Safeguarding payments for consumers, MSMEs, businesses has become extremely important given that digital Payments have been growing in India at a much faster pace than global markets. Data Security Council of India (DSCI) and PayPal India, on Wednesday released a study report on Fraud & Risk Management in Digital Payments. The report attempts to discuss the sophisticated online payment fraud mechanisms, threats in the payment ecosystem, incorporating better fraud prevention strategies, role of upcoming technologies, and recommendations for various stakeholders involved in the payment ecosystem.
The report highlights some of the key challenges that exist today which include fraud detection enforcement, investigation and legislative challenges; lack of multilevel awareness; security is seen as a cost overhead and not essential investment by stakeholders; privacy laws; and organised criminal involvement.
The report suggests recommendations for various stakeholders:
Consumers should never share credentials (OTP, PIN, CVVs), use multifactor authentication, always use licensed and trusted software and devices, use endpoint security like antivirus and firewall, allow only required permissions to apps, use caution while installing apps, be wary of shopping from unknown sites/apps, phishing and other scam methods.
The retail industry should perform regular risk assessment, threat monitoring, advanced data analytics. Payment Industry should adopt security and privacy first culture with commensurate investments in cyber security, consider implementing private/public bug bounty programmes to encourage developer community to find security exploits or vulnerabilities in their infrastructure.
Policy makers/regulators should implement audit payment processes, standards development, threat modelling, improve laws and the legal ecosystem, engage with global partners for skill & threat information exchange. Law enforcement agencies should empower and upskill prosecution, hold continuous payment industry training, industry interaction.
Some upcoming technologies that could be useful in fraud prevention, the report points out, include: IP Geolocation to verify consumer’s data to determine location at the time of purchase; Proxy IP address detection for instant detection of anonymous IP addresses; machine learning for real-time insights and predictive capabilities to detect the fraudulent behaviour instantly; insights dashboard such as reports on suspicious activities in a single interface facilitating the entire fraud screening process immediately; device fingerprinting to stop frauds at its root, based on device fingerprints from browser and operating system to language and location.
The report also discusses future fraud possibilities such as spoofing of current fraud prevention & detection mechanisms which rely on control parameters like location information, device identifiers like IMEI, MAC address, goods/services identities like SKUs/Barcodes; exploitation of supply chain vulnerabilities at system and human process interchange.
Rama Vedashree, CEO, DSCI, said, “Digital Payment Safety is one of our key focus areas to alleviate the emerging concerns and underlying causes leading to mushrooming payment frauds. This report is an attempt to initiate discussions and develop solutions towards real-time fraud prevention and mitigation strategies. The Government is already working closely with the Industry and COVID has proved to be an accelerator. In order to find the right balance between enablement and protection, it is critical that a collaborative effort be undertaken by all stakeholders involved, to establish a comprehensive fraud management framework for digital payments in India.”