Category: News and Media

In my last article, I detailed why there has been a steady blurring of the lines between Card Present (CP) and Card not Present (CNP) transacting and explained why this demarcation of payment types is rapidly becoming less useful.

What is much more important today is to define the type of transaction, the user experience that is desirably associated with that transaction, and whether the merchant or ecommerce provider is prepared to retain the risk associated with that payment, or shift some of its risk and the associated fraud liability onto the card issuer or holder. First and foremost, it’s important to identify which key drivers are at work that create the need for extra layers of authentication and/or transfer of liability away from the merchant.

Larger ecomm sites focused on cutting cart abandonment

For example, having a frictionless experience at online checkouts is invaluable to most large ecommerce providers in terms of reducing their ‘abandoned cart’ levels considerably. The resulting lower abandoned cart percentage generated by superior user experience (UX) more than offsets the fact that many ecommerce sites (and associated mobile apps) are carrying most (if not all) of the risk associated with these transactions.

It’s worth bearing in mind that ecommerce cart abandonment levels are still pretty high. According to the Baymard Institute’s 2024 study, average cart abandonment levels stand at 70.19%. That percentage rises close to 80% for ecomm purchases being completed via your smartphone.

Reasons given for cart abandonment are largely linked to poor UX. Key reasons for abandonment uncovered in consumer studies are the discovery of extra costs (shipping, tax, fees) at checkout, as well as insisting on account creation (more on this later), long/complex checkout processes, lack of trust, slow delivery times or limited payment options. So, not offering a Buy Now Pay Later (BNPL) option for larger transactions is now leading to higher abandonment levels for more expensive goods bought online, for example.

One way that ecomm operations manage their exposure to the risk of fraudulent transactions, and contain chargeback levels within sub-1% tolerances mandated by acquirers, is by waiting for payment funds to clear before shipping any goods. Tap to Pay functionality can be used to enable rapid checkout for guests who do not want to sign up for an account via your mobile app to complete a transaction. More on this later.

High value ecomm transactions could use Tap to Everything to reduce fraud risk while reducing cart abandonment

However, for higher-value goods and services which you are paying for online: perhaps buying long-haul flights or booking hotel accommodation overseas, rather than risking a card being rejected and the affected customer simply walking away, the application of Tap to Everything looks to have its place to manage elevated transaction risk.

We could inject another level of authentication into the transaction process by, say, asking the buyer to tap their card on the relevant mobile app screen on their phone (or Tap to Pay) to prove that they have the card that they are using to buy these things. It is entirely possible you could also ask for them to tap in their PIN number as well (‘Tap+PIN’ entry), or the card’s CVV, to complete the transaction. By doing so, fraud risk falls dramatically and liability shifts from the merchant to the card issuer or card holder.

Riskier transactions offer further use cases for Tap to Everything

For those buying an expensive restaurant meal via a mobile app that they may not even be signed into, placing a bet online, buying crypto, or making a series of expensive ecommerce transactions one after the other in quick succession, it understandably makes sense to build Tap to Pay (TTP) functionality into the transaction process. This reduces the inevitably elevated fraud and chargeback risks associated with these sorts of transactions and buying behaviours, while simultaneously passing remaining transaction risk towards the issuer and away from the merchant.

TTP is not only a better customer experience (tapping rather than manually entering card numbers). It is also significantly more secure because Mypinpad, as a PCI-certified solutions provider, can keep the cardholder’s details secret even from the app that they are using — thereby reducing our merchants’ PCI-DSS compliance requirements.

TTP also offers a more secure payment method which helps protect customer data and reduces fraud risk. This is achieved by tokenising card data either via Card on File (CoF) or Network Tokens, the latter being much preferred since its ‘device binding’ capability reduces CVV reliance over time. This provisioning, plus the tokenisation model, significantly reduces the risk of cardholder data loss while providing a simple, clear user experience. There’s less risk of digital theft, or abandoned carts.

Guest usage of occasional use mobile apps

Many users today feel that their smartphones are already overloaded with mobile apps. For occasional use services, we don’t particularly want to retain an account associated with a dedicated mobile app to support it. Take the case where you are on a road trip through Europe. You get to a city in France which demands use of a mobile app to pay to park on the street near your hotel. You don’t want to create a new account for that city’s mobile parking app, then assign a payment card to that account. You just want to pay for parking and run.

