As Sam Cooke sang: “It’s been a long time comin’ … but I know a change is gonna come.”
Commerce changes slowly, at a glacial pace, it seems, until — all of a sudden — things are different. Aisles give way to clicks, and cash gives way to plastic, which gives way to digital wallets ... and might someday a myriad of buttons give way to a single button? Think of eCommerce made intuitive and checkouts made speedy, where security is paramount, yet transactions are friction-free.
In the latest Beyond the Buzzword, Rambus CTO Chakib Bouda told Karen Webster that the change is coming via Secure Remote Commerce (SRC), though it might take a bit of time. The digital payments technology is, of course, linked to a number of marquee names in payments, such as Mastercard and Visa.
The high-level view is that consumers — weary of names, addresses and phone numbers — need not enter and re-enter their data at each merchant, for each transaction. Eliminate the friction, the philosophy holds, and merchants can cut down on the shopping cart abandonment.
Ah, but to get there is a different matter. Bouda said, “We’ve neglected ... browser-based eCommerce, and now people are focusing a lot on it.”
SRC, he said, strives to solve an existing problem of interoperability, for consumers and merchants alike.
The consumer side of the SRC story might be relatively well-known — namely, that consumers can be liberated from the aforementioned data entry numbness, where payment information is standardized through tokenization (more on this in bit). However, Bouda stated that merchants, too, benefit from standardization.
As has been noted, Mastercard, Visa and American Express are on board with the EMVCo framework that looks to tokenize online payments. That’s because the costs of such integration of several payment options are streamlined in terms of time and money, as SRC remains an agnostic platform. Expedite the time to market, and expedite top-line growth.
Bouda said the payment schemes seek to be ready with a full-fledged embrace of SRC through the next several months — where, as he put it, “you are going to see a lot of activity in the second quarter” of next year. The standard may not be there yet, but it’s coming. Eyeing the future is an activity that begs an examination of what’s out there now, and what it will take to change things.
As Bouda told Webster, merchants have several methods of keeping cards on file, and there is, indeed, standardization in trying to keep data safe through Payment Card Industry Data Security Standards (PCI DSS). However, the interfaces and interactions amid websites, browsers and mobile apps make for a cluttered, fragmented landscape. Too many buttons create more clutter than confusion, Webster and Bouda agreed. That makes the ideal situation a single button or maybe a curated one, or two payment options consolidated via, say, a dropdown function, to make it a lot easier for consumers to purchase things online.
For merchants, he said, “With Secure Remote Commerce, you would have the interoperability, you would have standard interfaces and, though you would have multiple buttons, at least from a merchant integration perspective … it is all going to be a lot easier. Having a common framework would definitely help make sure that security is transparent.”
The First Step And Beyond
The first step is in place, said Bouda. Visa, Mastercard and American Express took note of far-flung offerings — such as Masterpass, Visa Checkout and Amex Express Checkout — and looked toward consolidation via a single button that works regardless of card number or brand.
In the new scheme, according to Bouda, merchants offer up a digital shopping application, consumers choose what they want and an SRC initiator (the payments service provider, as he illustrated) initiates the payment (and, eventually, tokenization). A digital card facilitator is behind the issuance and storage of card data.
As the platform and specifications are being stipulated, tokenization is emerging as an option that will eventually be mandated, once all issuers are ready for token on file. As noted in this space previously, SRC creates a token that, through secure account information, can be pushed between parties. Beyond that, he said, the rest of the transaction “just sits on standard rails” as the card information moves to the acquirer.
For the consumer, the friction falls by the wayside, he added.
“If I lose my card, I just call the bank and the bank will push the update to the tokenization scheme,” said Bouda, who claimed that “the majority of merchants don’t want to touch PCI data — the card information. What would happen, then, is they have to work with payment service providers [PSP] that would do that on their behalf. So, the changes will be done by the PSP.”
Such a streamlined process eliminates a key point of friction, where lost or expired cards require manual re-entry of data. Mastercard has calculated that as much as 75 percent of U.S. cards can be tokenized, which speaks to the appeal of SRC building on EMVCo tokenized standards.
Thus, ideally, Bouda told Webster, the same token carrying the same account information can be used across all the merchants, eliminating the need for an intermediary. For the issuers, he said, the opportunity is there to offer value-added services: There can be a token for eBay and a token for Netflix, for example, which speaks to capabilities thus far unknown, but possible with SRC.
How We Get There
As Webster noted, what we want out of eCommerce and how we get there are two different things. How then to incentivize the change — a change where the browser works harder to enable a friction-free commerce experience, especially when card-not-present (CNP) fraud is increasingly at the top of the bad guys’ to-do lists?
The incentives for merchants to adopt are there, claimed Bouda. There can be at least some precedent of the liability shift that marked the embrace of EMV at the physical point-of-sale not long ago.
“I can see a bit of opportunity for the payment schemes to do some liability shift and give some incentive [for] merchants to move — or payment gateways to move — to this new platform” he said.
The change is indeed coming, he told Webster, work-in-progress though it may be.
“If you have a common platform,” he said, “for a lot of entities and service providers … if you don’t do that, it’s going to be very tough for existing systems. Amid the unification and streamlined checkouts, it’s a good thing for the industry.”