Artificial intelligence at the heart of payments industry innovation

by Joseph Stanley-Smith

Share this post

Artificial intelligence (AI) has already had a transformative affect on the payments industry, particularly in bolstering anti-fraud efforts. Next in bosses’ sights are initiatives enhancing their customers’ experience.

Consumers face a cost-of-living crisis in much of the developed world, meaning a tougher retail environment where payment friction can be the difference between a conversion and a lost sale.

“Where people are trying to use AI is focusing on user experience, because the boom days of the Covid era for e-commerce are kind of the past,” says Craig Savage, cofounder of FERO Payment Science.

New regulations mean more useable data are kick-starting development in this area, with payment service providers increasingly looking to use the technology to make customers’ lives easier when paying.

“We’re incredibly excited by the potential of AI and machine learning in financial services,” says Nick Kerigan, managing director and head of innovation at Swift. “We think it could be transformative for how the industry works.”

Tough retail environment

Over half of consumers are now holding back on non-essential spending, and 96% intend to adopt cost-saving behaviours, shows research from PwC. And yet, getting back to pre-Covid behaviours, people are also booking holidays and visiting shops. Online retail’s slice of the pie is still growing, but the growth has slowed.

A Shopify/Ipsos Commerce Trends study shows that offering more payment methods is the fourth most common strategy that small and medium businesses are seeking to increase customer acquisition and retention.

“Everyone’s struggling, there’s a tightening of the purse strings, especially over here in Europe,” says Savage, who is based in the Netherlands. “So, getting more out of what you’ve got – of your customer base you’ve already managed to acquire – is now more important than ever.”

With 38% of customers, per PwC, visiting multiple websites to check for availability of products they want, a failed payment authentication – referred to by some as payment friction – often spells lost income for the website where it occurs.

“Everyone in the payment journey wants as many payments going through as possible,” says Savage. “Improving authentication rates is how we can maybe do that.”

Fraud versus friction

Buying online for delivery, or click-and-collect, offers a few points of friction. Items being out of stock, not arriving as advertised, substitutions, and more all irritate customers – but nothing pours cold water on a sale like your card being declined. And there is no form of feedback more galling for a business than an abandoned shopping cart that would’ve netted significant profit.

“The formula for customer satisfaction is quite simple: make sure customer expectations are less than or equal to the actual experience delivered,” says Amas Tenumah, customer service expert and author of Waiting for Service.

“If the objective experience is better than expectation then people are happy, if they are worse, then people are unhappy.”

Tenumah says the push to digital often made customers less happy because companies over-promised by claiming to offer instant support or extra-fast service. Thus, when customers face more friction and end up working harder, they often become dissatisfied.

When payments are declined too often, or people asked to repeatedly prove their identities leading to them giving up on paying, e-commerce platforms or other sellers can end up questioning the payment service provider (PSP).

“When it comes to the merchant, who are they going to get most upset with, in my experience, is the PSP,” says Savage. “It’s like, ‘wait a minute, you’re declining way too many transactions’.”

Despite the ever-growing prevalence of online shopping, payment friction is growing as well. The reason? Payment service providers are implementing the requirements of the revised Payments Services Directive, known in the industry as PSD2.

PSD2 aimed to improve online security by, among other things, introducing a requirement for banks to use strong customer authentication, under which customers must prove their identity in two of three ways.

This could be something they know, like a password or pin; something they have, like a phone; or something they are, like through a fingerprint scan or facial recognition.

“During the Covid years was when PSD2 was released and brought in this authentication friction,” says Savage, who during the pandemic was working as data science lead for Mastercard.

Now that the Covid-induced e-commerce spike has come down, retailers are realising that conversion rates are actually lower than they were before the pandemic – despite swathes of previously online-sceptical shoppers getting an involuntary crash-course in digital transactions due to stay-at-home orders in many countries.

“Hidden within that perfect bubble, actually there was a big fundamental change in the online world,” says Savage of PSD2.

Redeploying resources

Despite the friction it has introduced, PSD2 is serving its purpose. Payment fraud, while unlikely to ever be vanquished, is for the time being less prevalent around the EU, according to Savage.

And for some companies, that means they can pour more resources into improving the customer experience.

“When it comes to user experience, that’s the big push in payments now,” says Savage.

