Regulatory bodies, government, and payment networks must collaborate, define and lay down a roadmap for secure processing of digital payments.
Digital payments have been on the rise in India over the last year. Sample the following increases in volume (in millions) and value (in INR billions) across the various channels and instruments:
Source: RBI and NPCI, Data for credit and debit card is from four banks and that for PPI from eightissuers.
While this rise is indeed laudable and is contributing to a less cash economy, cash continues to be the primary instrument, even a year after the demonetisation drive. The convenience, fungibility and the confidence, in terms of trust, cash continues to provide the citizens are key to its continued primacy.
Alongside the rapid and large increase in digital payments are increasing concerns of security and threats being faced by consumers. Cases of phishing, malware, ransomware, hacking of key database and systems, inadvertent sharing of sensitive data of citizens, attempts to defraud citizens of Aadhaar data are on all on the rise. Reports of these, as well as consumers’ experiences in customer redressals, are also creating an atmosphere of mistrust.
Trust is key
Trust or confidence in the security, integrity and in the systems involved in digital payments is probably the most important factor in ensuring continued and increased usage of digital payments in our country. Convenience and speed are also key factors.
Tackling the problem
How do we address, to some extent, the trust deficit? It requires proactive involvement of all the stakeholders (government, financial institutions, merchant acquirers, payment gateways, issuers, telecom operators, regulatory bodies). They must not only educate and increase awareness of the usage, benefits, and security of digital payments in the minds of consumers and merchants but also adopt information security best practises, define and adopt standards in security in the payments transaction lifecycle.
Both consumers and merchants need to be made aware of how to make and accept such payments, what precautions they should take while using their smartphones and payment acceptance devices, how to check that emails/texts/messages are from a genuine source, and how not to read or open spurious communications.
Telecom operators, financial institutions, merchant aggregators, payment gateways must adopt information security best practices in the processing, storage, retrieval, sharing and forwarding of sensitive payment and consumer-related data.
Regulatory bodies, government, payment networks must collaborate, define and lay down a roadmap for secure payment processing; these include end-to-end encryption, two factor authentications, APIs that participating entities need to adhere to, strengthening of smartphone operating systems, and security protocols that app developers must embed. To this end an industry body, consisting of the stakeholders, must be formed to define such standards and the roadmap for their implementation.
Regulatory bodies need to also communicate strict guidelines on customer redressal including liability shift. Owners of the instrument or account should undertake sensitivity training of customer facing teams in handling grievances, and in speedy disposal of concerns of customers to the latters’ satisfaction.
Some of the steps taken by various regulatory entities and organisations will increase the required trust in the digital payments ecosystem. RBI has recently published guidelines for interoperability of wallets, KYC norms that players need to adopt, and requirements for time-specific actions in addressing fraud that customers experience. The explosion in UPI transactions, wherein only virtual addresses, and not actual account details, are used to push fund transfers or to request payments, is yet another indicator of increase in trust of this specific digital payment mechanism. The adoption of the Indus operating system, that supports multiple Indian languages, will also make it easier for consumers to pay digitally.
Online banking and payments related frauds top cyber crimes globally. Secure transaction processing is the foundation of digital payments. Most surveys reveal that lack of trust hinders consumers from wholeheartedly adopting digital payments. Financial service providers should not only introduce secure elements in online transactions but should also focus on building trust in all aspects of user experience. This will vary based on the circumstances and modalities of payment for example in case of in-store payments consumers are comfortable swiping their card and entering PIN on merchant’s device but in case of doorstep or on the go payments consumers tend to be anxious handing over their card and keying PIN on a stranger’s device but would be more confident in making payments from their own devices.
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)