Digital payment in the banking ecosystem and managing fraud risk

Countries believe there is unfathomable growth of digital payment in the banking  ecosystems. In fact, many countries are including the plan to boost the digital payment ecosystem in their budget report. India, for example, has a plan to offer financial support for the digital payment ecosystem, which is included in the Union Budget 2022-2023. As per a report in Statista, “total transaction value in the Digital Payments segment is projected to reach US$8.50tn in 2022.” The report further highlights that “total transaction value is expected to show an annual growth rate (CAGR 2022-2026) of 13.10% resulting in a projected total amount of US$13.91tn by 2026.”

Let us discuss some of the distinct global digital payment features. Digital payment allows instant money transfer between wallets and different bank accounts in seconds. It helps in easy bill payments, both prepaid and post-paid. Users can also manage physical and virtual card operations without any issues. Digital payment services help in easy merchant payments using contactless technologies like (NFC codes and QR code scanners). Digital payment platform uses multiple technologies like tokenization, passwords, biometrics, security questions, point-to-point encryption, out-of-band authentication, and one-time password (OTP) via SMS to protect digital transactions. A lot is happening in the digital payment platform, which requires strict attention to follow the security guidelines.

Background of digital payment

Organizations have seen the challenges associated with maintaining the platform security for the digital payment platform. The scope of digital payment is not the same as it was in the mid-1990s when Stanford Federal Credit Union offered the first online payment systems to clients as a first organization. Today, digital payment systems provide services in various fields. From money transfer to bill payment and loan origination, the digital payment platform handles multiple services.

Millicent and Ecash were the first companies to launch digital payment in 1995 and 1996, respectively. They specialize in digital cash, e-money, and tokens modes of digital payments. The emergence of PayPal in 1998 changed the digital payment trend completely.

Digital payment in the banking ecosystem

The massive technological development in today’s era has led to the growth in online shopping, banking, and other services. The digital payment structure has seen significant expansion in the past few years, and it is further accelerated with mobile devices. As per a report in Statista, 950 million users carried out mobile payment transactions globally in 2019. And the projection says there will be a whopping growth of 1.31 billion users by 2023. Amidst all these growth and developments, the organizations have much to worry about the platform security, performance, functionality, accessibility, and usability. Organizations must establish a strong foundation and control over the digital payment platform if they have to manage the unrelenting growth of digital payment.

To initiate and encourage the growth of digital payment, banks are embedding futuristic technologies like AI, Machine Learning, IoT, and Robotics with their products and solutions. Digital and contactless payment have increased in the recent past. Not just in the major cities, the smaller cities are also adopting contactless payments. Users can carry out transactions by simply scanning the QR codes or in a single swipe.

Banks are collaborating with multiple digital payment platforms and third-party platforms to extend their services beyond the conventional banking systems. The tap-and-go payment options have enabled many vendors and retailers to embed the advanced technology into wearable devices that allow consumers to purchase products and services using smartwatches, smart rings, and wristbands. The only concern is how secure these devices are. To put all speculations to rest, retailers and vendors are doing enough to ensure the platform’s security by eliminating anomalies and errors from the payment platforms.

There is an increase in e-commerce transactions. Restrictions on movement during the Covid-19 lockdown could be one of the reasons but are not the only one. Banks have made their services available to the customers on digital platforms before Covid-19. But we cannot take away the fact Covid-19 has fast-tracked the process, and whatever was brewing beneath the surface has emerged strongly. Digitalization has changed the payment structure. E-commerce sites today have access to the user’s bank accounts. Banks are also collaborating with e-commerce sites to provide exclusive offers to consumers. The process has influenced people to rely on e-commerce to purchase groceries, health products and other essentials. The offers from banks and the benefits and advantages of these transactions have surpassed conventional buying and selling behavior. Hence consumers prefer to shop online and access remote commerce and digital payments.

Customers have payment flexibility using QR codes. It is easy to implement and use. The banks have integrated the services and made them available to their customers. QR codes carry transaction processes without any hassles saving significant time. Investment banks are adopting cryptocurrency to help people inspire to invest in digital gold. The financial market has seen a prominent surge in crypto investment, and it is evident that cryptocurrency is here to stay.

