Digital payment in the banking ecosystem and managing fraud risk

yethi blog image

Countries believe there is unfathomable growth of digital payment in the banking  ecosystems. In fact, many countries are including the plan to boost the digital payment ecosystem in their budget report. India, for example, has a plan to offer financial support for the digital payment ecosystem, which is included in the Union Budget 2022-2023. As per a report in Statista, “total transaction value in the Digital Payments segment is projected to reach US$8.50tn in 2022.” The report further highlights that “total transaction value is expected to show an annual growth rate (CAGR 2022-2026) of 13.10% resulting in a projected total amount of US$13.91tn by 2026.”

Let us discuss some of the distinct global digital payment features. Digital payment allows instant money transfer between wallets and different bank accounts in seconds. It helps in easy bill payments, both prepaid and post-paid. Users can also manage physical and virtual card operations without any issues. Digital payment services help in easy merchant payments using contactless technologies like (NFC codes and QR code scanners). Digital payment platform uses multiple technologies like tokenization, passwords, biometrics, security questions, point-to-point encryption, out-of-band authentication, and one-time password (OTP) via SMS to protect digital transactions. A lot is happening in the digital payment platform, which requires strict attention to follow the security guidelines.

Background of digital payment

Organizations have seen the challenges associated with maintaining the platform security for the digital payment platform. The scope of digital payment is not the same as it was in the mid-1990s when Stanford Federal Credit Union offered the first online payment systems to clients as a first organization. Today, digital payment systems provide services in various fields. From money transfer to bill payment and loan origination, the digital payment platform handles multiple services.

Millicent and Ecash were the first companies to launch digital payment in 1995 and 1996, respectively. They specialize in digital cash, e-money, and tokens modes of digital payments. The emergence of PayPal in 1998 changed the digital payment trend completely.

Digital payment in the banking ecosystem

The massive technological development in today’s era has led to the growth in online shopping, banking, and other services. The digital payment structure has seen significant expansion in the past few years, and it is further accelerated with mobile devices. As per a report in Statista, 950 million users carried out mobile payment transactions globally in 2019. And the projection says there will be a whopping growth of 1.31 billion users by 2023. Amidst all these growth and developments, the organizations have much to worry about the platform security, performance, functionality, accessibility, and usability. Organizations must establish a strong foundation and control over the digital payment platform if they have to manage the unrelenting growth of digital payment.

To initiate and encourage the growth of digital payment, banks are embedding futuristic technologies like AI, Machine Learning, IoT, and Robotics with their products and solutions. Digital and contactless payment have increased in the recent past. Not just in the major cities, the smaller cities are also adopting contactless payments. Users can carry out transactions by simply scanning the QR codes or in a single swipe.

Banks are collaborating with multiple digital payment platforms and third-party platforms to extend their services beyond the conventional banking systems. The tap-and-go payment options have enabled many vendors and retailers to embed the advanced technology into wearable devices that allow consumers to purchase products and services using smartwatches, smart rings, and wristbands. The only concern is how secure these devices are. To put all speculations to rest, retailers and vendors are doing enough to ensure the platform’s security by eliminating anomalies and errors from the payment platforms.

There is an increase in e-commerce transactions. Restrictions on movement during the Covid-19 lockdown could be one of the reasons but are not the only one. Banks have made their services available to the customers on digital platforms before Covid-19. But we cannot take away the fact Covid-19 has fast-tracked the process, and whatever was brewing beneath the surface has emerged strongly. Digitalization has changed the payment structure. E-commerce sites today have access to the user’s bank accounts. Banks are also collaborating with e-commerce sites to provide exclusive offers to consumers. The process has influenced people to rely on e-commerce to purchase groceries, health products and other essentials. The offers from banks and the benefits and advantages of these transactions have surpassed conventional buying and selling behavior. Hence consumers prefer to shop online and access remote commerce and digital payments.

Customers have payment flexibility using QR codes. It is easy to implement and use. The banks have integrated the services and made them available to their customers. QR codes carry transaction processes without any hassles saving significant time. Investment banks are adopting cryptocurrency to help people inspire to invest in digital gold. The financial market has seen a prominent surge in crypto investment, and it is evident that cryptocurrency is here to stay.

Fraud risk in digital payment

The growth of digital payment attracts multiple fraud risks as hackers are trying to gain access to customers’ personal and banking details. Following are the types of fraud risks that banks and customers are facing on a regular basis.