The app provider does not particularly want you on their customer database either, because you are unlikely to use the app again, and if you do happen to come back to that place on another occasion, you will never remember your credentials – creating lots of support queries and messages to get logged back in and pay.

Far better to give these types of visitors the option to check out as a guest, perhaps paying via a one-time QR code which is provided via the app without the need to create an account to access that code. TTP can be used to pay via the QR code. According to a recent industry report, approximately 60% of mobile app‑based transactions are completed as guests, rather than by logged‑in account holders.

Tap to Confirm already gaining traction for verification use cases

Although most of the use cases above are Tap to Pay-focused, Tap to Confirm (TTC) is naturally finding a great many use cases amongst applications which demand verification. For example, Mypinpad is enabling rail season ticket holders to prove that they are the holder of a given season ticket by showing their card to the barrier reader rather than showing the season ticket itself. In this way, the rail operator knows that the person who has bought the season ticket is indeed the same person going through the barriers. This is a TTC application which we enabled over two years ago for a major European transport operator.

We are also working with a major bank using TTC as part of Step-up Authentication (SA) where risk levels associated with a specific transaction have breached accepted norms.

Step-up Authentication (SA) is already a proven way to strike a balance between security and friction. It ensures users can access some resources with one set of credentials but will be prompted for more credentials (normally requiring a third authentication factor) when personal transaction ‘behaviour’ norms are breached.

So, in most cases where transaction size looks to be in the ‘normal range’ and it is being completed via a smart device which is located in the country it is normally in, then two factor authentication (2FA) suffices.

However, if you were to make a request of your bank to wire several thousand dollars to a bank account in North Africa from a device located in a country you are not normally in, that might trigger SA, resulting in a request for another factor of authentication to prove you are who you say you are, and that your phone hasn’t been stolen or hacked into. That may include one of the above ‘proof of inherence’ biometric factors like facial, iris or fingerprint scan, and perhaps requiring secure PIN entry for the card being used for the transaction via Tap to Confirm. So, in this way CNP transactions naturally flex into CP authentication, and in doing so, fraud risk is lowered and liability passed onto the issuer.

We are seeing increasing demand for SA deployments to dynamically adjust authentication levels according to the degree of risk associated with specific transactions. It’s a relatively new development which makes sense in a world where device thefts, combined with digital identity theft, is sadly becoming more commonplace; while transaction history analysis can be run ‘on the fly’ using AI to spot potential transaction anomalies and increase authentication requirements dynamically to combat the increased risk associated with those anomalous transactions.

TTC usage means that your PIN could join the growing 3DS mix

As indicated above, PIN entry can be brought back in as part of TTC flows if an extra layer of authentication is desirable alongside biometrics associated with unlocking your mobile device, for example. There is now some speculation that your PIN number might be added to the mix of the online fraud prevention and authentication protocol 3DS.

The use of OTPs (one-time passwords sent by text or email), together with biometrics (Face ID or fingerprint recognition already in use to unlock your phone), is already in wide use for mobile payments. Certainly, there is an increasing number of use cases associated with verifying you are who you say you are.

Tap to Activate gaining ground with banks

As the number of physical high street bank branches and associated ATMs dwindles across much of the developed world, and the percentage of transactions which are completed online increases (compared to those completed in-store), it increasingly makes sense to be able to activate a new bank card via Tap to Activate at home or on the move.

The innovation brought by Tap to Activate offers the ability for a consumer to just tap their own bank card against the back of their own phone to provision a card and then use the freshly activated card to complete an ecommerce transaction in the comfort of their home.

Tap to Everything an ideal enabler of Smart City multi-modal travel

It is conceivable that TTC could be used for smart city transport applications where, in the future, people will hold a ‘smart pass’ to cross a city in the most efficient, multi-modal manner – moving from e-bike, to electric bus, onto a tram, then underground and overground rail services, even perhaps extending to gaining access to and paying for a hire car to exit the city. It is conceivable that this type of application could lead to Tap to Pay as well as Tap to Confirm in one single multi-modal journey.

Tap to Everything is enabling greater payments agility and is driving market innovation

It is clear that Tap to Everything already offers an array of payments and non-payment applications, many of which we are already building out for banks, ecommerce providers and merchants.

