Businesses not ready for SCA, worried about impact on UX: report

1st August, 2019

A report released by the Emerging Payments Association has highlighted that the implementation of Strong Customer Authentication is a cause of concern at this juncture.


The purpose of the new Strong Customer Authentication (SCA) rules is to make online payment more secure and to cut down the risk of fraud. Even as the readiness for the same is being assessed, a report has highlighted that 75% of issuers said they would be ready by the 14th September deadline, from a compliance standpoint, but that they would not be operationally ready. New requirements for authenticating online payments will be introduced in Europe as part of the second Payment Services Directive (PSD2).

The PSD2 Regulatory Technical Standards (RTS) specify these SCA requirements. SCA is based on the use of two or more of the following elements: knowledge (something only the user knows); possession (something only the user possesses); and inherence (something the user is).

The report, released by Emerging Payments Association (EPA) and Chargebacks911, features companies that issue over 107 million cards (comprising 61% of all cards issued in the UK). It is being recommended that more time is required. The enforcement of SCA at this pace is “likely to be extremely high and painful”. Rather, a managed rollout is needed.

Some of the key findings:

  • The payment experience is going to be adversely impacted. More than half (58%) of the 13 UK issuers surveyed believe the new regulations are going to add friction. The SCA requirements are going to impact the speed of consumer transactions and the number of steps to be completed when paying. One of the major concerns has been the inclusion of additional authentication into the checkout flow, since it introduces an extra step that can add friction and increase customer drop-off.
  • The number of transactions that are not going to be accepted is set to rise from today’s 3% to between 20-30%, according to what is being projected by issuers. While the number of step-up authorisation requests is expected to range between a third and half of all online transactions.
  • The top three authentication methods being studied by issuers include; One Time Passwords (OTP) (SMS to a mobile device), authentication within a mobile banking app, and 3DS. Among these, OTP and 3DS authentication are expected to adversely impact the user experience.
  • There is limited support of 3DS v2.1 today. Despite this, 66% of surveyed issuers expect to be ready by the end of 2019. 3DS v2.1 has an advantage over 3DS v1 because it has a surety of satisfying SCA legal requirements.

In an interview in April with Ai, Laurie Gablehouse, Global Head of Travel Solutions, Ingenico ePayments, did mention that it is a challenging phase for the entire payment ecosystem. Laurie pointed out that the standards are still evolving, with grasp over “80% - 90% of what needs to happen”. “(So) the timing is quite late from a technical perspective for everybody to be ready by September.” 

A major development in the recent past featured the European Banking Authority (EBA) as it published an opinion on the elements of SCA and accepted authentication in June. The report acknowledged the same, and shared that considering the recent EBA ruling on compliant SCA elements issuers are required to accelerate their support for biometrics merchants are advised to implement 3DS v2.1 now and then migrate to v2.2 once solutions are fully tested and available.

In its list of recommendations, the report emphasised that 3DS technology must be implemented as a priority. Rather than being bogged down by feeble v1.0 implementations, gear up for v2.2 as early as possible with v2.1 as a practical interim step. A couple of other suggestions:

  • Actively engage with collaboration tools offered by Visa (VMPI) and Mastercard’s upcoming MDRI (Mastercard Dispute Resolution Initiative), which help combat fraud in realtime and maintain TRA exemptions.
  • Make sure you correctly flag transactions and apply the right indicators and exemption requests. This may also require support for updated authorisation message formats.


Hear from senior executives about how the regulatory environment is impacting the world of payments at the 8th Annual ATPS Asia-Pacific to be held in Penang, Malaysia (27-29 August, 2019).


Ai Editorial: Tech alone isn’t enough for payment mix and acceptance

29th July, 2019

Ai Editorial: The role of new technologies in the world of payments can’t be undermined but that’s not enough. In its new analysis, WorldPay has stressed upon the significance of having the right organizational mindset.


