Emma Herrod and Chloe Rigby investigate changes in the banking and payments industry, legislation of which retailers should be aware and where trust is opening up new opportunities.
The payments industry has been shaken up in recent times as the move to digital has seen mobile phone companies offering their own secure wallet on mobile devices and open banking enabling anyone with the right licences to become a bank. The latest move has seen a number of companies, including Facebook, announcing that they are to launch a crypto currency secured by blockchain in 2020.
With the rise of online and m-commerce, it seems as if everyone wants a piece of the payments pie and shoppers are becoming used to paying with the method of their choosing. From using PayPal in a physical store that also accepts Visa cards to checking out and paying later with Klarna, the payments sector is changing fast.
Payment methods are also crossing international boundaries. Chinese tourists, for instance, can use their WeChat Pay or Alipay account to buy things from a number of luxury retailers in London.
Working with payment service company SafeCharge, four leading shops in Beauchamp Place – McKenna & Co, Lalage Beaumont, Grace Han and Gladwell Patterson – are testing technology that allows them to take payments easily from WeChat Pay and Alipay.
As well as making it easier for tourists to pay, the retailers can use the social media site to show tourists in the local area that they are there and open for business.
“Beauchamp Place is between Harrods and Harvey Nicks on one side and the museums on the other. If you have WeChat customers in Harrods, it will come up that there is a cluster of WeChat customers in the area – which encourages them to come. For us this is really interesting as it gives them confidence, gives us confidence and is a ‘bridge of introduction’ which is really useful. It really is like an introduction,” says Catherine McKenna, director and co-founder of antique jewellery store McKenna & Co.
What links all of the payment methods is security. While retailers and banks have systems in place which work out the likelihood of each transaction being carried out fraudulently or even simple processes that require the first online purchase to be sent to the cardholder’s billing address, retailers have to balance declining a purchase by a genuine shopper against stopping a fraudulent transaction.
In the same way that PIN numbers were introduced to reduce the levels of fraudulent transactions in physical locations, the three-digit CVV was introduced onto bank cards and used on online transactions – or cardholder not present as the banks refer to this type of transaction. 3D Secure, otherwise known as Verified by Visa and Mastercard Secure Code, was introduced in 2001. This required the shopper to enter a password on what was often a clunky redirect page when checking out. It did mean though that the bank was then liable if the transaction was later found to be fraudulent.
While these password checks have been used on ‘exceptional’ transactions which fall outside of the normal pattern of use for the customer, a new system came into practice on 14 September requiring all transactions to undergo an additional check. This means that shoppers will not only have to enter their card number and CVV but also use another type of information to verify their identity at an online checkout.
This PSD2, as the EU legislation is called, is putting the responsibility for fraudulent transactions firmly onto the shoulders of retailers since it requires the majority of transactions to be secured with additional information. This could be additional information sent from the retailer to the bank about the individual transaction such as delivery address, customer’s device ID or transaction history. This is checked in real time with the bank deciding if additional checks are required.
If they are, the customer is required to undergo an additional level of security check which is based on something that they know (such as a PIN or password for Verified by Visa/Mastercard Secure Code), something which they have (such as their phone) or something which they are (such as their fingerprint). Technology from Mtek can authenticate someone from a selfie, for example.
Some banks are already using similar security with their online banking by sending a 6-digit code to the customer’s mobile phone which then has to be entered on their desktop banking page when transferring money.
There have been worries though about the levels of throughput between banks and retailers and that if the shopper has to go through the process of identifying themselves with a further check they will simply leave the retailer’s website and abandon their basket.
The payments sector and retailers have also been concerned about the disruption to the customer experience. Payments infrastructure company Stripe predicted that European companies would lose €57bn in the first 12 months due to shoppers’ low tolerance for bad checkouts, leading to an increase in abandoned baskets.
Even now, just 47% of European consumers feel that the online checkout process is ‘very easy’ and the most attractive customers for online businesses often abandon purchases when encountering a poor checkout experience. For example, 74% of Gen Z shoppers have abandoned an online purchase in the past six months due to a bad checkout experience. Over half (52%) of online shoppers who abandon a purchase end up completing the transaction with a competing merchant.