It can help improve the user experience in ecommerce and make card activation, provisioning and even the updating of card details (changing the PIN number of a card for example) light work for consumers. It can help merchants to reduce fraud risk and pass fraud liability to card issuers (or card holders themselves) — increasing authentication levels as risk levels rise in real time.

The benefits in terms of reduced cart abandonment, reduced fraud and chargebacks and being able to accommodate payments by unregistered users of mobile apps are clear. We are finding new Tap to Everything use cases on a near weekly basis right now. So, it’s opening up a wave of innovation in the market.

What Tap to Everything illustrates is that there is a blurring of the lines between Card Present (CP) and Card not Present (CNP) transacting; and between in-store payments and consumer-directed e-commerce transactions. This is possible since at the moment the payment is made (and only while the payment is made), the consumer’s device becomes a merchant’s terminal. And just like that, it goes back to being a consumer phone again.

This magic is not actually allowed under the current definitions that underpin card rails and so, a sleepy industry that is used to long innovation cycles has been caught somewhat off guard.  However, those of us driving innovation within Software Land are only just getting started. We’ve blurred the distinctions between in-store and e-commerce transactions; between CP and CNP transacting; and between cards being a payment token or an identity token.

However, more than that, in Software Land we are addressing the wants and needs of payers and payees alike—way beyond preventing fraud, to delivering efficiencies for merchants and better experiences for consumers. Consumers are able to enjoy more options like making payments on their own phones; while merchants can reduce their monthly headaches from reconciling transaction records which were previously not well integrated with the products they sold.

Let’s explore how we reached this level of flexibility and innovation in payments, how we secured it, and where the accelerating curve of innovation might take us.

CP was safer and cheaper for merchants

Up until a couple of years ago, there was a clear divide between CP in-person, in-store transacting, and CNP eCommerce buying. The primary difference was the higher level of fraud protection provided by running cryptographic checks on the physical card (hence ‘Card Present’) which was only possible if you arrived at a shop with a physical debit or credit card to run those checks.

If the transaction demanded it, you were also asked to enter a PIN code to verify you were that actual cardholder and the person therefore authorised to spend that money. This physical checking of the card (something you have) and the PIN (something you know) lower the risk of fraud considerably and have traditionally made CP transactions less risky than CNP transactions. The cost to the merchant of CP transactions is consequently lower than getting paid via their website or mobile app as these transactions have to be completed without those physical card checks (hence ‘Card Not Present’). CNP transacting was inherently higher risk and therefore the merchant had to carry some of the cost associated with the additional transaction risk.

Consumer convenience and merchant efficiency drivers remain central in Software Land

Card rails were designed to enable merchants to initiate a payment and the consumer to complete it, whether in person or online. Those payments were always done on a merchant’s device if Card Present (CP) and online if Card Not Present (CNP). The focus was on fraud prevention, while making payments convenient enough for everyone to use card rails. This was the key balancing act.

Convenience fought back with the rise of e-commerce, married with the mass adoption of the internet and so the first battle between convenience and fraud got underway with the industry adopting CVV and 3DS technologies to help deliver both simultaneously.

As TTE (Trusted Transaction Environment) starts to blur the distinction between CP and CNP, the SoftPOS industry is able to direct its focus towards combining security with convenience and workflow integrations.

As CNP and CP payments worlds collide, CP grounding is increasingly important

It is worth stating that Mypinpad, as our name implies, was initially focused on innovating in the SoftPOS space, including enabling secure PIN entry on a mobile device. We were enabling CP transactions long before we provided verification and authentication solutions for CNP transactions.

So, we cracked the toughest piece of the payments authentication puzzle first. Doing this hard part first means we are no longer struggling with the paytech itself and can lift our heads up to focus on meeting consumer and merchant needs through innovating. We are in a better place to focus on delivering consumer convenience, while simultaneously finding efficiencies for merchants through integration of business workflows with the payments themselves and eliminating manual reconciliation work, for example.

And where the workflow integration challenges are heaviest, we believe SoftPOS will be able to make the most difference. This is where the most innovation will be seen over the next few years.

Tap to Everything is the next stage in the migration to Software Land

The latest such software-led payments innovation is Tap to Everything. For example, the innovation brought by Tap to Add and Tap to Pay enables consumers to simply tap their own bank card against their own phone to provision a new card and then use that new card to complete an e-commerce transaction in the comfort of their home. 

