No pain. All gain. Why invisible payments are a win-win for e-commerce stores and shoppers

A noted economist once wrote: “There are no solutions, only trade offs”.

In more simple terms: every time you try to make something better, you inevitably make some part of it worse.

For years this was true in the world of online payments. Too much friction in your payment process? You lose customers. Minimal friction? You delight your customers but you open up your platform to fraudsters.

Is there any way out of this trap?

Actually, yes. In the last few years, stakeholders have come together to start an invisible payments revolution. They have created a friction-free checkout process in which authentication fades into the background with no loss of security. In fact security is improved.

For the consumer, this translates into a simple “Click to Pay” experience. They hit “Buy Now’” and there's no need to enter card details. The purchase is instant, convenient and safe.

How is secure invisible payment possible? It's thanks to a combination of multiple technologies of which the most important are card tokenisation and biometrics. Tokenisation turns a vulnerable card number typed on screen into a safe encrypted token stored on a phone. Meanwhile biometrics exchanges a vulnerable password for a unique face scan or fingerprint.

Invisible payment now appears to be at a tipping point. Visa says nearly 50 percent of its global e-commerce transactions are now tokenised. Meanwhile Mastercard expects all of its e-commerce payments in the EU and Asia Pacific to be tokenised by 2030.

This is a revolution – part of a larger shift that’s quietly reshaping how we buy, sell and prove who we are. But before we dive deeper into this phenomenon let's review the consumer habits that are powering the change.

The switch to digital

For billions of consumers, e-commerce is now a normal way to shop. According to retail platform Shopify, e-commerce sales currently make up 21.1 percent of total retail sales. It adds that e-commerce will grow from $6.42 trillion in 2025 to $7.89 trillion by 2028.

This year, more than three billion people will make a purchase online.

Of course, e-commerce re-writes the basics of identity and trust. When buying and selling online there is no “real” person in the transaction and no “real” card either. This makes it hard to know whether the buyer or seller is who they say they are.

Feelings of abandonment

To tackle this, stakeholders evolved a complex system comprising passwords, SMS one time passcodes, authenticator devices and more. These multiple steps added friction to the payment experience – leading to the dreaded phenomenon of 'cart abandonment'.

Indeed, according to researcher Baymard, 70 percent of users still abandon a purchase after having added items to their basket. It says that 17 out of the top 30 reasons why people abandon carts relate directly to checkout and payment.

The card schemes agree. payment issues can cause up to 44 percent of digital abandonment.

The invisible transformation

The new 'Click to Pay' payment models tackle friction and cart abandonment head on. They let consumers move through the process seamlessly, because the system already knows who they are.

How is this possible? It starts with tokenisation. A token replaces credit card numbers or primary account numbers (PANs) with a random string of characters that is only valid in a specific setting—like a merchant, app, or device. If an attacker were to access the token, it would be useless since it doesn't contain the real payment details. This protects cardholder data whether it’s stored or transmitted.

Meanwhile biometrics make the authentication piece much easier for consumers. Instead of hard-to-remember, easy-to-steal passwords, they can use a fingerprint or face scan to sign in.

These two technologies are coming together now in the form of the 'Payment Passkey'. This is an authentication credential based on standards defined by the FIDO industry body. When a consumer creates a passkey, they generate a cryptographic key pair: one is stored on the device, and the other is stored on the bank’s server. It means that only the user’s device can authenticate them, adding a second authentication factor. This makes Payment Passkeys the most secure and seamless way to complete a checkout with just a “yes” or “confirm” on a trusted device.

The Passkey process was devised by the industry group FIDO Alliance and is based on WebAuthn and CTAP standards. Andrew Shikiar, CEO of FIDO Alliance, says: "Any human-readable secret transmitted over a network can and will be attacked. With passkeys, we eliminate that approach with a fully encrypted communication between a virtual key pair that’s user-friendly and far more secure.”

From a user perspective, passkeys change the identity verification process from “here are my credentials and password” to “you already know it’s me.”

Reducing complexity with Thales D1

Click to pay is now helping banks and payment providers to make payments friction-free and secure. But it takes a lot of work to manage credentials, Payment Passkeys, tokens and risk checks.

Thales D1 is purpose-built to help. As a modern issuing and payment platform, D1 coordinates token provisioning, Payment Passkeys and Click to Pay enrollment through pre-integrated workflows. For issuers, this means faster roll outs. For users, it means secure, invisible payment experiences that just work.

Financial giants are now reaping the benefits. In LATAM, Banco Santa Cruz achieved Click to Pay implementation with Thales in three months —one of the most aggressive rollouts in the region. This enabled Banco Santa Cruz to become the first bank in Latin America and the Caribbean to be Click to Pay Visa-certified for an online payment method that requires no card details to be entered.

Better, faster, stronger?

The paradox of modern payment authentication is this: the stronger it gets, the less we notice it. As consumers, we don’t have to prove who we are when making a payment. Instead, we are simply recognised and trusted.

This is a profound change. Platforms that manage identity silently in the background are making it happen. For issuers, the new system of payment process and authentication must be front and centre of strategic roadmaps.

But the improvement doesn’t stop there. The battle against friction and fraud is never completely won. It’s why Thales and its customers are now exploring ideas such as AI-driven risk scoring, contextual authentication and multi-device frictionless experiences.