By this time next year, every online payment in Europe will have to meet new measures designed to enhance security. We all know that security is essential for digital commerce to exist and thrive, yet we also know that we have to find the balance between security and convenience. This is especially true in a world where consumers are empowered to make purchases across a range of connected devices and expect a secure and seamless experience. Any hurdles added to the checkout process risk annoying consumers and losing sales for retailers.
Visa is introducing a new suite of solutions that meet consumer demand for safety and control of their money, while helping merchants comply with the new European requirements for Strong Customer Authentication (SCA) that come into force in September 2019. Our goal is to minimise friction in the consumer purchase experience and enhance payment security at the same time.
There is no one-size-fits all approach to authenticating a consumer’s identity – which is reflected in the new regulation. More purchases will require the added layer of security known as two-factor authentication for consumers to confirm their identity. However, for low risk transactions the extra step will often not be required.
Our new suite of security solutions will help our bank and merchant partners to identify transactions in real time that are low risk and ensure a speedy checkout for those purchases. Here is how:
For decades, Visa has refined the art of identifying potentially fraudulent purchases in real time. We interrogate each purchase on a host of different factors including location, merchant type, previous purchases, and transaction size – arming the card issuers with intelligence that helps them catch potential fraud. When consumers are asked to take an extra step and verify their identity, it’s usually to prevent unauthorised use of their account. However, it’s essential that they have convenient options for doing so. Some customers may feel reassured when asked to enter in a unique passcode delivered to their mobile phone by their bank.
Increasingly, though, more and more people are familiar and comfortable with using biometrics. To support this, we’re rolling out a new service that will enable banks to integrate biometric authentication into their banking apps so that consumers can simply log in on their connected device and use their fingerprint, their voice or even their face to complete a purchase.
Of course, many consumers don’t want any barriers at all. That’s why we’re helping merchants to make this possible while still complying with the regulation by having a full range of measures to identify transactions that qualify for the low-risk exemptions.
Firstly, we’re giving merchants the tools to make the most of the close relationship they’ve built with their regular customers. Merchants will be able to offer customers the ability to identify them as someone they trust. This “whitelisting” will eliminate the need for additional verification in most future purchases. It gives consumers greater control over their online security and a streamlined checkout experience where they want it.
Additionally, improvements to EMV® 3-D Secure Specifications, the industry standard for authenticating consumers in online purchases, mean that a customer’s bank will receive more information on a transaction than ever before, leading to better-informed risk decisions. This results in more low-risk transactions being approved and again reduces the need for two-factor authentication.
In parallel, we’re empowering merchants to enhance their own risk assessments. Our new service will upscale their fraud detection so they can better identify those purchases that are low risk and those which need added verification.
Security is always dynamic and sophisticated – it has to be to combat fraud – but that doesn’t mean we have to sacrifice convenience. We’re working closely with our clients and partners to develop creative ways to ensure that enhanced security doesn’t feel like a burden. When it comes to payment security and convenience, it is possible to have both.