ecommerce payment fraud

Three Trends in E-commerce Payments to be Concerned About

With ecommerce sales skyrocketing, the options for online transactions are manifold. But what are the problems that come with these many choices to pay? Find out. 

Global e-commerce sales hit $29 trillion in 2017 according to data released by the United Nations Conference on Trade and Development (UNCTAD) early this year. Here are three e-commerce payments trends you should be concerned about.

MOBILE WALLETS AND FRAUD

The pervasiveness of smartphones has sparked the growth of payment methods such as Alipay (1 billion users) and Apple Pay (383 million users). However, the growing popularity of these payment methods makes them a security target as well. 

Convenience is a selling point of some of the most popular mobile wallets like Apple Pay, Samsung Pay and Google Pay. Once linked to a card, payment information is turned into random numbers/tokens that are transmitted every time someone wants to pay.

In 2016, Salvador Mendoza, a security researcher outlined a potential flaw with Samsung Pay, showing that hackers could intercept the security tokens generated by a Samsung phone when making a payment.

However, Samsung responded to the presentation, saying that they had deemed it an acceptable risk. For a hacker to actually pull off such an attack, they’d need to be next to someone right when they were making a transaction and use the code before the transaction is completed.

Here’s another loophole in mobile wallets; wallet users load money into them by enrolling a debit or credit card into the system. What happens when a fraudster gets hold of your credit card information and tries to load their mobile wallet with it?  

David Dewey, the director of research at Pin Drop Labs did an experiment where he was able to load credit cards from volunteers into Apple Pay. 

He used a loophole in the card enrollment process between Apple Pay and the card issuer. Ultimately, the credit card holder’s bank decides the authentication procedures for linking new cards to Apple Pay.

In his experiment, David went around one issuer’s Knowledge-based authentication (KBA) questions by Googling information about the credit card owner, while in another, the card was verified with zero obstacles. 

The experiment was repeated 4 months later and most of the loopholes had been plugged, however, with the ingenuity of fraudsters, issuers will have to be on top of their game.

ecommerce payment fraud

MEASURES TO PREVENT MOBILE WALLET FRAUD

In a recent interview,  Mark Sands CEO of HRMA-LLC, a company that specializes in high-risk credit card processing and credit card fraud prevention said, “Many new mobile wallets are implementing SMS Phone Verification to minimize credit card fraud. This technology identifies the person making a purchase with an instant verification code sent to their cellphone and that code is required to complete a transaction”

In this case, unless they steal your phone too, credit card fraudsters have an insurmountable security wall to climb. “The introduction of this technology was made a few years ago and companies seem to be embracing it rapidly in the transaction process,” Mark says. “Hopefully soon, it will become integrated as an industry standard.”

Alternatively, some mobile wallets like Alipay have integrated AI into their security systems. Alipay uses a risk control engine named Alpha Risk, which utilizes an active learning risk identification algorithm that scans various transactions to verify accounts and ensure that the information has not been hijacked.

PSD2 AND INSTANT PAYMENTS

New payment methods have a tendency to open up new industries or shake up existing ones.  

The Payment Service Directive (PSD2) that requires banks in the EU to provide access to their customers’ accounts via open APIs, has stipulations that could potentially transform e-commerce payments. 

Under the PSD2, third party providers can register as Payment Initiation Service Providers (PISPs) who will be able to initiate payments on behalf of their customers. 

What this means is that a retailer like Amazon or Alibaba can register as a PISP and initiate payments from buyers’ bank accounts to theirs (with the buyers’ consent), cutting out the-middle-men-card associations and associated fees.  

To put things into perspective, whenever a customer makes a purchase from an e-commerce website using a credit card, their bank (acquiring bank) reaches out to the customer’s bank (issuing bank) and asks them to initiate the payment.

Unless it’s the same bank, the acquirer pays an interchange fee (set by the card associations i.e. Visa, Mastercard etc.) to the issuer. Eventually, merchants pass down this transaction cost to their customers. 

However, with instant payments where these costs are cut, the big question remains; will merchants pass down the savings to their customers? I think not but time will tell.   

Under PSD2, third parties can also register as Account Information Service Providers (AISPs) and aggregate data in addition to being PISPs. This opens up room for customers to use third-party apps to make purchases, pay bills and check account balances without the need for logging into a bank account. As more innovations sprout out of these capabilities, the more probable it is that instant payments will transform more industries.

FRICTION IN PAYMENTS DUE TO STRONG CUSTOMER AUTHENTICATION (SCA)

Among other factors, a customer’s shopping experience is affected by the speed and the number of payment steps that have to be completed. According to Amazon, each additional click made by the customer increases basket abandonment rates by 15%. 

However, the PSD2’s Strong Customer Authentication (SCA) requirements will see businesses counter fraud by using at least two authentication elements to verify electronic payments. This is likely to create more friction. 

According to a 2019 study by the Emerging Payments Association (EPA), the SCA requirements will increase transaction decline rates to 25%-30% from today’s 3 %. Merchants are fully aware that any extra steps unless seamlessly implemented, will see customers abandon online purchases and reduce their revenue.

Credit card associations will also be opened up to competition due to the SCA. Traditionally, an e-commerce site that accepts card payments will require shoppers to fill in details including name, address, card number, expiry date and security code.

A 2016 survey by the Baymard Institute found that the top-performing e-commerce sites had 7 form fields in their checkout system, yet the average checkout system in the US had 15 form fields.

For European merchants with the same numbers, adding extra authentication steps will only frustrate customers further. Unless care is taken, the SCA can make credit card payments unable to match the customer journeys offered by quicker mobile wallets.

As the e-commerce industry continues to evolve, so will the demands for a better user experience (UX) in payments. The companies that strive to innovate in this area will have a potent weapon in their ecommerce repertoire that separates them from competition.

This article first appeared on Dataconomy as a guest post and is reproduced with permission

About Author