Not only is the experience a better one (tapping rather than manually entering card numbers), it is also significantly more secure because Mypinpad’s software, being Mobile Payments on COTS certified, does all the same card validity checks as are done in an in-store CP transaction. We can keep the cardholder’s details secret even from the app that they are using—thereby reducing our customers’ PCI-DSS compliance requirements.

And, as you may have read in my last article, Tap to Everything already offers a wealth of use cases which promise consumer convenience, while keeping their card details secure and lowering the risk of fraud still further. The bottom-line is that as we move increasingly into Software Land, the ability to innovate in payments becomes cheaper and quicker. Technology iteration cycles speed up and new use cases emerge at a dizzying pace. Innovations are focused around delivering better consumer experience and finding efficiencies for the merchant:

Enabling a better experience in charity donations

For example, Mypinpad has been working with several charities to enable consumers to give donations more easily, while improving the experience of doing so. Previously, charities ran donation drives using physical POS terminals on the street. These drives were limited by the number of terminals the charity could afford to rent. However, SoftPOS allows many more volunteers to accept payments. Using Tap to Send and Receive (TTS) capabilities on donors’ own devices, way more charity volunteers can take payments from donors in a highly cost-effective manner.

The user interaction for those donors is now much more rewarding as direct feedback on the progress of a specific charity drive (perhaps with an illustrative campaign ‘progress thermometer’) can be shown on their device—even extending that experience into showing a donors’ leaderboard, offering opportunities for greater donor engagement. The entire interface and the ‘do-ability’ of donating is transformed, and can be iteratively improved in Software Land.

Example of combining the booking, ticketing and payment channel within a mobile app – parking apps

We have seen payments for parking transformed by the use of mobile apps that combine booking, ticketing and payment channels in a single mobile app in recent years. These apps can use your mobile’s geolocation information to pinpoint where you are and then offer the nearest available parking spaces and pricing information—even providing easy directions to the carpark’s entrance or spare space on the street. 

When the parking time that you have bought is set to expire, you will also get early warnings to top up via the app. If your time in that particular zone has been maxed out, you will get an alert with recommendations on which new parking place to select next. Payments are generally all taken via the app and paid via your digital wallet of choice – it’s seamless and safe.

Example of initiating a transaction on one channel and completing on another: Enabling click, browse and collect in-store

If you are going to a major supermarket on a Saturday morning, you might now elect to pre-order your shopping from the comfort of your kitchen table via the retailer’s mobile app, checking, for example, that the local store has everything on your list in stock. You can then stay in their mobile app to check off everything in your list as you put it into your basket once you’ve arrived in-store. This creates the potential to also check out via that same mobile app, rather than reverting to a retailer’s POS terminal to pay. You have been in-store for the experience of shopping but have paid via mobile app in this instance.

Example of provision of certainty of purchase, guarantee of agent commission and automated back office workflow reconciliation to support mobile salesforces and multi-level marketing sales agents

SoftPOS also works well for multi-level marketing businesses where remote sales agents are very often dropping pre-ordered purchases to their customers and ideally want to take payment for them there and then so that, once the money has moved, they can get their commission paid on that sale.

No longer will they need to carry expensive SIM-enabled POS terminals to make that collection possible. They can make their phone their ‘merchant device’ and ask buyers to tap their card on the agent’s mobile device for payment. In this instance, the consumer has become the merchant, all in the blink of the eye, with the aid of SoftPOS. Furthermore, SoftPOS can be configured to ensure the details of the order can be married with the payment and associated sales commission. The reconciliation can be automated and commission payment deliveries sped up. Payment processing is part of your seamless workflow, which collectively is designed to ensure convenience with accuracy, security and efficiency—all through deep integration.

The question remains, now we are in Software Land and Tap to Everything is here, what else can we do?

So, to continue our journey into Software Land in my next article, I’ll be looking at a series of use cases enabled by SoftPOS which are of particular relevance for SME merchants looking to unlock efficiencies and manage their businesses better. You’ll see that next month – enjoy your summer breaks in the meantime.

Tap to Add wallet-led demand

Just four months on since Mastercard officially launched its Tap to Pay (TTP) pilot for eCommerce and in-app mobile payments, Mypinpad is already providing Tap to Add (TTA) and Tap to Pay (TTP) functionality to some of the largest eCommerce providers in the world. So, we thought it was worth taking a closer look at the increasing popularity of TTA functionality, because it’s clearly meeting rising demand for faster and yet still highly secure card provisioning for eCommerce transactions.

