Skip to main content

Helping merchants to better understand security

(Image credit: Image source: Shutterstock/jijomathaidesigners)

As online shopping and payment technologies continue to advance, merchants are increasingly aware of the growing security risks posed to their customers and their operations. This is because no company wants to suffer the financial and reputational ruin that often comes with a data breach. But, addressing the issue is complicated. Many companies find themselves stuck between a rock and a hard place trying to maintain a seamless consumer experience, whilst also ensuring complex security measures and regulations are met.

Therefore, it’s crucial that merchants remain up to date with the latest security regulations, are aware of common roadblocks they may face and how to overcome these. Here are some common frequently asked questions (FAQs) to better help you understand security.

1. Why is security becoming increasingly important for merchants?

There are many different factors at play that are contributing to security becoming a priority for companies but central to this is that more data is being shared online today than ever before. eCommerce is booming and the technology supporting it is advancing on an almost daily basis.

What’s more, fraudsters are working hard to cash in on the opportunities this opens up for them. Any security breach has the potential to cost significant amounts of money and can ruin company reputation, so it’s crucial that merchants stay on top of their security to avoid these risks.

On top of that, regulations are evolving all the time and it can be hard for merchants to remain in the know of the latest updates. Currently, merchants need to be aware and up to speed with Strong Customer Authentication (SCA), an offshoot from the second Payment Services Directive (PSD2).

PSD2 requires every electronic transaction (with some exceptions) to be strongly authenticated. Although SCA is optional now will be mandatory by March 2021 - the original deadline was set for 31st December 2020, though The Financial Conduct Authority (FCA) announced a UK extension recently.

Similarly, merchants need to be aware of how it might impact the checkout experience for customers. This is because SCA stipulates that card transactions must use two of the following three factors to provide authentication:

  • Knowledge: something they know (e.g. a pin number or password)
  • Possession: something they have (e.g. a phone)
  • Inherence: something they are (e.g. a fingerprint)

Complying with PSD2 and SCA will require the use of innovative technologies that can foster greater customer loyalty and increase conversion rates. It’s commonly accepted that 3D Secure version 2 (or 3DSv2 / 3DS2) will be the best way to comply with SCA requirements. 3DSv2 is an authentication protocol that asks businesses and their payment service providers (PSPs) to share more data around every transaction with issuing banks.

To make things easier for both merchants and consumers, PSD2 allows for some exemptions from SCA. However, it’s important to note that all transactions that qualify for an exemption won’t be automatically exempted, as the customer’s bank always has the final say on requiring for an SCA or not for any given transaction.

It’s important that merchants are aware of these changes and exemptions, but they shouldn’t be daunting as there are experts who can help relieve the burden and allow you to focus on what’s important to you – your business.

2. What part of security do merchants struggle most with? How can they combat this?

Retailers often find themselves struggling with the balance of seamless and security. Customers expect failsafe security, but with additional processes can result in increased friction, something a customer is unlikely to stick around for. What’s more, competitors are always on hand to take their custom instead.

Getting the right balance between fraud prevention and keeping your customers happy is vital, and the best way to go about this is a combination of education and an accurate security system. By letting your customers know the authentication operations that are in place or any changes to expect, they won’t get confused and abandon their cart when prompted to answer a security question, for example. A customer who is aware of SCA’s two-factor authentication is more likely to comply with the process and go ahead with their transaction than one who is met with a pop-up they don’t recognise. Similarly, working with an expert to streamline your system will ensure customers aren’t turned away by constant false declines.

3. What makes a customer feel secure when making a transaction?

For customers and retailers alike, the moment the transaction takes place is the point that requires the most trust. The key to satisfying customers is familiarity, so provide shoppers with a checkout experience that they are comfortable with and they will reward you with their custom. The important thing is to know your customer. Even if a company gets it right when it comes to their products or services, they’ll still lose customers if the user experience isn’t tailored to their clientele.

To combat this, collecting data is essential. In order to do this, there are solutions to help offer merchants the capacity to collect and analyse data on customer behaviour, to identify trends and opportunities. By doing so, you can tap into buying behaviour and better meet your customers’ expectations – including payment and security preferences.

Time for merchants to tap into outside expertise to aide security

As payment service providers (PSPs), we at Ingenico Enterprise Retail take security very seriously. For merchants, by working alongside us, you will have direct access to a team of best in class payments experts to answer any queries you may have. We ensure companies are compliant with the latest regulations and protected from data breaches and can offer GDPR compliant data collecting capabilities. This means that merchants can access tokenised data to inform their business decisions, without compromising customer data security.

We also know the strain that completing admin can put on a company, especially in an unfamiliar area, so we take care of this on your behalf. This leaves you to concentrate on your business, assured that the safety of your systems and customers is in our hands.

Regis Massicard, Europe (SEPA) Payment Strategic Director, Ingenico Enterprise Retail