“We’ve been focusing on how to manage instantaneous payments across the globe, whether we can get all our payment networks to talk to each other to process all these transactions. From an engineering standpoint, I personally think we’ve got there on that. The focus now is how do we just make that better.”

Tenumah adds: “The next phase [in customer service] is not about reversing the push to digital but focusing it on using digital to make human-to-human better. Then eventually replace the human.”

How Swift is using artificial intelligence

Nick Kerigan: “We want to see AI making a real impact.”

Swift has heavily invested in a high-scale AI platform. The member-owned cooperative partnered with companies including:

• a company owned by billionaire technologist Tom Siebel.

• Red Hat, which makes open-source technology for businesses.

• Cove, a fintech which is helping Swift improve AI memory performance.

Regulation drives innovation

While regulation is onerous for the industry, many if not most insiders acknowledge its effect on spurring innovation. Another big change is ISO 20022.

ISO 20022 is a multifaceted attempt at calibrating the way financial services operators deal with data, written by the International Organization for Standardization, an umbrella NGO with a membership of 168 national standards bodies.

The standard came into effect in March and is now in a co-existence period. By November 2025, all financial institutions should have switched to the new system.

For payment service providers, it’s revolutionary – and opens up more avenues for AI to use the data.

“The level of information coming through is so much better,” says Savage. “From a data perspective, that just helps no end in terms of understanding the journey that transaction’s been on, where it’s going, and where it’s from.”

Kerigan, who works at Swift which is implementing ISO 20022 for cross-border payments, gave an example of one way the richer data exchanges under it improve payment authentication.

“Imagine I’m trying to make a payment to a friend and they work for my client, which happens to be called Cuba Libre Bar and Grill. In the current world of payment messages that would be a long narrative stream.

“What would happen is that the bank’s engine, looking at sanctions compliance, could pick up the word ‘Cuba’ was there and therefore direct that off to be manually checked.”

Cuba has been under sanctions and a trade embargo from the US since the 1960s, as the country aimed to destabilise the Cuban government. The ongoing situation puts legal responsibilities onto payment providers.

“What happens in this new world of ISO 20022 is that the data is structured, so ‘Cuba Libre Bar and Grill’ goes in the name field, and the country field is the United Kingdom,” Kerigan continues. “Therefore, it’s much more likely that, that payment will go through instantly and frictionlessly.”

But this is just the start of ISO 20022’s potential impact on customers. This richer, more structured data is a perfect playground for AI.

Savage says: “What that really means from an AI perspective is we’re getting far more data coming down the pipeline, far more clear messaging in terms of the full journey: requests for payment authentication, how it all went through, the description about the items that are being bought.

“Data’s getting better, things are getting faster. We’re able to make more decisions; we’re able to learn in real time and really focus on user experience as opposed to traditional fraud.”

Kerigan says he already sees numerous institutions, including leading banks, taking advantage of the power of the new standard.

Reinforcement learning

What particularly excites Savage is the potential for reinforcement learning to improve the way PSPs help customers navigate their payment journeys with less friction.

“When we tackle fraud, it takes 60-90 days for us to learn that it was fraud: for that customer to say, ‘hey, what is this charge my credit card?’ and that to go to the credit card company and feedback.

“What that means is when we’re learning, we have a lag,” he explains. “But when we focus on user experience, and our priority becomes changing the journey for a particular customer – that’s instantaneous in terms of a learning if we were successful or not. Did that customer make that payment, yes or no?

“That means we can now start doing reinforcement learning, where AI is basically learning itself trying different things and then seeing how that interacts in real time and then modifying the journey.”

Reinforcement learning is one of three main subcategories of machine learning. The other two are supervised learning (where machines are trained using organised data) and unsupervised learning (where algorithms cluster up data sets and find patterns within them).

“As we get ISO 20022 richer, more structured data, the performance of those AI and machine learning models is only going to improve, because you’ll be able to be more accurate and targeted in terms of the fields that you’re looking at,” says Kerigan.

Unlike in supervised and unsupervised learning, with reinforcement learning, AI learns by trial and error through its own experience.

Given how measurable the outcome of a payment is – successful or not – it’s a rich area for reinforcement learning.

“Reinforcement learning will try different segments of the population with different payment methods and then it can look instantaneously in terms of ‘okay this is a percentage of conversion rates’. Then it can learn, and tweak and we can apply that to more and more of the population,” explains Savage.

