By David Parker, Polymath Consulting
Attend any major payments conference and you will hear the term “Frictionless Payments,” a lot. It’s the story of how you get out of your Uber and, as if by magic, your payment has been made. How it’s frictionless, how it’s a great customer journey and how other businesses are looking to see how they can create this great experience for their users.
Recent research by Deloitte further highlights this trend with what they’ve termed default payments, i.e., your payment token held on file by the seller, thus enabling you to have truly one-click shopping. After all, the king of online retail Amazon led the way with this. And why do consumers like it? Well fairly obviously, 47 percent of respondents in the Deloitte research cited convenience.
Yes, in some retail areas default payments are more important than others. As you might expect, utilities being high along with other high-frequency destinations, such as online marketplaces, e.g., Amazon, Ebay, etc.
The challenge is things are potentially going to change in a big way. Default payments are all about that Uber experience, that one-click ease—that get out of the car and your transaction is complete. But two things have been announced in the EU that mean concern over fraud is going to take precedence over customer journey.
Firstly, Directive (EU) 2015/2366 on payment services in the internal market (PSD2) entered into force in the European Union on Jan. 12, 2016, and will apply as of Jan. 13, 2018. The PSD2 has conferred 11 mandates on the EBA, one of which relates to the development, in close cooperation with the European Central Bank (ECB), of draft Regulatory Technical Standards (RTS) on strong customer authentication and secure and common communications (Article 98 of the PSD2). Or, in simple English when a customer purchases something online she’ll need to authenticate the transaction using a second factor, e.g., a mobile device. So how will this affect default payments? It’s unclear, but it’s likely to mean that consumers will no longer have one-click check out. It will be one-click to check out and then, ‘Ah wait a minute, now you need to authenticate yourself.’
There are some potential workarounds that have been offered on the “Trusted Beneficiary Exemption” around which a consumer creates a trusted relationship:
- In-line with the transaction request itself, passing through the card schemes to the card issuers, and allowing follow-on transactions to avoid strong authentication.
- A direct relationship between a merchant and a bank to establish a framework for trust among their shared customer bases
Neither of these can be considered strongly viable options though to recreate the default payment solutions in existence today. Some retailers may try to get around this by the PSP becoming the trusted partner, and thus any merchant dealing with the PSP would result in the consumer being covered. This will obviously help larger PSPs and could, in fact, hinder competition in the market. Finally, maybe some retailers will instead offer credit, so they can simply collect a single payment at the end of the month á la a Klarna-type POS credit solution, but then you have to build the credit risk and cost into the retail model.
One result of this could be that we see consumers starting to use the Direct Debit system more, as this would enable the avoidance of such additional authentication and take them back to a simple one-click check out. And if you look at the Deloitte research, more than 50 percent of the default payments by value were made using bank accounts, although it varies by retail category.
However, this option for one-click shopping looks like it is also going to be stopped as on Nov. 29 it was announced by the U.K.’s Payments Strategy Forum that when money is taken from an account by a direct debit, consumers will also be asked to confirm the payment, i.e., second-factor authentication. The plans are due to come into force by 2020 at the latest.
The first new safeguard will be known as “Confirmation of Payee”. When a bank account holder makes a payment online from her bank account, a message will come back from the bank, confirming the name of the person being paid. Only when she clicks “OK” will the payment go through. It’s argued that this should stop people paying the wrong person accidentally, or being tricked into doing so by fraudsters.
The second proposed safeguard and the one that will target the default payment market is called “Request to Pay”. When a company wants to take a regular payment from a customer’s account—for example, monthly gym membership fees, or a mobile phone company charging for extra data used—the consumer will receive a message asking her to approve the payment. Again she will have to click “OK” for the payment to be processed.
I read in the press that these reforms are “Brilliant”:
“This is just the start, the ambitious reforms should make it far less likely you’ll be hit with hefty fees for missed payments, much easier for you to stay informed about where your cash is going, safer for you to bank online and simpler for you to change accounts,” said Hannah Maundrell, the editor in chief of Money.co.uk. “It’s rare you read an official paper that seems to ‘get’ all of the issues and addresses them sensibly. Simply put, these plans are brilliant news for everyone with a bank account.”
But are they really brilliant? I don’t think so. Ultimately, we are moving further away from frictionless checkout, further away from making payments easy and making them more of a pain for customers.
What happens when I’m traveling abroad and have no mobile signal and do not click OK? Am I late with my direct debit payment for my credit card bill and thus incur late charges? As a consumer, surely I should have the right to turn this functionality on or off. Surely I should have the right, perhaps with some liability, to make my life easy rather than having to second-factor authenticate every transaction I make.
One of the key reasons many consumers set up direct debits is so they can forget about them. They know a company will collect the funds owed when required. Now if they forget, are out of mobile range, lose their mobiles or for any other reason forget to say OK, they could end up with additional charges—putting aside the annoyance factor.
So perhaps the really big question is how will all of this be implemented? How will it be delivered so consumers see a benefit in the process and not just a painful checkout process? After all, 10 to 30 percent of all transactions are already lost when consumers abandon their purchases instead of authenticating through services like Verified by Visa and Mastercard 3D-Secure. We need good fraud prevention tools and we need all customers—sophisticated and otherwise—to be able to manage funds effectively. This is a challenging balancing act and one where only time will tell if the new regulations are tipping the balance too far one way or another. However, true frictionless payments are likely to become a mirage—something we saw ahead but soon disappeared.
David Parker is the founder and CEO of U.K.-based Polymath Consulting, which works on projects and advises organizations across the cards and payments industry. David is well-known for his work on prepaid cards and emerging payments. He has worked across the complete value chain, helping banks with their overall prepaid and emerging payments strategies and market-entry analysis; as well as working with telcos, processors and program managers on segment analysis, certification and membership applications. He can be reached at firstname.lastname@example.org.
In Viewpoints, payments professionals share their perspectives on the industry. Paybefore presents many points of view to offer readers new insights and information. The opinions expressed in Viewpoints are not necessarily those of Paybefore.