One of the biggest challenges for an app store or mobile merchant is deciding whether to implement the best possible frictionless payment experience and drive the highest conversion rates, or introduce PIN codes before payment confirmation. Pin codes could increase security and prevent customer complaints or refunds due to unauthorized purchases. Bango powers a growing number of major app stores and mobile payments around the world giving us unique insights into user behaviour and the best responses to this challenge.
Contrary to initial instinct, in nearly all cases it is better to avoid introducing a PIN code system into the payment flow, but that does not mean security must be compromised. Here’s why…
- Experience shows that on average the number of fraudulent payments, along with all the related customer care calls, complaints and refunds are very low (<0.01%). In contrast, introducing interruptions into the payment flow not only results in a massive drop in revenue, but also reduces overall customer satisfaction and significantly increases customer care costs, typically from people who have forgotten their PIN code.
- PINs are frequently forgotten, which significantly reduces sales success and customer satisfaction. The obvious way to resolve this is to introduce a PIN reminder and reset option, resulting in a new code being sent out via email or SMS. Unfortunately, those emails and SMS messages can be openly accessed from the same device, therefore undermining the security that the PIN code theoretically provides.
If the user can’t perform a simple reset they will either never buy again, or they will call the store support line or their operator. These cause great dissatisfaction and cost significantly more than any potentially unauthorized payments. - A PIN system during purchase certainly reduces the likelihood of a payment being made by the wrong person, but it fails to resolve much bigger points of vulnerability, most of which are far more common than unauthorized app store payments. For example, while a PIN code may stop unauthorized purchases from the store, it fails to prevent unauthorized payments through premium SMS or charges to premium phone lines. Worse still it does nothing to prevent access or theft of personal information, user identity or contact details. Passwords or PINs are a must have, but in the right place.
- Industry standards such as MMA in the USA, or Phone Pay Plus and Payforit in the UK, do not require additional PIN authentication. In fact it is actively discouraged in favour of spend alerts, velocity throttling and control of unusual activity on the handset, all of which Bango supports.
Bango believes it is crucial to address the security of the entire handset rather than introducing multiple PIN codes to lock down each different feature. This is especially true as smartphone functionality grows and people depend on them for more sensitive activities. It is reassuring to see operators and device manufacturers actively encouraging overall device security, including passwords, shapes, fingerprints or face detection all triggered after short periods of inactivity.
Timely information about purchases makes a big difference, which is why Bango always sends payment receipts via SMS or email to actively ensure the account holder is aware of each payment made. These receipts are also retained online by Bango within the customer’s payment history.
On the rare occasion a customer challenges a purchase, it is quick and easy to issue a refund back to their account. Some operators go one step further and support payment reservation and collection models. These make it possible to reserve funds and only collect the money later, when the account owner has received their receipts. These days an incorrect purchase can be reversed with the minimum of fuss and customer care interaction.
Bango believes that intelligent prevention is better than active blocks. Deliver the best one-click payment experience with high customer satisfaction, while also minimizing risk, customer care costs and refunds. The Bango payment platform contains advanced real-time payment analysis, which includes spend alerts, velocity throttling, payment trend analysis and more. It allows us to spot when users unexpectedly start to buy large volumes, high value items or unusual things. Only when these increased risks are detected are additional checks and security steps really required.