How Will Secure Remote Commerce Improve the Online Checkout Experience? And How Long Will Adoption Really Take?

How Will Secure Remote Commerce Improve the Online Checkout Experience? And How Long Will Adoption Really Take?

How Will Secure Remote Commerce Improve the Online Checkout Experience? And How Long Will Adoption Really Take?

George Peabody

George Peabody

George is a partner at Glenbrook Partners and the host of the "Payments on Fire" podcast. Peabody brings 12 years in payments technology and more than 25 years in IT and entrepreneurial management to help clients with strategy and market development.

More Info

Pick a payments buzzword — e-commerce, m-commerce, online payments — and the new Secure Remote Commerce (SRC) standards unveiled last month address it. But much like the EMV transition, which took an average of six years per country, the road to widespread adoption of SRC is not all blue highways.

Anticipated for several years, EMVCo released the 1.0 version of its SRC standards on June 7, 2019. SRC was created to provide a unified e-commerce checkout process using any network, further cementing card-based payments for remote commerce scenarios. The ultimate goal? To make SRC the checkout method of choice for cardholders and merchants alike.

Think of all of the brand-specific checkout tools — Visa Checkout, Mastercard MasterPass and American Express Checkout — that never got much traction. With SRC, they will all be replaced by a common logo and checkout flow. The new logo is intended to replace the set of network logos so common on checkout pages and to signal to the cardholder that data will be shared securely.

So what does this mean for payments? For networks that compete vigorously, the creation of a common checkout mechanism is a novel step. But this effort goes beyond the networks. Payment innovation of this caliber requires ecosystem-wide participation. Issuers have to be on board and merchants convinced. Technology providers must have the service in place. Consumers must be educated and delighted.

And that means there’s some work to be done.

How it works

But first, some technical information. SRC does provide a measure of enhanced security. To minimize card-not-present (CNP) fraud risks, SRC introduces dynamic data to the remote commerce domain, a technique first employed through the EMV chip specification. Dynamic data is transaction-specific, a unique data element generated and encrypted at the point of payment and decrypted by the issuer.

Consistent card and user data, drawn from card network databases, should improve authorizations and by eliminating data entry friction, should lower shopping cart abandonment rates.

SRC also offers assurance levels about this data based on how the card, cardholder, the consumer or the consumer’s device is authenticated. Digital certificates are used to sign the applications that initiate SRC transactions, and each app must be registered with each network.

What is SRC? Secure Remote Commerce (SRC) was created to provide a unified e-commerce checkout process using any network, further cementing card-based payments for remote commerce scenarios.

These tools protect the SRC program. However, premier EMVCo security approaches remain optional, specifically the EMV Payment Tokenisation Specification and the EMV 3-D Secure Protocol and Core Functions Specification. Unlike 3-D Secure, SRC does not shift fraud liability from the merchant back to the issuer, despite the use of dynamic data.

To be clear, this is the 1.0 version of what is expected to be an evolving standard. How far it evolves will depend upon a number of factors, not the least of which is uptake.

Wisely, each card brand will make it as painless as possible for a merchant to transition from, for example, Visa Checkout to SRC. At this point, given the early stage of market entry, broad adoption can’t be assumed just yet.

Will consumers adopt?

For consumers, getting started is easy. Just choose the SRC checkout method rather than a card on file that may be held by the merchant. The payments provider managing the SRC data flow then reaches out to each card network’s SRC system to request the card account reference number, the last four digits of the primary account number, and for display as needed, the billing and shipping information for each card managed by each card network.

It’s going to be up to the consumer to decide how well SRC improves the checkout experience. Will SRC help or confuse? Will consumers find SRC to be a real improvement? The answer is not obvious because we already have useful alternatives, such as:

  • Our browsers and password managers store card numbers, shipping and billing addresses and make it easy to fill out payment forms.
  • PayPal knows the same data and has it down to a single click.
  • Amazon, Apple Pay and Google Pay do too.
  • Other techniques, including the web standard Payment Request API, also exist.

For issuer and merchants, questions remain

SRC can improve security and raise authorization rates — a net benefit to issuers. Card issuers also continue to lose volume to competitors like PayPal, despite the rapprochement between the person-to-person (P2P) payments company and the card networks.