The TTA and TTP functionality, which we are rolling out for several customers right now, is principally being used to add credit or debit cards to consumers’ digital wallets (aka ‘provisioning’, the TTA part), often continuing on to a payment (the TTP part). These are part of Card Not Present (CNP) eCommerce payment flows, usually requiring 3DS or CVV authentication if a payment is over a certain amount (demanding additional authentication layers to be dynamically applied).

The innovation brought by TTA/TTP is the ability for a consumer to just tap their own bank card against their own phone to provision a card and complete an eCommerce transaction in the comfort of their home. Our TTA software enables that. Not only is the experience a better one (tapping rather than manually entering card numbers), it is also significantly more secure because Mypinpad, as a PCI-certified solutions provider, can keep the cardholder’s details secret even from the app that they are using – thereby reducing our customers’ PCI-DSS compliance requirements.

In our own app, we give our customers the option to capture the CVV of that card for high-value transactions, and a further optional fallback to enter the consumer’s primary bank account number (PAN) in a secure way.

TTA/TTP also offers a more secure payment method which helps protect customer data and reduces fraud risk. This is achieved by tokenising card data either via Card on File (COF) or Network Tokens, the latter being much preferred since its ‘device-binding’ capability reduces CVV reliance over time. This provisioning-plus-tokenisation model significantly reduces the risk of cardholder data loss, while providing a simple, clear user experience. There’s less risk of digital theft, or abandoned carts.

Tap to Verify / Confirm

Once your card is provisioned through TTA, it becomes easy to Tap to Verify (TTV) as well. So, what’s the merit of TTV in eCommerce today? As more and more transactions are authenticated by mobile devices, new fraud risks have emerged, which must be addressed. For example, many users allow their family members to unlock their phones so their children can play mobile games or their partners can answer messages. However, this reduces the certainty which banks need — that a registered fingerprint is indeed that of the cardholder, rather than that of another family member. Tapping a card mitigates this risk while providing a simple user journey — just tap when prompted.

To ensure that the person doing the transacting is indeed authorised to pay that bill, extra layers of authentication are now being designed into the payments journey. For example, for one major national bank, we recently applied Tap to Verify or Confirm capability via Step-up Authentication. This requires the correct PIN number to be inputted on the mobile device to complete larger-value or suspect transactions. Many eCommerce apps now demand the selected card’s CVV number for additional verification that the buyer has access to (and the authority to use) the relevant card.

Tap to Activate and Tap to Change PIN

Innovative use cases from what many now call the Tap to Everything movement just keep coming. For example, there is Tap to Activate, which makes it possible for customers to securely confirm to their banks that their new card arrived safely and is ready for use. Historically, issuing banks have had to use expensive methods of securely distributing new cards, whereas with Tap to Activate, even regular mail is sufficient.

Going beyond this is the ability to run so-called ‘issuer scripts’ to allow for actual card updating such as resetting counters, unblocking a card or changing a PIN — all from the comfort of your own couch. This saves a visit to an ATM or a shop where physical use of the card is required. Customers can now simply use the banking app they already trust, which now has this new functionality embedded.

Tap to Send/Receive for P2P payments

Further down the road, we see more use cases for Tap to Send/Receive (TTS) where card rails are used for person-to-person (P2P) payments. P2P payment solutions such as Mastercard Send and Visa Direct are not new and have had some success in a limited number of markets. The relatively high cost and low market visibility have limited their adoption. With tapping as the user experience, using a card or another phone, P2P payments could expect a new lease of life with TTS for some use cases.

Tap to Everything is here

Hopefully, some of the above real-world examples and use cases prove that the Tap to Everything vision, which was just that a year or two ago, is rapidly becoming a reality. And it’s touching all parts of the payments ecosystem, from issuers through to eCommerce retailers and customers.

The benefits of exploring the new trend are legion. Tap to Everything is bringing easier card provisioning, slicker and more secure authentication, and fewer eCommerce transaction failures. Chargeback requests are falling, and the customer experience is improving as these changes are being applied. Here at Mypinpad, we see ourselves as enabling the Tap to Everything revolution — which is clearly gathering momentum.