Virtually impenetrable: protecting online shoppers – Paul Horlock

8 July 2014

Although consumers are turning to the web to source and pay for goods and services, there are concerns about the security of conducting financial transactions online. Those concerns persist today despite the banking industry’s efforts to protect clients online. Nationwide’s Paul Horlock speaks to Future Banking about how the industry can allay consumers’ fears.

When a sign in the window of an empty shop on the local high street reads "Thank you for shopping at Amazon", it is easy to believe that online retailers have become the first choice for shoppers. There is no doubt that consumers research products online before buying, and that big online retailers have seen their businesses grow exponentially, but it is too soon to say that customers prefer to make their purchases through digital channels.

In the earliest days of internet shopping, when consumer first realised the potential of accessing a wider range of products in a seemingly hassle-free environment, there was nevertheless great concern about the security of entering credit-card details on a website to make payments. Despite the growing ubiquity of the internet and the huge boom in online sales, many of these fears persist. Though card payments in online and bricks-and-mortar retail outlets are steadily gaining market share, it seems consumers like the confidence of paying in cash.

"The fact is that many customers do not trust online shopping," says Paul Horlock, head of payments at retail bank Nationwide. "According to figures from the British Retail Consortium, 52% of transactions in the UK are still done using cash, although the financial services industry has worked hard to make online shopping safe, easy and accessible. If over half of UK adults are worried that online payments are not secure, then it means the phobia of online shopping is more prevalent than the phobia of spiders. The reality is that security is very good, and it's amazing that people go back to using cash, which is far less secure."

The battle for hearts and minds

From the earliest days of online shopping, banks have been working with retailers to ensure that transactions are secure, and Horlock points to Visa's 3-D Secure protocol and MasterCard's SecureCode, which enable authentication of cardholders by their issuers through participating online merchants.

These protocols, which require an additional password to be entered during online purchases, work alongside merchants' own anti-fraud systems and security measures to provide an additional layer of safety, benefitting online retailers and their customers. Along with initiatives by individual banks, such as Nationwide's adaptive authentication processes, they embody the industry's efforts to work closely with merchants and customers in developing security measures that are comprehensive and simple.

"We have systems behind the online payment process that profile transactions, and we can intervene if we think that a customer's account has been compromised," explains Horlock. "Our focus on customers is the motivation for this, and we are pleased to be a top-rated organisation for customer satisfaction, so we constantly engage with them to gather their views about developing our solutions, as well as working with specialist vendors to build our model and our rules."

The success of the industry's work on security is such that once customers try online shopping they quickly become convinced that it is safe, convenient and reliable. The main challenge is to get more people shopping online.

"Once people have used online shopping services, the reuse rate is very high," says Horlock. "We want to get more people using it, and we want to continue making it as secure as possible. But we also need to make sure that security does not get in the way of completing transactions. If online retailers have one complaint, it is about abandonment rates, where customer do not finish a transaction because they are asked for too much information or the payment process becomes too complicated. We have to try make the process as simple as possible, so that security does not become an impediment to the transaction."

One way in which financial institutions are making the security of online and mobile payments safer is through the use of applications that are tied into existing bank accounts, such as Zapp and V.Me (see box, Zapp: quick and easy payments on tap).

"We were the first to sign up for V.Me," adds Horlock. "It looks after your cards online and we provide tokens that can be used with online retailers. Customers trust financial institutions to handle payment transactions and that is the basis for applications like, where what you have in your pocket is held online and is ring-fenced.

"If over half of UK adults are worried that online payments are not secure, then it means the phobia of online shopping is more prevalent than the phobia of spiders."

"The response from online retailers to tools like Zapp and is good, though there is always some reluctance to move to something new. But these tools help to lower the abandonment rate for online transactions because payment becomes a two-click process, which is much simpler."

While the development of applications such as Zapp and V.Me is a significant step forward, the industry has to combat the negative headlines about internet security when trying to persuade customers about the advantages of online shopping; for example, the news that eBay is asking users to reset their passwords following a breach of databases holding customer information - and the delay of many weeks between the breach and the notification of account holders - is not directly about the security of online payment processes, however, it raises broader concerns about data security on the internet.

"eBay has been pilloried for taking too long to respond to the issue, but it just shows that in this industry you have to be transparent and act on any problems immediately," says Horlock.

Many eBay users send payments through PayPal, which continues to become more popular as an alternative to card payments. Horlock recognises that such methods represent competition to the banks' services, though he believes that Zapp and V.Me will not only provide the same level of convenience, but also engender more confidence among consumers because they have the direct backing of financial institutions.

"PayPal has been doing well, and has made an aggressive move into the online payments space, but banks offer extra levels of protection and put a higher value on relationships than PayPal, which is nevertheless very good at what it does and has shone a light on all of us," Horlock explains. "It is quick and easy to use, but there is not the fully serviced banking relationship that we have with our customers. We are there to support our customers, and provide full security through the credit card and debit card services that are defined by industry standards."

Building momentum

The technology that delivers secure online payments will continue to evolve but, for now, the biggest challenge is not to develop better software; the real task is changing customers' attitudes to online shopping.

"Perception is reality," says Horlock. "We must work on changing people's behaviour. The issues that arise with online shopping are well managed. Breaches in security are found and action taken very quickly. If money is stolen from an account, then we cover it and provide the appropriate restitution because it is part of an end-to-end service to understand that risk. It is a way of building trust with customers.

"We have to include in our security measures efforts to educate customers about how to use our cards and services to shop online. Transactions in the digital world may seem less secure because they happen in milliseconds, and there has even been discussion about slowing down online payment processes to make them seem more secure, but passing cheques or cash is actually far less secure."

It is in the best interests of banks and online retailers to protect customers, and to some degree this means helping them make the most of the technology that is already securing their online payments.

"It is true that there are some terrible fraudsters out there," says Horlock. "There are many stories about phishing scams where people are conned into providing bank details over the phone. So, there is more to do when it comes to telling customers how to use security systems, and not to expose their details. We have to show them what we are doing right. The current account is there to help people live their lives and we have to make that as secure as possible. At the same time, we must not patronise our customers.

"It is all about momentum and building positive examples of how improvements in security have helped. We need to show customers that online payment systems help people to do what they need to do every day. It can be a long chain sometimes, but financial institutions must keep working in tandem with businesses and their customers, though people have different levels of confidence.

"The banking industry can provide more efficient, more cost-effective and more secure online shopping processes than competing systems, and we can make sure that there are fewer points in the payments process, which benefits customers and online retailers. The big task now is all about changing people's minds."

Paul Horlock is head of group service management at Nationwide Building Society, a position he has held since 2012. In this role, he provides infrastructural services covering IT, payments and corporate services to the Nationwide Group. He has specific ownership of end-to-end payment delivery for the society.