Apple Pay also costs issuers a meaningful share of their card revenue. That said, substantial education and marketing investments will be required to raise consumer awareness and get them to select the new SRC logo. 

As for retailers, conventional opinion says that smaller merchants will benefit from SRC first because their payment service provider will make it available. Large merchants, having invested heavily in payment flow optimization, will hesitate to adopt SRC unless there is a big jump in security or the 3-D Secure liability shift is included in the next version of the program.

For acquirers, processors and payments providers, SRC support is a non-trivial development task. These are companies that make their living on transaction volume. While SRC support is unlikely to generate new net transaction volume, these players will support it given their role as front-line technology providers to merchant customers.

A road paved with unknowns

Getting consumers to choose the SRC logo instead of the familiar card network logo lineup will take investment in customer education and support for the new brand. Issuer promotion of SRC will also be necessary.

At the very least, convincing merchants to adopt it will require proof of success. SRC’s road ahead is paved with interdependent variables.

Even with all cylinders firing, it can take years to reach ecosystem-wide adoption. While SRC doesn’t demand new terminal hardware, the 1.0 version will need a lot of support from its network sponsors to dominate in the remote commerce domain.

The statements and opinions of the writer do not necessarily reflect those of TSYS.

Other Articles by George

George Peabody

George Peabody is a partner at Glenbrook Partners and the host of the payments podcast, “Payments on Fire.” Peabody brings 12 years in payments technology and more than 25 years in IT and entrepreneurial management to help clients with strategy and market development. He applies his consulting expertise across a range of business and technology issues with particular emphasis on competitive positioning, technology investment road mapping and innovation. Peabody is also a Certified Smart Card Industry Professional/Payments (CSCIP/P).

Share this story via email or social networks

  1. You Know You've Been Part of the Payments Industry Too Long When…

    Tue Oct 30, 2018 09:00 AM

    You Know You've Been Part of the Payments Industry Too Long When...

    Categories: Articles and Blogs
  2. Winning at the point of sale in the convenience sector

    Mon Mar 18, 2019 12:02 AM

    Winning at the point of sale in the convenience sector

    It’s quite possible that there has never been a more pivotal time in the convenience-store industry. With the obvious exception of e-commerce, the convenience-store and club sectors are the only two other retail channels expected to grow over the next three years – and not nearly as briskly as e-commerce.more...

    Categories: Articles and Blogs
  3. Will Globally Popular Regulatory Sandboxes Ever Crack the U.S. Payments Market?

    Tue Jan 29, 2019 08:59 AM

    Will Globally Popular Regulatory Sandboxes Ever Crack the U.S. Payments Market?

    Categories: Articles and Blogs
  4. Why Your Business Needs to Accept Chip Cards

    Wed Mar 6, 2019 12:06 AM

    Why Your Business Needs to Accept Chip Cards

    It feels like forever ago that the EMV® Liability Switch took place on October 1, 2017. But even now, many businesses have not switched over to taking exclusively EMV (colloquially known as chip cards). more...

    Categories: Articles and Blogs
  5. Why the Payments Industry Needs to Hire More Veterans

    Tue Jul 2, 2019 09:00 AM

    Why the Payments Industry Needs to Hire More Veterans

    Tags: purdy
    Categories: Articles and Blogs
  6. Why It Pays to Be a Payment Facilitator

    Mon Jun 3, 2019 01:02 AM

    Why It Pays to Be a Payment Facilitator

    Payment facilitators. You already know of them and what they do, even if you’re not familiar with the term. In fact, PayPal®—which might be described as the original payment facilitator—is sometimes referred to as a kind of “Super Facilitator,” with Square® being a more recent player.   more...

    Categories: Articles and Blogs
  7. Why Isn't Mobile Pay Usage Spreading Faster?

    Fri Apr 13, 2018 05:52 PM

    Why Isn't Mobile Pay Usage Spreading Faster?

    Categories: Articles and Blogs
  8. Why is Fintech So Focused on New Payment Rails?

    Fri Apr 13, 2018 05:36 PM

    Why is Fintech So Focused on New Payment Rails?

    Categories: Articles and Blogs