Expansion Under COVID-19

The Remote Commerce domain is home to e-commerce, many mobile payments, and the venerable mail-order, telephone-order method (MOTO). The growth in transaction volume in this domain has been nothing short of phenomenal accounting for a:

• 56 percent of overall U.S. retail sales growth in 2019
• 47 percent increase in U.S. sales forecasted for the five years 2019 – 2024

Despite those growth rates, the Remote Commerce domain has accounted for less than 15 percent of retail sales. Don’t expect that figure to last. The pandemic has increased the pace.

Six months ago, optimistic forecasts suggested that card not present transactions would dominate by 2024. In May 2020, Mastercard reported that over 50% of its transactions were card not present. Credit union processor PSCU reported 55 percent of transactions and 63 percent of spend were card not present. 

Consumers and merchants are rushing to the Remote domain as convenience and self-quarantine shift shopping and retail behavior. 

Historically, payments innovators have had to overcome the “chicken and the egg” problem: the need for both consumers and merchants to adopt a new payment method for it to be useful. We point out in our Payments Boot Camp® that shifting consumer behavior requires either a perceived financial gain (loyalty points) or increased convenience to motivate a change in behavior. If the provider can do both, so much the better.

To those consumer imperatives, we now add “necessity.” Whether a local purchase via a “Buy Online, Pick-up In Store” (BOPIS) scenario, through a home delivery service, or from an online retailer, consumers are increasingly using in-app and online payments to complete the transactions.

In lock step with consumers, many merchants have changed how and where they accept payments. Merchant payment decisions are traditionally motivated by, first, how well that method helps the merchant get paid. Second, if a new method of payment increases sales, so much the better. Lowering its cost compared to other payment methods is in third place. 

Under COVID-19, we add business survival as a motivator. For many verticals, shut out of selling in the POS Commerce domain, card not present transactions have become a major component of their payment flows. Many verticals including grocery stores, in home entertainment, home office furniture, health, wellness, etc. are doing very well. Those that rely on the customer’s physical presence for product or service delivery and who have not been able to shift to online channels have seen business drop precipitously. 

Swift Shift to Online Channels

These graphs highlight the turbulence in buying patterns in the Remote Commerce domain in four countries. Year over year payment orders (count) for pure e-commerce retailers (those with no brick and mortar presence) and brick and mortar retailers with an online presence show high volatility since January but both show substantial growth in Remote Commerce activity. (Source: CC Insights, Worldometer)

 

Remote Domain’s Dominant Verticals

There are 5 key verticals in the Remote Commerce domain: 

• Retail
• Travel & Entertainment
• Digital Goods & Services
• Marketplaces
• Subscription Services

E-commerce merchants operate only in the Remote Commerce domain. Those that sell primarily in-store make up the cohort that has made a strong pivot to BOPIS, curbside pickup, and doorstep delivery. These transactions rely on online and mobile payments. Those merchants who survive the pandemic’s economic impact will look at new ways of doing business, each of which comes with new challenges that include managing cost and risk.

Fraud and Risk Rise

The online behavioral shift has implications for all payments ecosystem stakeholders, most notably in direct card payments and digital wallets, which enable a combined 82 percent of remote commerce volume globally (Worldpay Global Payments Report, 2020). 

The Remote Commerce revenue enabled by card systems is potentially accompanied by three pitfalls: 

• Chargebacks. Increased disputes or chargebacks due to online and friendly fraud where the convenience of the Remot Commerce channel makes fraud easier to perpetrate
• Liability Shift. Liability shift based on card network rules that shift transaction liability to the merchant for card not present transactions. 
• Failed Transactions. Increased failed transactions often due to the lower authorization rates of the CNP channel. (Mastercard reports that its issuers approve 98 percent of card present/POS commerce transactions. The card not present approval rate is 81%.) 

Since the pandemic’s arrival, there has been a distinct uptick in fraudulent transactions in many countries. The domino effect of increased disputes and chargebacks is now apparent. 

Some of this is attributed to commerce fraud. Forbes reported that Amazon has removed more than one million products related to the coronavirus and COVID-19 found making false claims. A Reuters report highlighted that Consumer victims in the United Kingdom have lost more than £800,000 ($1 million) in recent coronavirus-related scams during April. 

There is also evidence of increased buyer or “friendly” fraud. The US has seen fraudulent order activity rising in March, as fraudsters take advantage of Merchants overwhelmed by the number of orders, cancellations, delayed orders, and chargebacks. Similar patterns can be seen in other countries. The National Fraud Intelligence Bureau (NFIB) and the Federal Trade Commission are warning people to be on guard against both.

Additionally, security reports published by Google and other sources demonstrate increased account credential harvesting activity with subsequent upticks in phishing and credential stuffing attacks for account takeover (ATO) purposes. Think of this as the harvesting of data by fraud rings for immediate gain as well as preparation for increased fraud (i.e. theft) as legitimate customer spend increases and fraudster activity is hidden among the higher volume of legitimate transactions.

