Securing online payments - beyond cards to bank-level security

Online payments face significant challenges balancing user experience and security with issues such as CNP fraud, false declines, and chargebacks. Trustly's solution rethinks that balance.

Making a payment online should be as quick as easy as scrolling through images on Instagram or clicking through to the next news article. The reality, for both businesses and consumers, is far from this ideal. The standard, card-based, digital payment journey is fraught with challenges, from the rising threat of Card Not Present (CNP) fraud and the escalating costs associated with chargebacks to the frustrations or incorrectly declined transactions. These blockers not only erode customer trust but also place a financial strain on merchants.

Getting the balance right, between safeguarding transactions from fraudulent activities and ensuring a frictionless experience for legitimate customers, is tricky but not impossible. Here at Trustly, we’ve pioneered an approach to payments with bank-level security at its heart that mitigates the prevalent issues in card-based, online payment processing. Here, we’ll take a look at the security issues that cause a payment to fail and suggest how to address them.

The high price of security

In any discussion of online payments and the threats to their security, we must zero in on card-not-present (CNP) fraud, their flipside - false declines, as well as the contentious issue of chargebacks.

Card Not Present

CNP transactions enable global commerce, offering convenience but also inviting fraud risks due to the lack of physical card checks. The key challenge lies in harnessing their benefits, like market expansion and cost savings, while curbing fraud and chargeback risks.

False Declines

As we bolster defenses against CNP fraud, false declines have become an unintended consequence, impeding genuine transactions. While fraud prevention protocols are crucial, they can be overly restrictive, leading to a rise in legitimate purchases being declined. Recent data shows that the number of false declines is steadily increasing. In 2022, the US experienced a 4.4% rate of false declines, the UK at 3.7%, France at 3.5%, and Germany at the lowest with 1.7%. These numbers not only represent lost sales but also damaged customer relationships.

Chargebacks

Chargebacks were designed to protect consumers but now pose challenges for businesses, risking legitimate revenue and highlighting the need for robust risk management. The process, from dispute to merchant defence, incurs costs beyond the transaction, including fees, administrative resources, sunk handling costs and potential reputational damage.

Impact on your bottom line

The financial implications of CNP fraud and chargebacks, coupled with the increasing occurrence of false declines, are significant and multifaceted. In the US, for a $1 billion revenue company, false declines can translate to a staggering loss of $21 million, while the UK sees a significant $13 million loss, showcasing the acute need for a balanced and intelligent fraud prevention strategy. With false declines affecting up to 2.1% of online transactions, and the aggregate loss amounting to a sizable percentage of revenue, businesses face the critical task of fine-tuning their fraud detection systems to discern between actual fraud and legitimate purchases.

A checkout.com report revealed that 64% of merchants do not receive any analytics related to fraud or chargebacks, highlighting a gap in critical insights that could aid in prevention strategies. On top of this, the cost of CNP transactions is climbing, with added fees for security measures like 3D Secure. These costs are not just monetary but also affect customer trust and the overall transaction experience. Businesses are navigating an increasingly complex payment environment, where the costs of CNP transactions are approaching interchange rates, and security protocols are becoming more expensive. For example, changes in liability protection and scheme fees for secure transactions underscore the evolving financial landscape of digital commerce. In this context, understanding and addressing the dual challenges of CNP fraud and chargebacks are top priorities for businesses aiming to secure their operations and foster a trustworthy relationship with their customers.

Understanding authentication

The implementation of Strong Customer Authentication (SCA) under PSD2 marked a critical effort to enhance online transaction security. However, this regulatory mandate has become a double-edged sword for businesses. On one hand, it promises a reduction in fraudulent activities by requiring multifaceted verification from users. On the other hand, our analysis uncovers the substantial hurdles and potential business threats posed by SCA compliance. The introduction of rigorous authentication processes has led to a notable decrease in conversion rates for card payments, with web-based card transactions seeing only a 76% authentication success rate and a stark drop to 48% for app-based transactions.

This alarming trend is underscored by the discovery that 58% of consumers have been permanently deterred from returning to a website or app due to cumbersome and time-consuming authentication procedures. The implications of these findings are profound, revealing not only a direct impact on customer satisfaction and retention but also hinting at the increased operational costs for merchants striving to navigate the SCA landscape. With scheme fees for card transactions on the rise and the complexities involved in managing exemptions such as Transaction Risk Analysis (TRA), businesses are forced to tread a fine line. Balancing compliance with SCA requirements against the need to provide a seamless and frictionless customer experience becomes a paramount concern.

