Stories Archives - Page 2 of 2 - Digital Payments, Payment Security and Lending

True Cost of Combating Payment Frauds

Sujit Kumar Mahato / September 14, 2022

A quick recap of major players involved in payment transactions : 1. Customer 2. Issuer Bank — holding the customer’s bank account 3. Payment Networks — Visa, Mastercard, NPCI, etc 4. Merchant 5. Acquirer Bank — holding the merchant’s bank account In simple terms, Payments Fraud is the one where someone made unauthorized payments/purchases. Though the liability of fraud differs(customer/merchant/banks etc) on a case-to-case basis, someone in the payment system has to finally bare the brunt and mark the money as lost in their respective books. Fraud is a global issue that affects not only individuals but also organizations — merchants, banks, insurance companies, and who so ever is dealing with payments. Payments frauds have been crippling every country across the globe and according to recent studies, the epidemic of payment fraud has been growing over the recent years. When it comes to payments, there are 2 major elements – 1. FALSE NEGATIVE — when an act of fraud goes undetected and through the payment system 2. FALSE POSITIVE — when a faulty fraud detection system blocks a legitimate transaction. Anti-fraud solutions and fraudsters are caught in a cat-and-mouse game. Both have been leveraging technological innovations to meet their underlying need and eventually adding to the cost of combating fraud. Whenever we come across the term COST, our first thought is that it’s a mere cumulation of expenses incurred in producing or building a product or service. However, in financial terms, the cost is segregated into — Direct Cost and Indirect Cost. The majority of the time, indirect costs are neglected when it comes to deriving the actual cost of a project due to the difficulty associated with deriving a cost-effective methodology for the assignment of indirect costs. When it comes to defining the cost associated with fraud, organizations generally tend to consider the amount lost in the fraud process. These numbers are a significant percentage of the topline revenue. Moreover, it’s a concerning fact that even less than 20% of businesses are able to fully recover the amount from unauthorized transactions and other fraudulent activities. Apart from the obvious Direct Cost — fraud amount value — associated with the transaction, the Indirect Cost often goes unnoticed. Cost of Combating Fraud: Huge infrastructure and resources — manual as well as technological are deployed by organizations in payment authentication and authorization. The cumulative loss arising from both False Positive and False negative scenarios burn a larger hole in terms of operational efficiency. Cost to Reputation: Businesses incurs huge cost when it comes to building a reputation of trust through the marketing function which employs varied techniques to increase the perceived value of a product or service over time. Undetected frauds and consequent delays in grievance redressal often leave the customer/merchant with a bad experience with their respective banks and also with the payment entities involved in the process. Cost of declining Genuine transactions: High False positive rates can leave the customers/merchants frustrated. Organizations leave no stone unturned through sales and marketing and customer support to acquire and retain a customer. In the era of fierce competition, if one thinks Customer acquisition is hard, think about the retention of a frustrated customer. It is somewhat now possible to measure fraud and error losses but one needs to surely factor in the Indirect Costs in order to make a proper judgment about a proportionate level of investment to be made in reducing them through the deployment of anti-fraud tools. Direct costs associated with fraud are just the tip of the iceberg and give even less than half a picture of the menace lying underneath. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Anti Fraud Management, Digital Payment, Fraud Detection, Fraud Prevention, Online Payments

