Skip to main content

Cyber security essentials for safe and secure digital payments

Transactions, including digital payments, using IMPS, UPI, Debit and Credit cards, Wallets, and Mobile Banking have seen a tremendous increase especially in the last year. Following are the volumes (in Millions) and values (in INR Billions) processed across the various channels and instruments in the last 12-14 months:

Data for the period
Debit and Credit Cards at POS
Mobile Banking

Adoption of these instruments and channels is more prevalent amongst the younger generation and upwardly mobile sections of the demographic groups across India. And the use of mobile in initiating digital transactions especially payments has seen an explosive growth. But this explosive growth brings into fore certain practises, guidelines and caution that should be exercised while transacting over the net or mobile networks.

Here is a list some of the key cybersecurity essentials with the aim of promoting safe and secure digital transactions:

·         Secure Networks – it is essential to transact using netbanking, mobile banking and other mobile payment apps only over secure wi-fi and or local area networks. Free wifis and unsecured LANs are potential points of intrusion into customers’ devices (laptops, notepads, smartphones).

·       Download apps from secure app stores – apps that allow transacting digitally should only be downloaded from trusted app stores e.g. those supported by Google, Apple and the like. These app stores have a process of verifying that applications originate from trusted sources.

·         Preference for two (or more) factor authentication (2 FA) - is seriously encouraged when transferring money or making payments. Most bank’s net banking systems, mobile banking systems support passwords/PINs. And provide an additional layer of security by way of One Time Passwords (OTP) or biometric authentication. Applications that automatically capture and use One Time Passwords (OTPs) should be avoided. Use of PINs or biometrics to unlock smartphones is strongly encouraged.

·         Storage of card details – for automatic debits/ payments should be avoided unless the site where such details are requested and stored is trusted. Many ecommerce, taxi hailing and ewallet sites and/or apps request such data. These must be shared with care. It is worthwhile to determine if such sites comply with various standards laid out by the RBI and/or the Payment Card Industry.

·         Use of emails and text message – to verify that transactions were originated by the customer is encouraged as is calling customer care centres of banks and payment companies in case any discrepancy or potential fraud is noticed. Early contact with call centres also protects customer from any potential liability.

·         Tokens – apps that support tokenization of critical data are strongly recommended. Samsung Pay, Android Pay are example of applications that tokenize payment card data and replace it with a token or number that is completely different from the payment card number of the customers. Payment card details cannot be derived, or reverse engineered from these tokens. The recent announcement by UIDAI enabling tokens of Aadhaar number is a welcome step and of much benefit in e KYC as well as AEPS enabled transactions.

·         Use of Alias– Instant payment technologies such as UPI (Universal Payment Interface) wherein only virtual addresses, and not actual account details, are used to push fund transfers or to request payments, is a great way of securing account details of transacting parties. Customers are thus encouraged to use such Alias based payment mechanism

·         Data protection and privacy: With the release of the draft data protection framework MeITY will go a long way in providing confidence to customers that confidential and private information can only be used by consent and that customers have recourse to ensuring that such information cannot be used if not agreed to.

Jose Thattil, CEO of Phi Commerce says, “Digital payment transactions in the country crossed the 1 billion mark in Dec 2017. This upward trend is going to continue with more and more cash dominated sectors opening up for digital payments. As such, adoption of above recommended practises will definitely go a long way in fostering safe and secure digital transactions”.

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

Semalt Expert Tells The Reasons Qualitative SEO Services Are Not Cheap

Just like the internet, Search Engine Optimization is constantly changing. Also, it's becoming more difficult to perform a good SEO as soon as Google is continuously improving the algorithm of ranking websites. SEO becomes more complicated so you should expect to pay more for hiring SEO specialists or agencies.
The leading Customer Success Manager of Semalt, Igor Gamanenko explains what factors force SEO services cost increase.
SEO Expertise
SEO has been undergoing the crucial changes and updates over the last 10 years. In the early days of SEO, Google only was caring about the technical aspect of your website, links and keyword metadata to rate you higher. The rating guidelines were quite easy: all you had to do was using some keywords in your metadata and more links than your competitors. This was enough to give you a higher ranking in search engines.
Today, the game has completely changed. Through semantics, Google has a better understanding of internet searches, so it can judg…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…