Travel merchants can’t afford to slip at a time when a customer is about to pay for their order. All that matters is the way a traveller wishes to pay – their preferred payment method, preferably not letting them fill any details on the device they are using etc.

A Chinese customer is likely to opt for scanning a QR Code and deduction of the final payment from their app, whereas an Indian might opt to pay via Google Pay or Paytm mobile wallet considering the increasing popularity of such options. Facilitating such transactions today is imperative and merchants need to keep pace or even gear up for the future. But it is clear that intricacies of applications and systems within payments continue to rise, mainly owing to use of alternate payment methods such as wallets and mobile commerce. So there is a need to put in a mechanism in place that not only streamlines back office and customer support processes, but also paves way for a smooth addition for any new payment method in the future.

The role of new technologies can’t be undermined but that’s not enough.

Organizational mindset

In its new analysis, WorldPay has stressed upon the significance of having the right organizational mindset.

This is required for making the most of following technologies:

1. Microservices

2. Test-driven infrastructure (TDI) - the developer creates tests before writing code

3. Event-driven architecture (EDA) - a producer-consumer model, where an event producer broadcasts a message that one or more event consumers capture

4. Hypermedia APIs - a sophisticated style of REST API (Representational State Transfer Application Programming Interface) that can simplify client integrations and improve resilience to change.


WorldPay has explained the benefits of these technologies and also what is required internally to leverage them.

For instance, in case when one is focusing on the microservices model to amend and modernize particular services without affecting the rest of the system, it is vital that to have an apt team structure is in place. This model can result in an increment in complexity of day-today tasks, such as operations and security. Organizations have to do away with conventional monolithic-related ways and related control that they are used to for software development. Rather companies have to get ready for an environment that revolves around a sense of ownership and accountability from product engineering teams. The philosophy here is: to garner greater value from software to adopt the fail and learn fast attitude, quicker product cycles based on constant feedback from customers. And, this also means that certain tough questions are asked, for e. g. who owns the data in a microservices architecture—the database team or the application team? Teams must be structured and managed in a way that enables them to own what they’re responsible for, end to end.

WorldPay recommends a vigilant balance of autonomy and collaboration, with ongoing coordination and

monitoring from organizational leads. The study states: This balancing act starts with a shared understanding of some non-negotiable principles that act as a compass for ways of working. It continues with cross-team

discussions about product vision, design standards, and ways to improve, for example. It also means sharing specific decisions, solutions, and components. This requires time and investment but the return on investment is worth it. Ultimately, a smart organization will find ways to delegate as much decision-making as possible to smaller teams. But a truly successful one ensures teams work together coherently so their collective output is greater than the sum of its parts.

Another technology, Hypermedia, in its most basic sense is an extension of hypertext. Explaining the significance of the same, WorldPay points out that Hypermedia simplifies integrations between companies and provides a much more stable service than that offered by other REST APIs. Hypermedia includes images, video, audio, text, and links. In a REST API, it means API manages to operate similarly to a webpage, offering users with direction on what sort of content they can retrieve, or what they can do, as well as the apt links for the same. As MuleSoft explains, the simplest method to take advantage of hypermedia in API is to offer valuable information to direct the user or client to the next possible actions they can take based on the object (whether it be a collection, or item within the resource) or “page” they are on via links.

For mCommerce, hypermedia APIs allow merchants to conduct identity and risk checks with ease.

WorldPay highlighted that today’s mainstream API documentation and design approaches need to focus on their connectedness as a key part of the API and resource design process.

As explained by Kevin O’Shaughnessy, CityHook, during a workshop conducted by Ai in Long Beach, California late last year:

  • First rule of setting up an API is focus on it internally (organizations can run better with their own APIs. This way they can capitalize on data from their business applications and act on it for particular needs), then limited public API and eventually privileged services.
  • API means clear boundaries and ease of reuse.
  • APIs should be easy for developers to comprehend. This means designing them with clear uniform resource identifiers and non-complex data structure.

