Rise of digital payments and growing threat of cyber frauds
To mitigate the risk of spread by shared surfaces like cash or cards, the Government and other regulatory bodies like NPCI are encouraging citizens to make digital payments. While this move has brought many customers under the ambit of digital India, it has also given a significant rise to cyber frauds. Cyber criminals are using fear, lack of knowledge and various deceptive means like lucrative emails to cheat vulnerable customers such as first time or not-so-tech-savvy users
By Mahesh Patel
Today, there are two aspects of safety that are of paramount importance. First relates to physical safety from the coronavirus and second is ‘payment safety’ from the increasing number of cyber frauds. To mitigate the risk of spread by shared surfaces like cash or cards, the Government and other regulatory bodies like NPCI are encouraging citizens to make digital payments. While this move has brought many customers under the ambit of digital India, it has also given a significant rise to cyber frauds. Cyber criminals are using fear, lack of knowledge and various deceptive means like lucrative emails to cheat vulnerable customers such as first time or not-so-tech-savvy users.
The growth of digital payments
The pandemic has pushed most Indians to embrace digital payments as cash was perceived as a potential carrier of the virus. According to the latest National Payments Corporation of India (NPCI) data, UPI recorded 2.23 billion transactions amounting to INR 4,16,176.21 crore or INR 4.16 trillion in December 2020. Additionally, according to an estimation made by RBI in 2020, digital payments are expected to jump to 1.5 billion transactions, worth INR 15 trillion a day in five years.
Most citizens are now making their grocery, electricity bill, and essential purchases using digital modes. We can see a paradigm shift in preferences and purchasing habits. According to a recent survey done by India Transact Services Ltd, a merchant payment solutions company, 57 per cent of respondents used digital payments 5-6 times a week in July 2020 while 21 per cent of them claimed to use it thrice. About 20 per cent of respondents used digital payments less than three times a week. These numbers define the quantum of usage and hence the possible impact that it will have in case of frauds.
The growing risk of frauds
Growing concern of customers and lack of digital literacy has put many digital users at risk. As citizens across the world are trying to source information related to the pandemic, fraudsters are now tampering the official websites and also acting as imposters of official sources to deceive users. Hence, customers must be extra cautious while sharing details or downloading attachments from unfamiliar emails.
According to Mumbai Police’s cyber cell, there has been a 70 per cent rise in e-wallet fraud and related digital payment crimes during January to May 2020 as compared to the same months in 2019. Since the imposition of the lockdown, the police have received 12 cybercrime complaints a day on an average. In this period, cybercrimes, including credit and debit card fraud, rose by 19 per cent in Mumbai and 51 per cent in Maharashtra. Recently, India’s cybersecurity chief Rajesh Pant said that India was hit by around 375 cyber-attacks each day in 2020. Additionally, it is estimated that there has been a loss of loss of US$ 6 trillion to organisations and individuals as a result of cybercrime in the first nine months of 2020.
Fortunately, banks and financial institutions can proactively manage the fraud related threats to the digital payment ecosystem through innovative and secure solutions.
Two-factor Authentication (2FA): When a user logs into a portal with the help of a password, he/she receives a dynamic OTP via text message on a registered mobile number to authenticate the transaction. Since the hacker would require both the cardholder’s login password and phone to access the account, this measure can be fairly effective in circumventing fraud.
Tokenisation: It is a secure measure to prevent digital fraud as it primarily precludes the need for the user to share payment credentials for each online transaction. In this method, a token is created for the card number which issuer can authenticate; therefore, there is no need to transmit the actual card number. Since the credit card number is tokenised with secure key each time the transaction is performed, the digital payment is secure and the potential for data breach and fraud decreases.
3-Domain Secure (3DS) layers: These are real-time authentication services in transaction communication that allow issuer banks and merchants to interchange the data provided by customers for authentication. In this case, transactions are initiated and authorised after checkout through a password or dynamic one-time password (OTP) received as a text message on the user’s mobile and e-mail account.
Address Verification Service (AVS): Even though slightly archaic, this mechanism can be effective in limiting fraud. At the time of transacting, the AVS verifies the information provided by a cardholder with that available with the issuing bank, along with other factors (such as card number and expiry date). Once the information is verified, the issuing bank sends an AVS code to the merchant’s payment gateway.
An eye on security
As we migrate into the digital realm, digital payments are likely to become a big part of our future. The proliferation of digital payments will inevitably amplify the risk of cyber thefts and frauds. In such an environment the early detection and prevention of fraud should become a hygiene factor for banks and financial institutions.
Regulatory bodies such as RBI and NPCI as well as banks, take timely initiatives to ensure customers are educated about security concerns and ways of tackling them. These bodies often share e-mails and SMSs with their customers to keep them abreast. However, many times customers turn a blind eye to these communications and become vulnerable to frauds. Therefore, end-consumers can follow simple steps like reading important communications from their banks / payment apps with regards to possible digital frauds and SMS related to transactions. In case of a suspicious activity, they should immediately inform the concerned banks.
Furthermore, each passing day fraudsters are preying on gullible customers and evolving their ways of deception. Such risks can be mitigated if Banks integrate their systems with online real time fraud monitoring systems. In these challenging times, solutions like these can prevent security breaches and ensure financial safety.
Other safe digital practices such as using only known Wi-Fi, setting strong passwords, timely updating anti-virus and patches, reporting suspicious activities, purchasing only from known sources, not opening attachments from unknown sources, etc., should be thoroughly practiced by end-users.
In a nutshell, while the banks, regulatory bodies, cybersecurity agencies and payment providers ensure we get best & secure payment platforms, its success largely depends on how safe our digital practices are. Vigilance and digital literacy are our strongest defence to fight cyber frauds.