How to achieve balance between security and frictionless experience for your customer?

As online shopping becomes increasingly popular ever since the late 2010s, many e-commerce platforms and large merchant sites have been investing in better online payment systems to deliver not a similar but even better experience to the customer than visiting the physical store.
A big shift in consumer behavior has prompted online selling platforms and payment service providers to adapt their services, while thriving beyond the expected quality.

For online purchases of lower amounts, merchants would try their best, following the government's regulations, to offer the most convenient payment experience possible. However, with larger orders, more factors such as security and transparency must be considered when designing the optimal payment journey.

According to globalbankingandfinance.com, the global transaction abandonment rate during the 3-D Secure payment process is around 20%, with 20 - 22% failing the subsequent authentication. Another study in 2023 by Baymard Research revealed that among 2,219 respondents in the US, 18% of them abandoned shopping carts because the checkout process was too long or complicated, and 19% reasoned it as not trusting the site with their credit card information. With that said, e-commerce platforms and online merchants must pay more attention to bring their security to another level, while maintaining a desirable user experience that keeps customers coming back for more.

In this article, we delve into the current challenges in online payment and what platforms and payment service providers can do to achieve the optimal balance between a secure and convenient payment experience.

Digital Payment in E-commerce

As e-commerce platforms around the world evolve, more diverse payment services are provided to consumers, especially with the increasing preference of mobile devices. While consumer payment behavior differs by region, users are keen on choosing payment methods that can be conducted on their smartphone and on-the-go.

Currently, the most popular online payment method in North America, Australia, and UAE is by credit cards, owing its convenience, abundant reward programs, as well as the opportunity to build credit score over time. In East Asia, credit card usage is growing, with South Korea topping the charts with their favorable card and cash rebate programs, followed by Japan and Taiwan (Statista).

Conversely, Southeast Asia, with the exception of Singapore and Thailand, still relies heavily on cash as the main method of payment, which translates to cash-on-delivery (COD) in e-commerce selling and buying (Statista). Apart from cash, there is a rapid growth in QR-code-led banking transfer, significantly observed in Malaysia, Vietnam, and Indonesia. The low adoption rate of credit cards in this area is explained by the financial barriers of opening credit accounts including average personal income records and credit scoring.

For Indian consumers, fast online payment services such as PayPal, Amazon Pay, bank transfer, and debit cards are preferred.

In Africa, most consumers prefer COD as their main payment method due to their belief in the store of value represented by physical bank notes. However, digital payment growth is experiencing traction and is predicted to double between 2022 and 2027 (Fintech Futures).

Convenience in Online Payment is Great, But How About Security?

The selling point of e-commerce platforms is the fact that it is convenient: consumers do not have to travel to a physical store and there are many ways that they can pay for their order.
Because of this, shopping mobile applications consistently work on integrating with a handful of payment service providers to provide payment options such as credit card, digital wallet, bank transfer, and more.

However, convenience means almost nothing without a guarantee for payment security, which is also a growing challenge for e-commerce sites. Conventionally, a more simple payment process is perceived to help merchants gain and retain more customers than a complex one. For example, if a customer can use one-touch payment to make purchases, they will likely return to the said merchant rather than choosing another that offers a multi-step process. Consequently, the question for online selling platforms is how to provide a hassle-free but safe enough payment process that can protect merchants from fraud losses.

The Role of Consumer Authentication in Payment

To eliminate the likelihood of fraudulent payment, there are different ways, suitable for each online payment method, which payment service providers are adopting. The following are several methods of payment and how authentication is conducted in each.

Credit Card Transactions

Most online card transactions will undergo a cardholder authentication process where the issuer verifies if the person making the purchase is the genuine owner of the card. Domestically, different countries and their local card schemes will have their own mechanism to verify cardholders. Globally, this is referred to as EMV 3-D Secure, a set of specifications put forth by the EMVCo - an alliance between Mastercard and Visa to regulate payment security around the world.

Apart from that, card issuers and acquirers often employ tools to detect and monitor potential fraud risk on top of 3-D Secure with the purpose to reduce step-up authentication requests.

Bank Transfer

This particular payment method is conducted within a banking or payment service mobile application/website. Therefore, the authentication process happens within the platform itself. Traditionally, account ID and password and one-time passwords are the most preferred way to authenticate one’s identity, however, in-app biometric authentication has been gaining traction in recent years. Consumers often refer to biometric as safe and convenient since it only takes one scan to verify themselves.

