Tim Sherwin, co-founder and CEO and Chandra Balasubramanian, Co-Founder, Executive Vice President and CTO at CardinalCommerce share their thoughts on the company’s journey from 1999 and current vision, their Consumer Authentication system, PSD2 SCA and many more.
Expert Interview with Tim Sherwin and Chandra Balasubramanian
PCM: CardinalCommerce was established precisely 20 years ago in 1999. Can you share how has your brand grown in these 2 decades, from the time when technology had only begun to pick up pace compared to the continuous radical innovations we see now?
Back in the beginning, Cardinal thought that consumers, issuing banks and merchants would need a way to ensure that the person buying online was, in fact, the cardholder and had permission to use that payment card. Around the same time, Visa created 3-D Secure and the concept started to gain steam. Cardinal became a provider of 3DS services (creating products for issuers and merchants to deploy 3DS), and later, improved the way the protocols worked, making authentication easier for merchants and issuers, with less friction for cardholders, as risk-based authentication was used more and more.
Today, Cardinal is a Visa company (we were acquired in early 2017) and is a global leader in the authentication space. Our products are used by issuers, merchants and payment services providers around the world. We are certified with EMVCo and the major card networks for our 3DS Server (for merchants), our ACS (Access Control Server for issuers), and our SDKs for iOS and Android mobile devices.
PCM: Could you discuss the Cardinal’s Consumer Authentication system? How exactly does it help improve consumer’s online experiences and reduce the risk of fraud?
Navigating the ever-changing payments landscape can be complex – local regulations, different network mandates, and EMV® 3-D Secure updates. Additionally, false declines are growing at about the same rate as sales for digital transactions, and authentication has become a core layer of digital commerce.
Cardinal’s consumer authentication solutions (for both merchants and issuers), which include the EMV 3DS protocol, make the process as frictionless as possible for both you and your customers and we make authentication an engaging and rewarding experience for everyone in the payments process.
As EMV 3DS rolls out, the benefits become apparent. Uses enhanced data to make better risk decisions. The original 3DS used a smaller number of data fields, as compared to today’s EMV 3DS, to help issuers make their risk decisions, and issuers occasionally authenticated transactions that were fraudulent (and took on that fraud liability). With EMV 3DS, more than 10 times the number of data fields are shared with issuers, so they can compare these new fields with what they know about their cardholder, and make a better, more confident risk decisions.
Provides a better consumer experience. Because merchants share so much more data with issuers, these data can be analyzed in the background, without consumer impacted, in milliseconds. With risk decisions happening behind the scenes, the consumer’s checkout experience is fast, easy and secure.
Authenticates transactions originating from any device. The original 3DS 1.0 was designed to be used on desktops and laptops, and if a merchant tried authenticating a transaction from a mobile device, the experience could be difficult for consumers to navigate. Today, EMV 3DS can be used to authenticate transactions from smartphones, wearables, gaming consoles, IoT devices – virtually any device that can be used for digital commerce.
A consideration in deciding whether to use authentication is reducing false declines. According to VisaNet data from 2018 (the latest year for which data is available), declines are growing at almost the same rate as digital sales. When false declines happen, that is, a legitimate consumer is declined during checkout, everybody loses. The consumer is subject to friction – they can’t finish their purchase and either take a payment card from another bank out of their wallet, or abandon that transaction and find another merchant.
Cardinal makes the EMV 3DS protocol fast and easy for merchants and issuers to use. Our implementation methods allow issuers and merchants with legacy payment systems to adopt 3DS without having to re-create the wheel.
Everything we do at Cardinal is about creating an engaging experience for our merchants, issuers and their customers. Our mission is authentication and our strategy is to increase approvals…while decreasing fraud – all to improve the customer journey. This is what we’re all about: helping make digital commerce happy for everyone.
PCM: The Second Payments Services Directive (PSD2) has been in force since January 13, 2018, and on September 14, 2019 Strong Customer Authentication was implemented, meaning the EEA processed payments will be expected to be authenticated with an SCA solution. What exactly does this mean for merchants and customers alike and what role is Cardinal currently playing in it?
Since mid-summer, regulators in many of the countries impacted by the PSD2 SCA regulation have formally announced that they would delay enforcement of the regulation and would support a phased rollout of SCA.
There is still a lot of confusion surrounding enforcement of SCA, and who is doing what and when, and the majority of national competent authorities (NCAs) from EEA countries want to make sure all the stakeholders in the payments and commerce ecosystem are ready, to prevent disruption of digital commerce.
Visa’s position, as outlined in the Joint Industry Statement on SCA Implementation (August 2019), is that we support the goals of SCA, but that a migration to SCA requires significant changes for all participants in the payments industry and they would need sufficient time to implement resilient systems that comply with the new requirements.
On October 16, the European Banking Authority (EBA) issued a statement that based on input from stakeholders that prefer a consistent and harmonized approach to implementation of SCA, they recommend that a single common deadline is adopted to avoid negative impacts for card-not-present transactions in the countries subject to SCA.
The EBA, then, stated that migration to SCA should be completed by December 31, 2020, including implementation and testing by merchants.
PCM: You have recently launched the Visa Consumer Authentication Service which is designed to support an issuer’s authentication strategies with their 3-D Secure Program. How do you think this solution will change the eCommerce industry and reduce the number of declined transactions?
As we discussed earlier, when more data are shared with issuers during authentication, they can make better risk decisions. That’s the big change with the updated release of Visa Consumer Authentication Service.
Better decisions made behind the scenes help to ensure everybody in the ecosystem wins. Merchants can sell their products, issuers can collect funds, and most importantly, consumers can buy what they want, when they want.
PCM: Cardinal has become a leading name in the industry, changing the way payments are processed and having the support of major organizations alongside you. Having already been in the game for 20 years, what is your overall vision of Cardinal and is there a specific goal that you are working towards?
Our goals have always been to increase approvals for our customers, and to limit false declines and reduce fraud. The approach we take to achieve these goals has evolved over the years, as new developments in technology keep changing the digital commerce ecosystem.
As the digital landscape continues to grow, we will stay focused on helping our customers’ success – by increasing good transactions, reducing false declines and fraud, and helping legitimate consumers transact.
EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC
1Excludes insufficient funds and issuer/switch inoperative declines. Source: eCommerce purchases for the FY18. YoY growth based on FY18 vs. FY17.
Sales based on VisaNet authorization data. Fraud based on issuer reported TC40 (including transactions which were not processed on VisaNet.)
About Tim Sherwin
Tim Sherwin is the co-founder and Chief Executive Officer at CardinalCommerce. Under Tim’s leadership, CardinalCommerce has become a leader in enabling authenticated payment transactions in digital commerce. Tim has had a lead role in redefining the Consumer Authentication landscape, developing innovative payment services to help increase sales, reduce fraud and chargebacks, without disrupting consumer checkout experience.
About Chandra Balasubramanian
Chandra Balasubramanian is Co-Founder, Executive Vice President and Chief Technology Officer at CardinalCommerce. Chandra focuses on new product development, and under his leadership, Cardinal created technology platforms for merchants, issuers and for mobile applications in the payments industry. These innovations drive payments data intelligence using deep data analytics as Chandra leads Cardinal’s technology team in groundbreaking development.
CardinalCommerce, a Visa company, is a global leader in authenticating digital transactions. For over two decades, we’ve been bringing merchants, issuers, and shoppers together in an experience where everybody wins. We put authentication first because we believe digital commerce should be safe, rewarding and engaging, for you and your customers.
Join us on our journey at www.CardinalCommerce.com, @CardinalCommerc and our Payments Blog