Fraud risk in digital payment

The growth of digital payment attracts multiple fraud risks as hackers are trying to gain access to customers’ personal and banking details. Following are the types of fraud risks that banks and customers are facing on a regular basis.

  1. Phishing – The scammers create identical bank website and send the links to the customers. The fake websites are used to capture user ID and passwords, Card numbers, ATM PIN, CVV, and OTP and misuse them.
  2. Vishing – It is a simple method where scammers use Voice over Internet Protocol (VoIP) technology to contact customers and seek personal and financial details over the phone.
  3. Smishing – Using this method scammers send text messages to the customers with links to call back, visit websites, download documents, and information about job offers, lottery wins, ATM deactivated and more.
  4. Identity Theft – Scammers use different methods to acquire customer personal information date of birth, passport number, Aadhaar details, PAN details and more to access customer bank accounts and carry out transactions.
  5. Sim Swap Fraud – The scammers obtain customers’ detail through phone calls, messages, and more and get a new Sim card issued in customers’ names to carry out illegal transactions.
  6. Social Engineering Fraud – The scammers update fake number that resembles bank toll-free number on various digital platforms or caller identification apps to deceive customers. 
  7. International Transfer Scams – The scammers create fake stories and trap customers to share their personal and bank details. They use this information to withdraw a large sum of amount from customers’ bank accounts.
  8. Money Mule – This method is used to entice customers with attractive commissions. Once customers share their bank account details and personal information, the amount which is already stolen from one account to transferred to the customers’ account.  
  9. Juice Jacking – The scammers install the malware in public charging ports. If the customers do not have their own charging device and they happen to charge their mobile devices in any of the public charging ports, scammers can get easy access to the customers’ details stored in the mobile phones.
  10. Cerberus Trojan Threat – It is malware that steals customers’ banking details like credit card numbers, CVV and more. Cerberus efficiently captures screenshots, and get easy access to SMS text, contact lists, account credentials, and more.
  11. Covid-19 Phishing Threat – Covid-19 has been used by many scammers as an opportunity to steal and manipulate customers’ personal data and financial details bank account and debit/credit card details, CVV numbers and secret passwords to gain access to customers’ bank accounts.
  12. IDN Homograph Attack – The scammers can create and use a domain or website name that resembles an established name to trick the customers.
  13. Loan Fraud – The scammers trick the customers by publishing fake advertisements for quick and easy loans and offer them low-interest rates, easy repayment, or without any security needs.
  14. Online scams through the classified marketplace – The scammers create a fake profiles with fake social media addresses to contact customers who post their advertisements. They trick the customers to share their personal and financial details.
  15. Aadhar-based Payment System Fraud – The scammers can use the gums and glues to replicate customers’ fingerprints and use them to carry out transactions.
  16. Broadband Internet Security Fraud – The scammers may call customers to pretend that they are calling from telecommunication or internet services companies and ask for customers’ banking and personal details.
  17. SMS Spoofing – The scammers may call or text customers informing them about the KYC process being incomplete, debit and credit card being blocked or expired, SIM cards expired, accounts credited with a significant and more.

Managing fraud risk

The digital payment platforms need a high fraud detection mechanism. It is critical to have security measures, but it is also crucial to ensure the platform is functioning without any errors. Digital payment platforms must adopt a few security measures to establish a secure connection in a high-speed transaction process. Every secure website must have SSL certificates as it creates a foundation of trust. HTTPS is safe compared to HTTP as it avoids redirection links. It requires a digital certificate to establish the website as safe and secured, and HTTPS websites have security certificates.

The digital era is all about real-time payments, and the digital payment platform is driven by technology. Considering the amount of fraud in digital payment, fraud checks, authentication, authorizations, and data analysis must happen simultaneously. Banks are improving the API ecosystems to integrate their services into the third-party platform and make them available to the customers. As in the real-time payment, the sender and the receiver send and receive the amount at the same time; it is crucial to have the notification and alert of all transactions in place to limit the chances of data manipulations.

The digital payment platform is customer-centric; hence it must be customer friendly. Customers would not want to be pinned by unnecessary compliance requirements. But digital payment platforms cannot be open to cyber threats. Hence, the platform must follow the necessary security guidelines without overdoing them. In today’s world, digital payment platform follows blockchain technologies and are visible to the customer. This technology helps in detecting illegal transactions and malicious user behavior. Organizations are investing in technologies to tighten security knots and prevent monetary losses. Companies would not compromise on external and internal security.

