.India is witnessing a massive evolution of online payments like credit cards, online banking, mobile banking, QR, & UPI compared to the last decade. The digital transactions in India are up by 33% to 7,422 crores till 28 Feb’22. The UPI contributed Rs 452 crore in transactions worth Rs 8.27 lakh crore. This extensive evolution of digital payment modes results in increasing digital fraud.
The UPI payment mode encounters around 80,000 fraudulent acts worth
Rs. 200 crores every month. The UPI platform & other mechanisms have lured customers to use the unauthorized QR to make payments & given assurance to customers to install malware to use the unauthorized app.
The increasing online frauds, lack of robust infrastructure to catch or control digital payment frauds, and no redressal mechanism are blocking the path of digital payments. The fraudsters are becoming more sophisticated by using fraudulent methods such as Vishing, Phishing, SIM cloning, or swapping by the fraudster receiving OTP on their mobile, malicious QR codes, apps, and user impersonation. Instead of productively using these technologies, fraudsters are committing these cyber crimes.
Let’s take a detailed glance at the different online payment frauds
Phishing: If you receive any emails or websites asking for personal or private information like a credit card, bank account, or login credentials is prone to phishing. If the particular source collaborates with a bank, it is considered trustworthy. However, if the source is unknown to the user, it could indicate an attempt to loot user information.
Identity theft: Identity theft is a fraudulent activity performed both outside & inside the digital domain. A cybercriminal who robs personal information and employs it under pretense is identity theft.
Pagejacking: Under Pagejacking, the hackers can redirect the traffic from your eCommerce site to a different website by hijacking part of it. The unwanted site may have potentially malicious material that hackers use to enter a network security system.
Advance fee scams: Hackers target credit card users and e-commerce owners by requesting money in advance in exchange for a credit card or money promised to be delivered in the future.
SIM cloning or Swapping: SIM cloning is the process through which an original SIM card is produced again or hacked to process fraudulent activities. Hackers will forward users’ mobile data, emails, and calls to the cloned SIM card.
Merchant identity fraud: Hacker creates a fake Merchant account of a legitimate business to loot money or steal credit cards. The hackers vanish before the user finds the fraudulent payments and try to reverse the transactions. Here the online payments facilitator is responsible for the loss and any extra fees connected with the credit card chargebacks.
Online payment technologies are constantly working to shield themselves from digital fraudsters. Read more about how an online payment system handles these concerns using innovative technological advancements.
Technological advancements to address Online payment frauds:
The latest RBI order regarding card storage online using Tokenization is a positive approach toward the right path for customer data protection.
In tokenization, your card details are transformed into a unique token, specific to the card and protected by only one merchant at a time.
Here it is hardly impossible to hack and delete card details from merchants, payment providers, or any other ecosystem holding stored card information.
RBI guidelines ban all e-commerce outlets from saving the shopper. Also customer card number, expiry date, or CVV on their servers.
Tokenization will not only protect the customer’s card information. It also improves the customer convenience to do online shopping with a single-tap check-out experience.
3D Secure 2.0
3D Secure 2.0 is an authentication protocol to decrease digital fraud and improve security in online credit card bill payments.
It captures more contextual data about consumers to help the merchants do an online risk assessment and fraud management.
The Improvements in fraud screening and safety management enable the merchants to deploy sophisticated solutions. Whereas adding convenience to customers by providing various options. Some are the step-up and steps-down authentication and contextual/ challenge/friction/frictionless authentications in real time.
The protocol records the user’s real-time data like location, device, and user behavior to help merchants make decisions & conduct online risk assessments.
For instance, the merchant may not suspect a fraudster, if any customer places an order for groceries using the app & requests him to deliver them to his registered location. But if the same customer orders groceries from a different location to his registered address it should raise doubts. The merchant may challenge the customer to authenticate with additional OTP, biometrics, etc. Further authentication is because of the assumption of risk by the merchant. This will ensure that the negative user who controls sensitive payment information may not do much harm.
In layman’s language, it is a tool to recognize a human face using technology. Facial recognition technology is employed when issuing identity documents. Often, It is integrated with different biometric technologies such as fingerprints to prevent ID fraud and identity theft.
Despite using various technological advancements, the merchant should conduct customer due diligence. The customer should follow some basic security precautions. Just like avoiding sharing credentials and responding to malicious emails/calls to safeguard themselves from online payment fraudsters. Remember that Security and convenience are double-sided coins that need a correct balance. If you create too many security rules and customer experience, it may take a hit. Likewise, too much customer convenience could lead to reducing security controls. A perfect balance of risk-based approaches would be helpful. For merchants, customers, and issuing banks to decrease the count of frauds.