Consumer Security vs. User Experience

Have we reached a tipping point in balancing security with convenience?

Has the digital commerce industry compromised consumer security in favour of user experience?

In digital commerce, there has long been a struggle to balance security with convenience. Now, David Poole of MYPINPAD assesses if the payments industry has prioritised convenience over security for too long.

As most people would agree, the mobile platform is not optimised for the entering of personal data and passwords; the screen is too small, the keyboard, which is seldom optimised, can be awkward and if a mistake is made you often have to start the whole process again, causing much frustration to the consumer. To overcome these obstacles, m-commerce and payments innovators across the globe have been working hard to make it easier, quicker and more streamlined when making purchases and payments.

However, has the push by merchants for frictionless payments in digital commerce resulted in security being sacrificed?

Since the start of the digital commerce revolution, the onus has been on making the checkout, authentication and payment processes as swift and easy as possible. But how would consumers feel and react about their online transactions if merchants demonstrated a clear proactive element of security protection – even if it created some small degree of friction? Have rising fraud rates and headline stories about scammed customers made the public rethink their payment security?


How much security do consumers want?

A recent report by the Institute of Customer Service warned that consumers will become “driven by fear” of data breaches and other security issues.[1]

UK Government statistics show that two-thirds of large UK businesses suffered cyber-attacks in the last year alone.[2] When these attacks happen, consumer details such as names, addresses and payment card details are stolen and then sold on to fraudsters.

With these attacks making regular headlines, it is understandable that consumers are growing increasingly worried about cybercrime. This worry is well founded given that 5.1m online fraud incidents and 2.5m cybercrime offences were reported last year.[3]

Online security is no longer a theoretical worry or something that happens to others. It is something that every consumer in the UK is almost constantly reminded of and is now viewed as a threat.

This is being reflected in consumer surveys. For example, research carried out in 2015 showed that whilst 35% of UK consumers want to be able to save their payment details for quick and easy transactions, 58% want to see payment authentication logos displayed on websites.[4] This is a very strong indication of increased consumer awareness relating to security issues.


Have we gone too far?

This is a critical question, but in the light of recent headlines over Amazon, Uber and Barclays, just to name a few, it is clear that consumer confidence in digital commerce and the reputation of brands is being dented.

There can be little doubt that trust is paramount. Free market economics are ultimately dependent on confidence and it is critical for e-commerce and m-commerce that consumers have confidence in the security presented to them.

A 2016 Ofcom survey into adult media use and attitudes revealed how critical this was.[5]  It showed that 18% of established internet users would not enter payment details into a mobile device because they had security concerns and that 38% (a figure that is rising) of new internet users felt the same.

The evidence available does suggest that security concerns could have the potential to negatively impact on m-commerce. However, if we view this as an opportunity there is massive potential to enhance brand value by demonstrably taking steps to help ensure consumer protection and security.


What do consumers want? 

Put simply, we believe the digital consumer wants to feel in control. While many mobile payment options offer one-click payments, this takes away some element of control over the transaction for consumers.

Our own research, published earlier this year showed that 85% of consumers would value the opportunity to be notified of a transaction and enter a PIN to authenticate themselves for larger transactions.[6]

We are not alone in recognising the importance of giving consumers what they want. The European Union’s Second Payment Services Directive (PSD2) has, at its heart, the principle of giving control to consumers in their transactions.

This principle is vitally important because if we are to foster a new confidence in digital commerce then it is not enough that it is secure, consumers have to genuinely feel secure too. Giving them control is a critical element of this.

One of the worst aspects of being a victim of fraud is having to deal with the consequences. Contacting a large financial organisation or merchant to report fraud is often a long and torturous experience.  Newspapers frequently report in consumer sections on how challenging it can be for consumers to recover the money that they lost, often with forensic like analysis of individual cases that have gone wrong.  Often the merchant or bank loses the case with a “goodwill” gesture compensation payment.


How to boost confidence in security

‘Segmented’ is a good way to describe how the FinTech industry deals with the fraud that impacts on security but fragmented might be even better.

It is fantastic that we are working in an industry so innovative and forward looking, however, almost all the developments are dependent upon existing infrastructure.

The fundamental problem remains that each new technology adds another variable. It’s another app for your phone, another different password to remember and another potential open door for fraudsters.

The FIDO Alliance is one organisation working to provide a single framework to define a unified on-line authentication process. This is an endeavour which should be fully supported by all industry stakeholders, not least because it will provide a critical boost to security and help give that control to consumers.

Right now, we are at a tipping point. Confidence in online security is low among new users and more data breaches are only going to make this worse.

We want to encourage businesses to pause and ask themselves if they are really giving consumers what they want or would consumers be happy for a little more friction for a lot more security.

The industry-wide acceptance and deployment of Chip&PIN in 2006 serve to demonstrate the positive impact such an initiative can achieve, cutting fraud in face-to-face transactions by 70%. We have the same opportunity again with m-commerce - to deliver familiar, strong multi-factor authentication via our mobiles.

[1] The Grocer, 2016

[2] Department for Culture, Media and Sport, 2016

[3] The Guardian, 2015

[4] WorldPay, 2015

[5] Adult media use and attitudes, Ofcom, 2016

[6] PIN: From brick and mortar to mobile

Meet the Author

David Poole

David Poole of MYPINPAD is a payment, security and authentication expert who is a regular speaker and author on the need to bridge the gap between rigorous security and smooth customer experience. David’s work has been featured in leading journals such as Banking Technology, Internet Retailing and Gambling Insider



Meet MyPinPad

Picture1MYPINPAD (MPP) is an enabler of multi-factor authentication for touchscreen devices such as mobile phones and tablets. MYPINPAD provides a modular PaaS or customer hosted platform that delivers security with familiar and friendly user authentication interfaces, including cardholder PIN. MPP operates throughout Europe and Asia. With simple integration into modern and legacy payment systems, the Company enables acquirers, issuers, card schemes, merchants and PSP’s around the world to better manage risk and fraud.