Speed more than security is key for eCommerce success

New research from GoCardless has suggested extended authentication processes is costing online retailers sales as a notable chunk of consumers favour convenience over security.

Security is an on-going issue in the technology industry and while it should have been addressed years ago, it wasn’t. What we are now seeing it a desperate attempt to catch-up and put in place the technologies, processes and regulations to create what would be deemed an acceptable level of security. The result is a tsunami of changes which are causing complications all over the place.

One such example is the introduction of Strong Customer Authentication (SCA), a European-wide initiative to set in place two-stage verification for authentication of online purchases. The rules are slated for September and will likely see some notable changes in the way retailers engage customers.

Worryingly for the retailers, the GoCardless research suggests consumers are already frustrated with the authentication process as is. Any further changes could see heightened churn on sales.

According to the research, 43% of UK respondents to the survey said ‘speed and ease of payment’ was the most important factor when purchasing products online. The numbers are certainly smaller in other European nations, but very notable. Security is a consideration in all the markets in question, as you can see in the table below, though it seems there is only a certain amount consumers will stomach before looking elsewhere.

UK France Germany Spain
Speed is the most important factor 43% 32% 33% 17%
Security is a large consideration 55% 62% 61% 58%
Abandoned purchase because of security process 44% 33% 48% 40%

As you can see from the final row, a notable number of customers can become easily frustrated by extended security, validation and authentication processes. This might be down to the idea that too much is being thrown at the consumer at once.

Generally, consumers seem to favour being eased into a change. Take Facebook for example, what the platform is today is remarkably different from when it started, and this includes the amount of personal information which is being requested and processed. If all of these changes were introduced at once, there would have been uproar, but like the boiling frog, consumers were eased into the current situation.

For years, the technology industry ignored the importance of security, refusing to make it a priority voluntarily. Now governments and regulators are stepping in to force through changes; it might give the consumer a shock and a negative experience.

“In the eyes of UK consumers, convenience is virtually neck and neck with security in terms of importance when shopping online,” said Duncan Barrigan, VP Product at GoCardless. “Protecting shoppers from fraud when they pay online is crucial, and new regulation which achieves this should be welcomed.

“The flipside is that these measures, if implemented badly, could significantly disrupt consumers and lead to a significant conversion drop off for businesses. Online retailers must work with their payment providers to find the right balance between security and convenience at checkout – not waking up to this new reality could seriously harm e-commerce. Major retailers like Amazon are already sounding the alarm.”

US telcos put aside differences to tackle authentication

The big four operators in the US have shown that they can actually get along by creating the Mobile Authentication Taskforce, with the objective of creating a mobile authentication solution for enterprises and customers in 2018.

They might spend the majority of the year bickering and arguing but the new Mobile Authentication Taskforce will ensure at least the security guys in the R&D departments will get on. AT&T, Sprint, T-Mobile and Verizon will be joining forces to make sure customers are more secure in the face of more creative hackers and a seemingly endless tirade of security breaches.

We’re wondering who came up with the name, and have decided there are two possible explanations. Either it is an ironically named group by someone who just fancied a bit of fun, or someone in the taskforce wronged the ideas man. In any case, the merry band of super-wannabees have an important task at hand.

“At a time when online and digital services are commonplace, security and authentication are issues that affect us all,” said Alex Sinclair, chief technology officer, GSMA.

“Through strong collaboration, the taskforce announced today has the potential to create impactful benefits for U.S. customers by helping to decrease fraud and identity theft, and increase trust in online transactions. Further, we will be working closely with the taskforce to ensure this solution is aligned and interoperable with solutions deployed by operators.”

The approach here is less technological and more analytical. Using capabilities such as network-based device authentication, geo-location and SIM card recognition, the aim is to create a solution which will analyse data and activity patterns on a mobile network to predict, with a high degree of certainty, whether the user is who they say they are. It’s the type of idea which will accompany features such as biometric authentication, picking up anomalies should someone be able to navigate around initial defences.

While this type of story encourages a bit of confidence in the operators ability to keep our online lives safe, the story is a bit different in Europe.

New research from Mobileum has highlighted more than a quarter of European operators have experienced increased levels of fraud since mobile roaming charges were abolished throughout the European Union. Since the introduction of EU Regulation IV, 87% of respondents have seen increased data traffic across the network, while 71% of operators highlighted an increase in voice traffic. The increase in traffic might be opening the door for fraud.

“It is still very early stages, but our research highlights that investigations into fraud and abuse in the context of the new regulations are not being flagged,” said Tim Moran, Senior Vice President of Product and Offering at Mobileum. “The generous fair usage policy means it is becoming far more difficult to watch for fraud and abuse.

“We expect fraudsters to be monitoring what loopholes have appeared and how they can be exploited. Given the arbitrage between wholesale interconnect rates for international calls terminating to EU vs. low retail tariffs for regulated calls in some EU markets, we may very well surge in frauds related to CLI filing and international SIM Boxes.”

The challenge here might be down to the IT systems. The existing IT systems might not be coping well with changes required for EU Reg IV, as while operators may have implemented fair usage policy for open data bundles, they are finding detection and action on permanent roamers to be really complex in nature. It also perhaps indicates the operators are not willing to play with each other in the same was the big four are over in the states.