1. The changing world of payments Joe Thompson, Senior Director, Tech & Product at Xoomworks Technology, discusses the changes impacting the payments industry and what they mean for merchants.
2. Is open banking the downfall of credit cards? Open banking is enabling a more direct payment experience, simplifying the payment flow and reducing the risk of digital payments. How are consumers and merchants responding to direct payments, and what does it mean for credit cards?
3. Today’s challenges for eCommerce merchants The eCommerce revolution presents challenges for merchants and payment processors alike. Their approach to embracing and addressing these challenges and transforming the eCommerce experience is converting window shoppers into repeat customers and sorting out the leaders from the followers.
4. The A-Z of global industry payment standards and jargon KYC, GDPR, AML, PCI DSS – eCommerce merchants need a comprehensive, global approach to payment processing compliance that evolves in response to regional and global requirements. Working with a payment partner that fully understands compliance will set you ahead of the competition.Xoomworks case studies from: F4ID, a humanitarian organisation Global Hotel Card Just Giving
The changing world of payments
Joe Thompson, Senior Director, Tech & Product at Xoomworks Technology, discusses the changes impacting the payments industry and what they mean for merchants.
The payments landscape has undergone a significant revolution during the pandemic with the accelerated consumer adoption of eCommerce and digital payments. Merchants who want to gain a competitive advantage need to optimise their user experience and adapt their payments processes to the current environment and consumer preferences.
Whether you’re looking to change your payments platform, optimise your payments infrastructure, or better understand today’s payments landscape, this ebook is for you.
How has the payments landscape evolved in recent years?
We have witnessed the biggest shift in payments globally during the pandemic, which has been a catalyst for change in consumer behaviour. The restriction on physical commerce across many sectors has driven retail spending online, and merchants who were previously reliant on physical trading to accelerate their journey into eCommerce.
The pandemic has also accelerated a shift from cash to digital payments, which have become the new norm for consumers. Cash has become an antiquated payments system that is practically extinct in some countries. And a growing preference for contactless and mobile payments is challenging credit cards as consumers turn to their phones.
The global digital payments industry hit $5.4trn value in 2020, almost a 16% increase year on year. The entire sector is expected to continue growing in 2021, with transaction value jumping by 22% to over $6.6trn.
What are consumers looking for in digital payments?
As consumers embrace online shopping and digital payments, they are looking for innovation in user experience. They are very familiar with consuming content digitally and demand that same slick experience when it comes to eCommerce. And that excellent experience needs to continue right through to point of sale.
Consumers want convenience, simplicity and security when making purchases – and for more choice when it comes to payment methods. One payment method doesn’t fit all; the most discerning consumers are likely to use different payment methods in different scenarios. Shoppers will abandon baskets at the point of sale because their preferred payment method isn’t supported or the process is onerous.
What do merchants need to do to gain competitive edge?
We work with merchants across a variety of industries on their payments infrastructure – from cutting-edge startups and some of the world’s largest enterprises – our advice is consistent irrespective of the industry sector:
Deliver an excellent customer experience throughout all stages of the purchasing journey – from window shopping to point of sale – with a focus on convenience, simplicity, and security
Offer a range of payment options to avoid losing customers at the final (basket) stage. Consumers aren’t always up to date on the pros and cons of all the different options and what it means to them, so try to highlight this for them
Merchants embracing innovation and delivering a convenient, simple and secure customer experience are winning their share of customers.
What are the biggest challenges facing merchants?
The world of payments is complex, especially when it comes to eCommerce and you’re operating on a global scale.
You’re dealing with localisation, regional and global regulation and compliance, GDPR and how you handle data, not to mention security.
Are you offering the accepted payment methods and card providers in each country? Are you equipped to handle payments across all currencies? Are you aware of and compliant with global and regional regulations? Are you managing, storing and using data according to GDPR in the EU?
Testing regimes are also critical – if you’re serving ads, there’s a bit of room for error; if you’re handling payments, that is less true. People like to know that their payment infrastructure is working perfectly.
Is open banking the downfall of credit cards?
