Report stresses on measures against cyber frauds amid surge in digital payments

Adoption of ecommerce and digital financial services has seen accelerated growth in the country but the concurrent rise in cyber frauds necessitates multi-level awareness, cross industry collaboration, and bringing in fraud prevention measures and technologies, a report by Data Security Council of India (DSCI) and PayPal India has suggested.

The report on 'Fraud and Risk Management in Digital Payments', released on Wednesday, stated that the ecommerce market is expected to grow to $200 billion by 2026 from $50 billion in 2018, and growth of online shoppers is 73 percent for Tier-I cities, and 400 percent for Tier-II and Tier-III cities.

ALSO READ

Karnataka launches first accelerator for cyber security startups

Also, the internet user base is expected to grow to 835 million by 2023 from 560 million in 2018.

Similarly, 925 million and 47 million debit and credit cards have been issued respectively, as of March 31, 2019. Digital payments have been on an accelerated growth path over the last several years, with NPCI's UPI alone clocking 1.49 billion in volume and $41 billion in transaction value in July 2020.

While the digital financial space has seen significant growth, the number of fraud cases have also seen a rise with fraudulent claims, chargebacks, fake buyer accounts, promotion/coupon abuse, account takeover, identity theft, card detail theft and triangulation frauds emerging as challenges, it said.

Therefore, safeguarding payments for consumers, MSMEs, businesses is of utmost priority, it added.

Launching the report, National Cyber Security Coordinator Rajesh Pant said digitisation and cyber security is at the core of Digital India's mission and online payment safety is paramount for India to emerge as a leader globally.

"The government has taken many steps to support businesses, SMBs across their digital journey, however upcoming legislations and strategies will further aid the positive momentum. COVID-19 has also provided an opportunity to fast-track both adoption and regulatory focus," he said.

Rama Vedashree, CEO of DSCI, said digital payment safety is one of the key focus areas for the organisation to alleviate the emerging concerns and underlying causes leading to mushrooming payment frauds.

"This report is an attempt to initiate discussions and develop solutions towards real-time fraud prevention and mitigation strategies. The government is already working closely with the industry and COVID-19 has proved to be an accelerator," she said.

To find the right balance between enablement and protection, it is critical that a collaborative effort be undertaken by all stakeholders involved, to establish a comprehensive fraud management framework for digital payments in India, she said.

Steven Chan, Senior Director, Head of Government Relations (Asia-Pacific) at PayPal Inc, noted that COVID-19 has been a catalyst for digitalisation as businesses are rapidly adapting their strategies to evolve with changing consumer behaviours.

"As a result, we have seen a significant acceleration of digital payment adoption and India is at the forefront of this transformation. While we have witnessed a tremendous shift in commerce and financial services, there has been an increase in cyberattacks and the global pandemic has revealed gaps in business continuity plans and IT operations," he added.

"Small businesses and vulnerable communities will continue to struggle as the pandemic and its economic consequences continue to play out. Therefore, developing the right solutions will be essential to enhancing small business resiliency and the recovery of the overall economy," he said.

The report said the onus of safeguarding payments is on all stakeholders to mitigate risks and incorporate better fraud prevention strategies.

The retail industry should perform regular risk assessment, threat monitoring, advanced data analytics, and comply with standards and audits. It should also be open to cross-industry collaboration and additional verification for high-value transactions, and put in place regular employee and customer awareness, and incident response mechanisms.

For the payment industry, the report suggested adoption of a security and privacy-first culture with commensurate investments in cyber security and adopting security and privacy by design principles at the time of product development (for in-house, third-party vendors and service providers) to mitigate issues at foundational level.

It also suggested considering implementation of private/public bug bounty programmes to encourage the developer community to find security exploits or vulnerabilities in their infrastructure.

The report said there is a need for standards development, threat modelling, improving laws and legal ecosystem and engaging with global partners for skill and threat information exchange.

Law enforcement agencies should be empowered and continuous payment industry training be provided, along with industry interaction and sensitisation around privacy and data security controls in the payment industry, it said.