Anupam Pahuja, MD, PayPal India
Payment avenues in India have shifted from physical transactions and embraced the ease of digital payments propelled by a change in mind-set and incentivized by favorable policies.
According to the Ministry of IT and Electronics, online transactions have increased by almost 50 percent in the past 6 months and this trend is not likely to slow down in the future. The rise of online payment options has hence, brought the importance of maintaining the security of financial information to the fore.
One of the major concerns regarding online payments is the need to authenticate oneself and input passwords across a range of devices as well as platforms.
Industry statistics show that many people simply share the same password across multiple e-commerce websites, and most have only three or four passwords that they reuse.
This makes users more vulnerable to threats such as, phishing, malware and identity theft. Amongst these security issues, phishing has emerged as the most common.
The lack of a strong authentication protocol (a strong username and password) can result in the loss of confidential material. According to a study conducted by Gemalto, identity theft accounts for 64 percent of all data breaches globally.
Among platform-specific security issues, the mobile platform faces the greatest risk with mobile fraud slated to grow by 60-65 percent in the next decade in India alone, according to a joint study by Assocham and Ernst & Young.
While traditional authentication measures (2FA) work for PCs, traditional phishing, malware, script attacks are becoming more targeted and moving onto mobile devices, where the defenses are still evolving.
Companies need to adopt a pro-active approach to help combat cybercrime. Some of the major ways in which this can be done are by building a healthy online ecosystem through Anti-Fraud Technology, Industry Partnerships and Customer Education.
According to the ‘Global Cybersecurity index’, India is ranked 23rd on the index with a score of 0.683 and has been listed in the "maturing" category, which refers to 77 countries that have developed complex commitments to cybersecurity and engage in cybersecurity programmes and initiatives.
Anti-Fraud technology is an essential component for any financial services or internet company to protect financial information of the users. It is critical to have multiple security layers, authorization protocols, and tracking and monitoring systems to handle sensitive customer account details internally.
The marriage of convenience and security is also critical. Payment gateways should work towards incorporating sophisticated fraud prevention engines to enable effective risk management.
Users must be covered right from onboarding, with their present and past activities being constantly monitored for possible risks.
Companies in this industry, must have anti-fraud specialist working at all times to battle issues such as fraud, email phishing and identity theft.
Developing a secure online environment is not a lone task. Industry players need to work closely with each other through partnerships where the intention should be to make the online transactions more secure for the entire ecosystem.
While organizations can help combat security threats, customer education plays an equally vital role in the fight against fraud. Here are some simple tips that users should be aware of to protect themselves when operating online:
-Always look for the padlock icon on sites before entering your account information and password
-Change your password regularly and do not share your information with anyone else
-Always use licensed anti-virus software and update regularly
-Look for websites that start with “https” as they provide an additional layer of encryption often used for online payment transactions.
-Always open a new browser and type in the URL of the company's website before entering your personal details.
The growth of e-commerce today demands that security measures keep pace with it and we have a shared responsibility – Internet players, the online community and individual users – to protect ourselves and maintain a secure online environment.