By: Doğuş Şahin, Ahmed Al-Husseiny, Knut Schlohmann and Felipe Echeverri
Published: October 19, 2022 | Updated: July 31, 2024
Read time: 9 minutes
- Table of contents
Introduction
Consumers create trends; businesses then scurry to catch up. As shoppers increasingly moved online in recent years, retailers raced to accommodate them.
Yet in all the frenzied activity, including an influx of alternative payment methods to cater to cash users wanting to go online, the fundamentals of card payments were largely untouched.
Superficially it might appear that retailers, payment service providers (PSPs) and even issuing banks largely took cards for granted. Card payments were not going anywhere, and — unlike cash — they already worked online.
The story played out rather differently offline.
Card issuers, PSPs and retailers rallied around a contactless standard to allow consumers to tap cards to make quick in-store payments that often displaced cash use. The convenience of a secure tap-and-go payment contributed to better shopping experiences with shorter wait times and allayed concerns around cleanliness in the wake of Covid-19. Worldwide, over two thirds of in-person transactions on Mastercard’s network were contactless in 2023; the share was one third before Covid-19.
Nearly three quarters of shoppers always or often manually enter their payment details when they make an online purchase.
Yet despite huge e-commerce growth due to Covid-19, the newfound convenience and consistency offline did not make its way online. A closer look shows the cause was less about neglect and more about complications specific to e-commerce around fragmented technology and the manual entry of card details at checkout.
Nearly three quarters of shoppers always or often manually enter their payment details when they make an online purchase, according to a consumer survey conducted in November 2023 on behalf of Mastercard. It is high time for the benefits of offline taps to come to online clicks.
The future of e-commerce now increasingly depends on issuers, PSPs and retailers rallying around a secure online one-click checkout standard in the same way they rallied around a secure offline contactless standard.
Click to Pay, the consumer-facing name for EMVCo’s EMV secure remote commerce (SRC) specifications, provides that standard. It obviates the need for passwords and provides a consistent checkout experience across devices, operating systems and retailers without making consumers re-enter information.
- Explore more
Payment acceptance moves to the forefront of payment technology
Cardholder or card not present as physical and digital payments blur?
Complementing — not replacing — card on file
Card on file (CoF), also known as credential on file, refers to a consumer storing their payment card information online with a retailer. It provides a quick and easy alternative to guest checkouts by avoiding the need for repeated manual inputs. It is popular with retailers, but it comes with two problems.
Firstly, CoF is retailer specific. So, a consumer has to store their information across multiple retailers. Secondly, from a consumer standpoint, the acronym CoF might as well stand for concern over fraud. Security is the primary deterrent to storing payment information online: a concern for 58% of consumers, according to the Mastercard 2023 survey.
Although fears around paying online have lessened as e-commerce has grown, consumers still trust in-person payments more. Out of 14 payment methods compared in Mastercard’s New Payments Index in 2022, consumers perceive the 3 traditional offline methods — cash, card swipe or insertion, and contactless card tap — as more secure than the other 11 online or emerging digital methods.
Tokenization, or a payment network’s replacement of sensitive card numbers with non-sensitive surrogates, reinforces CoF security to make cards less vulnerable to fraud. It helps protect card details when saved on file at an e-commerce site and separately when used for transactions on the site.
But security can be as much about perception as reality. And as high-profile data breaches continue to make headlines, it can be a challenge to convince consumers to save their cards on file even with well-known consumer brands or with multiple retailers.
Small businesses may particularly struggle because their checkout experiences are sometimes hosted by PSPs with brand names unfamiliar to consumers. Despite tokenization, many PSPs also deem safeguarding CoF as too burdensome for small businesses if their customers are not frequent shoppers.
Still, CoF remains an asset to many businesses, and the purpose of a one-click checkout is not to compete with it. Rather Click to Pay exists to appeal to all consumers who would otherwise end up making payments via cumbersome guest checkouts that are not secured by tokenization on the storage and transaction levels.
Complementing — not replacing — digital wallets
Contactless card payments happen in two ways: the tapping of a contactless card on a point-of-sale (PoS) terminal, or the tapping of a digital wallet containing a digital tokenized card on a PoS terminal. The same near-field communication (NFC) technology is built into the cards themselves or into the mobile devices hosting the wallets.
Acceptance of these NFC-enabled payments forms part of open-loop payment networks rather than as closed-loop arrangements with individual retailers. But the open-loop acceptance of in-store taps is not as easily replicated in e-commerce clicks.
Instead of a unifying NFC technology, many incompatible device-specific operating systems clutter the space. Retailers and PSPs are left to pick and choose between different wallet providers across different operating systems. Consumers find themselves needing to reenroll their cards when they switch device providers or upgrade their devices.
Fees to retailers and PSPs may also vary based on the ability of wallet providers to write off operational costs as brand building, to package them with other payments-related services, or to offset them by brokering deals with partners in the payments ecosystem. And as with CoF for retailers, anything other than the full tokenization of saved card details introduces unnecessary risk for wallet providers.
Still, although a surfeit of payment buttons is not desirable, healthy competition between wallet providers in-store is as welcome as eliminating competition between them in e-commerce is unwelcome.
It is not just the shoppers that risk being paralyzed by too much choice
Shoppers may prefer one wallet over another because of other affiliated services, such as software integrations or loyalty programs, that occur outside of simple one-click checkouts. Retailers want to provide options, but they do not want cluttered checkout pages. Nor do they always know what combination of options will best serve. It is not just the shoppers that risk being paralyzed by too much choice.