WorldPay recommends that organizations need to design hypermedia APIs with a UX mindset. The study states: We often only think of UX in terms of the consumer experience. However, hypermedia APIs make integrating with complex payment services a simple, stable, and intuitive process for merchant developers. Enhancing the UX for developers has knock-on benefits for customers, including faster access to up-to-date payment services like new APMs. Overall, if APIs are designed with developers in mind from the outset, it’s possible to create a web of functionality that results in a more powerful, more efficient, and more useful service for all.


Hear from senior executives about the role of tech and organizational mindset in optimizing payments at the 8th Annual ATPS Asia-Pacific to be held in Penang, Malaysia (27-29 August, 2019).


Ai Editorial: Digital wallets leading the alternative payments charge

19th July, 2019

Ai Editorial: How travellers transact has changed, and merchants can't ignore the role of e-Wallets and bank transfers while deciding on their payment acceptance mix, writes Ai's Ritesh Gupta.


Alternative ways to pay for travel, such as e-Wallets and bank transfers, are being used more often than cards and cash combined, according to a new report released by Amadeus and PPRO. This growth is occurring across the world with e-Wallets now twice as popular as cards in China, accounting for 49% of the country’s $155B digital travel spend.

Merchants like airlines, especially those operating in multiple countries, are looking at alternative payment methods because of several reasons:

  • Settling in a market quickly (facilitate new local payment methods with minimal development effort).
  • Checkout optimization (offering a payment method that works well with the traveller).
  • Cut down on inefficiencies (local payment methods via one technical, operational, and funding flow).

Digital wallets

In this context, digital wallets have become popular owing to the fact users can avail preloaded credentials and this fastens the online checkout experience. And China has stood out for the usage, since payment is one part of an app. What makes an app like WeChat more compelling than just invisible payments or scanning QR Codes for completing a payment is the fact an ecosystem manages transactions along with ID management and many other aspects holistically.

Companies like Union Pay, Alibaba and Tencent chose to capitalize on the fact that the card usage wasn't as penetrative as one would expect in a populous market like China, so they came up with a payment method that proved to be convenient and ubiquitous. It was available to anyone with a mobile phone or an Internet connection. It was also driven by necessity, since Chinese travellers moving outside their country needed to have an alternative to using a standard credit card. "That is total freedom for the Chinese traveller as they no longer have to rely on cash as their only form of payment while abroad," pointed out Eric Liebman, Global Head of Travel, Ingenico ePayments.  

What works in favour of these payment methods is reduced friction. In today's world of instant gratification, as acknowledged by Ingenico ePayments, travellers "demand things now". "...customers want to be able to pay without any friction and with the method they prefer. They don’t want us dictating how they pay, it’s the other way around. That means things like Amazon Alexa, Apple’s Siri, e-wallets or even Uber-like experiences where experience is key, but payments are invisible," mentioned Liebman in a blog post.

Plus, for a merchant, one factor that goes in the favour of this form of payment is seamless convenience and built-in security. Encryption, tokenisation, and device authentication result in additional security.

"Ubiquity is one of the main key takeaways from Chinese companies. Chinese users are at a point where they are using their mobile wallet for anything. Alipay and WeChat Pay are present in online and offline stores alike, in use in China, and outside. It is an ‘all-in-one’ payment transforming solution, showing non-Chinese companies where innovation and an intimate consumer-knowledge can take them," says Rodrigo Sánchez Prandi, VP Product at payments technology specialist dLocal. "Simplicity will go a long way and it will always attract users. If you give your users ease-of-use by adding their preferred payment method, such as paying with one click, one tap, or even one smile, you are a step ahead in today’s payments’ world."

China leading the charge

According to WorldPay, this growth in China along with a surge of adoption in North America will propel eWallets to become the leading eCommerce payment method globally within five years.

