Why, What, Who, Where, When and How of Secure Remote Commerce
E-commerce, otherwise known as remote commerce became popular in the 1990s and has become the preferred choice for the consumers. Remote commerce is enabled when customers enter their payment cards Primary Account Number (PAN) into a merchant’s website or shopping application.
There were a variety of remote commerce implementations and there were no common specifications to draw from. This resulted in fragmentation, complexity, and inconsistency in terms of transactions.
What about the security of transactions?
While there were several efforts towards securing the physical Point of Sale (PoS) terminals, not so much was done for the E-commerce transactions. The primary reason was that there were no common industry specifications and the number of options was plenty. This made it an easy target for fraudsters as e-commerce websites were susceptible.
We are PCI – DSS compliant
While many merchant shopping apps enabled card-on-file methodology with PCI-DSS compliance, it still poses several risks. There were no common specifications to address the functional interactions and transmission of data between participants. This created opportunities for fraudsters.
This is when EMVCo proposed Secure Remote Commerce Framework (SRC), which all the payment schemes have accepted and started to roll out their SRC solutions. SRC implementation is targeted towards:
Providing simplified and efficient integration and interfaces between payment ecosystem stakeholders
- Facilitate interoperable and secure payments using any network
- Decrease the vulnerability of shopping websites and mobile shopping apps
- Reduce shopping cart abandonment by decreasing repetitive manual PAN entries
- Providing integration options for EMV specifications such as Payment Tokenization and 3D Secure authentication
- Unification and streamlining of consumer checkouts
What is stopping the stakeholders from implementing SRC then?
An innovation of this nature requires ecosystem-wide participation. Issuers have to be on board, merchants have to be convinced, technology providers must have the service in place, and consumers must be educated and delighted.
EMVCo released Version 1.0 of its SRC standards on June 7, 2019, after many years of deliberations. The ultimate goal is to make SRC the checkout method of choice for cardholders and merchants alike.
None of the brand-specific checkout tools had any traction – Visa Checkout, Mastercard MasterPass, American Express Checkout. Now, they will all be replaced by SRC with a common logo and checkout flow, signaling to the cardholder that data will be shared securely.
Consumers – Just choose the SRC checkout method rather than a card on file. The payments provider managing the SRC data flow would reach out to each card network’s SRC system to get the account details and also display billing and shipping information.
This would also address their real and perceived security concerns and the hassle of keying in too much information before paying to make a purchase.
Issuers – Substantial marketing investments have to be pumped in to raise consumer awareness and get them to select the SRC logo. The upside is that it improves security and raise authorization rates
Merchants – Small merchants would benefit from SRC as their payment provider would make it readily available. However, the larger merchants would find the migration difficult unless there is a huge jump in terms of security, as they have already invested heavily in their payment systems optimization. Moreover, the merchants would feel that having cards on file is the best checkout experience that they can provide on the web, while they have their means of addressing the security of their transactions.
The upside for merchants would be that it would reduce cart abandonment rates and help in facilitating guest purchases without going through a lengthy registration process.
Acquirers, processors and payment providers – These are companies that thrive and survive based on transaction volumes and the new net transaction volumes that SRC would generate would be minuscule. However, they would support this initiative and adopt given their frontline roles in the payment ecosystem
How does it work?
Key benefits of SRC
Consistency – familiar, convenient, and consistent guest checkout experience across various merchants
Convenience – once enrolled, the consumer’s card information is recognized in the SRC system. The consumer doesn’t have to key in his payment information every time they shop
Security – combines both dynamic and encrypted data that helps reduce the risk of fraud in online transactions. The merchant doesn’t have to store the consumer’s card data, making it secure over some time
Getting consumers to choose the SRC checkout option will require a fair amount of education and marketing investments. Merchants will have to be convinced with SRC’s proof of success. Acquirers, processors and payment providers will have to be convinced of the volume of transactions.
Even with all cylinders firing, SRC would take a substantial amount of time for it to have any traction. However, it would reach there.