Digital commerce has a data problem.
Jeff Hallenbeck, head of financial partnerships at Forter, told PYMNTS that “data droughts” exist between issuers, payment service providers and card networks when making risk-informed decisions about whether — or not — to approve transactions. The result? Friction, lost revenue and a poor customer experience.
Simply put, even though there’s tons of information collected about every one of us as we transact across mobile devices, browsers and even point-of-sale systems in brick-and-mortar settings, the relevant details are not getting through to the parties that need them most urgently.
“If you start at the ‘end’ of the journey and work your way back, it really helps you see how much data is lost along the way,” Hallenbeck said.
Issuing banks are the ultimate decision-makers when it comes to eCommerce transactions. But the data “payloads” accompanying those transactions don’t have the information that’s most useful in determining a customer’s risk profile, he said.
“If you’d ask any risk service provider to make a risk decision on a transaction — but don’t give them visibility into the digital identity data points such as IP address or the device fingerprint — they’d tell you, ‘There’s no way I’ll do your risk protection,’” Hallenbeck said. “But when we look at the data a bank gets on a typical eCommerce transaction, they don’t even have basic details like email address or shipping address.”
Without those details, it becomes much more difficult to make an informed risk decision.
The messaging standard that issuers still rely on — known as ISO 8583 — traces its genesis back to the 1980s. Established well before the dawn of the internet age, the standard lacks specifications that contain those key data points for electronic transactions.
3DS, which debuted earlier in the millennium, has proved no panacea for digital commerce, noted Hallenbeck. The security protocol, which requires that cardholders submit proof of identity by entering passwords or juggling SMS codes, has injected friction into the commerce equation, aggravating consumers and leading to a surge in shopping cart abandonment.
“When we think about friction, it’s been all about that 3DS rail, and how it’s implemented and used by both sides, the merchants and the banks,” he said.
It’s more imperative than ever to collect the data points and details that collectively establish a party’s digital identity, that cardholders are who they say they are, and that transactions need not be challenged.
Easier said than done, according to Hallenbeck.
As it stands right now, issuers differ from one another in terms of their ability to digest or use data. The banking industry is nothing if not fragmented, and risk procedures and operations aren’t uniform.
“Every bank is different in how they approach transaction risk,” noted Hallenbeck, adding that even within banks, several teams are examining the same transaction simultaneously.
According to Hallenbeck, what merchants need, and what the industry needs, are “smart data models” that can help decide how to package and route a specific transaction. Forter, an artificial intelligence (AI)-powered digital commerce enablement company, opens lines of communication between banks and merchants, providing the relevant data and context specific to their businesses.
The goal is to predict issuer behavior and route transactions in a way that will maximize their chance of success — with a positive outcome for banks, merchants and consumers.
“The models’ job is to understand performance and to test the differences in the payloads … and then you can supplement that with people to examine exceptions on a case-by-case basis, if needed,” he said.
In examining those exceptions, said Hallenbeck, “That’s where the partnership angle comes in. We at Forter view ourselves as working not just for the merchants, but for the ecosystem itself.”
“If you’re just sitting on one side trying to guess what all the data means, it can be really difficult to find answers,” he added.
Any conversation around data isn’t complete without discussing the shifting sands of data privacy regulations worldwide and how to navigate them while solving transaction throughput at scale.
Citing the California Consumer Privacy Act of 2018 (CCPA), the European Union’s General Data Protection Regulation (GDPR) and the data rules of individual banks, Hallenbeck said that banks are under heavy regulatory scrutiny and can’t easily adapt their data governance policies based on a specific merchant’s needs. Questions arise as to who is responsible for building regulations to ensure that data is shared safely and securely. The answer, he said, lies with stakeholders and regulators working to solve the challenge together.
“You can’t have one part of the ecosystem saying, ‘I don’t share data with anyone,’ and another entity saying, ‘Yes, I share data because it’s benefiting my customers,’” Hallenbeck said.
Merchants, networks, processors and banks all need to come together with a compelling, data-driven story for regulators that lays out the use cases and data points that matter, determines if it is the right time and place to share them, and shows how all parties can still maintain the highest levels of data security.
As more merchants and financial entities turn to FinTechs like Forter to harmonize competing interests that ironically share the same goal — enabling more digital commerce securely — there must be agreement on success metrics.
While some prefer fraud rates, others authorization rates and still others risk approval rates, Hallenbeck recommended embracing his preferred success metric: the overall completion rate.
“From order submit to the bank making an authorization decision, that’s completion rate,” he said.
Blending the completion rate with overall cost (including net fraud rate) helps build a cohesive story around how much missed opportunity exists for the ecosystem.
Having a clear and accurate picture of these performance metrics is ultimately key to driving better results for merchants, banks and consumers.
“We have the data that each part of the ecosystem needs,” he told PYMNTS. “We see all aspects of the transaction lifecycle from authorization down to chargeback representment. We can help our customers measure success where they may not even be looking today. AI and machine learning help close the gap between where the industry has been and where it needs to be.”