Europe’s new fraud-prevention rules for online shopping will re-write the playbook on e-commerce security. How retailers and payments players navigate the terrain could have implications worldwide.
E-commerce has been the fastest growing segment of the retail market in Europe as consumers flock to the ease of online shopping experiences. However, as sales have grown, so too has online fraud.
How can online shopping be made more secure while also ensuring that the checkout process is not so cumbersome that retailers lose sales?
In fact, from 2011 to 2016 there was an estimated 66% increase in card-not-present fraud in Europe, according to one report. Another found that European merchants lose on average 1.5% of revenues annually to fraudulent online purchases.
Numbers like these were drove creation of the EU’s Strong Customer Authentication (SCA) rules, part of a regulatory requirement in the EU’s broader Directive on Payment Services (PSD2).
Together, these rules aim to boost the security of shopping online for consumers and to reduce risk of fraud in Europe for merchants. Although full (mandatory) implementation was set to begin in September 2019, the complexity of adoption has required EU nations to push the date to the end of 2020.
For retailers, implementation could mean headwinds as customers acclimate to an arduous checkout process. But, for best-in-class payments players helping retailers navigate this terrain may be key to gaining market share in the competitive payments space. How this situation plays out could have implications not just for Europe, but perhaps globally. Can online shopping be made more secure while also ensuring that the checkout process is not so cumbersome that retailers lose sales?
Retailers have known for years that each additional click during an online checkout process increases the chance of shopping cart abandonment and loss of sale. Online businesses have invested heavily in ways to make transactions as “frictionless” as possible and speed customers to sale.
Currently, a typical checkout experience on a desktop web browser is fairly straightforward, with consumers entering their credit card credentials and waiting 1-3 seconds (at worst) before the transaction is approved. In 1-2% of cases, consumers have to verify their identity through single static passwords or one time passcodes (OTP), although this is at the liberty of the merchant.
SCA would change this process. The checkout process would now require an additional layer of authentication for certain transactions, with 30-50% of e-commerce transactions now expected to require two-factor authentication. This could rely on a password or PIN, possessing a card or phone, or a biometric, like a fingerprint.
For retailers, these regulations could worsen the revenue outlook at a time of slowing growth. Three-quarters of participants in a recent industry survey expect the changes to have a negative impact on customer experience, resulting in anywhere from a 5% to 20% reduction in conversion.
Yet, despite delays in implementation, online companies we cover are preparing not only to be compliant but also to minimize the customer impact.
A frictionless SCA compliant solution will be critical for merchants. They will also need to partner with payments companies that can guide them through these changes and offer best in-class technology that mitigates large drops in conversion rates.
Thus, top payments players may see SCA as an opportunity. Payments companies operating in Europe can add value through their product offerings, as well as being able to guide merchants through these change. As Europe heads toward implementation, we believe market share may shift away from banks to tech-enabled providers.
Although SCA is unlikely to be an incremental revenue stream for acquirers, these market share shifts should drive incremental volumes in the near term. In the medium term, if acquirers can demonstrate best-in-class authorization rates for a merchant, they may be able to charge premium pricing.
As investors look for opportunities, they should keep a close eye on companies that operate across the entire payments value chain as well as those with best-in-class technology. Payments providers who have the deepest relationships with issuers are also likely to benefit most, given that the regulation will magnify the relationship between acquirers and issuers, but we also see acquirers with strong technology offerings as strong candidates to benefit from these changes.