Over the last couple of weeks, I stayed up late to catch the US Open. Watching Novak Djokovic play made me wonder how someone could be so physically ‘perfect’, have a game so consistent and almost error-free, and produce shots that are so repeatable when under severe pressure. The exceptional output, I felt, resulted from several factors and stakeholders: personality, technique, practice, tennis coach inputs, physical conditioning coach, mental coach, nutritionist, etc.). However disparate, these elements together in unison to fuel a common objective. Having spent the last six-plus years in the payments space, I have realized that the above logic applies perfectly to any consistent, user-friendly payment experience.
Understanding the Success Rate of E-commerce Transactions
When I first started, however, it did seem overwhelming – the various terminologies, the players involved, the transaction flow, the payment experience, and the metrics that mattered. It helped that I was thrown in the deep end soon and had to effectively help turn around a payments security platform migration (that was going south) for a large client. Contrary to what one may visualize with fancy dashboards and data coming up on large screens, we worked with basic Excel sheets and downloaded data daily for analysis. As the first task every day, my colleague and I sat down to review the previous day’s system performance or the ‘success rate’. This detailed postmortem of ‘failed’ transactions, while terribly boring at times, turned out to be the basis for understanding the components involved.
Slowly, over the next 3-4 months, I was able to piece together the puzzle that an e-commerce payment transaction was and worked out an approach to boost the system’s performance. I had identified the various factors that help build a smooth, scalable, and reliable transaction experience, and much to my surprise, I realized this involved at least six to seven stakeholders (teams) with seemingly different objectives coming together.
How Many Stakeholders are Involved in Making a Payment Experience Smooth?
Who, then, are these stakeholders? For that, we must first start with a payment experience. Let us take up the simple journey of shopping online with a credit card. This seemingly simple journey has several moving parts and involves multiple systems interacting with each other in sync. Let us dig deeper now and identify the stakeholders involved in making a payment experience great for the customer.
1. The Bank (or Issuer) and the Technology Provider for a Payment Experience
For a customer (such as you and me), the bank is the key interface. Banks onboard a customer, set up the account, and provide the card (which is the payment instrument). While banks typically maintain the customer demographic details, define the payment experience, help design the user interface, and determine the risk policy applicable to the transaction journey, they work closely with payment technology providers to achieve this. Multiple teams within the bank and provider play a crucial role here. These include:
Ultimately, they are responsible for revenue. The business team’s objective is to ensure that the customer experience is the best and that more customers continue to transact (successfully) on bank-issued cards, thus leading to increased revenue.
The product team (bank and provider) focuses on the system design, including the payments journey, the user experience and UI, and ways to enhance the transaction success/approval rates. They tend to focus on business declines, which could include ones such as customers abandoning the transactions, customers closing the app/browser, clicking on cancel transactions, and more.
While the bank may have partnered with a technology provider, the IT team has the major responsibility of ensuring the reliability of the system. They work closely to review the integration with bank systems, check for key security aspects, evaluate the robustness and scalability of the partner’s tech ecosystem, and, most importantly, try to reduce technical failures that may lead to transaction drops. These include the design of the technology provider’s system, instability in the interface between the bank and the provider, and the integration with external players such as SMS vendors.
The bank operations team is the one that focuses exclusively on the system performance. They, along with the bank customer support teams, are responsible for maintaining a high-performing system and hence care a great deal about all the metrics that matter. The provider must share access to detailed reports and comprehensive dashboards so the bank team can track transaction volumes, patterns of transactions daily/weekly/monthly, success rates, failure reasons, and other system performance metrics such as latency, OTP delivery time, etc. The bank team demands access to as much data as possible so that they can help resolve any customer queries related to transactions since the customer’s exclusive interface is the bank.
e. Risk Assessment
Risk engines or fraud risk systems play a pivotal role in the transaction experience. A technology provider usually sets them up, but the risk policy is defined by the bank. There is an analysis of every transaction in real-time using advanced risk scoring models that consider multiple factors, including the current transaction data, the customer’s historical transaction behavior, customer’s data maintained by the bank, and other data on devices used, location, etc. Typically, we can expect to decline any high-risk transactions, and only low-risk transactions get approved. The goal of the risk team is to strike a fine balance between identifying genuine customers (and not declining their transactions, or avoiding false positives) and stopping fraudsters (and not allowing their transactions, reducing false negatives).
