Mobile payments startup Sign2Pay, launching today here in London at TechCrunch Disrupt Europe, is aiming to improve low conversion rates on mobile devices by simplifying and streamlining the payment process for debit card transactions. By, for instance, removing the need for bank issued hardware devices to authenticate the buyer’s identity via a one-time challenge code. Or indeed require some other additional hardware, such as a wearable, be brought into the security mix.
“None of the current payment solutions are optimized for mobile,” says founder Nicolas Mertens, who characterizes the European payment market that his startup is targeting as “very fragmented”.
“Throughout Europe every country has its national debit scheme, and it’s designed by banks. People have no clue what conversion optimization is, and it’s cumbersome. As a merchant if you even want to go offer it to people in a different country you would have to implement local bank methods.”
“The problem with mobile commerce is that nobody’s converting,” he adds. “The conversion rate on smartphone is 60% lower than on desktop. The conversion rate on tablet is 30% lower than on desktop. However their traffic is almost 40% of total traffic. And next year it’s going to equal desktop so where is that loss in opportunity go? The merchants are losing a lot of money by not having solutions that are designed for mobile.”
Currently there are different systems for making online debit payments in different European countries. Which means there’s no streamlined process. Sign2Pay wants to become the “unified solution” for making mobile debit payments — oiling the wheels of m-commerce in the process. Or that’s its pitch to the merchants it’s hoping to sign up. Initially it’s focusing on Euro currency bank accounts only. Some 3,700 European banks are supported from launch via Sign2Pay’s commercial banking partners.
So how does it work? Instead of additional hardware being required to authenticate a transaction, Sign2Pay uses a real-time signature inputted onto a touchscreen smartphone or tablet.
While a person’s signature can be forged the process of writing a signature is harder to spoof, given that the forger would need to mimic how it is written in real-time. Factors such as the writing speed and stroke count provide a robust authenticator, argues Mertens — more robust than a password or four-digit PIN code, thanks to “many more variables”.
“We track items like speed, the strokes, the amount of strokes, the touchpoints, where they lose the canvas, where they rejoin the canvas, where they start, where they end, there are many more variables in a signature. Many more data points to compare than the options that there are with a four digit PIN-code or a password,” he says.
And, even if their signature writing style ends up being successfully copied and compromised, the user can at least change their signature to become secure again. Unlike relying on a static biometric — such as a fingerprint — which can’t be changed if it’s compromised.
Sign2Pay can technically work with any doodle you like; it doesn’t have to be your signature (but obviously signing your name is a more immediately familiar authentication process than, for instance, drawing a picture of your cat. Mertens laughs when I joke he missed a viral Internet trick by not naming the service ‘Cat2Pay’…).
He argues that another advantage of using a software authentication solution vs dedicated hardware is that Sign2Pay’s technology is hardware agnostic — so long as the mobile device is powerful enough and the network it’s using fast enough to do the real-time signature processing (as an example a third-gen iPhone wouldn’t be sufficient, nor would Edge networks. But mainstream tech users are several generations on from both those technologies now).
Once a user has gone through the initial Sign2Pay sign-up process — which happens at the point of purchase — they can make a payment from their bank account to a mobile retailer just by signing their name digitally. The registration process involves inputting their bank details and signing their name three times. After that they just sign once to pay when an online merchant supports Sign2Pay’s technology.
Inputting bank account details on mobile devices obviously remains fiddly and frustrating — which Mertens says is pushing potential buyers to give up on a purchase before they’ve jumped through the payment hoops. So he argues that small factors such as Sign2Pay not redirecting users away from the retailer’s website to another site — either to register or to pay — are important in removing friction from m-commerce to drive up conversion rates.
Add to that, he points out there is an ongoing problem with trust when it comes to making debit payments online — since the buyer is effectively handing over sensitive details of their bank account to each retailer. Smaller retailers especially may therefore lose out if buyers don’t feel comfortable handing over those details. Sign2Pay therefore aims to step in and be the trusted layer that lubricates mobile payments when they are directly linked to bank accounts.
“We have invented a way that’s easy to use but offers a high level of security,” he adds.
Sign2Pay is purely focusing on debit not credit payments. For making credit card payments via a third party there is of course PayPal. But Mertens argues PayPal is more focused on credit card than debit payments so does not see huge overlap here. He also points out that PayPal has a small marketshare of payments in the European market, which he pegs at between five and 10 per cent.
Add to that, he argues there are cultural differences in attitude to credit. So while, for instance, the U.K. market has (arguably over-) keenly adopted credit cards, other European markets aren’t so in thrall to the never-never — making debit transaction a more standard payment method in those markets.
“You can just swipe, turn your phone and sign for it and you’ve paid for it. You don’t have to enter your PayPal account, you don’t have to install a PayPal app, you don’t have to put in your credit card details because it’s a merchant that might not have your credit card on file,” he adds.
