Optimising Online Payments: Balancing Secure Authentication with Friction-Free Transactions

In this series of articles, we are looking at how your ecommerce brands can optimise your payment processes. We’re looking at four steps:

  • Customer experience – the user experience of the payment journey
  • Authentication – how to recognise customers and prevent fraud
  • Approval – how to optimise rates of payment acceptance by issuing banks.
  • International payments – how you can ensure that everyone feels welcome.

In this article, we’re talking about authentication – and how you can enable secure payments without adding unnecessary friction and delay to the customer checkout.

Convenience is Not Everything: Why Security Matters More Than Ever

We’re all shopping online more than ever. At the height of the pandemic, in some countries over a third of total retail spend was spent online — and this proportion is not expected to return to pre-pandemic levels. While technology has fuelled the drive toward convenience, security remains at the centre of customer’s concerns — particularly as the pandemic has encouraged people to shop online for the very first time.

In reality, security remains a priority for all consumers:

Security is not a nuisance for customers. They want ecommerce brands to ensure that their details are used correctly and that they can trust they won’t be a victim of fraud.

The Background: Strong Customer Authentication


Let’s look at how customer authentication works. Since 2019, this has been mandated by the EU in what is known as PSD2 – payment services directive 2. As online payments have multiplied, new ways to ensure the integrity of these payments have been required.

The EU’s response has been to oblige online payment providers to offer strong customer authentication (SCA). From Dec 2020, this applies to all EU issued cards – and from 2022 to all cards issued in the UK.



In practice, SCA means that during payment, customers need to prove their identity through two of three methods:

  • HAS – A device like a smartphone or watch
  • KNOWS – A password, PIN, or security question
  • IS – Biometric data, like fingerprint, eye or voice recognition

This is now the norm for every transaction. But there are some that are exempt, including payments below €30; low risk and recurring transactions; merchant-initiated payments.

How to Optimise Customer Authentication in Your Online Payments 

Embrace Necessary Friction

In eCommerce, quicker is usually better–with loading speeds and checkout processes ideally kept to a minimum. Yet, that doesn’t mean sacrificing security for speed. Customers trust merchants that take security seriously. That means some security is going to be necessary. Here’s what you need to do:

  • Make yourself SCA compliant. SCA mandates some level of friction. And for transactions within the EU, it’s now a legal requirement. For ecommerce stores, it’s usually done through 3D Secure 2, an SCA-compliant authentication protocol.
    CCV’s tailored, brandable payment platform can take care of everything for you.
  • Enable digital wallets. Applications like Google Pay and Apple Pay will take care of SCA processes, conveniently from your customers’ device.
  • Ensure security is visible. Providing logos of Visa and Mastercard, your payment services provider, and 3D Secure shows customers you know your responsibilities. Tell customers what you are doing to keep them secure.Find out more about communicating security in the payment process in our article on optimising customer experience of online payment.

Offer Choice in Payment and Authentication

Not all customers want to pay the same way. To balance security with customer preference, ensure that you do the following:

  • Let customers choose how they prove their identity. Fingerprints are often preferred to card readers, but offering a full range of authentication options–including app-based security systems, passwords, biometric data, or receiving codes through SMS–will keep your diverse customers happy.
  • Offer technologies consumers trust already. Digital wallets and application-based payment services like PayPal handle authentication in an environment customers trust.
  • Recognise that not all customers want to sign-up. Having to create an account remains an important reason for cart abandonment. Offering a secure pathway for guest checkout will boost conversions while minimising fraud.

Take Advantage of Faster Payments

Not every transaction needs to be secured with SCA. Smaller transactions (below €30), low-risk payments, and transactions for returning customers can be performed without the need for SCA’s two-factor authentication. How to do this while maintaining trust?

  • Use tokenisation to offer one-click payment. Returning customers often expect to move quickly. Tokenisation allows payment details to be used without being stored.
  • Allow customer recognition across channels. Customers who shop with you instore may want to work with your app and online channels. Make this easier by unifying under one digital identity. CCV can help.

Localise the Payment Experience

Consumers are considerably less likely to buy if payment processes are in different languages or different currencies. When you are selling to a global audience, localisation matters.

  • Remember payment choice. Not everyone in the world uses VISA and Mastercard. Ensuring you offer choice of payment will be crucial in maintaining diverse users.
  • Know your SCA rules. Within the EU, strong customer authentication applies to all customers. If you are receiving payment from customers outside of Europe, you will not need to authenticate them.
  • Simplify everything. At CCV, we can make crossborder transactions much easier to handle.

Talk to CCV

At CCV, we can help by:

  • Providing guidance on SCA and 3D Secure.
  • Ensuring secure transactions across borders and currencies.
  • Allowing customer recognition across channels.

Feel free to contact us HERE.