The Costs of Fraud

These losses get expensive. Liability shift costs include the network or acquirer fees associated with the chargeback that come on top of the loss to the merchant of the good or service itself. These fees can be as much as $20 per item. Similarly, wallets may pass on losses related to disputed transactions to merchants along with associated fees. In some cases, acquirers will impose reserve requirements on merchants experiencing high dispute, return or cancellation rates, making today’s difficult working capital situation even more challenging.

We anticipate lower authorization approvals as issuers, wallet providers and merchants adjust their risk models and tighten controls to accommodate volatile purchase patterns and mitigate fraud losses. 

The table below summarizes the impact on payments ecosystem stakeholders of these three pitfalls across card and wallet payments.

	Consumers	Merchants	Acquirers	Issuers	Networks
Increased Disputes & Chargebacks	Neutral	Negative	Negative	Negative	Neutral
Liability shift	Neutral	Negative	Neutral	Positive	Neutral
Increased failed transactions	Negative	Negative	Negative	Negative	Neutral

Short-term Impact

Extended timelines for public health measures over the next several months will sustain today’s higher reliance on Remote Commerce to enable purchases.

Some consumers with available funds or open credit lines will experience “false positives” declines due to changing fraud detection models, a negative outcome for the consumer, the merchant, and the issuer. We have also heard of issuers loosening AUTH standards in part to compensate for lost POS Commerce domain transaction volume.

Being a merchant in the Remote Commerce domain is a great place to be these days if you are in an “essential” vertical or right next to it. Merchants with experience in this domain understand and know how to manage its pitfalls. “Brick-and-mortar” merchants, innovating in the Remote domain for the first time, may see significant chargebacks and the associated liability shift costs, particularly in verticals like restaurants and grocery stores. 

Those in the Subscription Services vertical may experience higher than normal declines as consumer’s struggle with lower or no incomes. They may also encounter upticks in cancellations or requests to suspend services. Across all verticals merchants should anticipate increased requests for refunds and cancellations.

With impacts in nearly every aspect of the economy, some acquirer may look at rebalancing their merchant portfolios to reduce exposure to the POS Commerce domain. Managing chargeback losses, a major factor in Remote Commerce transactions, will be another task. 

Shifts in approval rates may also result in revenue fluctuations for acquirers. Glenbrook has heard that many issuers, intent on maintaining revenue, have loosened AUTH standards for CNP transactions in an effort to replace lost POS Commerce transactions.

We have seen immediate action by the Visa and Mastercard Networks in response to the pandemic. They deferred their spring release and planned interchange increases in the US. They also relaxed chargeback adjudication timeframes. With merchant pressure (such as the recent letter restaurants sent to the US Congress petitioning for expanded interchange regulation) and potential regulatory scrutiny, we may see this deferment extended. However, these actions do not directly impact the networks. Instead, they affect issuers who are also facing lower transaction volumes and increased chargebacks. 

Longer-term Impact

Longer term, we see the pandemic as an accelerant to a Remote Commerce trend that projects Remote Commerce transactions to permanently overtake POS by 2024.

The critical dimensions highlighted in the previous table will still be in effect 18 and more months from now.

As immediate operational issues are addressed, we expect both issuers and acquirers to reassess their risk appetites and set new parameters for the extension of credit to consumers and underwriting requirements for merchants. The COVID-inspired spike in fraud will further drive those changes.

We anticipate increased oversight from central banks and regulators as they closely monitor economic recovery efforts. There are implications for new or accelerated mandates for consumer identity management, data privacy, and payments fees.

Industry Implications

Merchants may seek alternatives to card payments as a response to increased payment processing costs and chargeback liability in the Remote Commerce domain. 

Real-time retail payments may move more aggressively into Remote Commerce with modified rules for dispute resolution and possibly more attractive pricing for merchants. Whether consumers will shift from debit cards to push payments will likely hinge on convenience and the protection they receive for fraud. Larger merchants might offer benefits like purchase protections to incent consumers.

Cost concerns and tightening credit with resulting authorization declines may boost demand and adoption of alternative forms of payment. Options include digital consumer financing options like Affirm, AfterPay, and Klarna. PayPal is an obvious consideration as is newer entrant Trustly. Card networks may do more to promote installment and adjunct line of credit to traditional card products. Large merchants may offer their own financing options. 

Demand for improved security features, strong authentication, and secure transmission of sensitive payment data among stakeholders will accelerate. 

Networks and issuers may accelerate tokenization plans to protect the integrity of their payments systems while increasing fees and fines to enforce compliance.

Secure Remote Commerce (SRC), an EMVCo tool that enables consumers to pay with account details stored and managed by the card network rather than the merchant, may see a boost in adoption if networks promote the product more aggressively.

