As online shopping and payment technology advances, merchants are becoming increasingly aware of the growing security risks posed to their customers and operations. No company wants to suffer the financial and reputational ruin that often comes with a data breach. But addressing the issue is complicated, so many companies find themselves stuck between a rock and a hard place.
It’s therefore crucial that merchants are up to date with the latest security regulations and are aware of common roadblocks they may face and how to overcome these. Here are some frequently asked questions to help you understand security.
1. Security is becoming increasingly important for merchants, why is this?
There are many different factors that have contributed to security becoming a priority for companies. Central to this is that more data is being shared online today than ever before; eCommerce is booming and the technology supporting it is advancing on an almost daily basis. Equally, however, fraudsters are working to cash in on the opportunities that this opens up for them. Any security breach has the potential to cost significant amounts of money and can ruin company reputations, so it’s crucial that merchants stay on top of their security to avoid these risks.
On top of that, regulations are evolving all the time. The latest requirement that merchants should be aware of is Strong Customer Authentication (SCA), an offshoot from the second Payment Services Directive (PSD2). PSD2 requires every electronic transaction (with some exceptions) to be strongly authenticated. Merchants need to be aware that SCA although optional now will be mandatory by March 2021 - the original deadline was set for 31st December 2020, though The Financial Conduct Authority (FCA) announced a UK extension recently.
Similarly, merchants need to be aware of how it might impact the checkout experience for customers. SCA stipulates that card transactions must use two of the following three factors to provide authentication:
Complying with PSD2 and SCA will require the use of innovative technologies that can foster greater customer loyalty and increase conversion rates. It’s commonly accepted that 3D Secure version 2 (known as 3DSv2 or 3DS2) will be the best way to comply with SCA requirements. 3DSv2 is an authentication protocol that asks businesses and their payment service providers (PSPs) to share more data around every transaction with issuing banks.
To make things easier for both merchants and consumers, PSD2 allows for some exemptions from SCA. However, it’s important to note that all transactions that qualify for an exemption won’t be automatically exempted, as the customer’s bank always has the final say on requiring for an SCA or not for any given transaction.
It’s important that merchants are aware of these changes and exemptions, but they shouldn’t be daunting. There are experts who can help relieve any potential burden. They can keep you informed and ensure your systems are in line with the latest regulations, meaning you can focus on what’s important to you – your business.
Regulations are crucial for a safe and well-functioning shopping ecosystem, and while retailers may view it as cumbersome, with the right support and understanding, the load can be lightened.
2. What aspect of security do merchants tend to struggle most with, and how can they combat this?
Retailers often find themselves coming up against the seamless-but-secure dichotomy. Customers expect failsafe security, but with additional processes comes extra friction. However, if a customer does experience any friction, in particular if it’s more than they’re used to, they’re unlikely to stick around. There are always plenty of competitors on hand to take their custom instead.
Getting the right balance between fraud prevention and keeping your customers happy is key, and the best way to go about this is a combination of education and an accurate security system. By letting your customers know the authentication operations that are in place, they won’t get confused and abandon their cart when prompted to answer a security question. Educate customers about security – let them know what changes to expect, when, and what these may mean. A customer who is aware of SCA’s two-factor authentication is more likely to comply with the process and go ahead with their transaction than one who is met with a pop-up they don’t recognise. Similarly, working with an expert to streamline your system will ensure customers aren’t turned away by constant false declines.
3. What makes a customer feel secure when making a transaction?
For customers and retailers alike, the moment the transaction takes place is that which requires the most trust. The key to satisfying customers is familiarity, so provide shoppers with a checkout experience that they are comfortable with and they will reward you with their custom. The important thing is to know your customer - it’s a cliché for a reason. Even if a company gets it right when it comes to their products or services, they’ll still lose customers of the user experience isn’t tailored to their clientele.
To combat this, collecting data is essential. Ingenico’s omnichannel solution offers merchants the capacity to collect and analyse data on customer behaviour, using it to identify trends and opportunities. By doing so, you can tap into buying behaviour and better meet your customers’ expectations – including payment and security preferences.
Ingenico has 200+ online and 300+ in store different payments capabilities and a variety of 150+ different currencies they can offer customers. Working out those that are relevant to your clients makes all the difference to creating a trusted user experience.
4. What can merchants gain from partnering with Ingenico in terms of security?
At Ingenico, we take security very seriously – it is just as important to us and our clients as it is for merchants and their customers. By working alongside us, you will have direct access to a team of best in class payments experts to answer any queries you may have. We will ensure your company is compliant with the latest regulations and protected from data breaches, and can offer GDPR compliant data collecting capabilities. This means that merchants can access tokenised data to inform their business decisions, without compromising customer data security.
We also know the strain that completing admin can put on a company, so we take care of this on your behalf, leaving you to concentrate on your business, assured that the safety of your systems and customers is in our hands.
Régis Massicard is European Payment Strategic Director for Ingenico. In this position, he is in charge of market analysis and strategic initiatives within the SEPA region. He is also following closely the regulatory and standardisation initiatives impacting the payments industry, and is involved in nexo standards development. Previously, he occupied different positions within Worldline, in strategic marketing, business development and product management.