With a validated business model, Chinese technology companies are taking their expertise to other markets as well. As indicated by Amadeus' report, Ant Financial, the owner of Alipay, is currently expanding beyond China. The company now has interests in Dana in Indonesia, Asceno in Thailand, Pi Pay in Cambodia, and Mynt in the Philippines, among others. It is expected that in these regions, accelerated transformation in payments will occur as a consequence, stated the report.


Hear from senior executives about eWallets in China and other Asian markets at the 8th Annual ATPS Asia-Pacific to be held in Penang, Malaysia (27-29 August, 2019).


Ai Video: Learning from mobile shopping in China

17th July, 2019

Mobile consumption patterns in general remain very exciting in China.

Ecosystems facilitate various daily activities and shopping requirements in a seamless manner. So a user doesn’t easily drop out from an ecosystem. The likes of Tencent and Alibaba continue to make rapid strides. There is plenty to learn from such extreme form of platform economies.

“They (Chinese companies and consumers) aren’t afraid of testing and embracing new concepts,” says Laurie Gablehouse, Global Head of Travel Solutions, Ingenico ePayments.

Indeed, as Laurie pointed out, Chinese consumers are more likely to adapt to technological innovations than travellers or consumers from other countries, say from Europe. China is shaping consumption patterns of global relevance.

The retail shopping/ experience on mobile has moved faster than the counterpart from the travel sector since the delivery of the product is different. “How has that crossed over into travel is still evolving,” said Laurie.

Convenience is clearly standing out as far as trends from China is concerned. It is all about instant gratification. Face recognition is one example of how companies are leveraging existing biometrics and will likely be taking them one step forward, authenticating and facilitating easier, faster, no-device-needed payments.


Hear from senior executives about mobile commerce in China and other Asian markets at the 8th Annual ATPS Asia-Pacific to be held in Penang, Malaysia (27-29 August, 2019).


Ai Video: Capitalizing on ‘APIzation’ of bank accounts


5th July, 2019

The development around sharing of banking (customer) data and make it available to non-bank third parties via APIs is being followed closely. As pointed by Edgar, Dunn & Company, one main aspect of EU’s landmark payments regulation, PSD2, is ‘access to accounts’ – this is effectively the ‘APIzation’ of bank accounts. Open APIs play a vital part at the heart of PSD2 compliance and open banking.

With open banking, a new financial services ecosystem is set to emerge. Even as issues related to data privacy and security are being raised and discussed, there is no doubt that merchants need to focus on opportunities from their customers’ perspective. Airlines need to make the most of the new regulation, which is resulting in opening up of the payments infrastructure and liberating customer data assets to offer consumers new options and services. “Open banking is one of the key regulatory changes, and it is going to impact the way merchants like airlines accept payments,” mentioned Pascal Burg, Director, Edgar, Dunn & Company (EDC).

Burg recommends that airlines need to “test and learn” about standards and infrastructure, and also application of the same from B2C and B2B perspective.

EDC suggests a three-phase approach for airlines to identify, evaluate and address payment opportunities and threats –

• 360° payments diagnostic/ audit

• Future state/ roadmap

• Roadmap execution - Interim payment team to support business to launch initiatives

By Ritesh Gupta


Check upcoming Ai Conferences dates

Follow Ai on Twitter: @Ai_Connects_Us

Ai Video: Learning from data and curbing e-commerce fraud

1st July, 2019

E-commerce companies, including the ones from the travel sector, are gradually focusing on deploying a multi-disciplinary approach, combining different technologies (including both supervised and unsupervised machine learning) to combat fraud.

Unsupervised models don’t have clearly labelled data, while supervised models do.

As a specialist, Nethone asserts that machine learning today is letting companies deal with fraud. For instance, friendly fraud by helping discover which aspects of customers’ behaviour and transactions designate friendly fraud.

Overall, favourable results come from the ability to experiment with various machine learning-based methods, trying variations on them and testing them with a variety of data sets. It is fascinating to assess how machine learning automates the extraction of known and unknown patterns from data.

