PayTech: Key Takeaways: Twitter Chat on Digit Payments & Cyber Security
Blog: NASSCOM Official Blog
Digital Payments is one of the most thriving sectors in across the globe, especially during the current pandemic. According to a recent Capgemini research, with 75% of Indian consumers adopting digital payments in India, India has already recorded highest Spike in digital payments during COVID19, the global average being much lower at 45%!
Parallelly, this sudden shift to digital payment platforms globally, especially in India, has also led to many malicious activities in this space with over 3.5 lakh Cyber Security incidents in July and August, 3X as compared to the first 3 months of 2020!
NASSCOM Insights in association with Mr. Arun Kumar, Head – Managed Security Operations, Tata Advanced Systems Limited, hosted a Twitter Chat on 25th Sep 2020 on Digital Payments & Cyber Security. The key topic of the Twitter Chat was The Rise of Digital Payments & Growing Privacy Concerns and the panelist onboard for this chat along with Ms. Priyanka Naik was Ms. Shivani Aggarwal, BFSI, Fintech & Blockchain Research Practice Lead at NASSCOM Insights.
Top Key takeaways from the Twitter Chat on The Rise of Digital Payments & Growing Privacy Concerns:
- Significance (Criticality) of Cyber Security for the digital payments’ arena specifically
Cyber Security is one of the most critical challenges faced by the digital payment ecosystem. As more & more people use digital payments, the chances of getting exposed to Cyber Attacks such as financial fraud, information theft, malware and viruses magnify too.
Digital payment frauds already account for about half of all bank frauds in India – Source: RBI
Further, according to the initial findings of one of NASSCOM’s recent survey, majority of digital payment users in India are concerned about financial fraud and Identity theft – showcasing the urgent need of cyber security in this industry.
Another majority in the same survey hosted by NASSCOM, cite that Malware and Phishing attacks in digital payments are big concerns for them, showcasing payments #cybersecurity as even more critical for the industry.
- Impact of Covid 19 on Cyber Security Concerns in India
The short-medium-term effects of COVID19 on India’s digital payments landscape have been vast, with certain digital payment methods UPI, contactless cards, digital wallet-based payments seeing a huge uptick in India in the current pandemic. More
As the Covid19 pandemic forces consumers to opt digital #payments (due to the virus fear), there has been a rapid rise in cybercrime as well In India specifically.
ACI Worldwide cited in a recent report that 50%+ #Indian consumers are more concerned about digital payments fraud now than when COVID first emerged!
ACI also cited that nearly 1/3rd Indians are being recent victims of cards or digital payments fraud or know someone in their family or friends who has been. These highlight the massive impact that Covid 19 has had not only on Digital payments but also on the already ripe payments security concern in India.
- Top PII (Personally identifiable information) Concerns in India & Recommendations to Build Customer Trust
With numerous entities involved in part or full in every digital payment transaction from merchant to banks to payment gateways to customers, there are multiple sources of risk in such a technology intensive operation which can devastate a digital transaction if not handled properly.
Hence it becomes extremely critical for the entities involved in the payment processing value chain to handle sensitive customer data, especially PII with extreme caution. Collection of such personal data should be limited to such data that is extremely necessary for the purposes of digital payments processing.
Top PII Risks in Digital Transactions today are:
- The risk associated with the involvement of multiple entities while handling consumer data and exposure points therein
- The ungoverned, non-consensual, and excessive data collection and storage by solution providers
- The inherent risk in smartphones w.r.t. some automatic permissions they have
- Technical attacks/Cyber Frauds
These risks give rise to identity theft, social engineering attacks both at consumer and merchant/financial establishment level.
Top PII handling recommendations for Securing personal data and building customer confidence in digital transactions:
- Increased transparency of handling such data (regard the customer as king) to be provided by Payment solution providers
- Opt-out power to customer w.r.t. storage of PII (even if stored securely)
- Clear upfront communication on deletion/purging of data to customers
- Put in mandatory alerts through SMS/messaging platforms/email
- Announce your compliance to Acts, Compliances and Regulations on your online presence
- Express your efforts for cyber security & consumer privacy through marketing collaterals.
