By Ralf Gladis, CEO, Computop
For the first time in the UK last year, debit card transactions overtook cash as the most popular form of payment. According to research both Canada and Sweden are ahead of the pack when it comes to cashless payments, but in the UK too the way we pay for goods has changed considerably and as contactless card, smartphone and other forms of electronic payments become easier and more convenient for consumers, so we will rely less and less on pounds, shillings and pence.
Of course, for shoppers, fast and easy payment methods do have to be balanced with security, and with card and data fraud on the rise, they look to retailers to ensure the technology being used to process payments is fit for purpose. It must support their card or mobile transactions without risking their personal data or put them in danger of theft.
In the past year there have been a number of headline-grabbing data breaches – including at Dixons Carphone, putting millions of customer credit card details at risk. To help with this, Visa and Mastercard have introduced new security standards, which rely on point-to-point encryption (P2PE) to deliver rigour into the payment process, with the aim of building trust amongst consumers. The customer’s payment data is strongly encrypted directly onto retailer’s POS terminals without the use of intermediate storage. Thanks to strong coding, data is kept secure, allowing it to be transmitted safely via any device – in fact, because no real data is displayed, or stored, it is worthless to a cyber hacker or thief – and this reduces the risk to both retailers and shoppers. The additional advantage of using PCI (Payment Card Industry) P2PE standard solutions is that it becomes unnecessary for retailers to add PCI certification into their IT landscape, which saves them both money and effort.
On the horizon, however, are a range of innovative alternative payment methods which promise to add further opportunity, but also complexity, to the payments landscape.
This year will see a second EU Payment Services Directive (PSD2) aimed at reducing the costs of payment processing for retailers and improving security for customers. The way that this will work is to ensure the customer is authenticated against two out of three factors – knowledge, possession and inherence. Knowledge relates to a username, or a password or pin for example. Possession is the item being used to make the payment, such as a debit card or a smartphone. Inherence, however, relates to the physical characteristics of the customer, which using today’s technology could mean their voice, their fingerprint or the iris in their eye – biometrics.
Building on biometrics
Biometric authorisation is what the future looks like. Fingerprint recognition is a common feature on smartphones already and is now being integrated into payment transactions. For retailers there are some significant advantages particularly when it comes to instant payments, those made in ‘real-time’ by a third party at the request of the customer. This will make the process quicker, and significantly for the customer it will also make the experience seamless – an objective of any merchant. For security, this type of payment will be subject to authorisation under the new Directive if the transaction value exceeds 30 euros, or its equivalent in sterling. Although the legislation has been introduced under EU law, much like GDPR, experts do not anticipate any changes to this in the short-term for UK retailers post-Brexit, so retailers here will need to ensure they comply.
Voice and facial recognition
What else can we expect to see? A rise in voice commerce and facial recognition payments. Already customers are using Alexa to order their online shopping but the additional authentication that is needed under the new rules, will ensure that the system cannot be abused or confused by the wrong voice. Facial recognition too is very likely to become part of the automated payment experience, which will lend itself particularly well to transactions in brick and mortar stores. Pilot schemes have already been carried out, for example, the MasterCard Identity Check, commonly known as ‘pay by selfie’, where a payment can be authorised by the customer by taking a photo of themselves with their smartphone. The photo is compared with a comparison image and if the two pictures correspond the transaction goes ahead. We envision a time when an intermediary app to facilitate this process is no longer needed in the retail environment.
MasterCard has said that it will make biometric identification available to its customers this year, either through fingerprints or facial transactions, not just for in-person payments but also for remote transactions. This will provide security to customers, but it also meets their convenience preferences too. They carried out research with the University of Oxford which found that 93 per cent of consumers prefer using biometrics to traditional passwords or pins.
In terms of challenges, not all merchants, particularly if they are in the midst of eCommerce and omnichannel transformation projects, will be willing, or able to establish the infrastructure to store biometric characteristics securely and ensure they are complying with data protection rules. Connections need to be made between hardware manufacturers and payment service providers to start the process so that smartphones, tablets or VR glasses can save a highly encrypted copy of the customer’s fingerprint or voice pattern (or iris) onto the device.
The payments landscape is shifting and before long only methods that support silent, smooth, automatic processes with a global reach will have a future. If established payment brands are able to meet customer expectations, then they will win trust and loyalty, but consumers will be cautious about biometric payment processes, particularly amongst older generations.
All the indications are that in 2019 we will see user names and passwords replaced with biometric authentication like fingerprints, face and voice recognition supported by quickly evolving biometrics technology. At Computop we see more and more retailers interested in using biometrics, not just for securing payments, but also to enable customers to login to their online shop accounts. As consumers, we will welcome innovations that do away with typing complex passwords on small touchscreens and, usefully, we can’t forget a fingerprint. This is compelling for today’s omnichannel shopper and what the shopper wants, the retailer tends to provide.