Supervised machine learning relies on historical data to predict and prevent further possibilities of fraud based on past fraud. The data set is labelled based on previous observations of fraud, and is described as either fraudulent or genuine. Unsupervised machine learning can be used to learn on the fly and identify fraudulent patterns even without having been trained with historical data, i.e. able to identify unknown fraud attacks. 

Rodrigo Camacho, Chief Commercial Officer, Nethone, referred to the role of unsupervised learning in managing friendly fraud and criminal fraud. “(One) looks at the entirety of the dataset (without a label). Then cluster transactions into different bubbles. These clusters are correlated with a type of fraud, for instance, friendly fraud or criminal fraud,” said Camacho. And from here on companies can work on strategies for e-commerce, work on association with key players such as acquirers and issuers etc. for mitigating the risk.

Specialists recommend that merchants should rely on both supervised and unsupervised machine learning to comprehend both the historical patterns of use, as well as identify anomalies. 

By Ritesh Gupta

Check upcoming Ai Conferences dates

Follow Ai on Twitter: @Ai_Connects_Us


Ai Video: How can airlines count on fintech for payment optimization?

24th June, 2019

Regulations like PSD2 are paving way for new services and faster payments. PSD2 or the payment services directive in Europe is being associated with a major change in payments and data protection, and it is expected to fundamentally change the value chain.

"PSD2 is opening up the (payment) industry, and breaking the monopoly of certain players on accepting payments," said Simon Eve, Head of Travel, Trustly.

Banks are beginning to expose their data for use by third parties, in particular fintech companies, through open APIs. The use of open APIs to simplify back-and-forth messaging that takes place during the course of a transaction is coming to the fore. Other than authentication, another area to watch out for is improved security. It has to be guaranteed that data is secure, and external services have access only to the controlled data that the consumer has permitted and that the bank has assigned.  

Simon, who was in Brighton, UK, for Ai’s ATPS (13th ATPS Worldwide Event), added that the fintech sector is looking at offering instant, real-time bank transfer to airlines.

Simon spoke in detail about the payment-related complexity and how the same is being taken care of when it came to dealing with multiple players, how airlines today are in a position to localize their payment options in a region like Europe, fraud prevention etc.

By Ritesh Gupta

Check upcoming Ai Conferences dates or

Follow Ai on Twitter: @Ai_Connects_Us

Ai Editorial: Managing legitimate transactions, curbing fraud – a balancing act

7th June, 2019

Ai Editorial: CyberSource has highlighted that effective fraud management requires the careful balance of three interdependent dimensions, reports Ai’s Ritesh Gupta


Payment and fraud executives have to be crafty enough to ensure that genuine customers aren’t denied an opportunity to complete a transaction or even face hiccups with added friction. At the same time, merchants can’t afford to be a victim of fraud owing to weak authentication or fraud prevention mechanism.  

CyberSource (, in its latest report – the 2019 Global eCommerce Fraud Management Report Asia Pacific Edition, has highlighted that effective fraud management requires the careful balance of three interdependent dimensions –

·          Delivering a positive experience for genuine customers and maximising the acceptance of genuine orders - The balancing act, as highlighted by Ai previously, is about being proficient in validating a buyer and such verification shouldn’t interrupt the manner in which they interact and transact with a business. Merchants need to look at new regulations, what sort of action is required and its impact on the user experience, and also the flexibility of consumes when it comes to additional measures that are being taken for authentication. One way to differentiate between transactions is the risk associated with them.

·          Accurately detecting and rejecting fraudulent orders to minimise fraud losses - Merchants need to leverage the prowess of data-driven, artificial-intelligence powered offerings for combatting fraud. Rules-based systems are in general reactive and probabilistic solutions, which is why they are unable to prevent fraud before it happens. Rather than using a blanket rule that forces every user to login with 2FA, real-time surveillance can be used to assess logins in the background, and only logins with borderline risks expected to go through 2FA. Merchants should still develop their own fraud tools that are able to tap on their own sources of data for greater efficiency and more accurate detection of fraud.