Against this backdrop of low consumer tolerance for poor checkout design, the additional Secure Customer Authentication check (SCA) was deemed likely to make matters worse. Many shoppers were unaware of the new authentication requirements and only 44% of retailers surveyed expected to be ready for SCA on 14 September itself.
“SCA is unequivocally the single most disruptive event to impact European digital commerce, and many businesses — especially smaller ones — have yet to fully grasp its extensive impact. Our study indicates low levels of preparedness and, most troublingly, a lack of appreciation for how SCA will transform how European consumers will buy online,” adds Jordan McKee, analyst at 451 Research, the organisation which conducted the survey for Stripe.
With such levels of uncertainty amongst consumers and retailers it was a relief to hear that the Financial Conduct Authority (FCA) agreed a plan giving the payments and ecommerce industry extra time to implement SCA. The industries now have an extra 18 months to ensure that the complex requirements are put in place.
As Jonathan Davidson, Executive Director for Supervision – Retail and Authorisations, FCA explains: “While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”
He continues: “The FCA will not take enforcement action against firms if they do not meet the relevant requirements for SCA from 14 September 2019 in areas covered by the agreed plan, where there is evidence that they have taken the necessary steps to comply with the plan. At the end of the 18-month period, the FCA expects all firms to have made the necessary changes and undertaken the required testing to apply SCA.”
The industry still needs to make “necessary steps” and as Mark Nelsen, svp, open banking at Visa says: “The impact of SCA on the customer journey depends on the preparation of each merchant, their acquirer and the customer’s own bank. In many instances, SCA will not get in the way of seamless ecommerce. If the right technology (namely 3D Secure) is in place, and merchants and banks are able to apply the exemptions, ecommerce post SCA shouldn’t feel too different to the experience today. The main difference will be that, rather than static passwords, consumers will have access to easier and safer ways to authenticate payments (such as biometrics and one-time passcodes).”
“However, if merchants and banks do not prepare, and haven’t applied necessary exemptions, the customer experience will be less streamlined. Crucially, if merchants do not have the appropriate fraud management tools in place, issuers may decline payments outright – resulting in lost business,” he adds, pointing out that there is a long list of transactions which will be exempt from SCA.
“Examples of payments that are out of scope include those that are made via subscriptions and recurring payments. The three most significant exemptions for retailers include low value payments (payments under £30), payments subject to Transaction Risk Analysis (where technologies such as 3D Secure analyse the risk profile of payments), and payments classed as Trusted Beneficiary (whereby consumers add merchants to a trusted list held by their bank – so they only need to authenticate if there is something unusual, or risky, about their payment).”
He adds that it’s worth noting that these payments aren’t automatically recognised however, and merchants need to highlight out of scope payments and use the correct technology to apply exemptions. “These can be managed through 3D Secure. For merchants with access to a hosted solution they will need to sign up to this solution, whereas those that don’t use a payment services or shopping cart provider may need to upgrade their software themselves,” he says.
Another aspect of the legislation is open banking which is allowing payments to be made directly between the bank accounts of a retailer and the customer – therefore making the payment faster and potentially at a lower cost to the retailer than card payments.
It has also opened up the financial services industry so that consumers can consent to other approved third-parties having access to their financial data via a secure API. Initial applications include consumers being able to see full, itemised receipts from retailers in their bank statement so rather than just seeing the date, retailer and the amount they’ve spent, they can see exactly what they bought at that time.
Loyalty schemes are also being linked to bank cards so consumers don’t need to carry them all around or use different apps. It also means that retailers can send offers directly to a consumer’s banking app. Flux is a great example of an organisation enabling such services.
Consumers are becoming used to paying in different ways and not associating the payment with their bank. They are paying with Apple Pay rather than the actual bank card stored in the wallet on their mobile phone. And this is another way in which Apple is building trust and loyalty with its customers – as well as tying them into its services.
