One of the top concerns consumers have when they shop online is the security of their payment information. According to a study by Kapersky Labs and B2B International, nearly half of Internet users still feel that they're vulnerable when they make online payments, and 42 percent say they would make more purchases if they were sure they wouldn't get hacked. Fully 37 percent have abandoned their online shopping carts because they weren't convinced about the security of the payment process.
This is not an unreasonable fear. According to the European Central Bank, 73 percent of all card-not-present (CNP) transactions were online payments, and more than half of all fraud recorded in 2011 involved CNP transactions.
There have been so many horror stories about identity theft and accounts hacked, even data stolen from major retailers such as Target and Home Depot, that customer paranoia is to be expected. And yet more and more people are choosing to do online payments every year.
Just how secure are online payment systems today? Here's a look at the status quo.
First of all, online payment systems are just one part of the bigger animal known as electronic data interchange (EDI), but they attract the most attention (legitimate and illicit) because they handles data pertaining to money transfers. Traditionally, EDI was exclusively used for business-to-business (B2B) bank transfers, but thanks to the burgeoning popularity of online shopping, millions of business-to-customer (B2C) EDI transactions happen every day. In fact, 90 percent of all B2C transactions in North America happen online, the most common form of which is via credit card.
Retailers both online and offline would probably not survive today if they didn't include credit cards and debit cards as payment options. Card issuers, mostly Visa and MasterCard, require retail partners to comply with Payment Card Industry (PCI) Data Security Standards such as encrypted terminals for in-store purchases, while online partners are required to follow stringent security and certificate protocols. In most cases, they have to follow a two-factor authentication process that requires a merchant to enter both a code and a password to discourage third-party interception.
Other payment options include Smartcards (which are like debit cards but specific to online purchases) and payment gateways such as PayPal or Google Wallet, which account holders can use to hold funds they transfer from their traditional bank accounts to pay for online purchases.
For mobile payments, some online shopping software applications make paying as simple as texting. But the one thing they all have in common is that they require some sort of security mark. You can probably remember most of these: VeriSign, PayPal Verified, Verified by Visa, SSL, and MasterCard SecureCode. Customers feel reassured when they're present. But is that enough?
It's estimated that in less than 3 years, only 23 percent of point-of-sale payments will be in cash; the rest will conducted via some type of electronic transfer, so whether online payments are secure enough almost becomes a moot point. Retailers that accept cash only will soon find themselves losing sales to those who offer the convenience of “plastic.”
This applies to both online and in-store retailers; some online retailers actually still request money transfers or bank deposits, and this has long been associated by savvy online buyers with scammers, because consumers get none of the protection when they pay with money transfers or bank deposits that they get at least on a limited basis with card issuer- or payment service-verified sellers. And then there's the convenience factor; pushing a couple of buttons is definitely easier than going to a bank.
The good news is that the major card issuers, Visa and MasterCard, are not resting on their laurels and content to see how technology evolves. They have recently collaborated to develop the next-generation 3D Secure (3DS) protocol. 3DS is said to have significantly improved fraud prevention since it was introduced as a standard. The new 3DS 2.0 is supposed to be an even better standard, specifically designed to offer more protection as well as make online transactions even easier for consumers.
3DS 2.0 replaces static passwords with one-time passwords and biometrics (read fingerprint scanning), so buyers no longer have to remember multiple passwords for different accounts. This is a standard that works best with point-of-sale transactions, although some mobile units already have the capability of fingerprint scanning (namely the iPhone 6 and 6 Plus, and the Galaxy S5), which makes them good candidates for the 3DS 2.0 standard. It won't completely replace the original 3DS but will rather exist in parallel — at least, until technology catches up.
For retailers, it all boils down to streamlining your shopping process to get your customer's money as quickly as possible. This definitely requires having an online payment system in place. In most cases, an online payment service requires shopping cart software that can handle orders, solicit customer information, calculate taxes/shipping costs, and summarize the transaction for the customer before final payment. Shopping cart software can be a third-party app or part of the business package offered by the online payment service provider.
There was a time when setting up an online payment system for a small business was almost too difficult to be worth it, but not any longer. Many e-commerce sites, including SaleHoo,offer an all-in-one solution, from setting up the web store to configuring a shopping cart to acquiring a merchant account.
The important thing is to make your users feel secure when they're browsing your site by prominently displaying your security certifications at the top of your site. More than 60 percent of survey respondents in a survey done by Actual Insights have cited the lack of a trust badge as a reason why they abandon shopping carts.
So, it is safe to pay online?
While there are definitely ongoing problems in online security with scammers being ever-present and hackers looking for backdoors into securely stored information, the vast majority of electronic transactions go about unmolested. There are always risks and it pays to be vigilant, but displaying trust badges and working with reputable third-party payment systems can help your users overcome their fears.
What are some of the strategies you employ to allay security concerns? Let us know in the comments.