Real-time machine learning can help against blanket blacklists and whitelists by focusing on the customer’s behaviour instead. It works with real-time live data collected on the merchant’s website, where the system trains itself with each incoming transactions to identify fraud patterns instead. Deploying a multidisciplinary approach combining different technologies - both supervised and unsupervised machine learning -  would better equip merchants for fraud management. Unsupervised machine learning can be used to learn on the fly and identify fraudulent patterns even without having been trained with historical data, i.e. able to identify unknown fraud attacks. Thereafter, predictive analytics may still be used to run the probabilities of fraud, giving a risk score.

CyberSource indicated that in particular, enterprise organisations tend to more proactive with their fraud strategies because the financial and reputational ramifications of fraud can be far reaching.

·          Efficiently managing the operational costs of fraud management activities – The report also shared that as in other regions, minimising operational costs is generally a lower priority for businesses in Asia Pacific.

The report also highlights that it takes “constant recalibration and fine-tuning of fraud management controls and processes to keep achieving the best balance”.

6 characteristics of the masters of balance, according CyberSource: 

1.     Have a lower chargeback rate

2.     Are more likely to rate ecommerce fraud management as extremely important to their business strategy

3.     Find it less challenging to respond to emerging fraud attacks

4.     Have a greater range of capabilities that give them agility to respond to the dynamic landscape they operate in

5.     Have a greater capability to use data effectively for fraud management

6.     Are less likely to conduct manual review, and spend less in this area


Hear from senior executives about the balancing act at the 8th Annual ATPS Asia-Pacific to be held in Penang, Malaysia (27-29 August, 2019).


Click here for more information


Follow Ai on Twitter: @Ai_Connects_Us

Ai Editorial: Optimizing UX for transactions being “challenged” under 3DS 2.0

4th June, 2019

Ai Editorial: 3DS 2.0 promises to combat fraudulent online transactions, but merchants need to cut down the possibility of losing out payments when authenticated using the new version of 3DS, writes Ai’s Ritesh Gupta


Transition to the new version of 3D Secure is being followed closely, owing to its impact on the shopping experience and in improving security of a transaction.

More so for high-risk transactions or in a market like Europe as the PSD2 introduces strict security requirements for the initiation and processing of electronic payments, which apply to all payment service providers. In Europe, organizations are expected to upgrade to the new version by September 2019, to be ready for the enforcement of the SCA or Strong Customer Authentication. Since this directive mandates changes in how fraud review must be conducted on intra-EU transactions, critical issues such as cart abandonment need to be evaluated in detail. The SCA aspect of the PSD2 directive can have negative impact on revenue generation, and this is what the stakeholders are concerned about.

It is being highlighted that 3-D Secure 2.0 will pave way for a real-time, protected, details-sharing channel that merchants can avail to send an unmatched number of transaction attributes that the issuer can use without looking for a static password. One of the highlights of 3DS 2.0 is data sharing. This data exchange is relatively richer owing to the combination of certified SDKs in the checkout flow, paired with data sharing APIs.  Authorization rates can be stepped up with no perceivable alteration to the checkout flow.

Subject to the sort of data being provided by merchants and their respective payment services providers, the issuer is expected to act in a couple of ways to decide on the course of action related to the payment. In case, the information provided is considered to be apt to assess the authenticity of the buyer, then the particular transaction is eligible for a frictionless flow, and authentication isn’t interrupted from a shopper’s perspective. In case the transaction isn’t in line with the normal purchasing pattern, then it ends with what is being called a challenge flow. Accordingly, a requirement crops where one-time password from the buyer is needed to authenticate the payment. This is where the efficacy of the new version comes in, as the challenge flow is blended into the mobile checkout experience without redirects. Visa states that merchants can embed 3DS 2.0 into a web page or native application. One can customize the user interface elements (e.g., buttons, fonts, inputs) for all content for any challenge method used. The mobile SDKs will set up flows within apps. This indicates that a shopper won’t be required to finish the payment in a separate browser-based flow.

