Netflix and the future of digital payment security
At first blush, Netflix may seem to have a fairly simple payment process: Collect a card number once, and keep charging it every month until the customer cancels. But even this process can be demanding.
Security is one of the biggest variables for Netflix. Its subscriptions are card-not-present transactions, but due to their nature — same customer, same purchase, same price, year after year — these payments are arguably more secure than most card-present transactions.
And yet Netflix still wants stronger security of the kind that the card brands are developing with Secure Remote Commerce (SRC), a.k.a. the universal “buy button.”
From the issuer’s perspective, every Netflix payment is treated as no less risky than the one before it, according to Joshua Karoly, Netflix’s director of payments, who spoke at SourceMedia’s Card Forum this week in New Orleans.
“A lot of times you get apprehension about that transaction, even though we’ve billed this customer so far for five years straight,” Karoly said. “They’re still going through the same rules that the transaction would go through for the first time.”
SRC is designed for guest checkouts online, handling the enrollment one time through a card issuer’s app. Thereafter, if a consumer wants to use SRC to pay on a new device, they go through an email authentication process and can choose to trust that device for future payments. After clicking the SRC button at a merchant, the consumer can optionally choose to create an account with that merchant.
Netflix already makes the payment as frictionless as possible. It keeps a tokenized card account on file so it can continue to charge customers even if their card is lost or stolen. It also aims to make the cancellation process seamless. Netflix doesn’t dispute chargebacks in most cases, so the customer will not have misgivings about resubscribing, Karoly said.
Eliminating the process of typing in a card number for new or returning customers, even at other merchants, removes a major pain point for a company like Netflix.
“Bad things happen when cards are manually entered,” said Elliott Goldenberg, vice president and product specialist for digital payments and labs, products and innovation at Mastercard.
“It’s rare that the card-on-file vault breaches. It’s malware at the point of entry, so if we can remove that, it’s a pretty big step,” Goldenberg said.
SRC’s enrollment process, which takes place in a bank-controlled environment, combines with other security methods like 3-D Secure to provide a “far richer set of data” for combating fraud, Goldenberg said. SRC is due to launch sometime this summer, he said.
Netflix is supportive of this effort because it demonstrates Mastercard and its peers are listening to merchants’ feedback.
“No offense against Mastercard, but Masterpass or Visa Checkout, they come and they try to sell you on that point, and I don’t want NASCAR on my checkout flow. I want to keep it as simple as possible,” Karoly said. “They kind of took that to heart and came together finally.”
Karoly and Goldenberg both expect SRC — and its current planned implementation as a universal “buy button” — to be a stepping stone to greater things.
“You’ll very quickly see that move to an environment where it’s not just a button,” Goldenberg said. “It’s about everything underneath the button; the button is the first use case.”