E-commerce transactions stall when customers asked to authenticate

Customers may be put off completing online transactions when asked to authenticate payments they intend to make or if the process of authentication is not smooth, research carried out by Microsoft has highlighted.

Dean Jordaan, director of e-commerce and payments at Microsoft, flagged the result of a study Microsoft has been conducting since September 2019 into strong customer authentication (SCA).

The SCA standards, developed under the second Payment Services Directive (PSD2) in the EU, aim to make sure that banks and other payment services providers (PSPs) know that the person requesting access to an account or trying to make a payment is either the customer or someone who has their consent. They are therefore intended to enhance the security of payments and limit fraud.

Jordaan said Microsoft has been testing a "small, random percentage" of payment card transactions initiated by customers in an e-commerce setting, including from its Xbox gaming console-based app. The results found that some customers aborted transactions altogether when asked to authenticate their details, and that the system of authentication relied upon by some card issuers may not be as smooth as it could be.

Jordaan said: "Challenge success rates are low to very low. This means merchants lose sales and customers cannot get the goods and services they want."

"Customers abandon checkout at high rates when challenged. This suggests customers are confused, don't like the authentication method, and/or encounter poor implementations of SCA," he said.

"Even a successful challenge takes a long time to complete, especially for app. This suggests that significant friction is added to the customer purchase experience," he said.

According to Jordaan, payment card issuers in some EU countries – Spain, Portugal, Cyprus, Estonia, Lithuania and Latvia – have yet to enable SCA at all, in spite of an end of 2020 deadline for full complianceset by the European Banking Authority (EBA). A 14 September 2021 deadline has been set in the UK by the Financial Conduct Authority.

Microsoft also found that card issuers rely heavily on authentication protocols put in place by Visa and Mastercard, which Jordaan said "suggests that issuers are not ready with their own implementations" of the technical security protocols that have been developed, and added that retailers risk losing out as a result.

However, Jordaan said one "bright spot" from the research was that more payments were authorised when customers had completed the process of being challenged on authentication, which he said "suggests the payments ecosystem can deliver on the promise of SCA".

Payments law expert Yvonne Dunn of Pinsent Masons, the law firm behind Out-Law, said: "This research confirms what many in the industry have been saying about SCA – the balance between security of payments and fraud limitation on the one hand and avoiding friction in payments on the other is vital. SCA by its nature introduces additional verification steps in a payment journey, and so it is essential that the underlying systems and processes integrate and communicate without delay, to keep frictions in the payment process to a minimum. "