Ecommerce has irrevocably changed the way customers shop. Whilst online payments continue to rise steeply, so do the online security risks involved in electronic payments. There is no wonder then why payment players invest in bringing in the latest technology to keep customers and businesses safe.
Fortunately, not only scammers are getting smarter, but technology is too. The PSD2 regulation enforces the use of Strong Customer Authentication (SCA) in all transactions, so customers are required to provide at least two types of identification that can be something they own (like a mobile phone), something they know (like a PIN) or something they are (such as fingerprints).
To reinforce SCA, there is now a broad range of authentication tools available for businesses to ensure their customers are protected. We have previously discussed how you can ensure payment security for your customers. In this article, we will focus on authentication tools and list some of the most popular and effective tools available on the market, that PSPs may offer.
3D Secure is a protocol created by Visa Inc. and CA Technologies, now adopted by all payment networks. Visa uses it as “Verified by Visa”, MasterCard as “SecureCode”, Discover as “ProtectBuy”, Amex as “American Express SafeKey” and JCB International as “J/Secure”. You will likely encounter these designations when purchasing an item online.
3D refers to three domains that are involved in this protocol: the acquirer domain (merchant’s bank), the issuer domain (customer’s bank) and the interoperability domain (any payment system that is involved in the payment by connecting the issuing to the acquiring bank).
Essentially, this protocol brings another security layer to payments by requesting customers to insert a one-time code that was sent via email or text message. The customer adds his card details online and, if his card is registered for 3D Secure, he will be redirected to another page where he will be asked to insert this one-time code. If successfully, he will be directed to the merchant’s website again and the payment is completed.
3D Secure adds an extra task for the customer to complete, which slows down the payment initiation process. Fast checkout experiences are a must in retaining existing customers and ensuring customer satisfaction, so 3D Secure may be an hindrance to that. Nevertheless, customers want to feel safe and know that their data is handled well- their protection should be at the forefront of any business.
In 2016, 3D Secure 2.0 launched as a more modern and user-friendly version of the first 3D Secure protocol. Amongst other functionalities, it offers risk-based authentication where customers are screened without even realising, whilst they’re initiating the payment. Customers will only be requested to take additional authentication steps if the screening detects something suspicious with their data or transactions. This contributes to a more seamless payment experience.
This authentication process compares the billing address that the customer entered in the checkout page with the billing address linked to his bank account. It is used by all major card networks (Visa, MasterCard, American Express and Discover) to verify the ownership of the card used for the transaction. Typically, this system only checks the numbers on the address, so it is usually the postcode, flat or street number. Currently, AVS is available in the UK, US, Canada, New Zealand and Australia.
AVS is a fairly easy and widely accepted way to detect potential fraud. Since it is offered by all of the large card networks, AVS is automatically done once payment details are collected, and the gateway or processor will take care of it. However, AVS alone may not be 100% effective as there can be some small typos or errors in the address details entered.
A typo made by the customer doesn’t mean that the payment is fraudulent, just as a full AVS match doesn’t mean that the payment isn’t fraudulent. Therefore, this tool should be used alongside other tools to prevent misjudgement. AVS also requires merchants to review each transactions on an individual basis, which is a very detailed and time-consuming task.
Biometric tests use customers’ biological characteristics to verify the ownership of an account. Once they open an account with a merchant they can scan, for example, their fingerprint, by touching their mobile phone’s screen. This information will be stored on the company’s database and used for comparison every time a customer initiates a payment.
Some examples of biometric features that can be used for authentication purposes include retina scans, fingerprint scans, iris recognition and facial recognition. There is an increasingly broader range of biological features that can be tested, such as voice or even hand shape.
Naturally, this type of authentication is fairly accurate, as it is very difficult to falsify biological features. It is also practical for customers who, instead of having to remember a PIN or password, can simply touch their mobile phone’s screen to be authenticated. Nowadays, convenience is key for customer satisfaction. Unsurprisingly, research shows that 54% of UK consumers would use biometric payments cards if they were available (Thales Group). However, unlike AVS or 3D Secure, biometric authentication isn’t easily available and may be expensive to implement or purchase from a third-party.
Geolocation uses the customers’ devices to identify their location and authenticate them. This allows merchants to know where each payment is coming from and potentially detect any fraudulent transactions. For example, if a customer initiates a payment in Brazil on day 1, and another payment in Australia on day 2, this can be considered suspicious. Merchants are able to block transactions from certain countries, which may also lead to an unnecessary loss in sales.
Firstly, privacy issues can come to play as customers may not be comfortable with sharing their location. Some geolocation tools may require the customer’s Wi-Fi to be on, which isn’t always possible if customers are on the go or simply have a weaker Wi-Fi signal. However, this tool is fairly convenient, as there are no passwords to remember or complex tasks to complete. Overall, just like most of the tools, this tool is more efficient when used alongside others. Multi-factor authentication continues to be the most popular and easy-to-use tool for merchants.
Imburse is a cloud-based middleware connecting large enterprises to the payments ecosystem, regardless of their existing IT infrastructure. Through a single connection to Imburse, enterprises can collect or pay out using a variety of payment technologies and providers around the globe.
In a world where consumers payment preferences and technologies are ever-evolving, Imburse works with insurers to future-proof their payment requirements. Regardless of the business area, market, or requirements, Imburse will connect you to your choice of technology and provider.
Reach out to our team below should you want to discuss how Imburse can help you. Our team is happy to show you what our platform can do for your business and offer you a free demo.