By Sham Careem, Telecom Solutions Consultant, Infobip
In 2020-21, UK residents and businesses lost over £2.5bn to fraud and cyber-crime. While the cumulative figure is startling, the impact on individuals can also be devastating. Beyond the financial loss, the mental toll that impacts victims cannot be ignored. It is therefore welcome news that security measures for payments have tightened this year.
The launch of PSD2 Strong Customer Authentication (SCA) requirements in March signal the most significant change to payments since chip and pin was introduced over 15 years ago. The new standard requires businesses to choose from two of three factors to identify customers where purchases are over €30. This includes something you know (for example, a PIN), something you are (biometrics, such as fingerprints) and something you have (such as a mobile phone, card reader or other device evidenced by a one-time passcode).
In the UK, the Financial Conduct Authority (FCA) governs the SCA requirements, and failure to comply is subject to full FCA supervisory and enforcement action. The new measures have fundamentally changed the way we shop, with an increase in the use of One Time Passwords (OTPs) and other two-factor authentication methods (2FA) sent to customers.
But what does this mean for the online shopping experience?
Avoiding abandoned baskets
For consumers, the new SCA regulations have resulted in an additional hurdle in the payment journey when using debit or credit cards. Naturally, if these fail, it could lead to declines and cart abandonment at checkout. Barclaycard data, for example, has shown that, following the implementation of SCA, 14% of shoppers experienced an increase in declined online payments, while three in 10 abandoned baskets due to increased friction at the checkout.
As global consultancy KPMG highlights, payments security gives rise to two key challenges; “consumers are largely unhappy with current authentication procedures, and authentication in most companies is a mess, generating operational complexity and making it very difficult to provide good customer experiences.”
Yet if we examine things from a security perspective, recent figures from Nationwide Building Society have shown that SCA has stopped 2,000 cases of online card fraud a month, with two-thirds of customers happy to wait a little longer in exchange for extra security.
The regulations are clearly effective when it comes to consumer protection, but extra authentication shouldn’t be seen as a nuisance that puts shoppers off. It should also provide a seamless process for the merchant, where they can incorporate verification into the customer journey.
Ensuring security is synonymous with experience
According to the Baymard Institute, 26% of consumers cited checkout processes being too long as a key reason for cart abandonment. Merchants need to simplify the payment process and make it easier, especially with SCA requirements at play.
Identification through our mobile phones has become ubiquitous. Nearly every day, most of us use our mobile phone to verify our identity – whether through email, SMS, or a push notification. This requires us to stop what we are doing and spend time verifying ourselves.
Instead of sending an SMS with a one time password (OTP) to prove the ‘Something you have’ element of SCA, Silent Mobile Verification enables businesses to instantly verify a customer via their SIM, without any input required by the customer It does this by verifying that the phone number of the mobile device being used by the customer is the same as that registered with the vendor.
Silent Mobile Verification requires no additional effort or time from customers (aside from their one-time consent). The check happens silently in the background, via checks with the customer’s mobile network operator, representing a new, streamlined way to achieve the two-factor authentication required by SCA without breaking the customer experience.
Combatting rising cybercrime
As we become an increasingly digital society, fraud is becoming more and more sophisticated with cybercriminals doing all they can to try and gain someone’s trust and trick people into sharing sensitive data, click malicious links or open malicious files. This is called ‘social engineering’, where those with malicious intent capitalise on people’s emotional responses, good nature and desire to help, for example by sending a text or email that needs an immediate or urgent response, coercing people into making a mistake. According to Verizon’s latest cybersecurity threat figures, 25% of total breaches in its 2022 report were the result of social engineering attacks.
This type of fraud is impacting OTPs too, where victims are tricked into reading out the OTPs they are sent, allowing fraudsters to access their accounts. Silent Mobile Verification completely eliminates this vector of fraud. This translates into secure verification that eliminates friction and prevents SIM swap fraud via social engineering before it can ever take place.
While compliance with PSD2 proves the competence of a business to act on regulation, understanding the directive and how to navigate it for the benefit of merchants and consumers is key. Silent Mobile Verification should be a consideration for all organisations concerned with combatting the rise in cybercrime while delivering seamless online experiences.