Paying by Bank: The key to combatting costly card fraud

The sheer scale of card fraud scarcely needs an introduction. The fact it cost retailers in the Single Euro Payments Area more than €1.5bn in 2021 cannot be solely attributed to criminals stealing cards and card information; it’s also down to their flawed infrastructure, too. Cards are, quite simply, an easy target.

And that’s not going to change any time soon, because the truth is that physical cards just aren’t cut out for the digital world. Even when the card is ‘digital’, accessed via Google Wallet or Apple Pay, it’s still a representation of a physical piece of plastic. The information it contains – which customers readily share with web browsers and merchants to store – can be readily compromised by hackers. 

Any consumer protection, meanwhile, comes at the expense of an optimum user experience. How many shoppers abandon their purchase because, after entering their card details and confirming their CVV code, they have to log into their banking app to approve their payment (a form of two-factor authentication, or 2FA)? According to Coresight, the figure is as high as 25%.

SCA: Two steps forward, one step back?

This additional layer of security – a result of Strong Customer Authentication (SCA), a requirement of the European Union’s second Payment Services Directive (PSD2) – is effective at preventing fraud. A consequence of its effectiveness, however, is that it deters customers from converting. More friction equals more failure.

Card payments, though, are not the only way to pay. If a customer has to use their banking app as a means of authentication, could they also use it as a means to pay? It is, after all, where their money is. 

The short answer is yes. It’s perfectly possible for a shopper to choose ‘Pay by Bank’ at checkout, select their bank, and be seamlessly redirected to their banking app – where their payment is pre-populated and ready to approve. It is, to all intents and purposes, an automated bank transfer. The card – no more than a clunky conduit to the shopper’s bank account and the money it contains – is entirely removed from the process.

Paying by bank is slicker and safer

While ‘Pay by Bank’ is slicker from a user experience perspective, it’s also much safer. Because the payment takes place from within the customer’s online banking environment – not an easily targeted conduit to it – it benefits from bank-grade security. Furthermore, the customer doesn’t share any sensitive data at all. They literally select their bank and complete the payment. Everything is encrypted and tokenised.

Hackers, then, are left with nothing to target – while the customer is able to check out more quickly. It’s the watertight fraud-prevention solution that e-commerce has been calling out for since the advent of broadband. And it’s been staring at us all in the face the whole time.

Payment innovators, however, had to wait until 2018 – when PSD2 took effect – to turn ‘Pay by Bank’ into a viable solution. The directive, aside from introducing SCA, facilitated the phenomenon of open banking; in other words, a customer giving a regulated third party provider, such as Volt, access to their bank account data in order to provide a service – such as initiating a payment.

Faster payments equals fewer fraud cases

It’s worth highlighting that these payments are near-instant, which itself helps avert the likelihood of fraud. If a payment lands in a couple of seconds – rather than a couple of days, as is the norm with cards – the merchant knows it’s safe to dispatch the purchased product or provide the paid-for service. 

In the interests of balance, it should be said that, while open banking is inherently safe, it won’t eliminate e-commerce fraud. Account takeovers, for example, can and do happen. An added layer of protection is needed to recognise – and put a stop to – payments made from a taken-over account.

The importance of filtering payments ‘at the gate’

At Volt, we’ve developed a tool called Circuit Breaker, which filters payments ‘at the gate’ before they’re sent to the bank. It effectively acts as a surgical tool by blocking payments it understands to be fraudulent. The ‘understanding’ comes from merchants setting their own rules governing what a suspicious transaction looks like. Since we launched it in 2021, it’s monitored more than three million payments; approximately 45,000 of which have been blocked.

Paying by bank has the power to save merchants huge amounts of time and money that would otherwise be lost to fraud – while also enabling them to receive customer funds faster via a seamless, friction-free checkout. At Volt, we believe it will become a preferred way to pay, globally, sooner rather than later. The days of card dominance are coming to an end – and that’s good news for merchants and customers alike.