As important as it is to maintain the security of the digital payment platform, it is also critical to test the platform end-to-end for seamless functionalities and error-free performance. Without an adequate testing solution, the platform would miss out on important alerts.

Conclusion

It is crucial to create a tenable cybersecurity framework and it is also important to ensure the integration, performance, accessibility, and usability of this framework. Organizations must adapt to digital channels and platforms to retain their customers. Digitalization is making it easier for organizations to acquire customers and serve them digitally. Accessing funds and payments is becoming more convenient.

The organizations need support to promote and build products with the right features and capabilities. The banks see growth in their ROI when the people use these digital platforms. Organizations would witness a significant cost reduction in delivery when people use the platform for many years. Digital payment testing is a method to validate the platforms’ sustainability and tenacity for long years.

User experience is the most vital point as the users’ attention span is less, and any unsatisfactory designs would bring down their interest leading to the lowering of companies’ investments. The usability and accessibility of the digital platforms are the parts that the organizations must focus on. Testing the platform ensures customer experience with the UI design, platform usability, and accessibility. We have seen clients coming back with requests to understand if their application performances are consistent across multiple devices and operating systems. As banks are slowly moving to multi-channel from mono-channel, which means that banks are interacting with their customers and offering services on multiple channels. Hence, integration, performance, functionality, and security are the most essential areas that require adequate validation.

There is a significant growth in API channels as in Yethi, we have witnessed several instances where banks had requested upward of a thousand APIs to their partner networks. Our partners have contacted us to build an infrastructure that could validate the APIs. The CIOs may face challenges if somebody releases a patch set in a multiple-interconnected network, which could lead to disruption of ongoing processes. The banks need to ensure their reputation as any of these instances could cause heavy damage to their business flow.

Payment Systems: Constant Change and Compliance

One of the major responsibilities of a bank is to enable payment on behalf of its clients. Banks are significantly investing in payment and payment-reconciliation platforms to offer a seamless customer experience. However, with the growing trend of digitization, the entire payment system has witnessed a shift from traditional approach to digital platforms. This increase in digitization has allowed banks to rapidly innovate to keep up with client and regulatory demands.

The structure of the payment systems in banks is multi-thread and multi-channel, where the payers transfer funds and values to the beneficiary through various methods. We can classify the payment systems in two ways, ‘large value payment system’ and ‘retail payment systems.’ The retail payment system, which summarizes the modern payment system, can be depicted as below:

The roadmap of payment system, how is payment system changing and evolving?

As technology is evolving, the traditional methods of payments like cash, cheque, and other paper-based payment are diminishing. Even if we have not eliminated the use of cash and paper-based payments, real-time payment is certainly redefining the payment systems in the modern times, changing the entire way of how payments were done in the past.

Let us take the Indian payment scenario where a large and geographically dispersed economy has a higher number of transactions made every single day. With this scenario, India’s payment system needs are highly demanding, where a significant number of B2B, G2C, P2P transactions, and paper-based payments become inefficient and expensive. Digital payments are the only way to improve the efficiency of transactions for an economy like India.

Today, India’s payment system is considered to be safe, efficient, secure, vast and are adequately regulated and supervised. The transactions and fund transfers occur through various channels and sources. This is only possible due to the high degree of digitization.

Today, along with cash transfer, cheque transactions, and direct payments, digital payments are used for utility payments, taxes, mobile recharge, paying mobile bills and more. Digital payments are increasing with the increase of payment channels. Smartphones have empowered digital payment options like e-Money and Unified Payment Interface.

The growth of the regulatory framework and innovation in the technology landscape within banks and e-commerce now allows fintech companies to compete for service delivery in market niches. In India, the digital payment options changed with the sudden growth of e-Money, UPI, Aadhaar Payments Bridge System (APBS), RuPay, Bharat Bill Payment System (BBPS), etc, adding greater accessibility and convenience to the end-users.

