By Regis Massicard, Europe (SEPA) Payment Strategic Director at Ingenico Enterprise Retail
Merchants are increasingly aware of the growing security risks posed to their customers and their operations as online shopping and payment technologies continue to advance. It goes without saying that no company wants to suffer the financial and reputational ruin that often comes with a data breach. But, addressing the issue is complicate and many companies can find themselves stuck when trying to address the issue.
It’s crucial, therefore, that merchants remain up to date with the latest security regulations, ensure they are aware of the common roadblocks they may face, as well as how to overcome these. So, here I answer some key areas to help merchants really understand security.
The increasing importance of security for merchants
One of the key areas as to why security is increasingly important for merchants is that more data is being shared online today than ever before. With eCommerce booming the technology supporting it is advancing on an almost daily basis. Fraudsters are working hard to cash in on the opportunities this opens up for them. And any security breach can potentially ruin a company’s reputation, as well as have the potential to cost significant amounts of money – merchants must stay on top of security to avoid these risks.
As well as this, regulations are constantly evolving, and it can be hard for merchants to remain up-to-date. At present, the hot topic is Strong Customer Authentication (SCA), an offshoot from the second Payment Services Directive (PSD2). PSD2 requires every electronic transaction (with some exceptions) to be strongly authenticated. Although SCA is optional now will be mandatory by March 2021 – the original deadline was set for 31st December 2020, though The Financial Conduct Authority (FCA) announced a UK extension recently.
What’s more, merchants need to be mindful of how it might impact the checkout experience for customers – SCA stipulates that card transactions must use two of the following three factors to provide authentication: Knowledge: something they know (e.g. a pin number or password); Possession: something they have (e.g. a phone); Inherence: something they are (e.g. a fingerprint).
Complying with PSD2 and SCA will require the use of innovative technologies that can foster greater customer loyalty and increase conversion rates. 3D Secure version 2 (or 3DSv2 / 3DS2) is widely considered the best way to comply with SCA requirements as it is an authentication protocol that asks businesses and their payment service providers (PSPs) to share more data around every transaction with issuing banks. To make things easier for both the merchant and consumer, PSD2 allows for some exemptions from SCA. However, it’s important to note that all transactions that qualify for an exemption won’t be automatically exempted, as the customer’s bank always has the final say on requiring for an SCA or not for any given transaction.
It’s important to note that these changes shouldn’t be daunting as there are experts who can help relieve the burden and allow merchants to focus on their business.
Combatting the parts of security merchants most struggle with
Customers expect failsafe security, but with additional processes can result in increased friction, something a customer is unlikely to stick around for. So, retailers can often struggle with the balance of seamless and security. Getting the right balance between fraud prevention and keeping your customers happy is vital, and the best way to go about this is a combination of education and an accurate security system.
By letting your customers know the authentication operations that are in place or any changes to expect, they will not get confused and/or abandon their cart when prompted to answer a security question, for example. A customer who is aware of SCA’s two-factor authentication is more likely to comply with the process and complete their transaction than one who is met with a pop-up they don’t recognise. Similarly, working with an expert to streamline your system will ensure customers aren’t turned away by constant false declines.
Ensuring customers feel secure when making a transaction
For both customers and retailers, the moment the transaction takes place is what requires the most trust. The key to satisfying and keeping customers is familiarity. Provide shoppers with a checkout experience that they are comfortable with and they will reward you with their custom. The important thing is to know your customer as even if a company gets it right when it comes to their products or services, they can still lose customers if the user experience isn’t tailored to their clientele. To combat this, collecting data is essential. Merchants can make the most of solutions that give them the capacity to collect and analyse data on customer behaviour that identifies trends and opportunities. By doing so, you can tap into buying behaviour and better meet your customers’ expectations – including payment and security preferences.
The importance of expertise to master security
Payment service providers (PSPs) take security very seriously. For merchants, by working alongside a PSP, they will direct access to the greatest expertise of payments experts to ensure companies are compliant with the latest regulations and protected from data breaches and can offer GDPR compliant data collecting capabilities. This means that merchants can access tokenised data to inform their business decisions, without compromising customer data security. This expertise allows merchants to concentrate on their businesses, assured in the knowledge that their systems are in safe hands.