Assessing the impact

Merchants need to be alert about the fact that a refined 3DS 2 user experience alone won’t pave way for optimal acceptance rate. Merchants need to be clear about which transactions require authentication and which don’t.

Rodrigo Camacho, Chief Commercial Officer, Nethone, says merchants shouldn’t push 3DS for all transactions.

“At Nethone we have found that 3DS typically costs merchants anywhere between 2% and 3.5% in conversion rates in Europe and upwards of 15% in the Americas,” mentioned Camacho in a company’s blog post. “Typically we have seen that it’s only necessary to push 3DS to less than 8% of your traffic which will lower the impact on your conversion rates by more than 90%.”

According to another analysis, Ravelin’s data indicated that 3DS with improved user experience still lost 19% of payments.

Being prepared

When customers are asked to verify transactions, they are presented with a challenge flow. The challenge method that's used is determined by the issuer. 

Visa’s recommends 3 UX principles:

  • Keep it clear
  • Think human, not robotic
  • Be trustworthy

As explained by Visa, three verification methods are as follows:

  • One-time passcode (OTP) - Customers verify transactions using a secure code sent by text or email. Issuers can choose which delivery channels to make available for the customer. Both are recommended.
  • Knowledge-based authentication (KBA) - Customers verify transactions by answering knowledge-based questions.  
  • Out-of-band (OOB) - Customers verify transactions by entering a passcode or a biometric feature.  

Also, a customer's purchase can be verified on the existing issuer app by entering sign-in credentials. Visa also states that since many iOS and Android users already have the ability to use fingerprint scanning to access their phones, it recommends using the same method to authenticate customers. Also, the team advises any biometric authentication is used in addition to a passcode. So if biometric authentication issues arise, the customer may switch to a passcode. Other methods of authentication are face recognition and voice recognition, which can be done directly via issuer app or via a connected device linked to an issuer app, such as a digital watch. 

Other than UX, there are technical details that also come into play. According to Adyen, these are the front-end libraries (to securely collect and transmit device information, as well as to display authentication flows) and the 3D Secure server. Both work together to exchange information and request authentication.

What to expect

Sasha Pons, Product Director at Ingenico believes that the deployment of the new version of 3DS is going to be an iterative process, shaping up as version 2.1, version 2.2 and so on.

“Such a huge shift in the way merchants collect and share data will not happen overnight. There will be a period of adjustment, and you can take some comfort in the fact that many merchants like you will be going through the same thing,” Pons mentioned in a recent blog post. “What 3DS v2 asks of merchants will change as the practical realities of the new standard become clearer.”

He expects the particular rules around the format, and quality of data needed will evolve as the time progresses.



Check upcoming Ai Conferences dates or

Follow Ai on Twitter: @Ai_Connects_Us


Ai Editorial: Assessing the impact of open APIs on payments landscape

30th May, 2019

Ai Editorial: As consumers look to control their digital experiences, the ease with which one can complete a transaction in a secure environment is extremely important. Ai’s Ritesh Gupta assesses how open APIs are playing their part in this context.


Real-time payments and open banking, along with the opening up of customer banking data to 3rd parties and streamlining of digital payments via regulatory measures, are the main trends that are shaping up the future of digital payments.


Regulations like PSD2 are paving way for new services and faster payments. A lot of areas are being probed today, and one of them includes how open access and application programming interfaces (APIs) are going to impact real-time payments. Are individual banks going to make their data available through different technical standards or a regulation is going to pave way for common API standards in a certain market? Importantly, with open APIs and the implementation of payment hubs, there is going to be support for new networks and hence there will be competition for existing rails.

