SRC – a new era of e-commerce?
The published press release in late April on Secure Remote Commerce (SRC) by EMVCo from the major schemes proves that the payment industry has already begun to direct their focus on eCommerce. Online shopping has become a vast industry that keeps on growing together with the digital evolvement. This increasing trend makes it a paradise for hackers and people with fraudulent intentions, especially since the security related to storing and processing card data have not been evolving equally fast to meet every new modern fraud methods.
The EMV security standards utilized at physical point-of-sales have shown to be successful in decreasing frauds and thefts. Together with the concept of tokenization where a token replaces the PAN makes this a solid security wall for keeping out anyone who wants to steal and misuse payment credentials from a cardholder. The introduction of SRC within the eCommerce domain would mean that we now can expect to achieve the same level of security for online shopping as we have in EMV chip and contactless payments.
Security is a large part of SRC; however, it also aims to simplify the shopping experience for consumers which in turn should decrease the number of abandoned shopping carts. One standard interface for all card schemes, no more manual entry of card data or home addresses, and simple checkout with just a few clicks. Having only a few steps together with convenient authentication, such as biometric/face recognition using technology like 3DS2.0, will give the shoppers with a whole new and easygoing experience.
Convenience and security are two elements in online shopping that have been on opposite side on the scale in eCommerce. The more security the merchant adds to its checkout process, the more cumbersome for the consumer to complete the process. This leads to an increased abandonment of shopping carts. Merchants are forced to accept a higher risk to gain more customers. This problem will be solved by SRC which offer both security and convenience in the same package.
SRC introduces the concepts of tokens and dynamic cryptograms which the merchant obtains during a checkout process from a token service provider through the SRC system. The token data will then be processed in a regular transaction flow, increasing the security and lowers the potential fraud for merchant and PSP.
One significant advantage for the merchant is the promise of a standard interface for all the card schemes participating in the SRC program. That will considerably simplify implementation and enablement. These services will further be available to the consumer through a common ‘checkout button’ on the merchant page and will be able to access all their stored cards (tokens) and shipping details with just a few clicks at every checkout.
But what about ID&V? How do we make sure that this is the rightful owner that is doing the checkout? After the first login, the SRC utilizes cookies to recognize re-visiting consumer which allows them to complete a checkout process. However; the issuing bank may choose to enforce ID&V smoothly and efficiently by using 3DS2.0 in the checkout process. 3DS2.0 supports authentication and authorization through issuer’s mobile banking application using device capabilities such as fingerprint and face recognition, in addition to existing methods from 3DS1.0.
Issuers must participate
For consumers to tokenize and store their cards with SRC, the issuing bank must connect to the card schemes’ token service provider (TSP). All of the major card schemes (Visa, Mastercard, American Express) have developed their own TSP which offers services that allow for creating, provisioning and managing digitized cards. This issuer-to-TSP connection will be a prerequisite for enabling SRC.
Getting started with SRC, card tokenization, token management may be a high barrier for many issuing banks. Understanding the concept, acquiring technical knowledge and developing support for one or multiple schemes can become costly and time-consuming. On top of this are the frequent changes in technology which will require follow up on new updates, re-development and potential strict and expensive certification tracks. However, the issuing bank has other possibilities than doing this by themselves.
SRC and card tokenization are within MeaWallet’s core focus. We have built a pre-certified platform (referred to as Mea Token Platform) for those issuers who want to enable digital payments in a simplified and secure manner. All is provided through a single interface for integration which simplifies the complexity and reduces workload for the Issuer. The product comes together with the knowledge and guidance of our team and thus gives a short, easy and low-risk path to digital payments.
Should you be interested to know more about how we can help your bank with SRC, tokenization or other digital and mobile payment solutions, get in touch with us at firstname.lastname@example.org or you can sign up for our newsletter.