Standardization of Stored Digital Payments Credentials

The changing world of payments seems to be a constant struggle between innovation and standardization. Payments have evolved at a breakneck speed and continue to surprise with new methods that inch closer to an invisible experience. We’ve seen payments at the physical point of sale evolve as EMV chip & PIN technology was rolled out in the US and as contactless payments gained momentum. Digital payments have continued to gain traction as the internet of things (IoT) and connected devices enable more seamless ways to pay. Globally, retail E-commerce sales are predicted to be nearly $5.4 trillion in 2022. While e-retail sales accounted for 18% of the overall retail sales worldwide, this share is projected to grow to 21.8% in 2024.

This growth requires enhanced security. The volume of transactions occurring via various channels has thrust security issues into the spotlight, especially as we endure the era of mega retail breaches. The payments space continues its tightrope walk across convenience and security — aiming to simplify payments experiences for consumers while enhancing security and making authentication a seamless, behind-the-scenes event. This is especially important with the rise of credential-on-file (CoF) payments (a.k.a. card-on-file), where consumers authorize a retailer or other business to store their payment credentials (account number and expiration date) and to bill the consumer using those stored credentials.

Consumer Preferences

Consumer preferences shift and evolve daily. In addition to overarching trends that are impacted by advancements in technology and new ways to pay, consumers tend to favor different payment methods for different types of purchases. People are likely to use ACH for recurring expenses like rent and are more likely to use credit cards on discretionary retail spending.

Emerging Frameworks for Remote Commerce Security

One of the ways the payments ecosystem is trying to ease the tightrope walk around digital payments is through the development of authentication frameworks. EMVCo created the EMV® Secure Remote Commerce (SRC) framework to facilitate a virtual payment terminal. This would serve as a foundation for processing E-commerce transactions in a more streamlined, standardized manner in remote-checkout environments. Consumers would be able to more easily make payments from smartphones, tablets, and other connected devices without having to jump through complex authorization hoops. On the other hand, merchants and issuers would enjoy simpler integration processes. More specifically, the EMV® SRC Specifications enable:

• Payment data to be securely exchanged across a remote commerce environment via defined interfaces
• Options for using dynamic data to enhance payment transaction security on SRC-enabled websites, mobile apps, and other E-commerce platforms
• Increased security through compatibility with other EMVCo technologies, including EMV® Payment Tokenization and EMV® 3-D Secure.
• A recognizable common user experience via a payment icon that alerts the consumer that EMV® SRC is being used as a foundation to process card-based payment transactions

Subsequently, Visa has its own implementation of EMV® Secure Remote Commerce standard: Visa Secure Remote Commerce. Visa SRC uses the Visa Token Service to streamline payment detail collection and enhance the digital payment experience. Visa Token Service adds a layer of security to card-not-present (CNP) transactions by replacing sensitive data (like account numbers) with a token, or unique digital identifier. This token is then used for the payment, eliminating the need to expose the more sensitive payment data. Visa Tokens improve authorization rates by 3.2% on average and lower fraud rates by 67%.

Why SRC Matters to the Payments Ecosystem

The entire payments ecosystem stands to benefit from the standardization of the SRC protocol. The most obvious benefit is enhanced security. As PAN entry and storage are eliminated and replaced with stored Visa (or other) Tokens, fraud rates drop significantly. The potential impact of a data breach also decreases. In many cases, this tokenization can be augmented with device-binding, consumer authentication tools, and other security measures that boost security even more.

Standardization of secure remote commerce also simplifies the user experience (UX). Standards-based solutions that customers are familiar with can improve the card-based payments experience, both for consumers and within merchant checkout environments. As a result, SRC can lead to better conversion and authorization approval rates.