Reading List, Stories

Account Takeover Frauds- Adaptive Protection Approach

Sujit Kumar Mahato / August 31, 2022

Once a fraudster has gained access to an account, they eventually end with either or combination of the following : – Make fraudulent orders – Reload digital wallets – Use loyalty points – Sell the confirmed account – Extract customer data to sell The process of gaining access to a victim’s login credentials to steal funds or information is referred to as Account Takeover Fraud (ATO). Fraudsters can take over any account type — bank, e-commerce, etc and have multiple ways at their disposal to trick gullible victims. Account takeover fraud is not new, but it is becoming more common. In 2018, account takeover fraud losses totaled around $4 billion. By 2021, this figure had increased by more than 200%. (PaymentsJournal) Fraudsters are finding innovative ways to carry out their trade. Screen-sharing apps are one of the newest additions to their arsenal as more and more individuals adopted digital payments during the pandemic for daily transactions. These screen-sharing apps were developed with the intention to provide tech support using the screen-sharing feature. However, these apps are now being used by fraudsters to access the mobile devices of their targets and make transactions without waiting for victims to share OTPs. Often gullible consumers fall prey to fraudsters pretending as bank officials who create urgency on the pretext of account/card block and ask users to download screen-sharing apps for account retrieval. Once installed, fraudsters have a clear view of not only the account credentials but also the OTP messages received over the phone, and consumers eventually end up with debit messages of their hard-earned money. One of the growing concerns is that ATO frauds are happening through screen-sharing apps despite the constant efforts from government agencies and banks to educate consumers not to share sensitive financial information or download apps from suspicious sources. Apart from the recent Screen Sharing Apps, a few of the other methods deployed by fraudsters to conduct Account Takeover Fraud (ATO) are : – Phishing: Impersonating as representatives of well-known brands/ businesses, the fraudster persuades the individual to click on links that redirect to spoof websites or install malware that does the credential harvesting. – Credential Stuffing ( Brute-Force): Dark web provides bank account/card details at a cost as low as USD 15. Once the fraudster has sourced a list of stolen credentials from the Dark Web, bots are used to run automated scripts to guess the correct account password by making multiple login attempts with a different password each time Account takeovers can significantly damage customer trust and brand reputation. Often, businesses introduce tighter security measures and add verification steps, but too much of either can harm the user experience. The need of offering an experience that is welcoming to consumers and hostile to fraudsters can be addressed through an adaptive protection approach. Billions of transactions take place across the globe generating valuable data points which are utilized in the concept of adaptive protection and the ability to run through layers of controls in real-time — including consumer behaviors and network anomalies — to determine whether a user should be pushed through with no friction, declined or given an alternative experience. Differentiating between good users and fraudsters helps in avoiding account takeover fraud. Wibmo’s TRIDENT FRM, an enterprise fraud, and risk management solution, evaluate diverse data points across channels and devices for the risk associated with each transaction. Learning and adapting to evolving consumer behavior as well as fraud patterns, TRIDENT FRM helps to detect and predict fraud while ensuring a delightful user experience. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Account Takeover, Fraud Detection, Fraud Prevention, Online Payments

Reading List, Stories

RETURN FRAUD- The e-commerce way of Shop-Lifting

Sujit Kumar Mahato / August 24, 2022

The pandemic changed the way consumers shopped. A black swan event changed consumer behavior and Online shopping is one of the segments to reap benefits. The pandemic and the exponential growth in e-commerce forced traditional brick-and-mortar shops to adapt to the evolution. Pre-pandemic brick-and-mortar shops kept a cautious eye on shoplifters but the e-commerce boom came up with its own shoplifting nemesis, say Hello to RETURN FRAUD. Fraudsters abuse the retailer’s fraud policy which was actually created for customer delight and it’s the smaller e-retailers who bear the brunt of Refund Fraud. The modus operandi of Refund Frauds differs from traditional frauds as it takes place post transaction — once the goods have exchanged ownership from the merchant to the consumer. A thriving ecosystem, Fraud-as-a-Service (Professional Refunders) has come into place to support those who wish to take advantage of lax return policies without actually having to go through the process. Reddit and Discord channels are leveraged as promotional grounds for these Illegal Life Pro Tips (ILPT) Modus Operandi 1. Everything is legitimate during the online transaction. Fraud is initiated once the good is received by the consumer. 2. Consumer goes to a Professional Refunder who charges a percentage cut on the refund value. 3. Refunder impersonates the Consumer 4. Refunder initiates the escalation with the merchant and uses the PERFECTED METHODS to get a refund without returning the product. A few of the Perfected Methods : a) Substance Leak — With doctored images/videos refunders report hazardous breakage such as monitor capacitor leakage, or battery acid leakage, thus making the product legally un-shippable. b) Partially Empty Box — Generally used for tracked shipping where the package is claimed to have arrived but has missing components. c) Fake ID Tracking Numbers — A properly weighed package is returned back without the actual goods. The shipping address is doctored to a new but incorrect address. Refunder then initiates a return claim with the merchant — to whose naked eye the package appears to be shipped and delivered back. d) Blood or Maggots — Claiming of finding questionable substances (again, doctored images/videos) in the product received and thus a reason for why one can’t possibly handle the opened package. Refund Fraud not only is a concern to merchants but also runs a risk of putting consumers’ virtual assets at risk such as email, passwords, card details, etc — as refunders offer Fraud-as-a-Service, access to the buyer account. Apart from the complicated methods listed above employed by professional refund fraudsters, consumers, with a Robin Hood mentality, too are learning about refund fraud and executing Refund Fraud as : a) Bricking: A working item ( generally electronic items) is purchased with the intention to be returned after stripping down the valuable component and rendering the item eventually unusable. b) Wardrobing: Majorly observed with expensive clothing. An item is purchased, used, and eventually returned. c) Switch Fraud: Returning a previously owned defective or damaged identical item with the aim of cashing on to the refund. Be it the retailers or the e-retailers have a return policy in place but a fine balance needs to be maintained — neither overly complex nor overly relaxed. The process of refund dents a blow to the bottom line not only in terms of labor involved in the process but also in refurbishing the returned items. Trying to avoid Return Fraud by adding manual resources will be a mountain task in this era of data where organizations are sitting on a mountain of data as well as leveraging data from other sources. Multiple data enrichment tools provide services as quick reverse checks on multiple data points for instance email addresses. Current innovations in fraud detection software over the recent years have made it possible to curb the menace of fraud even with very little technical knowledge. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Fraud, Fraud Detection, Fraud Prevention, Return Fraud, Risk Management

