Mobey Forum’s SCA in m-Commerce Expert Group in co-operation with Aite have produced a report looking into the balance between friction-less online payments and security. The group surveyed industry experts and in this report present their views on online payment security, the payment experience and rising fraud.
The key findings of the report include:
• Merchants consider the customer experience as the most important factor for payment transactions in online payments, but they must also manage rising fraud and deal with stronger compliance requirements.
• The report provides an industry view on the criteria for applying strong customer authentication (SCA) based on multifactor authentication. It also analyzes potential challenges introduced by legislation, including PSD2.
• SCA could have a negative impact on conversion in the short term for certain merchant segments trading higher-value goods, but this may be temporary as customers adapt to the new procedures.
• Risk-based authentication (RBA) is the most important tool available to enable a smooth payment experience while improving security. If there is an element of doubt, SCA can still be applied to provide an extra layer of security.
• The adoption of biometrics as an authentication mechanism will continue to grow, as the technology offers the best of two worlds—better security and improved user convenience. Biometrics, however, are not a silver bullet and should be used in concert with other technologies.
• The current threshold value of 30 euros for applying SCA as specified in the PSD2 is considered to be too low, leading to more friction throughout the payment process. The exemption for transaction risk analysis could bring some relief, although the criteria to be met are quite demanding.
• Longer term, new payment models will emerge based on the possibilities delivered by the combination of payment initiation services (PIS) with instant payments. Such models have the potential to challenge the existing card-based approach for online commerce payments.