The core of Click to Pay (CtP) is simplifying the online checkout while keeping the customers’ privacy. And yes, this effortless and streamlined one-click approach for online shoppers brings several benefits to merchants, PSPs (payment service providers) and issuers. It can nowadays be easily integrated with support from partners, such as Netcetera. You get full certification and integration in just 8 to 12 weeks.
It is much faster than the direct and individual integration and certification processes of the card networks, which take more than six months. Netcetera’s Click to Pay product was created as a business growth accelerator. It is a tool that helps our clients offer the latest payment trends and technology and increases revenue while minimizing cart abandonments.
During our November 2023 webinar “Click to Pay is the future of e-payments – Elevate your payment experience now!”, which hosted over 120 attendees from the payment industry, we promised to follow up with updates and answers to the many questions that popped up.
In keeping with this, follows an interview with Suzana Kordumova, Senior Product Manager in Secure Digital Payments at Netcetera, explaining the evolving nature of Click to Pay.
Since its first introduction on the market three years ago, Click to Pay has evolved to its improved version today, especially with the latest CX enhancements that make the customer experience more user-friendly and intuitive.
1. What is the highlight of Click to Pay?
It unites and gives one voice to the different stakeholders in the payment industry. It is a card network-neutral solution that provides a consistent user experience via the unified Click to Pay checkout flow that speeds up the guest checkout process.
The purpose of Click to Pay is to automatically recognize the consumer environment or the consumer. If successful, their cards are found and presented to the consumer. This allows the consumer to select the card and make a successful transaction through a seamless process without them having to type it manually.
If the cardholder uses Click to Pay as a payment method, the issuer is aware of this in both the 3DS flow and the authorization request, respectively. Their risk systems of both flows will likely consider the transaction safer because of the underlying tokenization and the additional assurance data sent by the SRC Systems (Secure Remote Commerce, the protocol name for CtP). In the 3DS flow, this means less transactions are likely to be challenged. And the authorization flow is expected to show a higher approval rate.
Click to Pay brings improved approval rates. Visa reported a 4% increase in approval rates and Mastercard 3%.
2. What are the prerequisites for enabling SRC payments?
Click to Pay is meant to be coupled with tokens. While some major card networks support PAN transactions with CtP (according to the payment industry predictions, we will enjoy a PAN-free future relatively soon), others don’t. So, a prerequisite for the second one is for issuers and acquirers to support tokenization.
Another prerequisite is that cards are easily enrolled into the SRC profiles. It’s as simple as it sounds: if the issuer has the Click to Pay push provisioning within their application, it will benefit cardholders by quickly enrolling their cards in Click to Pay. When the issuer does not have Click to Pay push provisioning, there is an interim solution where the user can enroll directly through the merchant shop, a feature offered by Netcetera. In the long run, Click to Pay is expected to be a feature of the card, i.e. an SRC Profile will be created at the card’s inception with auto-enrollment and without the cardholder’s involvement.
A third prerequisite is that the merchant or PSP integrate a so-called SRC Initiator (SRCI) solution in their payment pages to handle the CtP flows.
3. Any challenges?
One of the issues for PSPs/merchants is to deal with the different specifications of the various card networks. Using a solution from a partner like Netcetra that offers out-of-the-box integration with the SRC Systems of the major card networks overcomes this challenge.
While the 3DS flow remains outside the CtP process for some card networks, merchants can use the PSD2 exemptions as with standard transactions. Visa’s latest update allows the SRC System to perform 3DS authentication and handle PSD2 exemptions on behalf of the merchant/PSP.
4. What are the main benefits of using the Netcetera solution rather than other alternatives?
Why bother going through the difficult and time-consuming process of integrating with every single card network when a ready solution on the market saves time and costs? It enables a streamlined end-to-end certification process with quick activation and productive rollout.
Netcetera’s Click to Pay is a highly flexible and configurable solution concerning the specific requirements of merchants, payment service providers, and card networks. This white-label solution can be quickly and seamlessly integrated into any digital shopping application (anywhere in an online store or on a hosted payment page). While it works across all user devices and enables online shoppers to control their data and protect their privacy without long registration processes, it is an available package with VISA, Mastercard, and AMEX (currently fully evaluated). This results in the lowest possible effort for the merchant or PSP for implementation and integration.
Being a Netcetera client means enjoying full support during the integration process and complete reliability once live, with covered certification.
Netcetera’s product was specially designed to help PSPs become SRC Initiators with minimal effort.
Visa and Mastercard perform a rigorous review and certification of the CX, which the PSP would have to undergo if deciding to do it independently. With Netcetera’s solution, CX is already pre-certified and most likely very close to what the PSP would end up with after going through the Visa or Mastercard review and certification.
5. Who has the liability for the transaction?
Click to Pay is not involved in the cardholder’s authentication, so there is no liability shift for Click to Pay transactions. The liability shift relates to the 3DS authentication.
6. Does the merchant receive any customer info from the Click to Pay flow?
The PSP holds the cardholder data, stored and operated in a secure PCI-DSS-compliant environment, from which it can share non-sensitive data, such as the name or the billing/shipping address, to the merchant. If the merchant directly integrates Click to Pay into it e-shop, it will have direct access to the customer info.
7. Are e-shop or device-specific cookies used?
Browser-specific cookies are used, which means that if the consumer opens another merchant’s e-shop that supports Click to Pay on the same device/browser, they will be directly recognized and shown the cards from their Click to Pay profile. Those Click to Pay recognition cookies are dropped in common SRC domains of the networks.
8. What will happen if an unauthorized user gets the device and completes the payment?
Getting possession of the user’s device is the same, if not as easy, as gaining possession of a plastic card from the consumer. That’s why it's essential to perform a 3DS authentication before letting the shopper check out, and it is a must for high-value payments in Europe.
9. How is this different from MasterPass, or what is its advantage compared to other digital wallets?
Compared to the conventional card network-specific online wallet products (Masterpass, VISA Checkout, Amex Express Checkout), Click to Pay is based on a card network-neutral specification from EMVCo - implemented by all networks.
Thus, it offers the same solution and CX for all participating networks. It is expected that very shortly, it will act as a unified card network substitution solution with the customers being able to access a list of credit and debit cards they have enrolled in. In addition, it is also possible to retrieve the consumer address details from the Click to Pay profile to be used by the merchant, as is the case with some of the other digital wallets.
CtP doesn’t require a merchant login. Customers who traditionally prefer the guest checkout option no longer must repeatedly enter their card, shipping, and billing information when making online purchases. Also, Click to Pay users no longer must store and share their sensitive card and personal data with many online merchants to enable card-on-file payments.
10. What else could the big card networks do to boost the penetration of Click to Pay?
Card networks already promote Click to Pay adoption worldwide, for instance, by mandating push provisioning for European issuers. In addition, they support PSPs and merchants that want to integrate Click to Pay. However, educating the cardholders is highly recommendable. Once it becomes an end-user demand, merchants will seriously consider its implementation, and it can reach the status of a popular checkout method.
Enhancing the Click to Pay customer experience
In September, EMVCo released the draft EMV® Click to Pay Customer Experience (CX) Guidelines for public review and feedback by the end of November. The draft guidelines aim to support merchants, payment service providers, product owners, developers and CX designers in simplifying the online checkout and making it more consistent, convenient and secure. This can help merchants to reduce fraud and lower cart abandonment.
Learn how to integrate Click to Pay and discover its benefits to all e-commerce players!
Available recording of Netcetera’s webinar on demand can be found here.
On this topic