February 22 2019
After yet another data breach, I was recently told by a subscription-based publisher that my payments credentials held on file may be compromised. I took the necessary precautionary measures (e.g. retire previous payment credentials, establish new ones, etc.). During this process, I also decided to do a quick personal audit to answer the question: Where are my payment credentials stored for e-commerce subscription payments?
As it turns out, I have my payment credentials with eleven merchants for ongoing monthly subscriptions, and with at least four additional merchants for ongoing annual subscriptions. Moreover, some of the dollar amounts of these re-occurring subscription payments were higher (upon my audit) than I had remembered signing up for! (I also have payment credentials stored at many other merchants for occasional one-time purchases. Likely too many to count.)
The subscription business is thriving. In fact, “the subscription e-commerce market has grown by more than 100% percent a year over the past five years, with the largest retailers generating more than $2.6B in sales in 2016, up from $57.0M in 2011” (McKinsey & Company).
But not all merchants are created equal. Remember that data breach I mentioned?
In thinking through this topic with Russ Jones, a Glenbrook Partner, we segmented merchants into a two by two grid (a favorite consulting device) with ‘want subscription’ (don’t, do) on one axis, and ‘trust’ (low, high) on the other axis. I will refer to it as the Trust-Subscribe Model:
While the vertical axis – do or do not want a subscription – is straight forward, the horizontal axis – ‘trust’ – is both more convoluted and subjective. In the Trust-Subscribe Model, trust is a measure of three things:
- Trust that the merchant will securely hold my information on file
- Trust that the merchant will charge me the correct amount per pay period
- Trust that I can end the relationship efficiently, upon my choosing
So, when thinking through the model as a consumer, I am:
- Not at all concerned about merchants who land in the bottom two quadrants as I do not plan to engage in a subscription-based relationship with these merchants.
- Less concerned about keeping my payment credentials on file for merchants who land in the upper right quadrant, as I trust them.
- Concerned about keeping credentials on file with merchants who land in the upper left quadrant, as I want to have a subscription but I do not trust these merchants
So, what to do?
Consumers in the US should be given multiple payment options for e-commerce subscription-based payments.
Specifically, consumers should be given a re-occurring ‘push’ pay option so they can push funds from their bank account, debit, or credit card to the merchant. (Remember, a push payment occurs when funds are pushed from the payer to the payee rather than the payee using stored payment credentials to ‘pull’ funds from the payer’s account). This approach would facilitate the consumer-merchant relationship when the consumer judges the merchant to be in the upper-left quadrant of the Trust-Subscribe Model. The consumer stays in control of the subscription and has no need to share credentials. This model exists in other countries for use cases like bill pay and has proven successful, for example, in the UK’s Faster Payments system. Other countries are supporting similar initiatives like CoDi in Mexico.
But Cici, you may ask, what about tokenization? Doesn’t tokenization solve the trust issue because the merchant no longer holds the payment credential? Well, it only solves trust issue #1 in the Trust-Subscribe Model (see above). Critical to solve for, yes, but not comprehensive enough. (The same comment holds for leveraging services like PayPal because, while PayPal solves trust issue #1, it cannot address the other two issues).
My proposal to allow push payments for subscription payments does come with trade-offs for the consumer, the merchant, and the bank.
For the Consumer
For the Merchant
For the Bank
So, what do you think? Would you replace some existing subscription payments if a push payment model was made available to you? I look forward to your feedback.