By Justin Pike, Founder & Chairman, MYPINPAD
2020 was an eye-opening year for security and authentication in payments. One of the effects COVID-19 had on the retail industry was that it forced more people to begin shopping online, with reports showing an increase of 38% almost immediately as lockdown began. With many brick and mortar stores closed, some customers had no choice but to shop online, many for the first time. But these inexperienced shoppers were easy targets for those with malicious intent and fraud cases skyrocketed. With it, the need for better payment security practices became apparent.
Security thus needs to be at the top of almost every business involved in the payment’s ecosystem and many are making steps towards more secure technology. One of the highlights in 2020 for MYPINPAD, was that we were the first to obtain Payment Card Industry (PCI) Security Standards Council (SSC) certification for both Android and iOS software-based contactless payments solutions. This meant we were proven to offer secure payments that protect vulnerable shoppers online and help in the fight against fraud. This was the standard that the PCI council was pushing for.
Unfortunately, becoming fully certified is a lengthy process, and 2020 was a year that has often very much encouraged quick solutions to complex problems (for example the push to quickly get new COVID-19 tests to the public lead to over 50% of positive case being missed). This has ended up leading to many companies launching payment security products that lack PCI certification and instead have relied on waivers from schemes to go to market. What’s more, this split in the industry between certified and non-certified businesses caused the PCI SSC to re-evaluate its standards, a process that won’t be complete until 2022 at the earliest.
This decision will influence what we see in 2021 from those involved in the industry, from payment providers and processors, to merchants, to the customers making payments. Ongoing efforts to protect vulnerable customers amid changing security standards will have ramifications for everyone throughout the year.
The rise of PIN on Mobile
PIN is the most secure and highly familiar payment authentication method. Unlike CVC and entering card details, which anyone can do as long as they have the card, PIN is a passcode that only the user knows about and can tell people about. However, with options for shopping currently limited more are moving to online shopping and from this new payment challenges are rising. With less experienced people shopping through digital channels there has been a 50% rise in online fraud since January 2020 and part of this is because of failure to adapt to new payment methods.
Payment authorisation providers and payment schemes acknowledged the security issues of not using PIN and in 2020 began to act by pursing more PIN on Mobile solutions. The biggest story for this was Apple’s purchase of Mobeewave during the Summer of 2020, showing Apple’s intent to transform iPhones and similar iOS devices into payment terminals. This was the latest venture in its venture into the financial services industry, following Apple Pay and Apple card, and would allow its customers to make PIN purchases through their own devices.
That a big tech company like Apple would make a purchase that encourages PIN on Mobile is a sign that they see a strong future in the technology and in 2021 this will encourage more companies to enter the scene, either new Fintech start-ups or other big tech companies like Google or Amazon.
Digital adoption is on the rise, but so is fraud
While COVID-19 pushed more shoppers and businesses to adopt a digital approach to shopping in 2020, the signs of a shift in this direction were already there. Total online retail sales had slowly been on the rise in the UK before COVID-19 and were accelerated by the lockdown.
As a result, more businesses are moving to greater digitisation, and in 2021 it will be the difference between survival and collapse. We will see more businesses drive digital transformations across daily activities and merchants will take advantage of customers’ digital devices like mobile phones to create a frictionless customer experience. The previously mentioned PIN on Mobile is a part of that.
However, the unfortunate result of this is that fraud cases will continue to rise. Fraudsters have been exploiting, and adapting to, the expanding digital environment brought on by COVID to trick new online shoppers into handing over precious payment data. They did this by posing as the victim’s bank and requesting private details or by scamming shoppers into purchasing items that don’t exist. This was prominent in 2020, as COVID-19 scams meant fraud cases nearly doubled in the first half of 2020 alone and will likely remain the case in 2021, as Juniper Research estimates that global retailers are barrelling towards a $130B loss globally in CNP fraud by 2023.
The good news is that new technology and regulations are making the shopping experience more secure for vulnerable customers. Regulations like SCA have already taken steps to ensure safer payments in card-not-present (CNP) transactions and while the new PCI standards won’t come into place until 2022, this does not prevent payment providers from continuing to improve their security efforts in anticipation of the new standards.
Vulnerable customers need more support
The increase of first-time and vulnerable shoppers online has highlighted flaws in the payment solutions of many ecommerce stores. Vulnerable customers cover a wide range of shoppers, from the elderly, who tend to be the most negatively impacted by the shift to digital (often due to a lack of knowledge around the latest technology), to those with physical restrictions such as visual impairments, where using small screens can be uncomfortable if not down-right impossible for some.
The issue of supporting vulnerable customers has been one that the payments industry has been facing for a long time, but with the big move to ecommerce it is harder now for some customers to make purchases, whether because of disability, age, or issues with the technology available to them.
Customers who primarily shopped in-stores are more familiar with simple contactless payments or using PIN or swipe to pay, but with ecommerce shops there are more options and more steps to take. Putting in card details may seem like a trivial action to those with years of experience dealing with online shopping, but for new customers the plethora of forms and options in digital checkouts can be a turn off.
As an industry, we have a responsibility to tackle the challenges facing all consumers, especially the most vulnerable. As we continue to develop better financial offerings and services, we must ensure that everyone can understand, access and benefit from these services. In 2021, more steps will be taken to ensure the online shopping experience is as convenient as possible. This could be done through an increase in the use of tokenisation, so customers don’t need to input all their details every time they shop, or by replicating the in-store shopping experience at home, offering Tap to PIN on customer smartphones.
The seeds have been sown in 2020
Customers and businesses alike are set for a better digital experience, whether from the benefits brought about by greater digital environment, to new regulations around security and protecting customers from fraud. These factors will continue to push innovation in technology that will solve, or at least seek to meaningfully improve, the issues that have been brought to the forefront by COVID-19.
In 2021, we will see these seeds sprout and it will lead to merchants being even more proactive in protecting vulnerable customers. And the introduction of new payments technology will make the online shopping experience more convenient and secure for everyone.