The 'Uberization' of payments pressures security and e-channel strategies
While EMV adoption is one of the major milestones in the payment industry, the card-not-present world has also been evolving rapidly where various new use cases and flavors of electronic commerce have emerged in the past five years.
While Uber “Uberized” the payments process where payment is an after-thought to consumers, Apple pay launched their “in-app” payments, and Facebook’s chatbots got an upgrade through PayPal.
What does all that mean for the payments industry? There are several trends as well challenges and opportunities that businesses will need to address, requiring a deft combination of both fraud prevention and omnichannel innovation.
Online fraud. According to CardNotPresent.com, counterfeit fraud at the physical point of sale is dropping, while card-not-present fraud is surging.
Since EMV comes with added authentication and security, it is making it difficult for fraudsters to commit fraud in card-present payments. Hence fraudsters are shifting to the card-not-present world. Based on The Global Fraud Index, online fraud has jumped by 11% since the EMV shift. Other regions that have already been through the EMV transition have experienced this shift in fraud.
EMVCo released a new, improved, and secure authentication technology called 3D Secure 2.0 in October, 2016 that supports app-based authentication and integration with digital wallets and browser-based eCommerce transactions. This standard promises a seamless consumer experience with strong risk-based authentication involving machine learning algorithms. Strong end-to-end encryption, tokenization and adoption of 3D Secure Authentication technologies can help organizations mitigate these fraud issues.
Consolidation of in-app payments (mobile applications) and mobile wallets. Several large merchants have launched mobile wallets in the last two years, such as Walmart Pay, Target Pay, and Kohl’s Pay. However, there has also been a big focus on omni-channel commerce, and mobile is playing a significant role here. Mobile commerce spans a variety of tools and capabilities including mobile wallets, shopping through a mobile application directly, enabling (in-store) mobile payments and in-app payments. It’s likely that all of these experiences will converge to further enhance the consumer experience by providing a single mobile channel with a variety of payment options and capabilities.
Growth in contextual commerce. There has been a lot of innovation in contextual commerce, with the vision of providing an exceptional user experience that seamlessly addresses consumers’ activities and needs. Organizations are integrating the social and everyday activities of consumers with the commerce and payments experience. For example, Uber launched UberEats as a standalone app for food ordering on the go, and Hilton Honors members traveling via Uber can make a room selection and check in through the Uber app. Conversely, consumers can order an Uber directly from the HHonors app. More of these experiences are going to converge to make commerce easily accessible to consumers.
Authentication will play a big role in merging card-present and card-not-present economies.The payment industry is going through a lot of innovation around authentication since consumers want a hassle-free, secure experience. As mentioned previously, EMVCo released a new standard for 3D Secure Authentication.
Biometric authentication has also received a great deal of investment lately. Apple Pay included fingerprint authentication to mobile and in-app payments, thus closing the gap between card-present and card-not-present rates. Two-factor authentication is being extended to other types of authentication like blood pressure, pulse rate, temperature and iris scans. Moving into 2017, the role of authentication will become even more important, and we will see even more developments in this area.
Authentication and data-centric security approach key to enabling contextual payments experience.New innovations in mobile payments and e-commerce will provide opportunities for organizations to personalize and enhance the consumer experience by delivering contextual information on the platforms that are most relevant to them. As more users adopt these solutions, it is also providing opportunities for cybercriminals to monetize stolen card information in card-not-present environments. Businesses should utilize user and device multi-factor authentication to perform real-time analysis of the riskiness of an e-commerce or mobile purchase and help guide the decision to accept or decline the transaction.
In addition, organizations should take a data-centric security approach leveraging solutions such as Format-Preserving Encryption and tokenization to protect sensitive information throughout its lifecycle. The success of new innovative technologies for mobile payments and e-commerce will be dependent upon the organizations’ ability to ensure security and consumer trust of the transactions.