Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

The ongoing battle of strong authentication vs customer experience – who will win?

There’s no doubt that new regulations, such as Payment Service Directive 2 (PSD2), have changed the way in which customers interact with businesses online. As further rules are added to keep customers safer online, merchants worry these initiatives, designed with customer experience in mind, are in fact turning them off. This could be bad news for merchants – it means lower sales conversions, impacting their profit margins and could damage consumer experience.

In this piece Chris Thomas, Managing Director of EMEA at Emailage, answers the big question of how companies can successfully verify a customer’s identity, with minimal friction, when opening a new account or making a payment transaction. A balance which gaming, finance, and eCommerce businesses are particularly struggling to foster.

The need for stronger authentication

Consumers, businesses and regulators have called for stronger authentication methods to combat the rise in card-not-present (CNP) fraud across the globe.

Particularly in Europe, CNP payment fraud losses have been steadily increasing for nearly a decade with little sign of easing. According to the Fifth Report on Card Fraud published by the European Central Bank (ECB)in 2018, CNP fraud accounted for 73 per cent of the €1.8 billion lost to card in 2016[1]. This was up 2.1 per cent on the previous year[2], a sizeable increase, which is showing no sign of slowing down.

Currently, a lot of fraud goes unreported, but the numbers above show that the reported costs alone are staggering – and getting worse, becoming increasingly burdensome for merchants and issuers and concerning for consumers. It is no wonder, then, that the European Commission has intervened with new Strong Customer Authentication (SCA) requirements on payment transactions incorporated into PSD2.

Under these requirements, from the 14 September 2019, all eCommerce transactions are likely tobe processed via a security mechanism like 3-D Secure 2.0. This means customers who are purchasing goods over €30 could be required to enter two forms of identification, also known as multi-factor authentication (MFA) — a method of confirming a user’s identity by layering a combination of different components including:

  • something the user possesses (for example, a debit or credit card)
  • something that the user knows (e.g. their PIN number or password)
  • something the user is (e.g. a user’s fingerprint or retinal scan)

Using a combination of two or more of these components creates a layered strategy with stronger security and can, in fact, make transactions easier for trusted customers.However, many businesses fear that the complexity of such a multi-layered approach to authentication will inevitably turn consumers away from completing online purchases. This basket abandonment will result in a loss of revenue which, in the long run, can put merchants’ businesses and consumer experience at risk.

At the same time, prioritising seamlessness over security can have a negative impact on customer relationships too. Many customers refuse to make purchases from vendors that they feel do not have the right tools in place to protect their precious personal and payment data.

Providing a frictionless customer experience

With this in mind, businesses clearly face a double-edged sword. They optimise security and they damage customer experience, or they focus on frictionless payments and erode customer confidence. What is needed is for businesses to find a balance between these two extremes, finding a solution that allows low friction customer experiences without compromising on security. The key is getting the process right.

It is all too common for retailers to have security protocols in place that wrongly block good customers while still letting the bad customers in. This is a clear sign that merchant processes still have scope to improve and need to be looked at further.

Another issue is the existence of “one-click” payments. These are popular with consumers, as they allow purchases to take place with ease. However, they are also extremely popular with fraudsters, as they remove so many of the traditional barriers to CNP fraud.

These are two extremes that both ultimately have a negative impact on both fraud rates and sales conversions. What is needed is to strike the right balance between security and seamlessness. This means careful consideration of the entire customer experience, from the Home page to the payments process, incorporating expert consideration of the potential fraud risk. The eCommerce landscape is so competitive that how easy it is to purchase from a site is often the deciding factor for many consumers. 

Informed decision making to gain an edge 

The new reality is companies will gain an edge over rivals and fraudsters when their decisions about customer experience and payments are better informed through dynamic, real-time fraud risk analytics and data. It is vital to deploy solutions and a strategy that are effective and compliant with PSD2, without impacting on the customer experience. The key goal for any merchant or PSP is to minimise the need to deploy 3-D Secure 2 by reducing fraud as much as possible. By making sure of customer and data at one point I the process allows a better risk decision to be made at the point of payment.

There have been significant developments in solutions designed to analyse underlying transactional data in recent years that can go a long way towards supporting merchants in ensuring their anti-fraud processes are fit for purpose.

One analytical solution that is fast gaining traction in the eCommerce space is “email risk assessment”, which uses a simple and widespread piece of authentication information to gauge whether a purchase is genuine – the email address.While this assessment is not a replacement for SCA, it can help keep fraud levels to acceptable levels allowing merchants to qualify for the “low-fraud” PSP exemption under PSD2.

Under the SCA regulatory technical standards (RTS), payments via PSPs that are considered to have a low fraud risk will not require explicit customer authorisation. These low-risk payments include:

  • Transactions worth up to €100 if the merchant’s PSP’s fraud rateis less than 13 basis points (abbreviated to “bps”, this is a standard measure of fraud risk, 13bps is 0.13%)
  • Payments worth up to €250 if the PSP’s fraud is less than 6bps
  • Purchases of up to €500 if the PSP’s fraud rate is less than 1bps

Every transaction we make online requires an email address but, until now, many companies have believed these were only useful for customer receipts, notifications and marketing campaigns. However, email is a unique global identifier, which is already a basic requirement whenever a customer sets up or logs into a digital account.This makes tools like email risk assessment a valuable asset in adding another layer of protection to any eCommerce business.

Other identifiers, such as social security numbers or device IDs are not unique and are rarely transportable globally. More, alternative identifiers can be easily be hacked or stolen, with the data accessed by criminals via the dark web and account takeovers growing in popularity. Only an email can definitively be traced to the genuine account holder.

This is because a staggering 91 per cent of email users keep the same email address for at least three years, and 51 per cent keep the same email address for over 10 years. This represents a vast amount of metadata that can be analysed and put to great use in the fight against online fraudsters.

Advanced email risk assessment systems, like Emailage’s EmailRisk Score, harness multiple data points and a vast network of historical transactional data associated with an email address to separate fraudsters from genuine customers without impacting on conversion rates or customer experience – making them a practical, “zero-friction” fraud prevention option.

With these kinds of precautions, merchants can optimise their processes to protect customers from fraud, reduce false positives and protect revenue.

Time to act

Getting the balance right between security and frictionless payments is a minefield for retailers and, with SCA, it will only become more challenging.Nevertheless, it is crucial to ensure regulatory compliance while ensuring an enjoyable, smooth and, above all, safe user experience for consumers.

By talking to experts now, it is possible for merchants to ensure they have the solutions in place to better analyse the fraud risk for every transaction, so they can take steps in gauging how they can minimise the incidence of fraud without impacting on the consumer experience. In doing so, they can ensure they safeguard their business and profits in the long run.

To find out more about how Emailage can support you in balancing SCA requirements with a seamless user experience, visit:www.emailage.com.