How Payment Companies and Banks are Fighting Cybercrime

In less than three years since the launch of Unified Payment Interface (UPI), transactions through this payment method have grown at a scorching pace, with the number hitting a landmark one billion in October. Around 100 million people have started using this India-made technology, which countries around the world are looking to adopt. The adoption of electronic means of financial transactions is music to ears as India has predominantly been a cash-heavy economy, but the volume of retail cashless transactions has increased by nearly 124 per cent from FY 2016- 17 to FY 2018-19, as per the Reserve Bank of India (RBI) Annual Report 2018-19.

Online Payment Gateway Service Providers

But here’s the dark side.

Earlier this year, private data of millions of users of Truecaller—with 500+ million downloads— was reportedly sold on the dark web, putting at risk money of all those Indian users who use the app for UPI-based transactions. In the light of the most recent Pegasus spyware attack on WhatsApp, RBI did not allow the social messaging app to roll out its much awaited UPI-based payment service, as it was deemed to put at risk the security of the financial data of the app’s users.

The 2019 annual performance against customer expectation (PACE) report by FIS, a financial services technology company, showed the share of online payment victims in India doubled to 37 per cent compared with the number in its 2018 report. The report points out that with electronic payments going up, incidents of online frauds and data breach have also seen a jump.

As digital adoption increases, the question to ask is how safe is it to transact online?

The onus of protecting users’ data lies with online merchants and payments companies, say experts. “Financial service providers should embed security measures thoroughly to reduce data leakage. Payment companies and wallets cannot shrug off their responsibility by just reporting a data breach but show due diligence in preventing the dissemination of a contaminant,” says Pavan Duggal, Advocate, Supreme Court, specializing in cyberlaw.

Payment Gateway Companies in India

Vishing Frauds on The Rise

Hundreds and thousands of digital payment users lose their money frequently due to social engineering frauds. These involve human interaction wherein the conman manipulates the victim into breaking security procedures or divulge sensitive information related to bank accounts, credit/debit cards or login credentials.

Some 150-odd cases related to UPI fraud alone were registered between July and September this year, as per a news report. The modus operandi of fraudsters in most of these cases was same wherein the conmen got the victims to reveal their UPI-related information and stole money from their UPI-linked accounts.

Given the manual nature of social engineering frauds, tackling them is not an easy task, say industry experts. “The scammer calls the victim posing as a bank official or a customer care executive and weaves a false story to extract sensitive information related to bank details. There is technically no way to detect such scams,” shares Harshil Mathur, Co-founder and CEO, Razorpay. Puneet Kapoor, Senior Executive Vice President, Kotak Mahindra Bank concurs. “The biggest fraud in the banking industry is perpetrated through vishing calls. Fraudsters create make-believe situations and many gullible consumers fall for the narrative,” he says.

Some 150-odd cases related to UPI fraud alone were registered between July and September this year, as per a news report. The modus operandi of fraudsters in most of these cases was same wherein the conmen got the victims to reveal their UPI-related information and stole money from their UPI-linked accounts.