A one-click checkout via Click to Pay is in many respects another digital wallet. The difference is that its platform-independence offers the same assurances as a contactless tap to provide a secure, convenient and consistent payment option that is fully open-loop across all EMV-backed payment networks. Retailers and PSPs may then selectively add support of other wallets to cater to specific predilections within their customer bases.
Working together: The issuer, the PSP, and the retailer
EMVCo backs the EMV secure remote commerce (SRC) specifications behind Click to Pay just as it backs the EMV contactless specifications for tap payments. The adoption of SRC specifications for a one-click checkout will likely follow a similar pattern to its contactless predecessor.
A trio of issuers, PSPs and retailers represent the three main partners in a one-click rollout. But the Italian neologism “triello” — referring to a three-way duello or duel — is perhaps more appropriate than “trio” in terms of the partial standoff between them. Each wants to see clear commitment from the other two before investing, albeit with the PSPs essentially following the lead of the issuers and retailers by providing infrastructural support.
57% of online shoppers cite the ability to shop anytime, anywhere and from any device as a reason for online shopping
Government mandates and collective pressure from industry associations can foster collective action. But for contactless cards, the ultimate tipping point — or rather tapping point — came with Covid-19. The ability to get in and out of stores quickly and without touching anything suddenly became a health concern rather than just a matter of convenience. Contactless transactions grew 40% worldwide in the first quarter of 2020 as Covid-19 spread across the globe, according to Mastercard data.
E-commerce’s clicking point is approaching fast. Roughly two thirds (57%) of online shoppers cite the ability to shop anytime, anywhere and from any device as a reason for online shopping, according to the Mastercard 2023 survey.
Shoppers’ e-commerce expectations have been primed by their contactless experiences in store. Future-minded issuers, PSPs and retailers may do better to come together sooner than end up chasing the inevitable later.
Working together: Mutual roles and benefits
The issuer-PSP-retailer trio share many of the benefits of a secure platform-independent one-click checkout standard.
Most notably, Click to Pay’s support of tokenized stored card details and tokenized transactions boosts approval rates and reduces e-commerce fraud across the board. In addition, the three partners each particularly benefit in other areas:
Issuers: Maintaining customer relationships
The adoption of a one-click standard does not rely on consumers manually enrolling their cards.
Instead, issuers can make it a default card feature through cardholder auto-enrollment. Alternatively, they can encourage cardholders to “push” their card details as tokens, or they can share consented cardholders’ credentials in bulk for automatic recognition at checkout for easy enrollment. These approaches allow issuers to maintain control over the customer relationship rather than cede it to intermediary providers, and easy enrollment helps secure top-of-wallet status.
Tokenization also supports automatic billing updates that let transactions continue uninterrupted even when a card is being reissued. It further allows the removal of tokens from wallets in the event of a security concern without affecting the original plastic cards.
PSPs: Offering an alternative to manual guest checkouts
A recognized one-click checkout experience on a PSP-hosted page provides an opportunity to convert cumbersome guest checkouts into quick and convenient payment solutions for retailers. It additionally allows interoperability across multiple devices irrespective of retailer or device.
PSPs that are not household names may particularly benefit from a globally recognized Click to Pay brand. They can also support smaller retailers without needing to push additional investments in CoF and last-mile checkout technology.
Retailers: Reducing cart abandonment
More than four fifths (83%), of online shoppers have abandoned an online shopping cart, according to the Mastercard 2023 survey.
Almost half (49%) noted abandoning carts because of too many points of friction, 40% disliked the need to enter or save too much information, and 25% found the checkout experience to simply take too long. A convenient and trusted one-click payment option at checkout can reduce the frustration that risks distracting shoppers, and it can allay any security concerns that may deter them from completing purchases.
In addition, device recognition technology recognizes consumers within and across retailers to allow retailers to instantly cater to returning consumers’ needs.
Conclusion
Ironically, the ability of a secure one-click checkout to disrupt the e-commerce status quo comes from its ability to not be too disruptive. It is embedded directly within checkout, allows all cards to be managed and updated in a single profile that recognizes returning users, coexists with CoF and digital wallets, offers the trusted predictability of EMV specifications, and it benefits all sides of the issuer-PSP-retailer trio.
For the independent payment networks behind the collective EMV specifications for Click to Pay, opportunities to differentiate come from what they can deliver on top of the one-click standard.
For now, those opportunities may involve providing quality user experiences to smooth out cardholder and retailer onboarding and checkout processes, the pushing and bulk provisioning of cards, marketing to establish the standard across geographies, and a behavioral analytics layer as an additional form of security outside of tokenization.
Future differentiation will likely come from how payment networks incorporate additional card-related payment solutions, such as paying by installments, paying with reward points, and paying with cryptocurrency-linked cards. Success will depend on how seamlessly all these new and evolving cardholder needs can be encapsulated in one simple click.
Mastercard Digital Enablement Service (MDES), including MDES Token Connect, supports the individual pushing or bulk provisioning of tokenized credentials to any digital wallet — including Click to Pay — and to retailers for CoF solutions. As an EMVCo member, Mastercard also provides the secure remote commerce (SRC) platform behind the onboarding and checkout experiences of cardholders via Click to Pay.
Mastercard further supports issuers, PSPs and retailers with Click to Pay through Mastercard Advisors. Services include the identification of value propositions, the design and implementation of user experiences and user interfaces, project management support, and marketing services to boost awareness and adoption.
Contact us to learn more.