Industry Insights, Stories

Identification, Authentication, Authorisation — Know the Difference

Sujit Kumar Mahato / February 21, 2022

We undergo the process of Identification, Authentication, and Authorization every day in both physical and digital worlds. Let’s first start with the physical world. You have been planning for a weekend vacation for a long time but have been stalling because of the busy work schedule. After months of long hours of work, you finally find a weekend for a getaway. After work hours you meticulously plan the vacation — the place to visit, the hotel to stay, the to-do activities, and whatnot. Finally, the getaway weekend has arrived and the first thing that you do after reaching your destination: is Check-in into the hotel 1. Identification — You walk to the hotel reception and mention that you have a prior booking at the hotel. The first thing the receptionist asks is for your name. The receptionist then checks through the register to confirm of your booking. By providing your name, you claimed your identity. Your name, more or less, is unique and used for identification. 2. Authentication — Once the receptionist has got your name in the booking register, you are asked to present an ID card. The ID card verifies that you are the person whose name is on the reservation Here, the ID card facilitates the process of authentication and verifies your identity. 3. Authorisation — After the receptionist has done the necessary authentication process/paperwork, you receive a guest keycard. The guest’s keycard grants you access to your room, the guest elevators, and the pool — but not other guests’ rooms or the service elevator. Hotel employees have a service keycard, authorized to access more areas of the hotel than guests are. You enjoy the next few days to the fullest and finally be well-rested and rejuvenated. It’s time to go back to your work and give your best. It’s time to check out and walk to the reception desk. You hand over your card to the receptionist to pay the bill. At this moment you have jumped into the digital world of identification, authentication, and authorization. 1. Identification — The receptionist puts your card through a POS terminal. The information stored on your magnetic strip/EMV chip enables the banking systems to identify your valid account details — a bank that has your account, your account details, etc. Here the information on your card’s magnetic strip/EMV chip is analogous to your name which you used during check-in. 2. Authentication — You are then requested to enter your card PIN. Your card PIN is confidential to you — only you know it (an ideal case). By providing the PIN, you establish the validity of you being the owner of the card, associated with the bank account. The PIN authenticates that you are the owner of the bank account, from which money would be transferred to the hotel for its services. 3. Authorisation — There are multiple stakeholders involved when you are making transactions through your card. The bank in which you have your account, the card networks — Visa/Mastercard/Amex/Diners, the bank which has the hotel account, the software provider for the POS terminal, etc. Each stakeholder has a specific role to play. For example, the bank — which has your account- confirms that your account has enough balance amount. It then authorizes the deduction of the bill amount from your bank account. It may seem that all three steps — identification, authentication, and authorization are inseparable. But that’s not true. Remember the last time you uploaded a file on your Google Drive/One Drive and shared a public link. Here, you have authorized anyone with the link to access that file without any prior identification or authentication. Probably, the value of the file is far less than the value of the money in your bank account. Hence, the banking world uses cutting-edge solutions to predict, prevent and detect fraudulent transaction attempts on your card. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Authorization, Digital Payment, Identity Management, Security

Product, Stories

What is Risk-Based Authentication and why banks should implement it?