So, when a customer has a checkout journey where authentication friction is applied, for example, a customer is asked to authenticate with a selfie from their phone when they’re paying on their computer and they terminate the payment process. The algorithm deduces this as a bad result and looks for ways to do things differently in future.

The problem is, not everybody is the same. Payment or authentication methods which work for one person may not work for another.

The algorithm could note the prevalence of such eventualities among certain demographics and make adjustments to the type of payment journey it offers to people based on its findings.

For example, it may find that selfie authentication is largely successful with 25-year-olds using Apple Pay on their phones and offer it to them over other methods. However, through trial and error it may learn to push 70-year-olds using desktop computers to different authentication methods.

But that’s not all. Not only are people not all the same, nor are all transactions.

“You can’t just do a one size fits all approach,” says Savage. “Some customers prefer some friction.

“If I’m on a questionable website that I don’t recognise, I get more comfort from having to go to my banking app and confirm this is a real payment. Whereas with others like Amazon I don’t want to have to go to my bank app and verify that purchase. I love the fact I can just swipe and pay.

“But Amazon recognises me and knows about me,” he caveats. “If you’re a new user to Amazon that they don’t recognise, or go into a different shipping address, it will then apply that friction. Because again, it thinks: ‘This doesn’t seem quite legit. Not sure on this customer. Let’s try a bit more.’

“More and more companies are getting a bit more tailored into that,” he adds.

Kerigan says that one of the first places Swift’s customers could see obvious AI influence is in its payment controls service.

“We’re looking at how we can take that from a kind of current, rules-based approach to a machine learning approach and improve the performance of that product for our customers.”

He adds that introducing AI and machine learning into Swift’s pre-validation service, it would be able to give financial institutions a ‘risk score’ around a payment before it is made.

“What’s really powerful about the platform that we have is that we can also explain to them why it’s got a higher risk score as well,” he says. “Because it’s lovely to give aggregate scores, but it’s much more powerful if you can actually explain to the institution the reasons behind that risk score.

“That’s a really key part of the way we think about using AI and machine learning. We’ve established what we call five key responsible AI principles. One of those principles is explainability. So, helping the users understand and interpret the results.”

The author’s experience

Joe Stanley-Smith

AI’s applications in journalism are dubious. When I asked a similar generative AI – – to write this article for me it rambled for hundreds of words, repeated itself, made up citations and studies and misunderstood most of what I asked of it.

Publications will doubtless find ways to use generative AI to push out low-quality articles which generate clicks, though.

ChatGPT and LLMs

While AI has been used in payments for many years, public awareness of its uses has exploded in recent months due to the release of ChatGPT in late 2022, and popularised use through the early part of 2023.

ChatGPT is a generative AI which uses a large language model, or LLM. In layman’s terms it reads huge amounts of information and then, when asked questions, uses this knowledge to spit out responses it thinks are correct.

Generative AI’s potential applications in payments are much more promising. And this ties back into the better quality of data that’s now available to payment service providers due to ISO 20022.

“Now we can segment and group up statement lines or descriptions around the transactions into far better, clearer buckets, because we can decipher language far quicker,” says Savage.

There are also anti-fraud applications for generative AI, which Savage suggests could be used to target address tumbling.

Address tumbling is a strategy whereby fraudsters will order many products to the same address but write that address slightly differently each time to avoid detection by programs which run to detect such behaviour.

The drive to reduce payment friction is even more important given an intercontinental context. There is a push to introduce 3D Secure 2.0 (a protocol for payment authentication which meets the strong customer authentication standard under PSD2) in the US, Australia and New Zealand.

3D Secure 2.0’s own website acknowledges that its earlier iteration, 3DS1, was “ridiculously non-user-friendly”, which was plagued with compatibility issues, slow page loading speeds, customers not trusting the windows which popped up, and generally finding the process irritating. All of these consequences often led to people abandoning their shopping journey.

If 3D Secure 2.0 is expanded to the US – a country which lags severely on payment technology – “there’ll be a lot of customers struggling with that extra step”, says Savage.

“The necessity to improve that customer journey, to make that as frictionless as possible, is going to be huge for the industry,” he adds. “The US is a big market for everyone.”

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?