Skip navigation
All Places > In the News > Blog > Authors brant.peterson@vantiv.com

In the News

2 Posts authored by: brant.peterson@vantiv.com

Customers expect their payment data to be protected when used online. As they make a conscious decision when their cardholder data into a website, if the checkout page doesn’t resonate with a sense of trust, they will abandon their cart. 

 

Cart abandonment can be anywhere from 55% and 75% and of those consumers who dropped out of a purchase, 17% mentioned “concerns about payment security” as a reason as they didn’t enter their credit card information into a site[1].” 

For face to face transactions, the indication of the chip embedded in their credit card is obvious. While chip cards were designed specifically to reduce fraud at the POS, customers recognize the difference from dipping their card into a POS device versus swiping, which was an experience change the US market had to overcome.  The challenge with eCommerce in the chip card era is that there has not been a customer experience change, so cardholders are unable tell the difference from a secure or non-secure experience. This means that customers have to rely on their personal intuition, rather than facts, in order to proceed or drop out.

 

 

The Perception of Trust

 

If cardholders are only relying on perception, then how do they know when ecommerce retailers have invested significant resources and money in adequately protecting their sites? In some surveys, as many as 61% of participants said they had decided not to purchase a product because it was missing a security badge.

 

A trust badge, or trust seal, is a symbol placed on websites that ensure the customer that site is legitimate
and that all their personal data is collected securely through trusted third-party service providers.  Such examples are visual padlocks and or shield marker strategically placed by the payment forms to encapsulate the payment fields from the rest of the page.

 

The most common badges used are SSL (secure socket layer) seals, symbolizing a secure connection for credit card data to be transmitted for processing. While these badges establish customer data protection through use of cryptography, SSL doesn’t actually prevent attackers from stealing payment  data to be used for fraudulent transactions, which is ultimately what customers care about most.

 

Customer Perception is Vital

 

Cardholder perception is more important than actual implemented security, and the absence of visual cues of confidence like a trust badge can lead to customer skepticism, and may be willing to switch to a different site where they feel more secure.  

 

What’s even more interesting is that some findings state that placing any type trust badge on a site helps establish credibility with consumers – even if the customer doesn’t really understand what the badge embodies, or who the third-party service provider is.

 

More concerning is that retailers can purchase trust badges at online marketplaces, creating a false sense of security without implementing actual security to stay abreast with the ‘me too’ philosophy. In the fast-paced paced eCommerce
environment, do customer’s dedicate the attention and time or possess the technical experience to differentiate from the two badges below?

 

If customers don’t have the technical expertise to identify legitimate sites from imposters, what are their requirements beyond personal feelings, and who is enforcing misuse of their confidence?

 

A Shift Beyond Perceived Security

 

Turkish ecommerce is already moving in this direction through the Communique on Trust Seal in Electronic Commerce, established this year to foster more trustworthy environments by regulating security standards for obtaining a trust seal for eCommerce websites. The Communique aims for better adoption of legitimate trust seals by ensuring that providers
meet certain security standards, best practices, and punishing those that abuse.
[2]

 

While the deployment of legitimate trust badges like McAfee and VeriSign have been deployed in US  ecommerce environments, the breadth of third-party badges has created dilution, resulting in customers having to interpret who these organizations are and if they can even be trusted.  Though the saturation of badges has resulted in fragmentation, this has proven to be an effective means to establish trust, but given the anticipated growth of US ecommerce over the next several years, this model won’t scale.

 

Universality is Needed

 

In order to scale beyond perception, the payments industry needs an interoperable CNP icon that represents these characteristics much like the chip card has embodied security for card present transactions. While there are global security standards for the web like W3C and OWASP, cardholders wouldn’t recognize these bands as they are
aimed at protecting for data for financial institutions with protecting data, rather than end customers.

 

Given this consumer obstacle, while it makes sense the payment networks like Visa and MasterCard develop a graphical element that possesses credibility, it would also be more beneficial for the payments industry to build awareness through a totally new archetypal icon that embodies technical security and trust the market has yet to see.

 

 


[1] https://monetizepros.com/ecommerce/5-trust-badges-that-can-increase-your-conversion-rate/

[2] http://www.mondaq.com/turkey/x/634844/Consumer+Law/Trust+Seal+In+ECommerce

Apple will launch Face ID with their Apple X (pronounced Ten) to be released in November. Along with its many new features, it will introduce a new biometric-based technology for customers to authenticate themselves when using Apple Pay, the mobile payment and digital wallet service that lets users make payments using an eligible Apple device. With the introduction of Face ID comes the removal the home button that’s been traditionally used for Apple’s
Touch ID, the forensic fingerprinting technology to unlock the phone and process Apple Pay transactions. Apple reports the new Face ID technology creates more unpredictability than the legacy Touch ID technology, utilizing
millions of data points to recognize facial expressions and changes to hair color, grow facial hear, glasses, and outerwear using machine learning. Prior studies reported the chance a random person could use a fingerprint to unlock an iPhone is about 1 in 50, 000 whereas studies have shown the probability to unlock Face ID is closer one and a million.

 

Is Smart Tech Good Enough?

Additional compensating controls have been implemented to detect spoofing and misuse, using an alert detection to ensure the owner’s eyes are open.  To counter, equally elegant spoofing technologies will be developed and implemented, especially with the social media and facial images over the open internet could present an obstacle to prevent against attacks, such as an attacker who can use the same machine learning recognition can identify photos of your face, family or friends who have posted pictures on Facebook or Twitter.  As with any new technology
introduced into the market, its largest obstacle to success is to achieve consumer credibility. Juniper Research has released the results of a new survey that finds that over 40 percent of iOS users in the U.S. are unlikely to use Face ID as payment security technology, and would rather use voice recognition or fingerprint scanning for mobile payments authentication measures. Given Face ID’s unproven credibility in the market, its adopters will tread cautiously as stolen stored credentials, whether they are stored on the device or hosted in the cloud, has a tendency for customers to be skeptical with its use. While Apple systems have never been breached, Apple customers can be at risk of having their devices attacked if they use the same passwords across multiple sites including their iCloud password.

 

The Market Will Tell

Apple has an enormous obstacle to tackle – increasing the security of payments without scaring away customers through the unnerving process of pointing a device at their face, which could prove to be awkward in public places. Through all its initial reservations, if Face ID is proven to reduce the payment processing friction without introducing other impacts, and lives up to its value proposition to its customers that its faster and simpler, it will gain adoption in the market over prior consumer authentication measures.

 

Would you use Face ID for payments?

Would you be willing to use the new facial recognition technology for payment acceptance or would you be resistance to new and unproven technologies? Would you have privacy concerns with facial recognition due to a lack of trust with solution providers? Do you think it may take too long to authenticate a transaction or would the experience be awkward?

 

 

Let us know your thoughts in the comments!