Wibmo / November 18, 2021

Driven by the trifecta of smartphone penetration, low-cost data rates, and higher incomes, the Indian e-commerce market was expected to grow to US$ 200 billion by 2026. Covid-19 has caused an inflection point for the e-commerce market in India. A Bain & Company-PRICE survey of 3000 households across income groups and geographies which was conducted between April and June, revealed about 13% of respondents buying online for the first time, while about 40% buying more online. An NRF survey showed that nearly 6 in 10 consumers say they are worried about going to the store due to fear of being infected. Figure 1: Growth of credit cards in India (Source: RBI database, Bank-wise ATM/POS/Card Statistics various years) The majority of the growth is from online shoppers in Tier 2 tier 3 cities. The pandemic has also seen a surge in UPI transactions. While credit cards did a total of 185 million transactions delivering a value of INR 805K million, UPI delivered a staggering 3654 million transactions with a value of INR 6543K million as per RBI and NPCI statistics for Sep 2021. Key Challenges and Solutions: With the spectacular growth in the eCommerce market sophisticated online payment frauds and threats have mushroomed too. An e-commerce transaction involves multiple entities at various stages, such as the marketplace, merchants, payment gateways, financial institutions, apart from the end consumers, and each of them can act as a vulnerability or attack point for malicious actors. For example: The end customer fraud making fraudulent claims, chargebacks, fake buyer accounts, promotion/coupon abuse. Malicious fraudsters involved in account takeover, identity theft, card detail theft, etc. Data leaks compromise millions of consumer details every year contributing to digital fraud through impersonation globally. Fraudulent merchants who could deploy “bust out” merchant fraud and transaction laundering mechanisms to defraud acquirers. However, transactional and identity security is not the only concern of financial institutions. This must be balanced with customer experience. Customer loyalties now lie with merchants and banks that offer the best experience in terms of convenience, speed, and security. With the myriad of devices, payment authentication options, and processes every digital bank faces the ultimate challenge of balancing optimal security and a seamless customer payment experience. This is where Wibmo’s Trident FRM makes a difference. Trident FRM is a comprehensive, omni-channel, risk-based authentication (RBA) solution that identifies and manages fraud in real time. It does so by building a holistic customer profile from diverse data points. Figure 2: Risk-Based Authentication A customer’s transaction journey begins on a checkout page or a bill payment action or when a customer does a fund transfer (wire transfer). These actions result in the customer connecting to the bank’s server and the bank’s server is an integration point for Trident to evaluate the risk of every transaction done by the user in real-time. Trident uses the data it receives from multiple channels and devices. Data comes in various forms, like: Transactional data: Card number/account number/phone number, amount, currency, merchant or payee information, billing, and shipping addresses. Location data: Terminal id, IP address, approximate latitude and longitude, ISP data. Device data: (SDK App ID, Browser information, proprietary device-fingerprinting) User information: Time of the day for this transaction and any deviations from past customer behavior using historical data. With more than 100 data points (in the case of online e-commerce), and a powerful set of operators Trident can write rules for almost every fraud scenario using an intuitive rule builder screen. In addition, Trident employs advanced analytics and machine learning algorithms to generate a real-time score and decisions for every transaction. The decision can be one of the following: Low Risk: These are transactions that can be ALLOWED to proceed without challenging for OTP thereby delivering a seamless customer experience. In Wibmo’s experience, more than 90% of the transactions fall under this category. Medium Risk: Transactions that are suspected are risky enough to challenge using a multi-factor authentication method. High Risk: Transactions that are suspected to be very high risk and suggested to be declined. Any suspected fraudulent transaction is marked as a case for automated action or manual investigation and closure in the Case Management portal. An efficient case management portal drives both proactive and reactive fraud cases using consolidated data across channels. It also generates various reports that are required for regulatory and compliance purposes. Benefits of RBA are: Reduced financial losses due to fraud. Customer delight due to seamless payment experience. Improved compliance with local and global regulatory requirements. Reduced total cost of operations by managing fraud cases efficiently and limiting the number of cases routed for manual review. Impact Analysis: So, a frequently asked question is: What is the impact of doing risk-based authentication? For a credit card online purchase (card not present) scenario, RBA using Trident delivers almost 6–8% improvement in success rates for banks and almost 40% reduction in latency for completing the transaction for the end customers. To put this in perspective, as of Dec 2020 with an average ticket size of credit cards was Rs 3,653 and with 20 lakhs transactions per month for online transactions, for a given bank and assuming a 1% MDR, this is an additional uptick of 43 lakhs every month. Wibmo processes cards not present transactions for many of India’s largest banks. For a large bank with more than 150 lakh transactions, we were able to save close to Rs 5 lakhs in a month. Conclusion: As transaction volumes are set to grow in double digits year on year, and as customers expect to transact from anywhere using multiple devices, the threat of increased online fraud becomes more real. Customers want speed and convenience balanced with security, therefore, banks that deliver the most optimized services will win customer loyalty. Hence, it becomes imperative for issuers to be integrated with robust, omnichannel fraud detection and prevention risk engines. RBA solutions such as TRIDENT FRM is a cost-effective solution that empowers banks to stay one step ahead of fraudsters and deliver delightful customer experiences which they have come to expect in today’s digital world. Author: Ajit Nair, Director Product, and Programs Wibmo A