Open banking is enabling a more direct payment experience, simplifying the payment flow and reducing the risk of digital payments. How are consumers and merchants responding to direct payments, and what does it mean for credit card payments?
Open banking gives merchants and payment processors the tools to build a simplified, more direct payment solution that reduces a lot of the risk and cost associated with credit card payments by effectively removing the middle man. Otherwise known as a push payment – a consumer buying a product or service online or in-store can go to their bank account in one click or scan a QR code to make the payment immediately.
Consumers are responding well to new direct payment as it gives them more control of their finances. A host of applications and service providers are leveraging open banking to give consumers the ability to move and manage their money more easily. Not only does it give consumers greater transparency into what they are paying, but there is also a reduced risk of security breaches as fewer players are involved. With instant, direct payments, no personal data is handled, so consumers are less vulnerable to hacking.
What’s more, it’s cheaper – and the transfer of funds is immediate, which means it’s much easier for consumers to keep track of their spending and avoid being hit with unexpected bills at the end of the month.
Merchants are reaping the benefits of direct payments with no chargeback risk and lower costs
Direct payment is putting merchants in control and helping significantly with cash flow, which even before the pandemic was a top concern for merchants. It removes the intermediary as they only have to deal with one party. There is no chargeback risk, and the costs are much lower.
In high-value transaction sectors such as travel, where the risk is built into card payments, merchants may have to wait weeks or months for their money. This can have a significant negative impact on cash flow. With direct payments, they get paid immediately.
With consumers and merchants embracing the benefits of direct payments enabled by open banking, does this mean the end of the credit card? Research suggests not in the medium term – there is still a time and a place for credit card payments.
Today’s challenges for eCommerce merchants
The eCommerce revolution presents challenges for merchants and payment processors alike. Their approach to embracing and addressing these challenges and transforming the eCommerce experience in converting window shoppers into repeat customers and sorting out the leaders from the followers.
The world of payments is complex, especially when you’re operating on a global scale. Ecommerce may have reduced some of the barriers to cross-border trading, making it easier for companies to gravitate towards global expansion, but with this comes challenges.
One of the biggest challenges facing merchants is optimising payments through localisation. Merchants operating across borders – or globally – need to embrace and handle local languages, currencies, and payment methods to drive sales conversion and gain market share. Using local payment vendors in every country to manage the complexity of localisation isn’t a supportable model for global merchants who are gravitating towards payment service providers that have the capability and expertise to localise across many countries. When it comes to localising payment methods, it’s no longer just about deciding which card providers to support. Consumers are becoming more discerning about payments and demanding a choice of payment types, including direct payments. To be successful, merchants need to embrace this shift and evolve to meet the demands of consumers in every country they trade in.
We can help you solve your payments problem
We’re technology partners to organisations like Save the Children International, Just Giving, Expedia – to name a few. They trust us to create fintech products for complex situations. Let’s talk about how we can solve your fintech challenges.Book a meeting
The regulatory and compliance landscape for payments is intricate as merchants need to adhere with global and regional regimes. Perhaps the most difficult to navigate is General Data Protection Regulation (GDPR), introduced to drive companies to protect user data better. GDPR impacts the data businesses are collecting, how it is being used and has significant consequences for companies that fail to comply. GDPR doesn’t only impact how European organisations operate; businesses from other regions that trade in Europe are affected too. Representing a real challenge for IT departments, GDPR compliance requires both technical and human resources. Many businesses just don’t have the internal resources to dedicate to this fully. It’s not just an issue for IT departments. Payment operators, who handle banking data in addition to other personal information, have to spend many hours with their IT, legal, HR, finance and marketing teams to ensure sensitive data is treated as it should be. For companies handling payments, the cyber security stakes are high The rise in cybercrime is a huge challenge for any business that trades online, and for companies handling payment data, the stakes are even higher. Techniques adopted by fraudsters are getting more and more sophisticated, and the payments sector is finding it hard to keep up. And although the transition from cash to digital payments has been explosive, the necessary security controls haven’t advanced in the same way. To avoid being the next victim of a cyberattack, businesses processing highly sensitive payment data need to keep on top of any vulnerabilities by updating their software as soon as prompted and backing up their systems regularly. Cybersecurity awareness among employees is also critical and needs to be maintained as fraudsters become even more clever.
