I have recently finished reading Nudge by Cass Sunstein and Richard Thaler. The book suggest strategies for enabling humans to make decisions which are in their interest, such as giving up smoking or saving more, given human shortcomings. The word humans here is important, as humans are lazy and have inbuilt reasoning biases. They many not always act in their own interest.
The book talks a lot about decision architecture, that is how to construct a decision making process to enable people to make the more appropiate choice. How choices are presented will, to a great extent, determine the choices which are made. For example, in many cases people will simply go for the default choice. Subsequently defining the default choice becomes very important.
I was reminded of nudges when I was talking today about payment gateways and how awful they are. These days it is very easy to collect credit card payments on a website via service like Google Checkout and PayPal. There are however security setting which are very important to fraud prevention which, in my experience, are not properly presented to merchants when they set up their account. I recently had a big problem when using a provider whoses default security setting was no security. Guess which setting I had accidentally chosen!
Looking at payment services, it amazes me that they do ot have some sort of wizard to step customers through the process of creating the security setting on their account. I have setup a Google Checkout and PayPal payments pro account with out any mention of security setting like CV2 and AVS, although their are important security settings. Sagepay is better, offering merchants an easy way to define their own security settings, but still I had to research the best setting for my business and actively set them up, which is more than a lot of people would do. I also like the traffic light system which Sagepay uses which I think translates the complicated fraud information into an easy to understand system.
Credit card payment gateways, you don’t have the read Nudge as I have read it for you. This is what it would recommend:
- Currently there are too many choices for merchants and more choices is generally just confusing. Create well constructed default(s) which can be chosen by the merchant. Allow the merchant to set up their own setting if they wish.
- Create an easy to use wizard which allows merchants to choose the security setting most relevant to them based on their appetite for risk.
- In this wizard the merchant should be forced to make an active choice of security setting (low, medium, high) as I don’t think a single default setting will be workable.
- Provide feedback on transactions in an easy to understand way. For example the some sort of visual traffic light system like that employed by Sagepay
- Provide regular fraud reporting giving the amount of fraud on the account and comparing it against average for other security settings for comparision.