Trustly’s innovation in authentication and security

With challenges abound, Trustly offers an open banking based solution which transcends traditional card payment vulnerabilities, offering a secure and efficient alternative that perfectly aligns with the needs of ecommerce and the expectations of customers. Trustly Azura, now live in more than 10 European markets, streamlines the number of steps at checkout to improve conversion rate. Instead of a regular experience, typically with a five-step flow including two so called Strong Customer Authentications* (SCA:s) where the consumer identifies itself, Trustly Azura brings the flow down to a single payment confirmation page and only one SCA. This allows returning consumers to complete their debit payment twice as fast with the SCA step typically being biometric-based (FaceID or a Fingerprint becoming a standard offering amongst banks in Europe). This approach significantly improves the payment experience, driving increased conversion and customer loyalty.

Trustly's security measures in open banking underscore a commitment to surpassing traditional card payment vulnerabilities. As our Senior Security Engineer, Mariano Di Martino, highlights, "In open banking, where security and user confidence are paramount, Trustly has engineered a proactive vulnerability management system that not only identifies and mitigates potential weaknesses swiftly but also integrates seamlessly into our product development lifecycle. This ensures every transaction is safeguarded, enhancing trust and fostering a smoother, more secure payment experience for all users."

These benefits of Trustly's security measures are substantial when compared to traditional card payments. With the implementation of Zenis, our proprietary vulnerability management tool, and adherence to the ISO27001 standard, Trustly ensures a high level of security and reliability. By focusing on security from the outset and engaging in regular external assessments, Trustly provides a robust framework that safeguards against vulnerabilities, thereby reinforcing the confidence of businesses and consumers alike in our payment solutions.

Mitigating declines: Trustly’s approach

Perfecting the checkout experience is essential to keep customers returning. A staggering 43% of consumers have indicated they would attempt only two different payment methods following a decline before abandoning their purchase altogether. This statistic gains even greater significance in the wake of the UK's stringent enforcement of Strong Customer Authentication (SCA) regulations. The 'two-strikes-and-you're-out' attitude among consumers underscores the critical impact of seamless authentication and payment processes on the user experience and, by extension, on a merchant's conversion rates. The recent data paints a compelling picture: merchants are effectively given just two opportunities to secure a sale. With 43% of consumers willing to try an alternative payment method only once more after an initial decline, and an additional 10% ready to abandon the process after just a single failed attempt, the margin for error is slim.

Trustly's approach to mitigating declines addresses this challenge head-on. Our payments are built on a sophisticated Risk Engine and are continually improved with the help of advanced technologies. As a result, Trustly significantly reduces the chances of incorrect payment declines, thereby enhancing the customer experience and ensuring smoother transactions. This technology-driven strategy not only bolsters transaction approval rates but also aligns with consumer expectations for a quick and hassle-free checkout process. Trustly’s commitment to improving the digital payment journey is thus not only about securing transactions but also about empowering merchants to meet their customers' needs effectively, ensuring that every interaction with the payment system contributes to positive customer experiences and improved conversion outcomes.

The future of payment security with Open Banking

Open Banking based payments represent the future of secure online payments. Their efficiency and user-friendliness will encourage customer adoption while their simplicity and cost-effectiveness make them increasingly attractive for businesses. In the near future, their popularity is projected to surge by 130% in the UK and 230% in Germany, marking a clear move away from traditional card payments. As they do, the security that underpins these transactions will become even more important, ensuring that the concerns of the 20% of people hesitant to make online payments due to safety issues are addressed. Trustly is at the forefront of this transition, enhancing payment security through direct bank integrations and rigorous compliance with regulatory standards like PSD2's Strong Customer Authentication, positioning Open Banking solutions as the backbone of secure, efficient online commerce.

A genuine challenger to cards

Cards are starting to lose their crown as the preferred online payment method to Open Banking payments, and security is one of the main drivers of this shift. Open Banking offers a streamlined, cost-effective solution that addresses many of the inherent flaws of traditional card payments, which include complex and variable costs, as well as higher susceptibility to fraud. With Open Banking, businesses enjoy clearer, more predictable cost structures and consumers benefit from faster, more secure transactions. This shift is underpinned by robust security measures that significantly reduce the risk of fraud compared to the retrofitted security features of card payments, which were originally designed for physical points of sale. As Open Banking continues to grow it is set to redefine the financial landscape, offering a superior alternative that enhances both merchant and consumer experiences by integrating cutting-edge security with user-friendly payment processes.

‍