Product, Reading List, Stories

Faster and Convenient Authentication

Sujit Kumar Mahato / October 29, 2021

Before the invention of the steam-driven railways in the 1800s, mankind was dependent on animal pulled wagons to transfer goods. The Tanfield Wagonway in England, the first large-scale railway, used horses to haul coal-filled wagons from the mining village of Tanfield. On the lookout for faster and more convenient forms of transportation, evolved from horses driven wagons to steam engines, from steam to diesel, and from diesel-driven to engines driven on electricity. Fast forward to the 21st century, the world is experimenting with hydrogen-powered trains. Consider the banking industry. Though there is no trace of the word ‘banking’ before the 1600s, the practice of safekeeping, saving, and transacting money can be traced back to the temples of Babylon. The Arthsashthra, written by Chanakya around 300 BC, has mentions of ‘hundis’ or letter of transfer. Had the banking industry failed to ride the technological horse, money transfer initiated through hundis would have taken days or at least hours, to reach the designated payee through the fastest railroad. Thankfully, the banking industry learned to ride the technological horse and today with the help of electronic transfer can facilitate the process of money transfer. Electronic transfer not only made money transactions faster but also convenient for the people, who were saved from the age-old hassle of going to a nearby branch and waiting for their turn in the long queues at the bank teller. Can money transactions be made faster and more convenient for the customers? The movement of the electrons, involved in the electronic transfer, cannot be made faster with current feasible resources nor the customers can have a more convenient experience in making transactions from the comfort of their homes. The only way to provide a better — faster and convenient- banking service could be through optimization of steps involved in internet transactions. A large part of the processes involved in electronic money transfer is dominated by Authentication or security — ensuring the money transfer takes place from the genuine customer. The introduction of OTP has been a major advancement in the banking industry. However, it is the one step that may be loved by the banks but hated by customers, especially when the OTP fails to arrive on time or when the user makes a mistake. Removing OTP altogether poses a serious threat to security and thus banks still rely on OTP services for user authentication. This brings us to the question — How authentication can be made faster and more convenient? Is it possible to have convenient security? The answer lies in DATA. Let’s consider a simple case of house-rent transfer. A genuine user would be transferring the same house-rent amount month after month to the same account, using mostly the same wifi connection (ISP), the same laptop/mobile, and may be even on the same day of the month. A fraudster, for sure, wouldn’t be so generous to take the pain of paying rent on the user’s behalf. All the parameters above can be easily tracked and monitored with data. The answer to a “Faster & More Convenient Authentication/Security” lies in identifying the right set of data and formulating them into risk assessment. Higher risk should demand stricter authentication whereas lower risk should lead to faster and convenient -frictionless transactions, paving way for customer delight. The pandemic has accelerated the adoption of cashless transactions across the globe and is forcing the bank, more than ever, to evolve in order to meet the demands of smartphone-led online shopping culture, with cards and digital wallets rising in prominence. Banks need to leverage data and segregate high and low-risk transactions in order to provide ‘faster and convenient authentication to their customers. The demand for a fast, reliable, secure, and frictionless payment experience by customers requires banks to adopt fraud detection systems, which leverage the power of data through advanced machine learning technologies. When it comes to detecting subtle patterns which help in the identification of fraud transactions, machines are more effective than humans. Today, irrespective of the field, the power to leverage data, to provide ‘faster and convenient service, is one of the biggest assets for any organization. The faster and higher the convenience, the greater is the customer delight. The greater the customer delight, the higher is the customer loyalty. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Digital Payment, Fraud Detection, Payments, Paytech

