These days we are becoming increasingly reliant upon the internet, even for our day-to-day tasks. Checking our bank balance, paying a bill, shopping and socialising, are just some of the activities that we now do online.
The growth of our digital avatars, and the increasing number of tasks that we can do online, has been facilitated by the ease at which we can pay for services online. Online payment services have allowed many industries to thrive by monetising their online offerings.
The retail industry is just one of the industries that has been transformed by ecommerce, with approximately £114bn spent online in 2015. We have seen retailers, such as Amazon, flourish despite having an online only presence, overtaking their high-street rivals.
This has made things much easier for us, as we are able to do so much from wherever we are, as long as we have access to the internet. On the flip side, as so much of our daily tasks being carried out over the internet, a lot of our sensitive information is also being shared over the internet, including our personal details, financial data and even biometric identifiers.
However, recent data breaches at big organisations such as TalkTalk and the Office of Personnel Management in the US, raise concerns about the safety of this information.[1] [2]
A recent report by the Institute of Customer Service warned that consumers will become “driven by fear” of data breaches and other security issues.[3] UK Government statistics show that two-thirds of large UK businesses suffered cyber-attacks in the last year.[4] When these attacks happen, consumer details such as names, addresses and payment details are stolen and then sold on in the dark web.
The security of consumers is put at further risk by the compelling strategies in consumer convenience that have been adopted by many ecommerce companies.
Making an ecommerce payment has often been a ‘pain point’ for consumers, with complex payment processes often resulting in high levels of abandonment. To remedy this pain point, therefore reducing abandonment and increasing sales, ecommerce companies have simplified their payment processes, offering frictionless one-click payments. Amazon and Uber are two companies that have incorporated frictionless payments, and have reaped the rewards.
However, while this has improved the user experience for their consumers and resulted in additional revenue for them, it has also left their customers open to fraud. [5]
Given the increased amount of consumer information being accessed by fraudsters and criminals through data breaches, and the lax approach to security adopted by many companies, it is no surprise to see levels of fraud rising in the UK.
Recent figures show that the UK is leading Europe in card fraud, contributing to 43% of the total card fraud losses.[6] Fraud losses in the UK have increased by 18% (£88.5m) in 2015 to £492m, with ecommerce fraud accounting for £42.4m of that increase.[7]
While Chip & PIN prevents most instances of card-present fraud, currently there are there are minimal levels of security that protect against card-not-present fraud, which are the biggest issue.
Solutions such as 3DSecure are easily bypassed using only the information found on the card. The increased prevalence of one-click payments has even reduced this security even less.
Consumer facing businesses need to view security as an essential and inherent part of their products and services, rather than as a secondary consideration. Consumers themselves value security and earlier this year, we released a report that which showed that consumers are prepared to go through certain authentication processes to make the transaction more secure.
85% of consumers surveyed said they would like to be notified, by text, of a high value transaction they had carried out and then authorise it by entering their PIN[8]. In addition, 90% of online shoppers they would use PIN to authorise payment via mobile. [9]
Balancing security and convenience is a difficult task. However, that does not mean security should be compromised. To fight fraud, the industry needs to work together, with all of the entities involved in the process needing to play a part. It needs to be a collaborative effort.
The Fintech industry will play a big part in this, creating security and authentication solutions that can easily integrate with existing infrastructure, to make for a more secure payments environment.
About MYPINPAD
MYPINPAD is an enabler of multi-factor authentication for touchscreen devices such as mobile phones and tablets. MYPINPAD provides a modular PaaS or customer hosted platform that delivers security with familiar and friendly user authentication interfaces, including cardholder PIN. MYPINPAD operates throughout Europe and Asia. With simple integration in to modern and legacy payment systems the Company enables acquirers, issuers, card schemes, merchants and PSPs around the world to better manage risk and fraud.
[1] https://www.theguardian.com/business/2015/nov/06/nearly-157000-had-data-breached-in-talktalk-cyber-attack
[2] https://www.washingtonpost.com/news/the-switch/wp/2015/09/23/opm-now-says-more-than-five-million-fingerprints-compromised-in-breaches/
[3] The Grocer, 2016
[4] Department for Culture, Media and Sport, 2016
[5] The Times, ‘Amazon is failing us over fraud’ , The Uber scammers who take users for a (very expensive) ride
[6] UK leads Europe in card fraud
[7] UK leads Europe in card fraud
[8] MYPINPAD, From Brick to Click, 2016
[9] MYPINPAD, From Brick to Click, 2016