New EMV checkout standards look to create secure, frictionless environment

While ecommerce has exploded in terms of driving consumer shopping preference in recent years, the process of conducting transactions over computer browsers and mobile phones continues to be a cumbersome and in some cases insecure process that frustrates consumers and leaves billions of dollars on the table in abandoned transactions, payment fraud and other vulnerabilities.

A new remote checkout standard announced by U.K.-based EMVCo is being closely watched by the credit card industry, retail merchants, card processors and banks to see if progress can be made on creating a more secure and streamlined system for consumers to complete mobile and online purchases.

"If you want security in an environment, you want to reduce complexity; let's have one integration model that applies to secure remote commerce no matter what card you're accepting," Brian Byrne, director of operations at EMVCo., told Mobile Payments Today in a phone interview.

SRC is a technical standard that will allow the creation of a more consistent and simplified customer checkout experience across various platforms, ranging from desktop and laptop computer browsers to mobile shopping and payment apps.

"With SRC, merchants will be able to offer a standardized checkout process on their websites in the form of a payment button that provides a consistent user experience, regardless of which card a consumer chooses to pay with," Melissa Filipek, a spokesperson for American Express, told MPT via email. "This will make the process of paying with a card on a website or mobile app faster and easier for the consumer, reduce shopping cart abandonment and more easily provide customers their payment choice through a single integration."

Fraud, friction rising

Research from Aite Group gives a sense of the problem. In a June report, Aite Group shows that in 2018 there were $4.4 billion in losses from card-not-present fraud, and that figure is expected to rise to $6.4 billion by 2021.

Another major problem is cart abandonment, when a consumer walks away from completing a purchase on a desktop or mobile shopping site. The report shows that on Black Friday 2018, about 82% of all online shopping carts were abandoned before a consumer completed a purchase. The biggest reasons cited ranged from 60% saying the added shipping, taxes and handling costs were too high, 37% saying the shopping site wanted the user to create an account and 28% saying the checkout process was too long, among other reasons.

As its stands today, digital commerce is an inconsistent and friction filled experience for consumers, according to Ansar Ansari, senior vice president, digital payments at Visa.

"That results in poor conversion for merchants, lost transactions for issuing banks and frustration on the part of the online shopper," he told Mobile Payments Today via email. "Visa is working with the entire payments ecosystem to reduce the friction caused by manual credit and debit card entry, checkout decline rates, passwords and other hurdles shoppers and merchants of all sizes face in ecommerce today, all while making the online shopping experience feel more familiar and reassuring shoppers that their ecommerce checkout is safe and secure."

In connection with the unveiling of the SRC standard, Mastercard announced last week the launch of a "digital wellness" program that would offer merchants an additional layer of security through tokenization as well as NuData, a technology from Mastercard that uses machine learning and artificial intelligence to help prevent fraud by monitoring certain metrics like web surfing speed, changes in browser type, monitoring web traffic and other factors, according to Pablo Cohan, senior vice president, digital payments and labs, North America at Mastercard.

"For merchants, this is expected to help increase approval rates, lower fraud and reduce PCI compliance burden, especially for SMB merchants," he told MPT via email. "We ultimately want to make the online checkout experience as secure and simple as possible for everyone involved."

Questions remain

While the goals of the new standard are widely understood, there remains a window where some in the industry cannot predict the outcome.

"The intent of the standard is to provide an ecommerce purchase experience that is vastly more secure than current CNP (card not present) transactions, and theoretically, delivered with less friction than traditional payments," Thad Peterson, senior analyst at Aite Group, told MPT via email. "That said, it's a complicated process and there's no clarity at this point as to what an actual implementation might look like."

He added that the new standard should also replace the existing digital wallets from Visa and Mastercard, called Visa Checkout and Masterpass, respectively.

"Merchants and banks don't have any kind of control or binding vote or binding say in what EMVCo does," said Stephanie Martz, senior vice president and general counsel of the National Retail Federation.

She said until they see in some detail about how the new standard will be implemented, "we don't know for sure if this is going to be more efficient or more secure."

Laura Townsend, senior vice president of operations at the Merchant Advisory Group, said the group, which has worked closely with EMVCo on the SRC issue, is very supportive of the effort, but noted there are concerns about implementation, including requirements for tokenization, which is a way to mask a stored payment card number to protect it from being compromised.

Cover photo: Mastercard


Original author: David Jones