Open APIs

There are multiple ways in which APIs are playing their part:

  • Streamlining payments as per travellers’ comfort: For instance, a cardholder shares travel plans online or through a mobile banking app, a company like Visa stores the cardholder’s travel details for future matching. A travel tag in real-time within the authorization message is provided. Issuers act on the same, and eventually the possibility of false declines goes down.
  • Processing of payments: The use of open APIs to simplify back-and-forth messaging that takes place during the course of a transaction is coming to the fore. API calls are coming into play to ascertain the payer details. Be it for domestic transactions or cross-border remittances, APIs are helping in making progress. Another area that is being discussed is cart abandonment. The Payment Request API is about cutting down the number of steps needed to complete a payment online, potentially doing away with checkout forms. This API facilitates the exchange of a user’s stored payment, address and contact details between the browser and a site.
  • New products: Open APIs promise to fundamentally transform the experience of payments for end-users. An open API can be accessed under specified conditions by the 3rd party developers. Recently Visa came up with a new platform with a set of beta APIs, specifications and development tools for issuers and issuer processors. These can help in creation of new digital card accounts on demand; set up rules/ limitations around use of digital cards, such as by merchant type, geography etc. 

“Open APIs are all about consolidation of data and processes that sit in different domains and systems. On one side there is more data than ever that helps to understand the context of the payment and on the other, once decisions on purchase are made – one can execute them easily across multiple platforms since they are connected,” mentioned Vojin Rakonjac, Head of Payment Solutions, Voyego.

“Devices or systems that are connected to these open APIs (no matter if it is chatbot or voice conversational agent/ banking chatbot or Siri) will learn more about our decisions and ultimately “know” what we want at a given time and their job is to understand the intent and automate most of the process in the backend so it looks seamless to the end user. There is a great example from Google’s assistant where haircut appointment is booked by voice. Assistant talks in human voice and negotiates timeslot with the local barber shop while on the other side of the line is real person. We should expect things to move in this direction more as long as device knows what are the boundaries that it can work with (time slot, budget etc.) and as long as payments are always performed with proper authentication,” added Rakonjac.

Going forward one area to watch out for is standards and guidelines for open APIs. This is going to be the deciding factor in the effort required for collaboration or integration.

Open banking

Considering that in a region like Europe it is becoming mandatory for banks to open up access to accounts, payment flows and end-customer data to 3rd parties, it is vital for the industry to dig deeper. All these developments are going to impact banks, as the rising role of APIs in retail banking is considered to be a recent phenomenon. Banks are beginning to expose their data for use by third parties, in particular fintech companies, through open APIs. APIs enable banks to expose their in-house data and application functionality to approved apps and services, while monitoring and controlling the flow of data. And by allowing for new digital experiences on mobile apps, 3rd party services etc., banks are potentially opening up to risks, for instance, fintech firms tapping into a bank’s financial data.

“With PSD2 we have banks aggregating a lot of data and opening their APIs so some of this data is available to 3rd parties (transactional, account data etc.). But banks are not using it to the full potential. Banks worry about loans/ credit cards it could offer – where they are sitting on top of data that would be very valuable for merchants or fintech’s and where this context can be fully utilized,” said Rakonjac. He expects innovation/ services around this space where data collected by banks is not used only for risk scoring (3DS 2) but is provided to the other companies where it can provide real benefit to the consumers.

“We already have aggregators that link into European banks and leveraging PSD2 (e.g. Figo). But, as digital identity advances and becomes more mainstream, we might have companies that will aggregate one’s account details for all of the payment methods. This way you will no longer need to have separate credentials or authentication mechanisms but only one. By doing so, customers won’t have to distinguish between payment methods – there would be only one option, Pay. To the customer, we are going towards one payment and one commerce – there will be no difference between physical store and e-commerce and there will be only one pay option.” 

Other than authentication, another area to watch out for is improved security. It has to be guaranteed that data is secure, and external services have access only to the controlled data that the consumer has permitted and that the bank has assigned.  


Follow Ai on Twitter: @Ai_Connects_Us