When it comes to making payments, security is at the forefront of any business’s priorities. It’s a major concern for users. If they don’t feel safe making a payment to your business, chances are good they’ll go elsewhere to purchase.
kevin. understands that security is critical and has built a system that is incredibly robust, yet easy for you to use. When it comes to being truly secure, factors such as secure connections, encryption, fraud prevention, and user experience and consent must be considered.
Such features ensure any sensitive information is protected and payments are processed without any potential headaches.
Do you know the difference between screen scraping and using an API? Services that use screen scraping must gain the customer's login credentials to initiate the SCA (Strong Customer Authentication), such as Smart-ID or a code generator. After the customer performs the SCA and authorizes the login attempt, the TPP gains access to internet banking on behalf of the customer. Once this happens, no one legally knows what kind of service communicates with the bank on behalf of the user. From the bank's perspective, it's just a customer that uses online banking services.
Instead of screen scraping, kevin. uses open banking APIs that are dedicated to allow the TPPs securely communicate with the banks. Banks always know which TPP is initiating the request to the bank. There are different kinds of login approaches for the customer, depending on the bank.
- Redirect approach - is when a customer is redirected to the bank in order to perform a login attempt on the bank side. This way, no credentials have to be provided to the TPP.
- Decoupled approach - is when a customer performs a login attempt on the TPP side, providing their login credentials. These credentials are sent to the bank, so the bank can initiate the SCA for a specific customer.
During the login, the customer is provided with information regarding the services that TPP will be allowed to use on their behalf. During this step, the customer can agree and authorize the login or disagree and cancel the authorization. TPPs cannot see the list of accounts, balances, and transactions without gaining consent from the customer. But in the case of screen scraping, customer consent is not needed.
eIDAS is the EU regulation on electronic identification and trust services for electronic transactions in the European single market. Only eIDAS certificates can be used in order to establish secure connections between third-party providers and banks.
When communicating with a bank to process a transaction, kevin. establishes a secure connection with the bank, where they can share encrypted data safely. Our connections are extremely secure thanks to certificates, which are used to establish this secure communication.
Understanding how different banks process payments can help you protect against fraud. But each bank has its own ways of operating and processing payments. As a business, you don’t have the time or energy to invest in contacting each bank you work with just to learn how they work.
kevin., however, works to understand how the bank operates to optimize your business’s payment flow. How does this connect to fraud?
Consider a situation where a payment could be shown as completed, but the money wasn’t yet reserved from the end customer’s account. If the same customer empties their account concurrently, you end up with no payment for a completed order.
By analyzing how the banks work, we can prevent such situations from occurring.
User experience & consent
kevin. knows a user’s experience when it comes to payment can be the deciding factor as to whether conversion occurs. As such, we’ve worked to make the payment flow as easy as possible for the user without compromising security.
We’ve minimized the number of steps involved in the payment portion of the checkout process. Security and privacy are at the forefront of customers’ minds, but that must be balanced with the simplicity that they also demand.
Always here to help
Did you know our customer support team is always standing by to help? If there is ever an issue integrating any of our products, we have team members standing by to solve your problems as quickly as possible.
If you’re interested in learning more about how kevin. can help you build your business, don’t hesitate to reach out to us.