Different authentication methods for your online payments

While many online payments these days enjoy fairly seamless authentication procedures, as a business it helps to understand what procedures run in the background. In this article, we’re going to dive into the various authentication flows, so you know exactly what options you have at your disposal to improve and streamline the payment flow for your customers.

Let’s get started.

The overview: what categories can we divide our payment methods into? 

Let’s look at the main payment methods that are used in ecommerce today. We can divide these payment methods into several categories, being: 

  • Debit payments: All payment methods that use a customer's debit bank account as the payment source 
  • Credit payments: Payment methods that utilize credit, Visa, American Express, or Mastercard 
  • Digital wallets: Relatively newer payment methods that safely store and use various other payment methods 
  • Buy Now, Pay Later: Payment methods that essentially give customers a mini loan without interest. The customer receives the product first and pays within a set amount of time.  

What’s the authentication flow per payment type: 

To fully understand the different payment methods and the opportunities to reduce friction, it's good to have an overview of how they work. We'll give you just that below:  

Debit payments: 

Most bank transfers are initiated through an already secure login. Users must login through a dedicated app or website. Also, there are payment methods per country that guide the user through the payment flow. 

Here’s an example of a debit payment flow: 

  1. Initiation: The customer selects bank transfer as the payment method during checkout (some payment method examples: iDEAL, Bancontact, Giropay, or MyBank). 
  2. Authentication: With some variance based on the payment method chosen, the customer is redirected to their bank's online banking platform or app to complete payment. They log in using their credentials or biometrics, thus authenticating their identity.  
  3. Authorization: After authentication, the customer is prompted to complete the payment within their banking environment, which is generally finalized by using a pincode, biometric feature, or a one-time text.  
  4. Completion: All that’s left is for the bank to initiate the transfer of funds to the merchant's account. 

Credit cards: 

Credit cards are authenticated and authorized through the 3DS protocol, which is the standard for online card payments. 3DS adds a layer of security to online transactions by requiring a second form of authentication. In some cases, this authentication can be skipped due to a frictionless verification flow or through what's called an SCA exemption. 
The flow is as follows: 

  1. Initiation: The customer selects their credit card as payment method. 
  2. Authentication: If this is a standard, customer-initiated transaction, the customer is routed towards one of two verification flows: 
    1. SCA authentication: The customer must complete a 3DS verification here. MultiSafepay will always strive for a frictionless 3DS authentication, as these enjoy significantly higher conversion rates. In the end, the issuer is the one that decides whether the transaction qualifies. If it does, the customer can complete their purchase without additional verification. If the transaction does not qualify, the customer will be prompted to authenticate through biometrics. 
    2. Non-SCA authentication: The alternative is the exemption route. This will either be a standard SCA exemption, such as a foreign shopper, or a transaction under € 30, or a transaction that's analyzed and deemed low risk by MultiSafepay. These transactions will not require 3DS authentication.  
  3. Authorization: The card issuer checks whether the transaction is qualified (e.g., sufficient funds are available), and returns the result to the payment provider.  
  4. Completion: With successful authentication, the card payment is authorized, and the funds are transferred to the merchant's account. 

Digital wallets: 

Wallets use tokens to safely access cards. Some wallet providers/PSPs utilize their own tokenization to safely store cards, while others utilize the networks' own tokens. Tokens obfuscate sensitive card details by storing them separately, and only making them accessible through said token. On the first transaction, or through a mechanism called Zero-Authentication, digital wallets obtain or generate the token associated with a card. By using the token on following transactions, wallets provide consumers with frictionless authentication for their purchases. 

  1. Initiation: The customer selects a digital wallet option in your checkout. 
  2. Authentication: After selecting the digital wallet, the customer is prompted to authenticate the transaction with their biometrics, which is also used to access the digital wallet payment environment where the customer chooses a payment method.
    If deemed high-risk, the customer might be prompted to authenticate their payment once more (e.g. for credit cards) through their banking app.  
  3. Authorization: Once authentication is completed, the wallet provider confirms the user’s identity and funds, and the payment is forwarded.  
  4. Completion: The merchant then receives the authentication token from the digital wallet provider, finalizing the payment process. 

Buy Now, Pay Later: 

Buy Now, Pay Later methods are authenticated by a two-factor authentication. This authentication often works through the dedicated app that the BNPL provider uses as a hub for their customers.  

  1. Initiation: The customer selects a BNPL-option in your checkout. 
  2. Authentication: After selecting the payment method, the customer is redirected to their BNPL app. Often this app is unlocked through biometrics or a passcode. By logging into this secure app, the user is authenticated.  
  3. Authorization: Once authentication is completed, the BNPL-provider authorizes the app by doing a quick check, after which the order is approved or denied.  
  4. Completion: The merchant receives the confirmation and the order is completed.  

What role does a payment service provider play? 

Having the right certifications and knowledge plays a huge role in streamlining the authentication flows. For some payment types there’s simply no advantage to be had, but if you look at credit card transactions, routing your customer towards a frictionless authentication flow can make a significant difference.  

For one of our customers, we were able to realize a conversion increase of nearly 10% in their credit card success rate – which is a drastic increase, especially if you process a lot of credit card transactions.  

Looking to get more out of your credit card transactions? Let us help  

Our Sentinel solution looks at your transactions and automatically helps you improve authentication flows where possible. Don’t miss out on revenue that could have been yours. 

Discover the way to better authentication flows. 

Download whitepaper for freeReach out

Want to stay updated on the latest news?