How will online shoppers react to new PSD2 security rules?
By Duncan BarriganJun 20193 min read
Today, we released research from a GoCardless survey into consumer attitudes around security and convenience when buying online.
The findings show that UK consumers are torn between valuing convenience and security when making purchases online – but they value “speed and ease of payment” more than their European counterparts.
The GoCardless study, 'Security vs convenience in the payment experience', asked 4000 consumers in the UK, France, Germany and Spain, about their attitudes and behaviours to online shopping, and found that:
Nearly half of UK consumers (43%) consider “speed and ease of payment” the most important factor when paying for something online, compared to one third in France (32%) and Germany (33%) and less than a fifth in Spain (17%).
Shoppers in all markets place high value on a secure checkout process: French shoppers showed the greatest preference for security (62%), followed closely by German (61%), Spanish (58%) and UK (55%).
The research is published ahead of the introduction of Strong Customer Authentication (SCA); a new, European-wide, two-stage verification process coming into force from September 2019 as part of PSD2.
(Note: On 13 August 2019 the Financial Conduct Authority (FCA) confirmed that enforcement of SCA in the UK will include a phased 18-month implementation, starting on 14 September 2019 and ending March 2021.)
As a result, shoppers will have to provide two sets of security information – that could be a password or PIN, biometric information, or device information like a mobile number – to authenticate an online purchase.
How will consumers react to the new rules?
Our survey suggests business will need to manage the changes to checkout flows carefully to avoid a drop off in conversion:
Nearly half (45%) of UK shoppers said they would be frustrated with a favourite brand that introduced new security processes during online checkout and a fifth (23%) would shop less with them.
Nearly a third of UK shoppers (27%) would abandon a purchase if a retailer they hadn't shopped with before offered a secure but inconvenient buying experience.
Almost two thirds (63%) would pay for an online subscription with a low risk payment method like direct debit as a way to avoid complex security at check-out.
We also asked payers how they felt about giving away different types of security information, described by SCA. A significant number of UK payers were uncomfortable giving out personal data:
31% of consumers were uncomfortable giving out biometrics like a fingerprint
22% were reluctant to give a mobile number
24% were still uncomfortable giving out passwords or memorable words.
Interestingly, the need to give away complex security information makes as many people feel suspicious as safe (40%).
Should merchants fear or welcome SCA?
Protecting shoppers from fraud when they pay online is crucial, and new regulation which achieves this should be welcomed.
The flipside is that these measures, if implemented badly, could significantly disrupt consumers and lead to a significant conversion hit for businesses.
Businesses need to work with their payment providers to find the right balance between security and convenience at checkout.
SCA was primarily designed to increase the security of online payer-initiated transactions, and to reduce the problem of payer fraud. To understand the likely business impact of SCA, view the complete guide to Strong Customer Authentication (SCA).