Secure Credit Card Payment From Mobile Perspective

E-Commerce is future of commerce. It’s a situation where people don’t even need to use physical money to buy anything they need. They don’t even need to move from their home to buy something. There are many e-commerce platforms that exist nowadays. In Indonesia there are lot of online marketplace platform that compete to make money from online transaction. Most of big marketplace provide many payment methods such as credit card, bank transfer, or even internet banking.

Now, we will talk about credit card payment. Credit card payment is the easiest payment method if we look at how many steps user have to do to finish a payment. It’s easy, but is it secure? Most of people know that credit card information was sensitive because people can pay a transaction easily as long as we know the card information. That’s why now there are improvements that can make credit card payment is more secure than ever. It’s 3-D Secure.

3-D Secure is an authenticated payment system to improve online transaction security and encourage the growth of e-commerce payments. Collectively Visa, MasterCard and AMEX secure systems are brand identities of the 3-D Secure Cardholder Authentication Scheme.

3-D Secure systems recreate the high level of security of a physical payment environment by requesting further payment authentication. The objective is to provide a safe and secure online payment experience across all three domains using a password that is validated by the card issuer and further checked by all other parties involved in the transaction.

3-D Secure make payment more secure just by adding one more step to a payment. This is to make sure that payment request was coming from correct credit card holders. 3-D Secure will make sure a payment is secure because a payment will need a password or authentication that will be validated by another parties involved in the transaction.

However current 3-D Secure implementation which still require a web page being opened to finish the authorization does not comply with mobile users behavior even now that mobile users market has expanded to compete with desktop users. Why is it hard for a mobile users to do that?

• First, mobile device screen is small. If they want to open a 3-D Secure web page (that most of I knew wasn’t mobile friendly) they will have hard time finishing payment on that.

Second, if mobile users is paying transaction from a mobile application they could lose context of the transaction when they have to finish payment from a web page.
App → Bank Payment Page → App
Look at above flow. People may think:
Why I need to pay outside the app?
Did I really pay for the transaction from app in this page?

From security aspect, I agree that 3-D Secure provides more secure payment so users don’t worry about their card information being abused by unauthorized people.

But as mobile user (and mobile app developer) I disagree with the concept that users need to open a 3-D secure web page in order to finish the payment in more secure way. Instead of limiting this to a web page, banks can provide more options to make 3-D secure not only available on web page but on a native app components so the mobile app can handle it in native way as handling web in app is already difficult.

Another simpler alternatives was making 3-D Secure web page mobile friendly. For example making 3D secure web responsive so on it’s still looking good on mobile devices.