f. Information Security
Undoubtedly, this is the most critical aspect of the payment experience. The information security team is often the toughest to deal with. They represent the regulatory body (such as the RBI) and strive to ensure that the system is designed keeping in mind the security and privacy requirements recommended by the regulator and the bank. Their focus is on a host of details, including data encryption, security controls, and vulnerability testing for any interfaces, apps/portals, and source code reviews. Infosec teams usually demand multiple audits of the provider’s systems every year and expect several industry-standard certifications. Technology providers usually have a dedicated information security team to liaise effectively with bank teams and the regulatory authority.
2. Merchants and Payment Gateways
The best and worst payment experience is often on the merchant app or website. When everything is going smoothly, the customer goes through a near-frictionless journey. But when things go wrong, customers are have to cancel, retry, and sometimes go through the entire shopping process again. Merchants know that unhappy customers can switch loyalty in a trice. They work closely with payment gateways (the technology providers for merchants to enable them to process e-commerce transactions) and banks to build the best possible user experience during the transaction journey.
The Curious Case of the OTP
The OTP entry and validation process is a key aspect of the customer journey that has improved over the years. Typically, the merchant must redirect the customer to the bank page to enter the OTP since the customer authentication is the responsibility of the bank. This step, however, resulted in drop-offs whenever there was any network fluctuation (or even higher drop-offs in areas with slower internet speeds). Large merchants and banks (with their technology providers) collaborated to build an experience that allowed the OTP entry on the app/merchant website. Further, with app transactions on the rise, merchants also brought in a feature that allowed a customer’s SMS to be read & autofill the OTP, thus eliminating the friction associated with this step.
During festive sale periods, I have been involved in several discussions that focus exclusively on high performance and scalability. It is not unusual for banks and merchants to experience a surge in transaction volumes (5X to 10X the regular numbers). Therefore, the entire ecosystem comes together to optimize the design and ensure a ‘zero glitch’ experience. Along with scaling up the tech infrastructure, the merchants and banks focus extensively on ‘direct integration’ to eliminate the drop-offs, optimize the UI/UX, and build resiliency in the SMS delivery flow too.
3. Networks for a Payment Experience
The card networks (Visa, Mastercard, etc.) are the silent orchestrators of the entire payment journey. They constitute what is known as the ‘interoperable’ domain of the transaction, which facilitates the interaction between acquiring (merchants) and issuing (banks) domains. The networks onboard merchants and banks (built the two-sided network) and set up the payment infrastructure to enable data flow between the acquiring and issuing parties.
Since the transaction experience is typically determined by the risk associated with the transaction, the card networks establish the payment protocol (specifications) that allow for detailed data exchange. This includes information on the merchant, the customer transacting, the amount, the device, the currency, and much more. Acquirers and issuers use this information to effectively analyze the risk associated with the transaction and shape the customer experience accordingly.
The card networks continue to work closely with all players involved in the payment journey and design better flows to optimize the experience. Observing a significant rise in the number of apps and customers transacting on mobile phones (as opposed to browsers a decade ago), the card networks have worked on an advanced protocol to provide a highly streamlined experience for app payments. The flow itself has been modified to eliminate/reduce drop-offs, facilitate greater data exchange, and allow for the possibility of better and more advanced customer authentication options (in lieu of OTPs) such as in-app notifications, biometrics, etc.
Tokenization of Payments
Working closely with the regulators, the networks also shape the security standards associated with the payment experience. Over the last couple of years, there has been a push towards tokenization. E-commerce merchants cannot to store the card numbers anymore and can only store the token mapped to the card. While this adds a layer of security, this step has also improved the experience by ensuring that customers who tokenize their cards do not have to key in the card number each time during a transaction.
Sit back and closely watch a Djokovic rally. Observe how repeatable and consistent the shot-making is. It is deceptively simple. What we get to see wonderfully abstracts the multitude of factors working in sync to produce the perfect player with almost machine-like efficiency. I suppose you can now visualize and appreciate the hidden complexity that enables a smooth and consistent payment experience.
Write to us at firstname.lastname@example.org