The Fraud Picture
A December 2018 survey by global data and analytics company Lexis-Nexis Risk Solutions found that online fraud attempts had risen by 35 percent from a year ago. In part, the increase in online card-not-present (CNP) payment fraud is related to a decrease in card-present fraud as a result of increased use of EMV chip cards. Chip card usage and acceptance was sluggish to start, but has picked up over time. According to EMVCo, the organization that manages the standard, most transactions are chip card transactions now. As card-present fraud has decreased, card-not-present fraud has risen. Just as they tackled card-present (CP) fraud with EMV, card networks are hoping Secure Remote Commerce (SRC) will turn the rising tide of CNP fraud. (For more on the difference, see our article: Card Present vs. Card Not Present Transactions). On October 22, 2019, the four majors card brands – American Express Co., Discover Financial Services, MasterCard Inc., and Visa Inc. – unveiled a new technology expected to fortify online defenses for both businesses and consumers. The platform, christened Secure Remote Commerce, will simplify and secure card transactions on websites, mobile apps, and connected devices.So what is Secure Remote Commerce (SRC) anyway?
As the name suggests, Secure Remote Commerce (SRC) is about protecting remote transactions. EMVCo says SRC “is a set of specifications… that enable the creation of a ‘virtual payment terminal’ [and] provides a foundation that will enable industry solutions for the processing of e-commerce transactions in a consistent, streamlined fashion across a variety of remote-checkout environments and consumer devices, including smartphones, tablets, PCs and other connected devices.” In other words, SRC seeks to increase security and streamline the payment process for card-not-present payments no matter how they’re made. Whether a customer uses a smartphone, tablet, computer, or any other device to make a purchase, that payment should be easy and secure. SRC will present them with a “universal buy button” that they can click to complete a purchase. That button will allow them to choose from cards that they’ve securely stored, eliminating the need to enter card details each time. The SRC standard is the product of work that started in early 2018, when EMVCo began experimenting with ways to tackle online payment fraud. EMV was a big step up in security from the magnetic stripe card for face to face transactions, and experts hope that SRC will be a big step up in security for non face-to-face transactions. While the static information on traditional magnetic stripe cards – name, card number, expiration date, service code, card verification code – can be easily copied, EMV cards rely on dynamic authentication. A dynamic authenticator changes with each authentication session between the applicant and verifier. SRC is meant to provide the same robust measure of security to card-not-present (CNP) payments that EMV gave to card-present transactions and in some ways mimics it.How It Works
The ease of interaction has become an important consideration in UX payment design. Every inconvenience a customer encounters is a hurdle to completing the checkout process. Too many and the consumer may give up, leaving behind their online shopping cart or checkout page. SRC mitigates this problem by fostering a faster, simpler checkout, particularly where the business has already collected the customer’s card credentials and shipping information. Instead of a plethora of payment options, consumers will be greeted by the single universal buy button. From there, they can choose any of their stored cards. The simplicity should reduce the chances of frustration and result in more customers making it all the way through checkout. “It’s incredibly hard to put numbers on it, but we certainly expect abandonment rates to drop,” says TS Anil, global head for payment products and platforms at Visa.SRC: Universal Buy Button
SRC is as much about customer convenience as it is about security. The technology aims to avoid confusing, time-consuming checkouts by providing one universal Buy button, a feature meant to be the online equivalent of the single payment terminal at a physical store. You may see the SRC technology referred to as a universal buy button. This is how it’s meant to work.
Consumers will be presented with a choice of payment methods on a prominently displayed Buy button. To check out, a shopper will click on the Buy button and enter their email address. The SRC button will bring up all the cards owned by the consumer, regardless of network brand. The consumer then selects one “card” to complete the purchase. If it’s their first time, the consumer will have to navigate a guest-checkout routine and enter card details and billing address. From there, they’ll have the option to create an account for quicker payment for future purchases when using the buy button on any site.
Benefits to Businesses
Apart from beefing up security, SRC could provide a more satisfying experience for consumers. There will be no need to enter personal and payment details at every shopping site. A customer can sign up with their bank or card issuer once, and then simply choose the card they want from the universal buy button. According to Mastercard, the benefit is to allow consumers to make purchases without having to log into an account. It’s intended to seamlessly replace the “guest checkout” experience without requiring you to enter card details every time you want to make a purchase. Since the universal buy button reduces customer hassle, businesses expect it will lessen the rate of cart abandonment. SRC is intended to be easy to implement and maintain and will encourage the addition of options, thus increasing consumer choice and reducing friction at the time of checkout.Limitations and Negative Perception
Although SRC applies to a wide range of payment methods, the standard excludes some major payment options, such as PayPal. That clearly means that the universal buy button isn’t quite so universal. Some business advocates think that SRC is a “clunky” user experience. Others point out that most businesses that accept online payments have already solved any issues with streamlining checkout and that customers don't have issues with existing guest checkout options.Rolling Out SRC
The launch of SRC got underway after three high-profile retailers – movie-ticket marketer Cinemark, a charity site aimed at men’s health called Movember, and giant Japanese ecommerce platform Rakuten – signed on. Additionally, a joint press release by the Big Four card brands states that “BassPro, JoAnn Fabric and Crafts, Papa John’s, Saks Fifth Avenue, SHOP.com, Staples, and Tickets.com” plan to adopt SRC. The card companies are now focusing on converting current systems to the new click to pay system. But, until next year, early adopters may be few and far between. Card network executives believe that most retailers won’t make sweeping changes to their payment process as the busy holiday season approaches. However, a number of companies in payment processing have already begun to offer the new technology. Early adopters include Adyen, Authorize.Net and parent CyberSource, Global Payments, and Stripe.Implementing SRC
If you want to implement the SRC universal buy button, contact your credit card processor. To start, your business will need an SRC Initiator (SRCi), embedding a virtual terminal in your checkout application. The virtual terminal provides access to a wide range of networks, e.g. ACH, card networks, etc. The SRCi does the job of integrating these networks seamlessly into one network. A Digital Card Facilitator (DCF) securely stores users’ card data. Consequently, for the business, there is no change from the way existing systems handle the authorization and settlement processes, and individual businesses are not responsible for storing card data.Finding a Processor
Do you need a credit card processor or want to switch from your current provider? CardFellow can help. Simply sign up for a free membership to get exclusive rates on credit card processing. Additionally, you'll get expert assistance on setting up your account and payment channels. Try it now!Conclusion
In short, the SRC Buy button means greater consistency and fewer steps at checkout for consumers, regardless of how they choose to pay. SRC also eliminates the requirement to enter personal account numbers and payment information, which can be an onerous process. The more information a customer must provide, the greater the chances they will not complete checkout. SRC aims to change all that, providing consumers with a secure, streamlined checkout process that remains the same across many different ecommerce sites.
Ben Dwyer
Ben Dwyer began his career in the processing industry in 2003 on the sales floor for a Connecticut‐based processor. As he learned more about the inner‐workings of the industry, rampant unethical practices, and lack of assistance available to businesses, he cut ties with his employer and started a blog where he could post accurate information about credit card processing. As the blog gained in popularity, Ben began directly assisting merchants in their search for a processor. Ben believes in empowering businesses by providing access to fair, competitive pricing, accurate information, and continued support. His dedication to transparency and education has made CardFellow a staunch small business advocate in the credit card processing industry.