Stories

How did we make Wibmo GDPR ready in 6 months?

Pravin Kumar / October 2, 2021

A brief about GDPR GDPR is the world’s most strictly enforced set of data protection rules, enhancing how people can access information about themselves and limiting what organizations can do with personal data. GDPR’s full text is a cumbersome beast with 99 individual articles. The regulation in the EU, which replaced the previous 1995 data protection directive, serves as a framework for laws across the continent. After more than four years of debate and negotiations, the GDPR’s final form was adopted by both the European Parliament and the European Council in April 2016. At the end of that month, the underlying regulation and directives were published. GDPR went into effect on May 25, 2018. Countries in Europe were given the ability to make minor changes to better suit their own needs. This adaptability resulted in the creation of the Data Protection Act (2018) in the United Kingdom, which replaced the previous Data Protection Act of 1998. Driver for GDPR Wibmo currently has a large presence in India, Asia, Middle East, and Africa. And we aspire to enter the European market with our flagship service offering such as Authentication solutions and Fraud Risk Management solutions. We foresee that with increasing dependency on technology and digital products, we can offer seamless services to the European market. Moreover, with the expansion of the European Union, the EU market seems to be more lucrative to capture a large clientele base with a common regulatory framework and processes. Journey to GDPR readiness We performed initial due diligence with regards to GDPR articles and realized that it falls under the category of “Data Processor” as the majority of Personally Identifiable Information (PII) are not captured by themselves. These PII are shared with us by our customers/banks (controller) to whom we provide services. Then we defined “Security and Privacy by Design” principles and implemented them across the organization. To make everyone aware of these principles, we also provided mandatory training to all our employees on this subject through the “OneTrust” training tool. We performed a check for applicability of GDPR Articles and prepared a Statement of Applicability (SOA) which listed the set of GDPR Articles applicable to it. As a next logical step, we engaged with a Big4 consulting firm to perform gap assessment vis-à-vis processor control requirements. The gap assessment covered below domains: 1. Governance and Operating Model 2. Legal and Regulatory 3. Data Privacy Policy 4. Data Management 5. Privacy by Design 6. Security for Privacy 7. Third-Party Management 8. Data Subject Access and Requests 9. Consent Management 10. Training and Awareness 11. Breach and Incident Management 12. Business Unit Processing Activity (BUPA) 13. Data Privacy Impact Assessment (DPIA) The identified gaps were categorized in the areas of People, Process, and Technology. Then we created several policies and processes with the help of the global privacy team to comply with GDPR articles. To name a few policies and processes — Cyber Security and Privacy Incident Process, Data Subject Request Handling process. We also defined Business Unit Processing Activity (BUPA) and Data Privacy Impact Assessment (DPIA) for applicable business processes. We also enhanced our systems following a robust Change Management process to address some of the technology-specific gaps. We organized several awareness sessions and training on Privacy and Security controls requirements to ensure that the entire company stands in unison with regards to GDPR expectations. We are very pleased to share that the identified gaps have been successfully remediated. The remediation evidence has been shared with consulting partners for independent verification and closure confirmation thereafter. In addition, we have established a dedicated team for enforcement, implementation, and ongoing support of the GDPR compliances. Finally, we got a much expected and long-awaited tagline that “Wibmo is a GDPR-ready organization”. This compliance would help our business team to attract customers based out of the EU region which will make us globally the number one authentication service provider. Lastly, we would like to extend a big thanks to all our customers, employees, vendors for their seamless support in this journey. Author: Pravin Kumar, CISO Wibmo A PayU/Naspers FinTech Company GDPR, GDPR Compliance, GDPR Training, Security