QR Code Payment

Using a smart phone's camera, a customer can scan a quick-response (QR) code presented by the e-commerce platform or merchant and make their payment via the provided services (e.g. digital wallet, banking app transfer). Customer authentication for this is carried out by the payment service provider, with the most prominent being PIN code or biometric verification before payment confirmation.

Device-based Digital Wallets

Fast and easy-to-use digital wallets can be found on-device. Examples for this are Apple Pay, Google Pay, and Samsung Pay. When using these digital wallets, users will have to register their card (binding) with the application, granting it the permission to store card details for future purchases. Apart from multi-factor authentication at the registration stage, these applications have their own ways of protecting the users and payments by authenticating the users before making any purchases using it. Commonly, this is done via a PIN code that corresponds with smartphone locking, or biometric.

Strong Customer Authentication and Its Role in Payment

Strong Customer Authentication (SCA) is a European regulatory requirement put forth by the EU Revised Directive on Payment Services, commonly known as PSD2. The purpose of this requirement is to reduce payment fraud, keep customers safe, and ensure a smooth and seamless payment process in the region.

According to PSD2, customer verification is based on at least two or three factors, they are:

• Something you know: a PIN code, a one-time password (OTP)
• Something you have: a credit card, a mobile device
• Something you are: a biometric scan, including fingerprint, iris, voice, …

In the European Economic Area under PSD2 requirement, SCA is applied to all bank transfers, card payments as well as online payment methods. As of March 2022, all businesses in the European Union (EU) and the UK are required to apply SCA into their digital payments.

How Businesses Can Optimize Customer Authentication in Payment

As stated earlier, a better customer journey begins with an optimized process all the way from “add-to-cart” to making payment. Below are some of the approaches that we recommend to businesses to achieve a smoother customer authentication in online payment.

Conduct Customer Survey

Online shopping sites and merchants can begin the enhancement project by assessing the current situation, which can partially be done by conducting customer user experience surveys. Via these questionnaires, businesses can learn more about their customer's experience with their platform, the pain points, and which elements customers hope to be improved.

Surveys can be designed in different ways, leaning towards a rating approach or one that encourages customers to share their own thoughts in words. In general, most e-commerce giants adopt a mix-and-match strategy to learn about different aspects of their service platform, while guiding customers through the assessment process by setting rating scales that reflect their actual experience.

From the survey results, the enhancement team can find similar, overlapping feedback or pain points shared by customers to begin proposing the changes to be made or components to be added.

Adopt Qualified and Safe Payment Services

Amid the rapid growth of online buying and selling, there are many new payment service providers joining the market. While it is essential to offer a wide range of payment options crucial to e-commerce, namely credit card, digital wallet, cash-on-delivery, or even buy now pay later, businesses should also consider sourcing payment services from renowned and certified providers.

Keep in mind that the payment industry domestically and internationally from time to time will announce and enforce specific regulations and certification requirements on payment service providers, related to transparency and safety. Don't forget to remain updated and perform careful due diligence before onboarding a new payment solution.

Employ Back-end Tools to Support Authentication

With fraud threats rising daily, many cyber security solution providers offer tools that you can deploy in the back-end of your system to support the authentication process. Add-on solutions can vary all the way from simple rules-based authentication to the ones that employ AI and Machine Learning to analyze risk elements, score, and suggest follow-up actions.

Payment fraud risk related solutions, no matter how complex, all aim to support a payment process with less friction, by reducing the frequency of step-up authentication requests. However, you may wonder how security is ensured when additional authentication is exempted, we've got you covered.

With advanced, real-time risk detection tools like HiTRUST's Veri-id, up to 100 device information attributes are collected and generated into Device Fingerprint unique to each user device accessing your site. When combined with sophisticated AI/Machine Learning models, in-coming transaction and device related data are continuously trained to enhance fraud risk prediction over time.

Optimize, But Never Abandon Necessary Measures

Online platforms and merchants may realize that an optimized and seamless customer journey can result in increased business performance, however, a system unprotected from fraud threats will bring about relative losses in finance and customer payment data. In recent years, there were many instances where unprotected merchant sites were attacked by hackers, who would then resell or expose credit card information online, leading to many fraud losses for both the business and individuals. Apart from fraud cases stemming from data breaches, chargeback fraud is also something that businesses spend much time and resources on resolving.

As a long-term provider of payment security solutions, HiTRUST recommends early development of fraud prevention projects to ensure that your transactions are safe, while delivering a desirable checkout experience for your customers, thereby reducing the alarming cart abandonment rate.