Two major credit card companies, Visa and MasterCard, are offering consumers digital wallets to make their online shopping experience more convenient. From an SMB merchant perspective, however, the decision about which one to support isn’t easy.
For the most part, V.me and MasterPass solve the same problems and provide the same benefits, admits Jason Davies, vice-president of e-commerce for MasterCard. The problem is shopping cart abandonment, which Ann-Marie McIntosh, Visa Canada’s head of strategic solutions and partnerships, says runs at 20 to 40 per cent of potential transactions.
The average online checkout requires 42 fields to be filled out, McIntosh says. If, one evening, she decides to register her daughter for soccer, buy a book, and order a pair of pants, “that’s 42 fields I’ve got to fill out three times,” she says. The V.me wallet reduces that number to four fields.
Davies says MasterPass requires two to five fields, depending on the use case. Normally, user name and password are enough.
There are other subtle distinctions, but largely, the two solutions attempt to replicate the leather wallet, supporting any major credit or debit card. Both offer developer sandboxes, so potential merchant users can get a flavour of what integration will entail. Davies says integration takes 28 to 35 hours of development; McIntosh says development time depends on the merchant platform and how much of the process is outsourced.
The major distinction between the two appears to be in the area of PCI compliance. The Payment Card Industry Data Security Standard (PCI DSS) clarifies the obligations of merchants that accept payment cards to secure data and transactions from fraud. Compliance can be onerous, at least at the highest levels, and is audited annually. Non-compliance can result in hefty fines.
(These fines have led to criticism that compliance is subjective and the PCI compliance regimen is being used as a cash cow by the credit card companies that founded the PCI Security Standards Council.)
MasterPass is a “passthrough” wallet, Davies says; it supplies all the information a normal checkout would require, including complete credit card numbers. Merchants and their partner acquirers and gateways must be PCI-compliant. V.me, on the other hand, doesn’t supply complete credit card numbers, says McIntosh. The transaction is processed without the merchant having to store complete credit card information. She says that lifts the PCI-compliance burden from the vendor.
But, surely, most merchants that process card transactions are already PCI-compliant, right? Don’t count on it, says Avivah Litan, vice-president and analyst at Gartner Inc.
“I don’t think it’s safe to assume compliance,” Litan says. In fact, many small merchants don’t understand what PCI compliance is.
“If you go to your dry cleaner, there’s no chief security officer,” Litan says. “Small merchants just don’t have the resources. They’re not security-savvy. It’s not their line of business.”
If they are PCI-compliant, she says, “the acquirer has done it for them,” or payment information is passing through a secure socket layer connection that doesn’t touch the merchant site.
Merchant banks manage PCI compliance at the least onerous level for a business, Level 4, Litan says.
So lifting the PCI burden on smaller merchants might not be such a differentiator. However, Litan says, in general, it”s preferable to pass partial credit card information to full numbers online.
McIntosh agrees.
“Canadians, in particular, don’t want to leave their credit card numbers with merchants,” McIntosh says.