Decoding global industry payment standards and jargon
KYC, GDPR, AML, PCI DSS – eCommerce merchants need a comprehensive, global approach to payment processing compliance that evolves in response to regional and global requirements. Working with a payment partner that fully understands compliance will set you ahead of the competition.
AML (Anti-Money Laundering) AML rules are designed to enhance international security, promote the integrity of global financial systems and prevent financial markets from being misused for criminal activities.
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) eCommerce retailers use CAPTCHA to verify whether the customer is a real person and not a robot. CAPTCHA manipulates letters and numbers to make them difficult for computers to read and relies on the human ability to determine what they are. For CAPTCHAs to be most effective, images need to be distorted and changed frequently so they can’t be “learned” by robots.
MFA (Multi-Factor Authentication) MFA plays a key role in identity and access management (IAM) for eCommerce merchants. An alternative to requesting a username and password, MFA verifies a user’s identity via multiple credentials to create a greater level of confidence that the user is who they say they are. These include anything from an answer to a security question, a code, or a fingerprint.
PCI DSS The PCI DSS standard was designed as a minimum standard to protect cardholder data from fraud. It was created by the Payment Card Industry Security Standards Council (PCI SSC) made up of American Express, Discover Financial Services, JCB International, MasterCard and Visa. It includes 12 high-level requirements and enforces controls around the storage, transmission and processing of cardholder data. The level of compliance required is based on the number of transactions processed by the merchant each year. PCI compliance examines how data is handled across the organization to identify potential vulnerabilities that could put cardholder data at risk. Although retailers are not legally obliged to be PCI DSS compliant, penalties may be imposed by the PCI SSC for non-compliance.
GDPR (the General Data Protection Regulation) GDPR is an EU specific regulation that protects the personal data of customers and how it is gathered, processed and managed. Personal data includes anything from a name, email address, or phone number, to bank and credit card details. Under the regulation, merchants must ensure that personal data provided at the point of sale is gathered legally for a specific purpose under strict conditions to protect it from misuse. It applies to any business based in the EU, as well as businesses from outside the EU who are trading within the EU.
KYC (Know Your Customer) KYC requires businesses from almost every industry to identify and verify customers before accepting payments from them. This involves collecting and cross-checking information about the customer across multiple data sources to prevent criminal entities from engaging in money laundering and terrorist financing globally. The confidential customer data verified in the process must be managed in accordance with data protection regulations.
Sanctions Screening Sanctions screening is an integral part of AML regulation and involves verifying names of individuals against designated and regularly updated sanction lists. To be effective and accurate, the process must continue to be up to date and checked against constantly changing lists.
SSL (Secure Sockets Layer) The SSL protocol encrypts data and authenticates a connection when moving data on the Internet. TLS is an updated version of SSL offers more security. Sensitive information is encrypted and only accessible by the intended recipient – protecting it from malicious actors. SSL certificates are issued to companies that successfully complete a series of checks. The proper usage of an SSL Certificate is a requirement of the Payment Card Industry (PCI) standards.
Read more client stories
A biometric payment system for F4ID, a humanitarian aid
International sanctions collapsed banking infrastructure, and insecure transfers prevent aid from reaching some of the world’s most vulnerable people. Many aid agencies prefer to empower individuals by providing cash for aid recipients to spend where they need most – a roof over their heads, petrol to get to work, medicine, school fees or food.
A payment solution for integrating gift card vouchers in a complex ecosystem
When Global Hotel Card changed hotel suppliers to the Expedia Affiliate Network – now called Expedia Partner Solutions, it needed to adapt its underlying technology and payments infrastructure to do two things. First, enable payment for the hotel accommodation on the Global Hotel Card website and second, redeem payment from Expedia.
Visualising the next generation of fundraising tech
Xoomworks Technology conducted workshops and focus groups with the Just Giving team before developing and testing a proof of concept based on Agile principles. The challenge was to solve the issue of Payment Card Industry (PCI) compliance, GDPR data management and how to develop the concept into new fundraising services.