Making digital payments to known or trusted merchants, use of a dedicated computer and a separate email address only for financial transactions can reduce the exposure to fraud and data theft, says Arpinder Singh.
Illustration: Dominic Xavier/Rediff.com
Fuelled by internet and mobile penetration, digital payments have seen rapid growth in India, giving rise to multiple cashless payment applications and systems.
According to the EY Global Fintech Adoption Index 2019, India is becoming a forerunner in global financial technology (fintech) adoption at 87 per cent, along with China.
Data from the Reserve Bank of India (RBI) highlights that the total volume of digital payments increased nine times over the past five years.
This has been driven extensively by innovations in fintech and integrated payment platforms.
This growth momentum is expected to continue with the RBI projecting a target of 10 times over the next three years.
The rise in digital payments has not only opened multiple avenues for businesses to explore online payment services, but also led customers to prefer this mode in almost all aspects of their daily lives -- from small-value transactions to very large purchases.
The convergence of technology, payment platforms, e-commerce and social media has simplified transactions and brought convenience to the palm of the user.
However, there are roadblocks to this frenzied adoption of digital payment.
These include frauds and scams, data protection issues, security concerns, infrastructure requirements, and lack of awareness about the risks linked to the digital ecosystem.
Wide variety of scams: As the adoption of digital payments grows and enables greater financial inclusion, the challenges related to payments security and consumer awareness are also set to increase.
For instance, rapid growth in the digital payments data economy has led to increasing cyber-attacks, information leakage, data theft, as well as malware and ransomware attacks in recent times.
Consumers have become vulnerable to newer and more complex frauds.
In 2017-18, the RBI reportedly recorded over 2,000 cyber frauds at banks, amounting to over Rs 100 crore.
As a result, banks and financial institutions launched awareness campaigns, repeatedly asking consumers to avoid sharing sensitive information with third parties.
However, cyber criminals have been able to exploit technical and process loopholes and weasel their way into illegally obtaining information through phishing attacks, spoofed websites, advance-fee scams, phone-jacking or page-jacking.
In the case of mobile wallets, large swathes of users’ personal, financial and transactional data are available on the platform.
If hacked into or leaked, it can lead to cyber criminals committing fraudulent or unauthorised transactions, stealing sensitive data or credentials.
Regulations to protect consumer interest: With the promise of a digitally empowered economy and consumers embracing digital payments as a preferred option, the government has released a slew of regulations to democratise access to all payment modes.
This is aimed at ease and convenience, enhanced security, and to facilitate seamless user experience.
In line with its Digital Payments Vision 2021, the RBI envisages increased competition, optimal costs for customers, the convenience of multiple payment systems and a zero-compromise approach to strengthen the safety and security of digital payments and instill customer trust and confidence.
For example, the RBI has announced several regulations and guidelines to protect consumer interests that include instituting an ombudsman scheme for digital transactions and an internal ombudsman for payment system operators.
These measures are aimed at consistency, efficiency and timeliness in solving consumer issues and addressing complaints.
The government has also proposed the establishment of a compensation mechanism in case of unsuccessful transactions, 24x7 help lines, user surveys to augment awareness and various other programmes to sensitise the public on threats that may impact digital payments.
Using data to tackle fraud: A wide-ranging set of directives has also been issued on security and risk mitigation, including a framework for collecting data on fraud in payment systems and creation of a Central Payment Fraud Registry.
This will permit players in the digital payment ecosystem to keep a close check on fraud on an almost real-time basis.
The move is also aimed at raising awareness levels among digitally inclined consumers as the shift to cashless modes of transactions becomes more widespread.
All these aspects will collectively enable the monitoring of frauds and usage of analytics to find trends in transactions to minimise threats and safeguard transactions.
User beware: In addition to the regulator rolling out multiple customer-centric initiatives, individuals too can take a number of steps to mitigate risks.
It is important that users constantly update themselves to understand the digital payments ecosystem and are aware of the latest upgrades (or gaps) in technology and software.
It is also critical to take necessary precautions when it comes to passwords, which means it should be complex (minimum of 10-12 characters, a mix of uppercase and lowercase alphabets, numbers and special characters), revised at regular intervals, and using unique ones for financial apps rather than one complex password across all profiles and channels.
The use of password management software, with two-factor authentication, can be helpful here.
Discerning consumers should look to install only legal or verified applications from app stores on handheld devices and buy licensed financial software with updated virus definitions to avoid applications that may be open to security threats.
The use of unsecured or public Wi-Fi networks is another vulnerable area that renders users susceptible to potential security threats such as malware, information leakage and data theft.
Individuals should avoid making digital transactions using open or unknown network connections as their device and data can be exposed to phishing attacks, or they can receive promotional messages that are actually spam.
In addition, customers should also be wary of linking their social media profiles with digital payment apps and avoid sharing personal and sensitive data through social media platforms, emails, messages or calls.
Making digital payments to known or trusted merchants, use of a dedicated computer and a separate email address only for financial transactions can reduce the exposure to fraud and data theft.
At the end, convenience cannot be a substitute for safety.
Arpinder Singh is partner and head - India and emerging markets, forensic & integrity services, EY.