When using Amazon Pay or Alipay, for example, shoppers are trusting the retailer as much as they are their bank or card issuer. When it comes to the consumer’s hard earned cash trust is the most important thing and once it’s lost it may never be earned again. These latest changes are giving retailers an opportunity to build on the trust they already have with their loyal customers. Don’t let a customer experience issue throw that away in what could be the first step to a closer relationship with their wallet.
When asked for the Stripe survey what they believe would be the best authentication experience, 54% of consumers said one-time passcodes, while 26% said fingerprint recognition (such as Touch ID on Apple devices). Despite this apparent low preference for fingerprint recognition, 43% believe that it is “most secure”. This indicates a need to help consumers get more comfortable with mobile wallets like Apple Pay and Google Pay as a secure and easy way to check out online. .
eBay, Farfetch, Facebook and PayPal are among the partners set to launch the new Libra cryptocurrency next year. The Libra launch could be a first step towards the mainstream use of cryptocurrency in retail. But plenty of factors, not least consumer trust, could hold that back. Chloe Rigby, editor of InternetRetailing.net investigates.
The announcement of the new blockchain-based cryptocurrency came first from Facebook, which said its own Calibra digital wallet would go live in 2020 to enable users to buy and spend the currency across a range of platforms. The social media organisation has led development of the Libra, but its control will rest with the Libra Association, based in Geneva. The Libra Association will be overseen by its founding members, who meet at least two of a range of criteria around net worth, reach and industry leadership.
Once the currency is launched – and spendable – Facebook will have the same rights and obligations as any other founding member of the association. So far the association has 28 members – from marketplaces eBay and Farfetch, technology companies Uber, Spotify and Lyft, and telecoms providers Iliad and Vodafone Group, through to blockchain, venture capital and not-for-profit organisations. The aim is to have about 100 by the time the currency launches in the first half of 2020.
The Libra Association says the fact that it has reserve assets including bank deposits and short-term government bonds will give Libra users “a high degree of assurance that they can convert their digital currency into local flat currency based on an exchange rate”. It also expects that the fact of those reserves will prevent its value fluctuating in the way that other cryptocurrencies have - and instead will be “a stable digital cryptocurrency”.
It promises that interest payable on the reserve assets will be used to cover the running costs of the system, to ensure low transaction fees and to pay dividends to founding investors.
How to spend it: Faceboook says in its blog that its digital wallet will enable people across the world, including those who do not have access to banking, to spend online without needing to have their own bank account. It says: “For many people around the world, even basic financial services are still out of reach: almost half of the adults in the world don’t have an active bank account and those numbers are worse in developing countries and even worse for women. The cost of that exclusion is high - approximately 70% of small businesses in developing countries lack access to credit and $25bn is lost by migrants every year through remittance fees.”
Instead it pins access to easy digital spending on the ownership of a smartphone, which it puts at as little as $40 - plus the cost of an internet connection. At first, it says, Calibra will enable users to send Libra to others with smartphones as easily as sending a text message “and at low to no cost”. It adds: “In time we hope to offer additional services for people and businesses, like paying bills with the push of a button, buying a cup of coffee with the scan of a code or riding your local public transit without needing to carry cash or a metro pass.”
It seems likely, given the presence of eBay and Farfetch among its founders, that a retail application for the Libra cryptocurrency will quickly emerge, with much of that spending taking place via Facebook’s own systems and platform. This will enable Facebook to take a more central role in retail than it currently does at a crucial moment – the moment of payment.
Our view: If half of the world’s population cannot yet spend online, then enabling them to do so has the potential to boost online retail and wider digital sales enormously. But how those that have no bank account will buy Libra in the first place is as yet unclear. Presumably there’ll be an offline link, such as using cash to buy cards that represent Libra. Alternatively users may be able to earn Libra online in some way, such as through social media interactions.
Whether this venture succeeds will ultimately be down to consumers – and whether they trust Facebook and its partners enough to pay them for the privilege of spending their own money. Those “no to low” costs may well end up being micro amounts – but they will all add up, especially for those that have little cash to spend – and it does look as if it will be the consumer rather than the retailer that will be paying the transaction fees, unlike conventional banking.