For decades, consumers around the globe relied on “legacy” credit and debit cards when shopping in-person at retail stores. These simple pieces of plastic came with account numbers on the front and a magnetic stripe on the back that allowed users to physically swipe their cards at the checkout counter.
The problem was, these magstripe credit cards were relatively easy to clone — even from a distance. This security flaw allowed criminals to steal a user’s payment data and rack up fraudulent charges.
The introduction of EMV credit cards was designed to counteract this trend.
These newer cards all come with embedded security chips that are very difficult to clone. For an in-person transaction to go through at the point of sale, the original version of that card must be present.
EMV credit cards quickly became the standard worldwide, with nearly every country that adopted them witnessing a measurable decrease in card-based in-store payment fraud.
Yet, heightened security in brick-and-mortar retail simply pushed more criminals into the online world, where chip-enabled EMV cards offer the same limited protection as magstripe plastic. In 2018, for example, card-not-present fraud accounted for $4.4 billion in losses. By 2021, however, that number is expected to reach $6.4 billion.
To counteract this trend, the payment industry is hoping to introduce a new fraud management standard known as EMV Secure Remote Commerce (EMV SRC).
How Does EMV Secure Remote Commerce Work?
Every e-commerce and mobile shopping experience is unique, with no two merchants, banks or payment processors requiring the exact same payment data during checkout.
In nearly all cases, a credit card number is required. Though according to Visa:
“[T]here are 23 information fields to fill out on average when paying for things online, from name and date of birth to shipping address, communication preferences and payment information today.”
This inconsistent patchwork of authentication requirements is precisely what online criminals exploit.
Some credit card companies tried adding layers of security by requiring that online shoppers provide additional verification details such as one-time PINs sent via email or SMS. While these steps undeniably made online shopping more secure, they added unnecessary friction to the buying experience.
The goal of EMV SRC is to make e-commerce and mobile shopping:
- More secure to help reduce card-not-present payment fraud
- More seamless to help reduce checkout cart abandonment
EMV SRC hopes to accomplish this by leveraging a host of security features that work almost entirely behind the scenes:
- Credit card tokenization, for example, assigns a unique, one-time authentication ID to every transaction. This temporary token only works between a user’s card and the merchant in question. Once the sale goes through, that token can never be used again.
- uses a real-time profile of every customer based on 100-plus data points — including geography, IP address, shopping history, and user behavior. Legitimate transactions are instantly approved. Suspicious ones get flagged and require additional verification.
Again, these security features work instantaneously — without any direct intervention required from customers. As such, these measures don’t interrupt the shopping experience by requiring users to provide additional verification details.
The list of security features is long, technical and growing. However, if you’re familiar with Amazon’s one-click buying option, you already know where EMV SRC is headed.
Amazon customers who have previously loaded their payment details can quickly check out with a single click of a button. No additional fields or security checks required.
EMV SRC ultimately seeks to duplicate this.
Rather than limit one-click buying to any single online retailer, this option will follow the user wherever he or she goes. The payment industry even has a new logo designed for this purpose — one that will signal to online shoppers that they don’t need to fill out tons of fields during checkout.
What EMV SRC Means for Your E-Commerce Business?
As an online merchant, EMV SRC is basically a win-win:
- Consumers can shop with much greater confidence, thanks to the back-end fraud management features being continuously created.
- Customers can also shop with much greater ease since they don’t have to fill out as many fields during the checkout stage.
The result for you is more sales, happier customers and fewer fraudulent attacks.
The EMV Secure Remote Commerce standard is still in draft form. When it goes live later this year, you’ll need to make some adjustments to your e-commerce store — including the addition of the special payment icon to your checkout cart.