The surge in digital transactions, accelerated by the pandemic, has necessitated the need for the adoption of robust data security practices in the digital payments ecosystem. While the digital payment modes continue to evolve, with a steep expansion in the quantum of transactions, towards delivering convenience, speed and seamless transaction experiences for end-customers, cyberattacks, too, have witnessed a marked rise and assumed a sophisticated modus operandi in the virtual world. With multiple first-time users, cybercriminals are taking advantage of the customers’ lack of digital literacy and deploying deceptive means to illegally siphon off money from vulnerable customers using digital payments platforms.
Vigilance is key
Given the slew of digital payments modes being introduced – UPI, Aadhaar-enabled Payments System (AePS), OTP-based payments, NFC and beyond, along with the rapid pace of customer adoption, the heightened risk of payment data theft and data breaches continues to loom large. Unless payment providers incorporate secure payment safeguards and robust security standards to protect customer data, cybercriminals can exploit loopholes in the existing security framework to illegally steal confidential information and cause considerable financial damage. A study by Cisco reveals that 53% of cyber attacks caused financial loss to the tune of over INR 3.5 crores.
Closing the chinks in the digital armour through regulatory action
Recognizing its important role in India’s digital economy, on Feb 18, 2021 RBI introduced the Digital Payment Security Controls directions 2021, with the aim of strengthening security controls and governance structure in the digital payments system. The following key focus areas were covered within the ambit of the guidelines namely internet banking, mobile payments, card payments, customer protection and grievance redressal mechanism.
Best practices in cybersecurity
There is a steep price to pay for the loss of confidential payer information. An IBM study reveals that the average cost of a data breach was to the tune of INR 12.8 cr, last year in India. It is imperative for payments players to upgrade their security systems on a war footing with real-time fraud detection and stringent preventive measures to fight the menace of cyber fraud. It would be prudent to prioritize consumer protection and implement some of the following cybersecurity mechanisms to mitigate payments fraud risk:
Two-factor Authentication (2FA): When a user opts for the payments mode and logs into the app or platform by using a password, a dynamic OTP with a limited time period validity is received through an SMS or email to the registered mobile number or email to validate the transaction. This serves as a double layer of protection. Since the cybercriminal would need simultaneous access to the login password as well as the phone or email to hack the account, this simple but effective tool acts as a deterrent against cyber theft of valuable consumer credentials.
Tokenisation: Under this, a token or alternative credential is created for the cardholder, which can be authenticated by the issuer, using a secure key for each transaction. This prevents the need to share the actual card details at the time of checkout.
Compliance with globally accepted security standards: As a safeguard against data breaches, payments providers should adhere to robust security protocols like Payment Card Industry(PCI) compliance and Internet encryption technology i.e. secure sockets layer (SSL) protocol to name a few. All of these would go a long way to provide reassurance on the legitimate operations and security standards of the payments providers.
Other data security techniques adopted by digital payments platforms include 3D secure, Address verification services, biometric security, digital identities and the likes. A Koan Advisory report(2021) indicates that out of the customers who transacted online, 28.5% and 28.4% of customers were concerned about privacy and security respectively, in priority, over other factors like convenience and availability of a grievance redressal mechanism.
As the digital payments platforms and interconnected technology progresses at a rapid pace and becomes an integral part of our daily lives, the need for the protection of consumer data is of prime importance. To achieve an efficient digital payments ecosystem built on the foundation of trust, data security is of paramount significance. Fortifying cybersecurity practices, maintaining digital hygiene and achieving the core purposes of easy transaction traceability, reduced technical glitches and minimum transaction costs is the sine qua non for digital payments to realise growing acceptance amongst consumers and merchants alike.
The article is authored by Nitya Sharma, Co-Founder & CEO, Simpl