For several years, online payments in India have been subject to two-factor authentication, which works as follows: Shoppers reach the checkout page of the merchant or biller’s website where they select their method of payment (e.g., credit card). They’re then ferried across to the payment provider’s website. Here, they enter their credit card details including the CVV number. After clicking the “Pay” button, they’re shunted to their bank’s website where they’re required to enter their VerifiedByVisa (VbV) Code or an equivalent password. Once this password is authenticated, they’re returned to the original merchant / biller’s website with a notification of successful or failed transaction.
This sounds great in theory and gives a lot of comfort feeling to the average online payer that their payment is safe, but doesn’t work so well in practice. Let’s see why.
Before the payment is complete, it has to traverse through 4-5 websites run by as many different parties including the merchant, electronic payment gateway (ePG) provider, acquirer bank, issuer bank and payment processors of the acquirer and issuer banks. Even if each website in the chain works most of the time, the chances that all websites are simultaneously up and running are quite slim. For example, if each website in a 5-website payment chain has an uptime of 98%, the end-to-end uptime of the payment chain is only 92% (being 0.98*0.98*0.98*0.98*0.98). The real-world implication of all this bizarre probability theory is that roughly one in 12 payments gets stuck up at some stage or the other. The problem is exacerbated if the payer’s Internet connection is patchy.
When the payment is incomplete, payers have to repeat it – that’s only the best case scenario. At worst, they might find the transaction value being debited to their credit card because their bank thinks the payment is complete. In trying to reverse the charge, the payer goes through a mini-nightmare: The merchant refuses to ship the ordered items since it hasn’t received the payment. In case of bill payments, the biller suspends service for the same reason. Both point the payer to the bank that has issued his or her credit card. The card issuing bank tells the payer that it has already remitted the money to the merchant’s bank, so s/he should follow up with that bank. Now, *that bank* means the acquirer bank which only has a relationship with the merchant and refuses to entertain the shopper, whom it doesn’t know from Adam / Eve. In short, the shopper enters a long, wild-goose chase and cannot get redressal from any single party, all the while being out-of-pocket of the transaction value (and short of electricity, broadband, cable TV or any number of services in case the doomed transaction pertained to the payment of one of their bills).
Now, the regulator might claim that it has mandated two factor authentication to increase people’s confidence in sharing their credit card details online. That sounds logical on paper but doesn’t seem to be true in practice – “Cash on Delivery” trumps all other methods of payments for e-commerce in India. Even people like me who’ve paid online by credit cards for over 10 years have recently switched to “Cash on Delivery” for all e-commerce purchases. The day is not far when such people seriously contemplate returning to physical stores for shopping and billers’ outlets for paying bills. When that happens, merchants and banks alike would face rising operating costs since their branches are their highest-cost channel. What’s worse, many of them don’t even seem to be aware of the tremendous shopping cart abandonment problem – and the resultant loss of revenue – they’re suffering from this cumbersome payment process. The few that we’ve spoken to simply throw up their hands and point their finger at “regulator’s policy”.
Against this backdrop, Cleartrip Expressway is interesting. This new service, launched by one of India’s largest online travel agency, offers to store credit card details (minus CVV) on file. Instead of making a shopper enter them in full for each transaction, Expressway pulls them up from file. The shopper then only needs to supply the CVV number and VbV / MasterCard SecureCode passwords to complete an individual transaction. This eliminates around 35-40 keystrokes per transaction. While nothing to sneeze at even on a PC, this saving in effort is heavenly on the virtual keyboard of smartphones, which are being increasingly used for online shopping and bill payments nowadays. While new to India, Expressway-like functionality has been around on global e-commerce websites for a long time. Expressway’s “1-Click” billing has to be taken with a pinch of salt. Even so, it makes substantial headway in reducing friction in online payments in India. By letting its customers skate away with online payments, we’re sure Cleartrip is enjoying higher conversion of browsers to buyers and greater loyalty from its existing customers.
While it’s still far from delivering an Amazon-like shopping experience, Cleartrip has likely accomplished the best possible alternative under the present regulatory environment in India. Hope more merchants and billers follow the trail that Cleartrip has blazed so that online payments in India become more painless going forward.