The roadmap of digital payment systems comes with startling discoveries of their capabilities. Moving beyond Electronic Clearing Services, Fund Transfer, RTGS, Internet Banking and Mobile Banking, the payment systems have further revolutionised into open banking sources and opportunities such as Payment Services Directives PSD2, open banking, SWIFT, and more.  With governments adopting electronic payment processes, huge efficiencies / ease of business is being achieved within G2C services. 

Since the volume of debit and credit usage at the PoS (Point of Sale) has increased by a CAGR of 40% from 880 million in 2012 to 4799 million transactions in 2017, we may take an example of technology embedded in debit and credit cards to understand how the payment system is evolving.

Following are the steps taken to improve the card-based payment systems:

  • In the need to automate the process, magstripe was added to the already embossed card
  • To reduce the fraudulent use of cards EMV chip was installed
  • To enhance the speed and convenience, contactless chips were added
  • The banks further needed to go beyond payments and virtualize or improve contactless payments by introducing NFC-enabled card

Maintaining the regulatory rules and protection policies of Payment System

With new technologies and innovations that is bringing fast changes in the electronic payment system in banking, financial institutions are gearing up to meet their end-user expectations, which also includes ensuring end-to-end security of their payment systems and platforms. Banks need to make sure that their payment systems are compliant with all the regulatory rules and protection principles. To enhance the safety, transparency, accessibility, and efficiency for their customers, banks are developing faster and offering improved payment services.

To facilitate faster payment processing, settlement, and real-time views of cash positions, B2B is using SWIFT ISO 20022 regulatory rules. This international Unified Payment Hub supports ISO 20022 and is a real-time, cross-border digital payment solution, which can help to track transactions anytime and anywhere.

A few of the payment systems are volatile because of huge transactions and sensitive information involved in the process. We may take systemically important payment systems (SIPS) as a perfect example of a complex transaction. It is a European large-value payment system, which is significant to ensure the financial stability of the country due to its transaction volume, market share and cross-border relevance. SIPS is subjected to regulation and monitoring by the European Central Bank.

Testing of Payment system and why is it necessary

The payment system architecture is broad and varied, where systems and applications are extremely complex. Organizations need the most robust testing mechanism to ensure that the systems are fully equipped to handle National and International transactions and remittance. Following are the types of testing which is essential for the payment applications and systems.

  • Functional Testing – Functional testing of the payment system provides a clear idea if the payment system is meeting the business requirements with its predefined functions.
  • Interface Testing – It is important in the payment system as it verifies if the accurate outcome is obtained based on the communication between two different systems.
  • Performance Testing – Performance testing is conducted to test the speed, response time, stability, reliability, scalability, and resource for the payment systems.
  • Network Security Testing – It is conducted to mitigate the security risks, meet the industry standards, and launch product ensuring the network security of the systems.

The testing of domestic and international payment systems is crucial for Quality Assurance of the entire payment architecture. There is a greater liability on the payment platform as a huge volume of transaction takes place on these platforms every day. The national and international banks or finance organizations must follow certain clearing protocols and must remain compliant with the regulation to ensure a smooth transfer or remittance from one account to another within the stipulated time. Testing of payment systems is imperative to facilitate these transactions without any technical glitches within the committed time.

Yethi’s role as a testing partner

Yethi is a niche QA service provider for banks and financial institutions across the world. With about 400+ domain specialist and extensive knowledge in banking/financial software, Yethi has partnered with 90+ clients across 22 countries by offering them outstanding testing solutions and services. From functional, interface, performance to security testing, Yethi specializes in conducting end-to-end testing of payment system to ensure smooth national and international fund transfer and transactions.

Yethi’s testing services cover various channels of payment systems such as Internet Banking, Mobile Banking, Branch and Agency Banking and various networks such as RTGS (Real Time Gross Settlement), IMPS (Immediate Payment Service), NEFT (National Electronic Funds Transfer), AEPS (Aadhaar Enabled Payments Systems), UPI (Unified Payments Interface), SWIFT, SEPA, Wallets, Card Payments, ATM/POS Transactions, and more.

Yethi’s proprietary codeless 5th generation test automation platform, Tenjin, is easy to integrate and deploy with the systems and platform and undertakes test execution using the application UI and API. Further, a test repository of more than half a million test cases comprising of simple and complex test scenarios helps in saving time, money, and resource strength by 40%.