The coronavirus recovery should push new payment security standards
As the digitalization of banking continues to experience extraordinary growth, even more so since the global pandemic increased our reliance on e-commerce, the growth in security challenges – specifically verifying customers’ identity – has stubbornly kept pace.
And by the time the pandemic is over, it’s likely that our dependence on digital channels will have become the norm, which means that security protocols like EMV 3-D Secure should also become part of the new status quo.
Much has been written, tweeted and blogged about EMV 3-D Secure, so by now most of us know that it is the second iteration of a protocol designed to securely authenticate consumers during card-not-present (CNP) e-commerce transactions. Its aim is to better protect the consumer, issuer, and merchant from CNP fraud in this changing digital commerce landscape.
Arguably, the greatest strength of the reimagined protocol is that it allows merchants to share much more data (up to 10 times more) to help issuers improve their authentication models and hence better evaluate the risk of CNP transactions. The protocol makes provision for four types of data to be shared: transaction and consumer data, authentication data, merchant data, and device data. The US Payments Forum gives more information on the types of data included in each group.
Improved risk analysis means that more transactions can be securely authorized behind the scenes, greatly reducing the percentage of transactions that require customer involvement. Limiting the number of complex security steps – and hence friction – in the purchasing process for a consumer results in a much improved user experience and a significant concomitant reduction in cart abandonment.
An important aspect to remember about risk-based assessment is that a subset of transactions will still require step-up authentication before an issuer authorizes a CNP transaction. In keeping with the growing “low-touch” economy, any solution a financial institution implements will need to offer frictionless authentication for low-risk transactions, as well as the ability to provide users with the control to seamlessly authenticate transactions deemed more sensitive based on the risk score.
With banks racing to modernize their payments offerings, and attract and retain customers, the winning organizations will be those that can offer an engaging customer experience, designed from the ground up for an increasingly digital world, while offering state-of-the-art security. In such a competitive payments market, financial institutions need to be able to innovate freely to make their customers’ lives easier.