Authentication tipping point – will PSD2 change we way we pay?
Talking about 2018 is hardly possible without mentioning PSD2. So here it is, on top of my list. On January 13 PSD2 will go live. However, some aspects of the new regulation will not be enforced until around 18 months later, when the Regulatory Technical Standards (RTS) on Strong Customer Authentication and secure communication come into force.
In the new PSD2 world, it feels like regulators want us to authenticate every transaction via at least two steps – writes Lu Zurawski, Solutions Practice Lead, Consumer Payments EMEA at ACI Worldiwde.
It looks like ‘friction free’ will remain a fantasy for a while. Payment Service Providers may be exempted if they have developed ways of assessing the risks of certain transactions and can identify fraudulent ones. Exemptions also exist for contactless payments and transactions for smaller amounts, but there is a strong current towards payments being backed by explicit consent and authentication.
Expect a big debate in 2018 and beyond about the need for strong authentication and whether these measures are too ‘heavyweight.’ Have we reached a tipping point, where transaction protection elements (like PINs and 3DS) layered onto traditional payment products are replaced by a new approach? We may need to get used to a new form of payment approval based on explicit authentication requests which could look like this: “You are about to pay £x to recipient y – if you are OK, please enter your one-time code now.”
#QRCodeContagion – is Chinese BigTech redefining consumer payments?
Chinese payments will be very big in 2018 and I believe we will be seeing QR (Quick Response) codes more frequently. In the last few years we have seen a flurry of European retailers adopting Alipay and WeChatPay. The logic is simple: Last year over five million Chinese tourists visited Europe, with numbers predicted to rise further in 2018. Chinese travellers spend more than any other nation when abroad. Merchants in Europe are missing a big trick and a huge opportunity if they don’t develop strategies to integrate new forms of alternative payments and cater to this huge consumer group.
I had something of a transformative experience myself on a holiday to China last summer. It’s quite extraordinary to see how hard it is to spend money with an international payment card in China. And by contrast how many people use WeChat Wallet or Alipay as an alternative. Not just for online, but strikingly at physical point of sale too.
I personally think we can no longer ignore the huge success of Alipay and WeChat and the implications they have for the future of payments and the wider ecosystem. 600 million active users cannot all be wrong. I expect to see QR codes appearing in more bill payment scenarios, at more physical point of sale locations, and in new methods of payment in 2018.
Identity – what kind of ID do we need to secure payments?
The debate about identity will continue in 2018. In many parts of the world, for example Scandinavian countries, the Netherlands and Switzerland, electronic identification systems are already widely in use. Instead of going through manual, paper-based checks prove, these new systems allow citizens and businesses to prove their identity online.
In the financial services sector, such systems could make processes such as onboarding of customers, dealing with anti-crime obligations and approving loans and mortgages much more efficient. And on a larger scale, the same techniques could be used to authenticate individual payment transactions – a much more secure approach for online payments, and probably more universally usable.
Some people may think the new focus on “ID” sounds a bit ‘big brother’ but the use of ID does not necessarily lead to the sharing of personal data with third parties; it is possible to use ID systems to give just enough information to re-assure a counterparty that you are rightfully entitled to do a particular transaction. All parties in a transaction can get a clear understanding of credentials and permissions through the use of electronic identifier systems, and I believe their use could lead to a massive victory for society in terms of fraud prevention and overall economic efficiency.
Security vs. user friendliness
In think we all agree that it would be great to have more ‘Uber experiences’ when it comes to payments, by that I mean a quick, straightforward and smooth way of paying for services especially online. But so far this hasn’t happened. Why? Because it doesn’t always allow for appropriate security – particularly now that there appears to be a shift towards explicit consent and Strong Customer Authentication. One of the big challenges for the payments industry in 2018 will be to develop an incremental approach to bring in better security measures without confusing the customer. I predict a host of citizen awareness and consumer education programs being launched in 2018 – particularly within the EU.
The age of consent – who owns “Big Data”?
The EU General Data Protection Regulation (GDPR) will enter in force in May 2018. It stipulates the consumer as the owner of his or her personal data and says that data can only be processed if ‘the data subject has given consent to the processing of his or her personal data for one or more specific purposes.’ Expect a lot of debates around the definition of consent. And be prepared for a wave of new class actions following GDPR, brought forward by legal groups and consumers following data leaks. This is likely to be noisy and chaotic, but it could pave the way away from traditional definitions of B2B and B2C towards a personalised data economy, where consumers become far more aware of the potential value of their own data, and of their opportunities to convert this potential value via new so-called ‘Me2B’ propositions.
Payments Thinking, Fast and Slow – applying behavioral economics to money
Finally, I expect more debates about behavioural economics and how it applies to payments. As Daniel Kahneman outlined a few years ago in his global bestseller ‘Thinking, Fast and Slow,’ most of our decisions are made intuitively and based on our emotions, leaving rational thoughts until later to justify those cognitive biases. But how does that relate to payments?
We will see the emergence of new Third Party Providers (TPPs), catering for new consumer demands in financial services. Although TPP is apparently a regulatory invention, many banks are happy to allow new players to experiment with new demands. These TPPs are far better placed to deal with new customer behaviors. The picture below (which I call Food Truck = TPP) illustrates my point.
This analogy postulates that banks have failed to experiment enough with untapped consumer demand. Many banks have become like boring old restaurants, only visited by ageing tourists who can just about read a TripAdvisor review. The exciting action is no longer in the places measured by Michelin stars – consumers now look for creativity and value (and life enhancement?) by finding out where the latest ‘pop-ups,’ farmers markets and the trendiest food truck sites are. There is nothing to stop big establishments participating in this too.