In the wake of COVID-19, the Financial Conduct Authority chose to delay the UK deadline for implementing strong customer authentication (SCA) for e-commerce to September 2021. While at face value this may seem like a blessing amidst the current global business disruption and uncertainty, payments providers, banks, card issuers and merchants must not pause efforts to implement SCA, including taking advantage of PSD2 exemptions to preserve a frictionless checkout experience. Not only does friction within the checkout process incentivise consumers to abandon their carts, thereby denting merchant revenues, but card-not-present fraud is now directly responsible for the loss of around £470 million every year in the UK. Tackling these issues therefore equates to a multi-billion-pound opportunity.
Combatting payment fraud is especially important at the moment, as fraudsters follow the money trail of skyrocketing online shopping and a surge in digital payments. Payment fraud equals lost revenue for card providers who must issue refunds/chargebacks and also reputational damage for the merchant. The way to tackle fraud is of course to verify transactions by asking for an additional step of authentication. However, this itself has its own challenges, as it adds friction to the payment experience. Consumers now expect convenience, so constantly authenticating transactions can be frustrating. Just one poor shopping experience may lead to a business losing out on any future purchases by that customer too. Merchants must therefore find a way to work together with payments providers, banks and card issuers to improve fraud detection, while also providing the seamless payment experience consumers now expect.
Consumers are using more digital channels to transact than ever before, with worldwide e-commerce sales topping $3.5 trillion in 2019. This follows a trend of convenience that consumers now look for when making a purchase. However, the volume of digital payments and different devices being used to purchase new items – from mobile phones, to game consoles and even smart TVs – has also created new opportunities for fraudsters. The attack surface has increased, and fraudsters have an abundance of new channels through which they can defraud consumers. Successfully detecting a fraudulent transaction among the sheer volume of payments today is akin to finding a needle in a haystack.
Verifying cardholders is also trickier when they are not physically present in front of you, and the changing circumstances post-COVID-19 have exacerbated this situation further. Consumer behaviour is harder to baseline because people have been forced (or have chosen) to transact in new or different ways. Digital novices buying groceries online, or existing customers making purchases at odd times of the day, on different cards or devices, can throw up more false positives than usual. If a payment is given a high risk score because the anti-fraud system deems it as potentially fraudulent, the shopper will be asked for additional authentication (such as entering a One-Time-Passcode) and this could lead them to abandon their cart, especially if the process seems too difficult.
In fact, abandoned carts caused by online checkout friction resulted in a $34.4bn missed revenue opportunity for retailers in 2018, with 41 percent of UK shoppers abandoning transactions at virtual checkout. Merchants must work with card issuers and banks to get smarter at detecting fraud so they can provide the most seamless payment process possible. Those that don’t take this approach risk losing out at a time when new consumers are embracing mobile and online shopping.
Ensuring only fraudulent transactions are blocked or flagged for further identity verification requires context, which can be difficult to achieve from just one or two pieces of information. To make an accurate prediction on the likelihood of a payment being fraudulent, as much data as possible is needed on the cardholder – this is where the authentication protocol EMV 3D-Secure can help. The protocol, which is governed by the card networks, provides banks with the transaction information they need. Banks can then feed the data into an anti-fraud system to make a far more accurate and context-based decision on whether a payment really is fraudulent.
Merchants that opt to use the EMV 3D-Secure ecosystem can share over a hundred data points with the card issuer or bank to assist in the authentication and authorisation of the transactions and in doing so, they can help to significantly reduce transaction friction. The protocol also allows banks to work with the merchant to challenge any individual payment and ask for a second step of authentication from the consumer, if required.
Businesses, understandably, have a long list of concerns at the minute as global business disruption threatens their future. As consumers shift online and the future of bricks and mortar hangs in the balance, e-commerce presents a real opportunity for merchants. To take full advantage, they must work together with card issuers and banks to prioritise combatting card-not-present fraud and implement the SCA requirements in a way that increases security, but limits checkout friction. Global merchant losses to e-commerce fraud are projected to grow to $6.4 billion by 2021. So, at a time when every penny counts for businesses, those that are able to reduce this figure without adding noise to the payment process for consumers stand to reap the greatest rewards.
Daniel Cohen, Chief Product Officer for Anti-Fraud Products at RSA