Improving online payment security can help reduce last-minute cancellations of transactions
No one will ever know what is going on in the minds of customers who decide to ‘drop-off’ or cancel their online purchases just before completing a transaction. But etailers can try to reduce the phenomenon by making payments as efficient and secure as possible.
One of the key issues to consider is whether to offer PayPal or other internet payment providers, cash vouchers, cheques, or major credit and debit cards, which would widen consumer choice but might increase costs for retailers.
By using PayPal, customers give their card details when they sign up and do not have to do so again when they make a purchase. Garreth Griffith, head of risk management at PayPal UK, says increasing speed at the online checkout not only reassures customers, but results in a 14% fall in drop-offs for small and medium enterprises (SMEs) and 1% to 5% for larger etailers. “Security is more of an issue when people don’t know who they’re buying from, but even with known brands people can still be nervous,” he explains.
Cash vouchers are another alternative and the Prepaid Services Company, a provider of prepaid payment solutions, launched its Cash-Ticket product in May. Consumers can buy pre-paid cash vouchers and use them by entering a pin number when making purchases online.
Binu Vaman, Prepaid Services Company’s UK marketing manager, says: “A lot of people do not have a credit card or are scared of using it online, and in the current economic climate they want to keep a tight control of finances.”
For SMEs, the decision of what payment methods to accept comes down to their customer base and the costs of taking on extra methods. John Nicholson, a director of T-shirt etailer Kettlewell Colours, does not believe American Express (Amex) is worthwhile, but is considering PayPal. “Everyone who has Amex usually has an alternative Visa or Mastercard,” he says. But Sonja Todd, general manager of accessories retailer Tatty Devine, takes Amex. “We take a lot of orders in the US and a higher proportion of people use it out there,” she explains.
Adding payment types is simpler for etailers who use third-party processing services, says Simon Black, managing director of one such firm, Sage Pay. “It is very easy for us to integrate other aspects of ecommerce and we are able to offer 24-hour support,” he says.
Perhaps the biggest advantage of outsourcing payment processing is security. By October, all etailers will have to become compliant with the payment card industry’s Payment Card Industry Data Security Standards (PCI DSS) regulations, covering access to the payment network and protection of cardholder data.
Those using third-party processing firms have no need to be compliant if the customer is diverted seamlessly to the processor’s system at the point of transaction and then back to the retailer’s website. In this case, the retailer would never receive customers’ card details and any onus to be compliant would rest with the processor. However, if retailers want to be certain their customers’ details are safe, they could check that the processor has received a favourable report from an approved Quality Security Assessor, which they must do each year under the regulations (see box).
But for any retailer that holds customer payment details, the consequences of non-compliance can be severe, including unlimited fines. A recent survey of online retailers by Sage Pay showed that 60% of retailers did not know whether they were compliant.
Alan Calder, chief executive of training and consultancy firm IT Governance, says it is in the etailer’s interests to have the best security. “Although the fines from the payment card industry can be painful, what can be more painful is the damage to your reputation,” he says.
- Weigh up the costs of adding different payment types against likely extra business
- Consider using a third-party processor to take the onus off you Visit the website of the
- PCI Security Standards Council which sets the regulations and offers advice (www.pcisecurity
- Investigate private sector resources such as IT Governance (www.itgovernance.co.uk)
- Cut the risk of fraud by using ‘3D’ security which requires customers to enter a password