  1. Phishing – The scammers create identical bank website and send the links to the customers. The fake websites are used to capture user ID and passwords, Card numbers, ATM PIN, CVV, and OTP and misuse them.
  2. Vishing – It is a simple method where scammers use Voice over Internet Protocol (VoIP) technology to contact customers and seek personal and financial details over the phone.
  3. Smishing – Using this method scammers send text messages to the customers with links to call back, visit websites, download documents, and information about job offers, lottery wins, ATM deactivated and more.
  4. Identity Theft – Scammers use different methods to acquire customer personal information date of birth, passport number, Aadhaar details, PAN details and more to access customer bank accounts and carry out transactions.
  5. Sim Swap Fraud – The scammers obtain customers’ detail through phone calls, messages, and more and get a new Sim card issued in customers’ names to carry out illegal transactions.
  6. Social Engineering Fraud – The scammers update fake number that resembles bank toll-free number on various digital platforms or caller identification apps to deceive customers. 
  7. International Transfer Scams – The scammers create fake stories and trap customers to share their personal and bank details. They use this information to withdraw a large sum of amount from customers’ bank accounts.
  8. Money Mule – This method is used to entice customers with attractive commissions. Once customers share their bank account details and personal information, the amount which is already stolen from one account to transferred to the customers’ account.  
  9. Juice Jacking – The scammers install the malware in public charging ports. If the customers do not have their own charging device and they happen to charge their mobile devices in any of the public charging ports, scammers can get easy access to the customers’ details stored in the mobile phones.
  10. Cerberus Trojan Threat – It is malware that steals customers’ banking details like credit card numbers, CVV and more. Cerberus efficiently captures screenshots, and get easy access to SMS text, contact lists, account credentials, and more.
  11. Covid-19 Phishing Threat – Covid-19 has been used by many scammers as an opportunity to steal and manipulate customers’ personal data and financial details bank account and debit/credit card details, CVV numbers and secret passwords to gain access to customers’ bank accounts.
  12. IDN Homograph Attack – The scammers can create and use a domain or website name that resembles an established name to trick the customers.
  13. Loan Fraud – The scammers trick the customers by publishing fake advertisements for quick and easy loans and offer them low-interest rates, easy repayment, or without any security needs.
  14. Online scams through the classified marketplace – The scammers create a fake profiles with fake social media addresses to contact customers who post their advertisements. They trick the customers to share their personal and financial details.
  15. Aadhar-based Payment System Fraud – The scammers can use the gums and glues to replicate customers’ fingerprints and use them to carry out transactions.
  16. Broadband Internet Security Fraud – The scammers may call customers to pretend that they are calling from telecommunication or internet services companies and ask for customers’ banking and personal details.
  17. SMS Spoofing – The scammers may call or text customers informing them about the KYC process being incomplete, debit and credit card being blocked or expired, SIM cards expired, accounts credited with a significant and more.

Managing fraud risk

The digital payment platforms need a high fraud detection mechanism. It is critical to have security measures, but it is also crucial to ensure the platform is functioning without any errors. Digital payment platforms must adopt a few security measures to establish a secure connection in a high-speed transaction process. Every secure website must have SSL certificates as it creates a foundation of trust. HTTPS is safe compared to HTTP as it avoids redirection links. It requires a digital certificate to establish the website as safe and secured, and HTTPS websites have security certificates.

The digital era is all about real-time payments, and the digital payment platform is driven by technology. Considering the amount of fraud in digital payment, fraud checks, authentication, authorizations, and data analysis must happen simultaneously. Banks are improving the API ecosystems to integrate their services into the third-party platform and make them available to the customers. As in the real-time payment, the sender and the receiver send and receive the amount at the same time; it is crucial to have the notification and alert of all transactions in place to limit the chances of data manipulations.

The digital payment platform is customer-centric; hence it must be customer friendly. Customers would not want to be pinned by unnecessary compliance requirements. But digital payment platforms cannot be open to cyber threats. Hence, the platform must follow the necessary security guidelines without overdoing them. In today’s world, digital payment platform follows blockchain technologies and are visible to the customer. This technology helps in detecting illegal transactions and malicious user behavior. Organizations are investing in technologies to tighten security knots and prevent monetary losses. Companies would not compromise on external and internal security.

As important as it is to maintain the security of the digital payment platform, it is also critical to test the platform end-to-end for seamless functionalities and error-free performance. Without an adequate testing solution, the platform would miss out on important alerts.

Conclusion

It is crucial to create a tenable cybersecurity framework and it is also important to ensure the integration, performance, accessibility, and usability of this framework. Organizations must adapt to digital channels and platforms to retain their customers. Digitalization is making it easier for organizations to acquire customers and serve them digitally. Accessing funds and payments is becoming more convenient.

The organizations need support to promote and build products with the right features and capabilities. The banks see growth in their ROI when the people use these digital platforms. Organizations would witness a significant cost reduction in delivery when people use the platform for many years. Digital payment testing is a method to validate the platforms’ sustainability and tenacity for long years.

User experience is the most vital point as the users’ attention span is less, and any unsatisfactory designs would bring down their interest leading to the lowering of companies’ investments. The usability and accessibility of the digital platforms are the parts that the organizations must focus on. Testing the platform ensures customer experience with the UI design, platform usability, and accessibility. We have seen clients coming back with requests to understand if their application performances are consistent across multiple devices and operating systems. As banks are slowly moving to multi-channel from mono-channel, which means that banks are interacting with their customers and offering services on multiple channels. Hence, integration, performance, functionality, and security are the most essential areas that require adequate validation.

There is a significant growth in API channels as in Yethi, we have witnessed several instances where banks had requested upward of a thousand APIs to their partner networks. Our partners have contacted us to build an infrastructure that could validate the APIs. The CIOs may face challenges if somebody releases a patch set in a multiple-interconnected network, which could lead to disruption of ongoing processes. The banks need to ensure their reputation as any of these instances could cause heavy damage to their business flow.