- Role of Emerging Technologies in combatting such security concerns in digital payments
Emerging Technologies like Machine Learning, Blockchain, Soundwave technology, QRCode technology can be phenomenal in combating frauds like spyware, malware, identity theft, etc. in digital payments.
Networks Tokenization, biometrics Authentication are other innovations that can be used to magnify payments cybersecurity.
Jupiter Research’s latest study forecasts $2 Tr digital payments to be authenticated by biometrics alone by #2023! That will be a breakthrough in combatting cyber frauds in digital payments.
Sound wave technology is particularly a disruptive tech innovation that can be used to transmit secured and encrypted transaction data through a unique sound wave. More
- Role of Digital Financial Literacy in Increasing Digital Payments Security
Fraudsters tend to exploit digital payment users’ lack of awareness through cyberattacks. Also, according to the initial findings of a recent survey of NASSCOM, Digital financial education in India is really low with most users in India depending on unorganized information sources like Free Videos & webinars, Friends & Family!
Formal digital financial education channels like bank and Government provided training, are barely used by payment users in India – according to the initial findings of the same survey of NASSCOM. Lack of formal methods & Lack of inclusive digital financial literacy leads to the majority of cyber payment frauds India.
- Role of The Personal Data Protection Bill in Increasing Digital Payments Security
This is the bill for the consumers and plays a huge role in increasing the extent of security in the digital payments arena in India and building consumer trust in digital payments. A few of the key areas that the bill proposes to cover are:
- Scrutinized collection of data from consumers
- Mandating obtaining of user consent before collection of data
- Verification of age and in case parental consent is required while processing sensitive personal data of children
- The retention period for data will be restricted for the purpose
- Reporting in case of a data breach
- Data sovereignty
- A penalty in case of non-compliance
- Mandating the appointment of a Data Protection Officer within the service provider organization
If the bill gets converted into an Act soon, it will be transformational for the digital payments arena of the country bringing about a huge amount of confidence in digital transactions, magnifying digital payments like never before.
Also, JPC is working on changes to be made in Indian PDPB and they must ensure that Cyber Privacy as per the NIST 800-53 along with Privacy by design and Privacy by default must be implemented so that digital payments are safe and trustworthy.
- Key Recommendations stakeholders to Avoid Cyber Fraud in Digital Payments
Cyber Frauds can be avoided with the implementation of a robust access control system and privacy by default & by design controls and with encryption, pseudonymization, data masking methods, etc.
To present in a simpler language, some of the key measures that can be taken by various stakeholders in the digital payments system to avoid cyber frauds are:
- Flagging large as well as unusual transactions (e.g. location mismatch)
- Device identification
- Risk Scoring per profile
- Tokenization while handling transactions
- Address verification
- Reconcile bank statements regularly
- Follow only accredited videos & webinars
- Never disclose OTP freely
- Never open suspicious emails or attachments on any platform
- Avoid the use of public Wi-Fi
- Consider setting limits per card/per holder
- Set passwords with adequate security/using a different password for different services
- Rule of thumb: First update the app and then transact
Digi Payment Ecosystem:
- Focus on consumer awareness combined with security controls to support cyber resilience
- Specific Regulatory Support needed in the future to spin the wheel and magnify cybersecurity in India’s Digital payments
- Publishes data on payment frauds to make users aware of emerging risks
- Issues user guidelines for ATM card internet #banking payments for cybersecurity & risk mitigation
- Limits user liability on unauthorized digital payments
Future Government and Regulatory Support needed for building digital India’s payments cybersecurity:
- Increased government hosted digital literacy camps through Banking correspondents in rural as well as urban areas
- IP geolocation & Proxy IP address detection for cyberattacks mitigation
- Upskilling of payment cybersecurity law enforcement agencies (LEAs)
- Effective customer redressal framework
- Increased subsidies/rewards for use of Emerging Tech for secure payment solutions
- Rewards for innovations of Offline digital payment solutions less prone to fraudsters
Login more to read through the full Twitter Chat with Mr. Arun Kumar & Shivani Aggarwal at https://twitter.com/NasscomR/status/1309020543828533251