Wednesday, September 27, 2023
HomeBusinessSafeguarding Payments Security In A Digitally Connected World

Safeguarding Payments Security In A Digitally Connected World

Payments is ultimately a paramount component of the shopping experience that consumes the digital identity of the shopper on the website.

The world circa 2021, i.e. the era of connected living promises extraordinary things. Data, huge advances in processing power and software, network of “smart”, connected devices or products that enable new forms of communication and new experiences are all converging to create a new chapter in the way commerce is executed.

Our digital identity i.e. the sum total of activities done on the internet has effectively merged with our official identification i.e. our PAN or Aadhar or similar such social security frameworks across countries. These in turn are linked to financial institutions who house the underlying funding instruments, power your payments, or underwrite your loans. Your digital identity records thus not only records what you browse, what you select, how you shop but also how you pay online. It also enables businesses to secure sales by identifying the users based on their digital identities. Payments is ultimately a paramount component of the shopping experience that consumes the digital identity of the shopper on the website. Keeping this in mind, RBI has also rolled out the Digital Payment Security Controls Directions 2020, for regulated entities such as Banks and Credit issuing NBFCs to set up a governance structure for such systems and implement common minimum standards of security controls across channels.

Businesses need to adapt to the following technologies and processes at minimum to ensure secure payments:

· SSL: Using SSL protocol on the website helps encrypt card and sensitive information and provides greater comfort to consumers while transacting online.

· PCI: As long as the business chooses a payment partner who is PCI level-1 compliant, the business can rely on the partner for these requisite data standards. Additional controls can include PCI-PIN, PCI- PTS under the HSM module · 3DS Secure: 3D Secure / 2FA or additional factor of authentication as regulatory mandate needs to be followed in India except for Recurring mandates under INR 5k.

· Fraud Management: With fraud prevention tools, ability to highlight anomalies by customer behavior, previous patterns mapped to the digital identity real time helps decline suspicious transactions and reduce risks of refunds, chargebacks. It also helps identify merchants who aren’t conducting business per underlying norms. Process such as surveillance/ monitoring of transactions (especially overseas) and setting up of rules and limits commensurate with their risk appetites is critical across Card, BIN need to be considered. This also includes putting in place a robust incident response mechanism to mitigate the fraud loss, on account of suspicious transactions, if any.

· Tokenization: Tokenization replaces sensitive data with a randomly generated string of characters. One of the best protection methods is using a token that represents a real card number or VPA in case of UPI. When the transaction is authorized, the data is sent to the centralized server and stored securely. At the same time, the merchant receives back a unique identifier. Thus, the token can be used as a substitute for the card’s data, e.g. with one-click payments on the customer’s subsequent transactions. Industry wide standards with the network tokenization solution need to gain widespread acceptance across banks and merchants.

· Customer support: Having a robust troubleshooting platform for customer support which also educates customers about the need to maintain security of their devices accessing digital payment products and services and recommending secure/ regular installation of operating system and application updates, downloading applications only from authorised sources among others.

As more citizens, including those residing in non-metro cities make a shift to cashless transactions through methods such as Unified Payments Interface (UPI), Aadhaar-enabled Payments System (AePS), Internet Banking, strengthening payments security is a must. Payments today have become efficient to the point where they can be concluded in a single click. Any data breach or compromise can create significant losses across the value chain. Hence it is important to choose the right partner to process your payments who can help reduce overall vulnerabilities.

Source: Business World

- Advertisment -

Most Popular

Recent Comments