What do we mean when we talk about payment friction?
When we talk about cards as a means of payment, the primary objective for any issuing bank can be reduced to two aspects: increasing the use of their issued cards and reducing friction when the cardholder wants to make a payment without increasing risk in transactions, or, better yet, decrease friction while reducing risk. When we talk about friction, we mean the moment when the consumer must take more measures than expected to complete a payment or transaction.
From the cardholder’s perspective, it is easy to raise the pros and cons of using cards, whether credit, debit, or prepaid.
Among the pros we can highlight:
- It makes transactions, that is, completes a purchase or payment without going through an uncomfortable moment, for example, the card is not read by the POS or an ATM or the transaction is not approved by the issuer.
- The fact that the card is not read in urgent transactions, such as when paying a hospital bill or canceling a hotel stay to catch a flight, which goes from being uncomfortable to highly stressful due to the urgency and circumstances in which payment must be made. That’s why, from the customer’s perspective, the pros of reducing payment friction are obvious.
From the issuer’s perspective, the pros focus on things like:
- It prevents cardholders from having to choose another means of payment or the card of another issuer because if they experience uncomfortable situations with their means of payment, as a transaction is not approved, they may decide not to use that card again.
- The second point refers to the issue of income because issuers earn money to the extent that their cards are used, that is, from the exchange that generates a transaction or the financing that it may generate if the transaction is on credit. Therefore, if the cardholder cannot use the card, this affects the ecosystem and profitability of the issuer, who must try to increase the approval rate without increasing its risk.
On the other hand, we can highlight some points against seeking a decrease in payment friction, since, if it is not carefully done, the risk in transactions can be increased.
The issuer can reduce friction and avoid increasing risk by investing in technology. This, in turn, increases operational costs and at the same time exposes the rejection of new mechanisms that require changing the habits of cardholders if the implemented mechanism is very new and complicated to use. In short, improving user experience is key if processes are focused on the user so that they are fluid and simple.
Cases such as the alternatives that appeared all over the world to compete with traditional taxis, in which one requests transportation through an application, are a clear example of how to reduce friction in payments and, in turn, improve user experience. This was achieved by implementing a mechanism to engage transportation services that was so fluid and natural that anyone could adopt the technology relatively quickly, eliminating payment at the time of using this service.
At present, although more than 60% of adults worldwide have a bank account and, therefore, have access to use a card, we cannot ignore that cash is still the number one means of payment in the world. For this reason, it is worth taking a tour of the different payment means and channels as well as their use to better understand their friction points and the risks involved in the use of each of them when compared to cards.
Cash
Where is the friction of using cash as a payment method?
Friction can be caused simply by thinking whether you have enough money with you to complete the expected transaction and whoever assists you has enough change to give “change back,” if necessary.
If the channel is a self-service channel (for example, a vending machine), frustration can increase if it does not accept the entered ticket or “swallows” it without dispensing the product after having paid for it.
By being a bearer of a payment instrument, it runs the risk of being stolen. Whoever receives the money also runs the same risk.
On the other hand, the cost of banking or digitizing said cash must be considered in order to use it in the business. If you have a location where all customers pay in cash, at the end of the day you will have more cash in the till, which increases the risk of it being stolen at the moment of accounting for that cash when the store closes. In addition, the business must have a resource or hire a company to take the money to the bank since the money cannot be used to make corresponding payments, such as processing employee payroll, making payments to merchandise suppliers, and paying rent for the premises used, among others, until it is integrated into the banking world.
Electronic Fund Transfers
Electronic fund transfers have grown in value over time, especially in the context of the COVID-19 pandemic. However, in many countries there is still a great challenge with this payment method. It is not available in everywhere. You cannot necessarily go to a store and expect to pay at the register by way of electronic transfer. Therefore, although this method is efficient and safe, it has its acceptance challenges.
Cards
Depending on the source of the funds, the means of payment can be a credit, debit, or prepaid card. It can also be a physical or virtual card.
