologies are changing the way we address this risk. Learn how different tools can be employed to secure payments while ensuring they remain frictionless.
Businesses are keen on the idea of optimized customer experience across channels. We’ve seen the “omnichannel” buzzword gain momentum as retailers and merchants strive to provide a consistent experience across channels (desktop, mobile web, mobile app, etc.). Part of an optimized, omnichannel customer experience is the idea of frictionless payments. As contactless payments become more prevalent, we see traditional obstacles to completing a transaction melt away. Smart businesses have learned how to provide a great end-to-end customer experience made possible by a seamless connection between a user-friendly front-end interface and intelligent back-end payment systems.
With frontrunners like Uber paving the way for other companies to provide frictionless payments, we are seeing vast improvements across the board. While technology continues to support this movement, there will be challenges along the way.
Convenience is the name of the game and more merchants are investing in payments infrastructure that facilitates a smooth ecommerce experience from start to finish. Despite this positive momentum in streamlining payments, significant obstacles still exist. Concerns about identity theft and fraud are still pervasive. Every time there is a security breach, merchants hold their breaths, wondering how bad the fallout will be in terms of true fraud and the burden of additional fraud-related costs. The key insight is that payments must be simple and seamless for consumers, but not for bad actors.
The truth is, there is a booming underground business of hackers and fraudsters that find unique ways around the system. As merchants build out easy-to-use mobile apps integrated with mobile wallets, cardholders are prominently linking bank accounts and credit cards to these apps. It enables seamless shopping where digital wallets never run dry, but it also opens up points of vulnerability to fraudsters looking for an easy score.
When login security for apps is weak, fraudsters can easily bypass them, hacking into cardholder accounts with almost no barrier. Once a hacker is in, the options are endless; hackers drain digital wallets or purchase and load up gift cards from the hacked account to digitally launder funds for their use.
Ecommerce has always presented tenuous circumstances for merchants. It is without the strong verification methods used at the point-of-sale (POS), where chip & PIN technology often nips fraud in the bud. These vulnerabilities make the online ecosystem a lucrative avenue for nefarious characters who have been rebuffed at the POS.
Tokenization is a critical component for secure payments in the modern era. By replacing sensitive card data with a unique identifier, merchants can keep credit card numbers and PINs out of the hands of fraudsters. Tokenization works by only allowing the unique identifier (the token) to be authenticated, decrypted and translated by the token provider. It’s a core component of secure contactless transactions both at the POS and online.
Ease of set-up is a primary benefit of tokenization. Tokenized credit card information can be loaded into digital wallets and used to complete transactions at a variety of NFC-enabled brick-and-mortar stores or to make online purchases. It removes the burden of entering and re-entering payment card information for every merchant or for individual transactions, allowing customers an easy payment experience. It also means that no sensitive data is stored within a merchant’s servers or apps. The tokenization process can happen automatically and behind-the-scenes, only requiring one point of data entry upon sign up. As a digital onboarding, it can happen immediately, allowing customers to have access to their digital, tokenized card upon signup.
3D Secure 2.0 is quickly bridging the gap between secure payments and customer experience. The updated protocol facilitates frictionless payments with increased speed and security for digital transactions that happen in browsers, mobile apps, and connected devices. Originally intended to be a messaging mechanism between financial institutions, online merchants, and the payment processing technology/networks, the new protocol aims to remove friction and reduce false positives.
3D Secure 2.0 uses token-based and biometric authentication, making authorization quick and easy and eliminating the need for initial enrollment. It also removes the password burden from customers. In the new version, multiple data points are collected from the devices and added to the authorization stream, making authorization more accurate and reducing false positives.
As the payments landscape continues to evolve, we will see new ways to remove friction from the purchase process and we will likely also see fraudsters become more sophisticated. While there is no silver bullet for eliminating fraud, especially as it exists in the card-not-present space, there are critical tools and mechanisms that merchants can employ to ensure payments remain both frictionless and secure.