David Poole, business development director, MYPINPAD
David Poole, business development director, MYPINPAD

It can be said that we are in the midst of an online revolution. Technological developments and easy access to high speed internet, through our smartphones and computers, have allowed the world wide web to act as the medium for many of our daily tasks. Our digital profiles are growing, our individual consumer ‘avatars' are constantly active online; making purchases, banking, and socialising.

Retailing is just one of the industries that has been transformed by the internet. It has been revealed that online retail sales experienced an 11 percent year-on-year increase in 2015, with approximately £114 billion spent online[1] and this figure is set to rise to £126 billion in 2016. Ecommerce is swiftly moving from being well established to being the dominant commerce method in the UK and wider world.[2]

The internet has also transformed the way we bank. We are now able to make payments, check our bank statements and arrange direct debits without ever needing to step foot in a branch. Banking app log-ins have increased by 50 percent between 2014 and 2015, whilst the average bank visits have fallen 32 percent since 2011.[3]

Making a payment or paying for goods and services can be a ‘pain point' for consumers and difficult, complex payment processes often result in high levels of cart abandonment. Consumers don't want to have to keep entering their card details, going through numerous steps of verification and having to remember a number of different passwords.

To alleviate this pain point, reduce abandonment, and increase sales, ecommerce companies have simplified their payment processes, preferring to offer frictionless one-click payments and accepting a degree of risk rather than implement tough or awkward security.  Services such as Amazon Prime and Uber have adopted a similar strategy and have reaped the rewards. However, the pursuit of one-click payments has inevitably made the payments process less secure and has increasingly left their customers open to fraud.[4]  

It should come as no surprise that fraud has been occurring at an increasing rate in the UK, which has now been labelled as Europe's capital of fraud.[5] Fraud losses in the UK increased by 18 percent (£88.5 million) in 2015. Seventy five percent (£66.7 million) of this is card-not-present fraud with £42.4 million of this coming from ecommerce.[6]

The introduction of Chip & PIN in 2006 was hugely successful in reducing card present fraud. However, while this closed one door to fraudsters, the recent boom in ecommerce has opened another. Although this means that fraudsters aren't able to use stolen cards to withdraw cash from ATMs or to buy goods in-store, they can still use stolen details to make purchases online.

Fraud used to be something we heard about on the news, but with the number of fraud victims increasing daily, consumers are more conscious that they could easily fall victim, if they haven't already.

Earlier this year, MYPINPAD published a report, based on consumer research, which showed that consumers are not only willing but will happily welcome and adopt certain authentication processes to make the transaction more secure. The report showed that 85 percent of consumers would like to be notified, of a high value transaction they had carried out and then authorise it by entering their card PIN[7]. In addition, 90 percent of online shoppers said they would use PIN to authorise payment via mobile. [8]

The industry seems to be focused on reducing, or even removing, any level of friction in the payments process, with one company introducing ‘zero-click' ordering.[9]  However, our research paints a different picture. Consumers are now aware of the risks that these new payment methods pose and would like to be protected.

Balancing security and convenience is no easy task, but that does not mean that security should be compromised. Authentication solutions needs to be simple enough not to inconvenience the consumer, but secure enough to protect against fraud.

However, if we are to fight fraud, all of the entities involved in the process need to play a part. It needs to be a collaborative industry wide effort, similar to when PIN was introduced in 2006 rather than just looking to a certain area of the process as responsible for the fraudulent conduct, or handing out fines to unsuspecting merchants.

Contributed by David Poole, business development director, MYPINPAD