To prevent card abandonment and increase sales conversion in e-commerce, retailers aim to provide online consumers with the greatest payment experience possible with passwordless authentication UX. Merchants want complete control over the checkout experience. Under PSD2, Strong Customer Authentication should be required for all online transactions prior to transaction approval. Some transactions with low risk and little value may be excluded from SCA. With the 3DS2 protocol, which satisfies SCA criteria, issuers often execute authentication, posing minimal obstacles.
In order to execute authentication at checkout, cards are redirected from the merchant domain to the issuer domain and back, which adds extra friction, mainly if the cardholder is unfamiliar with this process. In addition, the merchant has no control over the issuer’s authentication method and could frequently provide a better authentication user experience using, for instance, device biometrics or merchant log-in in conjunction with behavioral biometrics. These solutions are simpler to provide for merchants with more data.
Lastly, PSD2 may require cardholders to ‘authenticate’ twice, once with the merchant when they access their account and once with the issuer to commence the payment process. As a result, unneeded friction is added, and the customer checkout experience is negatively impacted. Therefore, businesses that already know their customers and have methods in place to verify them would prefer not to depend on issues to authenticate since they may be able to provide a superior customer experience. On mobile devices, biometrics are already prevalent and simplify the authentication procedure through passwordless authentication.
As for merchant authentication, retailers may use FIDO (Fast Identity Online), an open industry standard for authentication that supports both general-purpose and dedicated devices. The fundamental concepts of FIDO are based on public-key cryptography, which enables easy and secure authentication. FIDO delivers usability and security, more secure than a passport and more convenient than a hard token. FIDO authentication will not be covered in length here, although it should be noted that FIDO is completely PSD2 SCA compatible, has many authentication choices, and is supported by the 3DS2 protocol. Moreover, delegated authentication will be of growing importance to huge merchants since it allows them to deliver a uniform and frictionless checkout experience to reduce cart abandonment and improve revenue.