The e-commerce-led recovery is under threat: here’s what we can do about it
As summer has given way to autumn, merchants across Europe have seen their customers navigate ever-changing restrictions on movement implemented by governments getting a grip on a global pandemic.
E-commerce has become their lifeline. Consumers opted to forgo shopping in-person on the advice – and at times the orders – of health officials. In response, merchants have rallied to ensure consumers have access to goods and services, in many cases moving entire businesses online virtually overnight. As a result, 14 European nations have seen online payments climb at least 20% compared to pre-pandemic levels.1
Yet thousands of merchants face being “almost cut off” from online trade when sweeping new European payment regulations come into force at midnight on 31 December, according Mark Nelsen, Senior Vice President of Europe Products and Solutions at Visa. The regulations, which arguably amount to the largest shake up of e-commerce in Europe to date, risk catching scores of merchants by surprise as they focus their efforts on servicing customers and clients amid the disruption caused by the outbreak.
Avoiding widespread declines
“If you’re a merchant and you don’t know what this is, or you haven’t deployed the technology, you might not be able to trade online come 1 January,” says Nelsen. “That’s the reality and it’s as bad as it seems.”
The overhaul is part of the EU Revised Directive on Payment Services (PSD2) that implements Strong Customer Authentication (SCA) – an extra security step for most online and in-store purchases that regulators believe will cut down on fraud and make online payments more secure. The technology Nelsen says merchants must deploy is 3D secure (3DS), and ideally an optimised version known as “EMV 3DS”, which is essentially a system that sits behind checkout platforms to assess how risky transactions are. It is also the technology that enables banks to ask for more information from the cardholder if needed.
The implementation of SCA, which takes place on 31 December across most of Europe and 14 September 2021 in the UK, means purchasers must pass security checks that fall into two of three categories; something a consumer knows, like a password or code; something they have in their possession, like a phone or card reader; and something they are, like a fingerprint or facial recognition usually entered via a mobile banking app. Merchants must have 3DS (or the optimised version, EMV 3DS) enabled, allowing this process to take place, or they can expect their customers’ banks to decline purchases.
After the deadlines, “if a consumer is trying to buy something from you in the online environment, the transaction will go to the consumer’s bank, and the bank will say ‘I’m going to decline that transaction because basic tech isn’t there for us to do our job,’” says Nelsen. “The banks have to comply with the regulation, so merchants that don’t have the technology in place might not be able to conduct business online.”
That’s likely to sound alarming to companies that are increasingly reliant on e-commerce, but the process of becoming compliant is straightforward and could be completed ahead of the end-of-year deadline if they initiate the process immediately.
Every merchant in Europe uses a payment gateway that enables purchases, so any business yet to prepare for SCA simply needs to contact their gateway provider and request to have 3DS switched on, adds Nelsen. And gateway providers and acquirers in turn need to be “shouting from the rooftops” to remind merchants that they need to make that request.
Providing the best experience
However, merchants are only one piece of the puzzle. Issuers will play a crucial role in ensuring SCA doesn’t result in a negative experience for consumers and the subsequent drop-off in sales that would follow.
On that front, there is also cause for concern, says Nelsen. Many banks that are SCA-ready intend to apply one form of authentication to every customer. That’s perhaps understandable as banks grapple with the operational challenges presented by the pandemic, but it is likely to cause problems amid a surge in levels of e-commerce and the increased diversity of shoppers that comes with it.
“There’s never really a one size fits all, yet that’s what the banks have largely done,” says Nelsen. “That’s going to become a breaking point because some customers are going to get left behind. It’s going to create all these broken experiences.”
Where banks have deployed the technology, many have opted for a “clunky” experience that could increase the risk of cybercrime, says Nelsen.
Without change, the most common form of authentication is likely to be a password and a one-time-passcode (OTP). In other words, a consumer would be prompted to enter a password they have previously registered with a bank that they must remember. These are particularly vulnerable to phishing attacks, with sophisticated criminals easily able to find the personal information required to move through a forgotten password process, Nelsen adds.
The bank must also have the customer’s current mobile phone number on file in order to send the OTP. At the check-out page, both must be entered correctly in order for the purchase to be successful.
“That sounds simple but it isn’t in reality,” says Nelsen. “For starters every bank needs every customer’s correct mobile number on file. Getting 100% to go through is always complicated at scale.”
Besides, the research suggests consumers prefer alternative forms of authentication – particularly fingerprints. In fact, a consumer survey conducted by Visa found that a fingerprint is the most favoured form of biometric authentication in France, Germany, Italy, Spain, Switzerland and the UK.2 The process banks choose is likely to be a differentiator when the flood of e-commerce starts meeting the SCA methods selected by each institution.
“There are going to be banks that do a much better job and consumers are going to flock to those because everyone values better experiences over bad experiences,” says Nelsen. “That will become a very competitive differentiator.”
So for merchants, enabling the basic technology upon which SCA relies could avert a drop in online sales. For banks, a smooth process will set them apart from competitors that have opted for a more clunky process that threatens to increase the failure rate of online sales.
Supporting economic recovery
However, the biggest beneficiaries could be consumers, for whom e-commerce has become a vital tool enabling access to goods from groceries to medical supplies. At the time of writing new restrictions on movement were being introduced across Europe as the continents’ leaders run out of options3 to control the outbreak. In a lockdown scenario, e-commerce becomes the only channel by which huge numbers of consumers would be able to safely buy goods.
As a result, the stakes are high, but the prize for getting it right is also significant: the continued growth in e-commerce that could support a Europe-wide recovery from the worst economic crisis in a century.
“What used to be optional now has become mandatory to live,” says Nelsen. “But if banks, payment service providers and merchants get this right, we’ll see an e-commerce-led recovery with less fraud, and perhaps most-importantly, we’ll have better tools in place to adapt to any future crises, whatever they may be.”
Mark Nelsen is Senior Vice President at Visa Inc. where he is responsible for leading Europe’s product and solutions organisation, and is the global leader for Visa’s Open Banking capabilities.
Click here to learn about ways to maintain today’s e-commerce conversion rates in the wake of new Strong Customer Authentication regulation.
1 Europe Visanet data, September 2020
2 Fabrizio Ward, LLC research on behalf of Visa (April 2019), Biometric survey with online panel of credit cardholders
3 ‘European Leaders Driven to New Lockdowns by Surge in Virus’, Bloomberg, 1st Nov 2020, https://www.bloomberg.com/news/articles/2020-11-01/european-leaders-driven-to-new-lockdowns-by-surge-in-virus-cases
All brand names, logos and/or trademarks are the property of their respective owners, are used for identification purposes only, and do not necessarily imply product endorsement or affiliation with Visa.