Regulators in countries where identity and authentication laws are not in place may implement regulatory measures that enable better consumer protection. In parallel, increased online fraud in core verticals in countries that have not mandated strong customer authentication (SCA) may lead to new regulatory requirements for strong customer authentication. 

Recommendations

Consumers

The fraudsters are out in force. Consumers should be wary of any requests in text, emails or social media to click links, download apps or enter information that could lead to compromised account details. This includes resetting passwords, turning on 2-factor authentication, and monitoring card and bank account activity.

As needed, consumers should reach out to merchants and banks to arrange new payment terms, pause services, and make other adjustments to weather the uncertainty and economic downturn we expect to continue over the next 12 – 24 months. 

Merchants

Merchants should take immediate and continuous steps to augment network security and monitoring for signs of phishing attacks, credential stuffing, and attempted data breaches. This includes consumer and employee education programs on password management and protection, multi-factor authentication, password storage, and social engineering.  As soon as practical, merchants should implement customer alerts when account details are modified, employ 2-factor or multi-factor authentication, and establish tokenization of account information through an acquirer or PSP.

Merchants should work with their payment providers (acquirers, wallet providers, or PSPs) to review internal policies and procedures that optimize sales and mitigate fraud, with ample consideration to the uncertainty brought on by COVID-19. A starting point for this review would include policies and procedures for:

• Network and website security 
• Customer account management (opening, updating, and closing accounts)
• Account and sensitive data tokenization
• Cancellation and refund policies
• Delivery policies

Last but not least, merchants should consider payment options that help boost sales in periods of credit tightening and reduce financial liability. Options to consider include: 

• Digital wallets (Apple Pay, AliPay, Google Pay and country specific wallets)
• Digital Consumer Financing products (AfterPay, Affirm, and Klarna)
• Payments with zero Merchant liability (real-time retail payments, and some Digital Consumer Financing payments)

Remote Commerce merchants, especially those in Retail, operate in a “winner take most” world. Execution – frictionless payments, strong customer communications, predictable fulfillment – is today’s major differentiator. Making the right payments and payments-related choices for customers today will help merchants expand their competitive position.

Issuers

Support for techniques that raise authorization rates, e.g. proprietary and EMVCo-based, is essential. One unnecessary decline and the issuer’s card could be replaced by a competitor’s offering and see that card used to fund transactions – think cable and Netflix bills – for years to come.

Issuers should consider augmenting card products with installment plans and single item credit for essential goods and services. Such offerings would help both consumers and merchants through economic recovery and strengthen relationships with customers. These capabilities may be built organically or established through fintech partnerships.

Networks

The card networks are in a strong position to strengthen the consumer payment experience through their risk management, fraud detection, and dispute resolution capabilities. Those capabilities are already being exercised under COVID-19. Merchants, and merchant sales, will be the beneficiaries. Networks should continue to broaden their support for non-card payments systems either as direct participants or through overlay capabilities. They may consider broadening operating rules to other supported payment systems to increase adoption of new installment, credit, and real-time retail (push) payments.

This may be the perfect moment to rethink and rationalize liability shift across the POS and Remote Commerce domains, while augmenting and accelerating requirements for strong authentication and tokenization.

Acquirers

Acquirers should look to new entrants in the Digital Consumer Financing and payment Facilitator space for ways to enable commerce in underserved merchant verticals. These moves will help onboarding and merchant management as underwriting policies and procedures are reassessed in the new economic circumstances. This could be an opportunity to establish new business practices that re-look at areas traditionally considered high-risk given the resilience of some of these verticals during the pandemic.

Regulators

Regulators should consider laws to further protect consumer information and mandate strong authentication practices across payments systems. With innovation in lending options likely to surge, regulations for non-financial institutions in particular should be reviewed as they see broader utilization in the Remote Commerce domain.

Fintechs

Fintechs should, and will, continue to push the envelope across all stakeholders by providing fresh thinking to the many challenges the next few years will pose commerce and payments. Solutions that bridge domains will become attractive as POS, Remote Commerce sales enablement, B2B payments, and working capital become increasingly interdependent.

Conclusion

The Remote Commerce domain is destined to become a far larger, if not the dominant, contributor to consumer payment volume. And it has much work to do to achieve that goal. Regulatory confusion is a challenge. Consumer education around payment choices, especially in credit, is needed. Security education for consumers and businesses continues to be a challenge and the need has never been greater.

The Remote Domain also offers enormous advantages for those who can use it well and deliver it effectively. Compared to the traditional, terminal-based POS Commerce domain, the online world can adopt new technology swiftly. That flexibility enables innovation that will, no doubt, continue to take share from other domains. 

 

---

This series examines these impacts, and others, in more detail through Glenbrook’s Domains of Payments framework. In the next chapter, we examine the Remote Commerce Domain and what the pandemic means for the future of online commerce.

[Domains]

Please return to the series landing page, to the Payments Views website, or sign up here to be alerted when the next installment is published.