One reason online and mobile shoppers may absolutely choose to pay with a credit card, rather than a debit card, is because of consumer protect schemes that can accompany a credit card service. So Sign2Pay is bolting a consumer protection element on to its service too. Users who pay using its technology have an eight week refund right period if something goes wrong with the transaction.
To ensure the business can manage the risk associated with offering this feature, Sign2Pay does risk assessment of users at the sign up stage to filter out potential fraudsters — doing this with algorithms that look at things like the type of device being used and the buyer’s location, as well as the location of the merchant, the size of the transaction and various other signals.
Thus far, Sign2Pay has raised around €590,000 from angel investors and via input from the founders. It also pulled in an innovation grant to fund two pieces of IP: namely the real-time signature comparison tech, and its asynchronous fraud detection system.
On the business model front, the startup charges merchants a per transaction fee — positioning its pricing to undercut PayPal and credit card companies but at a slight premium on the amount charged by banks for their less streamlined online debit payment schemes.
“We’re fairly cheaper than PayPal. PayPal starts at 3.4% plus 32 cents per transaction. We’re cheaper than credit card acquirer through any payment service provider which can be averaged at 2.7% plus 25 cents. And we sit at 2.5% plus 25 cents, which is cheaper than the other options that we’re hoping to still see in the shopping basket but it’s a bit more expensive than our competitors — being the local debits schemes — which average, depending on country, around 2% plus 25 cents,” he adds.
“We’re as easy as credit cards, we’re as secure as the debit competitors so we sit right in the middle. The ease of use and the security combined and therefore we ask for a premium because of course you convert much more visitors.”
Mertens says the core Sign2Pay technology is also something it could license for use elsewhere on mobile devices — as a potential password replacement tech, for example. Real-time signature analysis is a biometric solution so he sees scope to compete with other biometrics that aren’t as easy to scale, because they require dedicated hardware, or are more binary and therefore less resilient when compromised.
You can’t change your fingerprints or your face, for example, but you can come up with a new signature — and how you sign whatever that squiggle is can then become a real time signifier that you are who you say you are.
Q:Do you think the banks will accept the signature?
A: In Europe a lot of regulations have changed. There’s now a European wide protocol. So our European commercial bank partner has to be implicated in our transactions, and we authenticate that signature in order to sign an agreement between the customer and us and therefore the bank goes about processing those other banks.
Q: Would you be replacing the Visa verification and stuff like that, or credit card verification?
A: The issue arose from stuff like authenticated by Visa, MasterCard, it’s just a big pain. So we were looking for a way to leverage the new features of the mobile in order to authenticate somebody.
At this point we’re only targeting a very fragmented European debit market.
Every European country has different debit solutions, which are local. And we cover them all with that European scheme. But when you look at credit card payments every company has Visa, MasterCard. So we’re not looking to do that.
Q: What does Elvis have to do with this?
A: What’s cool about payments are about signatures – and you have celebrity autograph right – so we thought it’s a nice gesture to get people’s attention to have an Elvis impersonator walking around doing PR for us.
Q: How are you going to get this to market?
A: We have a couple of strategies. Direct ambassadors. People who are really looking into a nice solution. This works completely asynchronously. It has a couple of lines of code integrate into your checkout page so they are locked. Then on the other side we are looking into payment platforms such as PSVs. I ran one myself in Belgium.
One of our investors also has reach in that industry. So we’ll be looking to a reseller program, and then lastly of course plug-ins for ecommerce for smaller merchants who are looking to do mobile conversion as well
Q: How often aside from your product are signatures used as a security mechanism? Are people going to have to relearn to make their signature complex?
A: The banks don’t see your signature. We use it as a way of authenticating a person. Of course the more complex a signature is, the more strong it is. Just like a password if you have a four-character password that’s not secure, right? If you have a passphrase that is more secure. There are so many data points in the signature that makes a very strongly complex password.
Q: What are the metrics that prove that this actually works in terms of improved conversion?
A: It’s hard to answer because it depends one on industry and two on the level of integration by the merchant. You have to see that currently if you’d like to pay debit in Europe you need to go buy a physical card reader. If you compare it to a virgin user the conversion rate is very high because they just need to sign and be authenticated and then they pass through. If you have to go install their app you have to go to the app store, install it, register for it etc. So the conversion rates are not yet final but we’re very convinced about the numbers that we’ve seen so far.
Q: Talk a little bit about the channels that you’d be acquiring merchants through. What has that process been like to convince them to use this solution as opposed to the others?
A: We get a mixture of feelings because in 2015 because the mobile traffic for ecommerce will equal the desktop traffic but the conversion rates are nowhere near the same. So there will be not enough growth as expected so it’s very urgent, so they welcome you with open arms. And then they look at the technology. And then they say how will this affect our development pipeline, and then they look into the price.
When you look into the plug-ins we don’t see that much pressure because it’s a plug in it can be installed when you don’t like it so it’s trial and error.