Seamless and Secure Payments for eCommerce Transactions

Challenge

Dutch banks want to better serve the payments value chain for online purchases to drive consumer spending, and enrich the end-customer relationship

Considerations

1. How to improve security and remove friction from ecommerce transactions? Current Card Not Present (CNP) payment security options are inconsistent across merchants and do not provide a smooth customer experience (CX) for consumers

2. How to meet new regulatory requirements? The Payment Services Directive 2 (PSD2) demands Secure Customer Authentication (SCA) that has the potential to add further friction to the payment process

3. How to implement in line with merchant expectations? Merchants are looking to embed the authentication process into their shopping experience, necessitating a feedback loop from the payment instrument issuer to the merchant ‘smart POS’

Solution

1. Leverage the most familiar and secure elements of the equivalent physical Point of Sale (POS) or mobile app experience for customers shopping online. A software POS, such as the Maestro offering, can be used to create a physical interaction with a smart device, such as tapping a debit card to a Near Field Communication (NFC) enabled personal device for contactless purchases or combined with PIN entry.

Customers are already accustomed to tokenized payments on smart devices, such as mobile phones and wearables. Leveraging a tokenized card with the ‘smart POS’ develops some level of consistency for the customer. For truly seamless payments the app needs to be at a domestic level, not the bank level. The Dutch market has a strong heritage of interbank initiatives which drive payments modernization in country through non-competitive, consumer adoption programs. In this way the banks retain the primary customer relationship and avoid disintermediation in the ecommerce environment via other wallets or mobile payment applications.

2. Utilize Cardholder Device Card Verification Method (CDCVM) alongside the tokenized card and registered device details to satisfy SCA requirements of Two Factor Authentication. Most modern personal devices are equipped with biometric readers that can be used to identify the known user; fingerprints, face recognition etc. In this way the card is the token, verified by the ‘smart POS’ on the device itself.

This potentially creates a better customer experience than current CNP Step Up Authentication methods, which vary by the combination of merchant, issuer and acquirer involved in the transaction.

3. Embed payments seamlessly into merchants’ own ecommerce experiences to drive consumer spending and reduce basket abandonment. Many current secure payment methods require the merchant to push the customer to an external authentication application which adds friction to the customer experience and can impact how customers perceive the security.

To embed the new secure payment experience into the shopping flow there needs to be a deep link created between the merchant application and the ‘smart POS’ device application. This would enable the end-to-end payment and messaging flow. The merchant instigates the transaction and must be paid at the end. The consumer device seeks approval from issuer bank, so the request and approval messages must flow to and from the device. To simplify the integration and orchestration of the ‘smart POS’ it should leverage industry standard APIs, in Europe this could be a PSD2 API. Connecting the merchant into the software application is critical to implementing the new way to pay in line with their CX strategy.

In order to achieve the level of security desired modern data encryption standards must be implemented, such as the latest Cryptography Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES) to protect the stored data in the tokenized card or physical card in the NFC-based interaction.

CX optimization

The ‘smart POS’ could be leveraged against any payment rail, depending on customer preference. Adding payment methods to a familiar experience drives towards a frictionless future. This could be adding instant payments as a payment option.

Creating the deep links between the merchant and bank applications would pave the way for simple real-time payments in ecommerce transactions. Merchants could further drive consumer spending by offering additional loyalty benefits to customers choosing to pay by instant payments.