The channel refers to all the places where the cards can be used: physical point of sale (or POS), electronic commerce (or e-commerce), recurring charges (or direct debit), wallets, or smartphones.
In the physical world, there are risks such as card theft or loss as well card cloning. In the case of the latter, the risk has decreased due to the change from the magnetic stripe to the use of a chip on the cards (chip cards). However, we find other latent risks such as cardholder identity theft, also known as account takeover.
For an account takeover, let’s visualize the following scenario: a cardholder has their card in their wallet, and it is difficult to clone it because they only have chip cards. Then we have a second person who commits fraud by impersonating the cardholder (identity theft) and requesting an additional legitimate card, with their own name and identification number, and sends a false application document or through a call center that does not have sufficient security checks.
The bank reviews the fraudulent application and accepts it because it understands that the legitimate cardholder applied for it and approved the card in the name of the second person. The main card is not lost, nor has it been stolen or cloned. There is, however, an additional card associated with it. Now the person who usurped the identity of the cardholder can go to a business, present the card and an identification to confirm that the card was issued in their name and make a fraudulent purchase without the cardholder noticing.
The point where the process was defrauded was at the authorization or creation of an additional card to a legitimate account, so it is a legitimate card obtained through fraudulent means. Here we are not dealing with a friction problem but with a form of fraud that takes advantage of the moment of authentication of the legitimate client by the issuing entity to commit fraud.
E-commerce
On the other hand, we have e-commerce as a payment channel in full growth. What is the risk? You do not need to physically have the card or have it cloned to be able to commit online fraud. It is enough to only have the card number, the expiration date, and, depending on the merchant, the CVV (the number that is on the back of the card), which is not impossible to obtain, since all the data is printed on the card.
Precisely to avoid this type of fraud, security protocols such as 3-D Secure and tokenization are implemented. These seek to authenticate the customer at the time of purchase, requesting a second authentication factor and thus avoid this type of fraud.
3-D Secure has at least three authentication mechanisms that seek to cover all the scenarios in which the client can be found: sending an OTP (one-time password), either through an SMS (text message) to their cell phone or via email, asking the customer to call the call center, but this would increase friction. Another alternative is the use of biometrics that generate less friction with the client.
With tokenization the customer experience does not change. The cardholder can select the merchant of your choice, enter their card details, and the merchant goes to the issuer to request a token for the first time. In this case, the issuer, before authorizing the issuance of the token, authenticates the identity of the cardholder by sending an OTP to their cell phone or email, which is known to the customer. When the latter enters the code sent by the issuer on the merchant’s platform, a unique token associated with the merchant is issued in order to complete the purchase safely and efficiently.
Two Very Important Aspects Derive from Tokenization
1. The token is unique per merchant, and thus reduces the risk of the merchant’s database of payment methods and cards being hacked, since the information it stores is the tokens and not the cardholder’s sensitive data, such as the card number, and the tokens do not work for any other merchant.
2. As the merchant stores the token and not the card number or its expiration date, if the data changes, the issuers or, in the case of Evertec, the processors who act on behalf of the issuer, will keep the token updated for the brands. Similarly, if the card number changes because the cardholder’s card was changed from Classic to Platinum, the unique token is not affected.
The implementation of new technologies seeks to reduce the friction of payment for the customer, as do digital wallets or wearable devices. These, in turn, must also ensure that fewer transactions are declined (and approval rates increase) so that both the cardholder and the issuing bank can meet their objectives. The cardholder will be able to complete their payment without going through an uncomfortable moment, so they will not have the need to change the payment method and the bank will not affect their income on the transaction, always ensuring this does not increase the possibility of fraud but instead decreases it.
In the end, the objective is to improve consumer experience and increase transaction security to mitigate the risk of loss to the issuer, the acquirer, and the merchant without making the customer’s shopping experience cumbersome so that they repeat the experience with that particular payment method.
At Evertec, we have the knowledge and the technology to accompany business processes, prioritizing customers’ experience and the security of their transactions.