Digital Payment Archives - Page 2 of 2 - Digital Payments, Payment Security and Lending

The Comprehensive Guide to Secure Digital Transactions with 3D Secure

Ravi Battula / May 28, 2024

Have you ever wondered how your online card transactions, whether domestic or international, result in a seamless shopping experience without concerns about merchant credentials, card data security, or delivery issues? The answer lies in EMV 3DS (3D Secure). This protocol is noticeable on the payment checkout pages of online merchants and at Point of Sale (PoS) terminals. What is 3D Secure (3DS)? 3D Secure (3DS) is a payments protocol that facilitates card transactions (credit, debit, prepaid, gift) at PoS or online globally. It ensures that any cardholder from any bank can seamlessly transact with any merchant acquirer worldwide. The three domains involved in a 3D Secure transaction are: 1. Acquirer Domain (Merchant’s Bank) 2. Issuer Domain (Cardholder’s Bank) 3. Card Network Domain How 3D Secure Works? During the checkout process, when you enter your card details online or swipe your card at a PoS terminal, the merchant/acquirer domain resolves the issuing bank. This process links to the cardholder’s account details, prompting the user to enter a one-time passcode (OTP) sent to their registered mobile device or email. This authentication step verifies the transaction’s legitimacy, adding a layer of protection against unauthorized use. The latest version, 3D Secure 2.0, incorporates advanced risk-based authentication and supports multi-factor authentication, including biometrics, enhancing both security and user experience. Why to invest in 3D Secure? While some businesses may view the implementation of 3D Secure as an additional cost, it is a strategic investment with substantial long-term benefits. Implementing 3D Secure can reduce chargeback fees, fraud-related losses, and dispute resolution expenses. Additionally, providing a secure online shopping experience builds customer confidence, leading to increased sales, loyalty, and trust. The Role of 3D Secure in Fraud Prevention Fraud is a significant concern for businesses, prompting the adoption of advanced authentication protocols like 3D Secure. Originally developed by Visa as “Verified by Visa” and later adopted by Mastercard as “Mastercard SecureCode,” 3D Secure adds an extra security layer to online transactions. By incorporating additional authentication steps, 3D Secure reduces the risk of unauthorized transactions, lowers chargeback rates, and enhances customer trust. Wibmo’s Innovative Solutions for Secure Transactions Wibmo addresses secure digital transaction challenges with its EMVCo-approved EMV® 3DS Server and SDK. Designed for Android and iOS platforms, these solutions enhance transaction security and reduce chargeback risks. The EMV® 3DS Server integrates the latest security protocols, while the SDK supports seamless transaction flows and comprehensive device data collection. According to recent surveys, fraud rates have increased by 15% in the past year, with identity theft, fraudulent payment schemes, and unauthorized transactions being common risks. These illicit activities can cause significant financial losses, damage reputations, and disrupt corporate operations. Advanced authentication protocols like 3D Secure, combined with a thorough understanding of fraud’s true impact, enable businesses to strengthen their defenses and protect against evolving digital threats. Understanding the True Cost of Fraud Fraud’s financial impact goes beyond immediate monetary losses. It includes stolen funds, chargeback fees, legal consequences, and reputational damage, which can tarnish a company’s image, lead to customer loss, and generate negative reviews. Addressing fraud effectively requires recognizing these multifaceted repercussions and implementing robust security measures. By understanding and leveraging 3D Secure, businesses can ensure a secure, seamless, and customer-friendly payment experience, fostering trust and driving growth in the digital economy. Key Features of Wibmo’s 3-D Secure solution (SDK, Server) – EMVCo Certification for Security Assurance – Seamless Transaction Flow Support – Versatile UI Support (Native and HTML) – Cutting-Edge Security Protocols – Flexible Hosting Solutions (Cloud or On-Premises) – And More! Benefits of 3DS Server Implementation – Elevated Security Standards through MFA (Multi factor Authentication) support – Effortless Regulatory Compliance – Frictionless Transaction Experience – Comprehensive Device Data Security – Simplified Integration – And More! Investing in 3D Secure is not just a prudent decision; it’s a strategic imperative for businesses aiming to thrive in the digital era. By prioritizing transaction security and customer trust, businesses can lay the foundation for sustained success in the digital realm. Secure your transactions, invest in 3D Secure, and embark on a journey toward a future where digital payments are synonymous with safety, reliability, and seamless experiences. Keep an eye on how Wibmo’s robust 3D Secure can help you achieve everything to fight fraud. To know more about Wibmo’s 3-D Secure solution, you can write to [email protected]. Author: Ravi Battula, Head of Payment Security & Merchant Acquisition Business Wibmo A PayU/Naspers FinTech Company 3D Secure, Digital Payment, Fraud Prevention, Secure Payment

Tech Bytes

Harnessing Digital Payments for a Greener Earth

Wibmo / April 22, 2024

As we celebrate Earth Day this year, it’s crucial to reflect on innovative solutions that contribute to environmental sustainability. One such solution gaining traction worldwide is the revolution in digital and mobile payments, particularly Unified Payments Interface (UPI) and Quick Response (QR) code payments. This technological advancement not only streamlines financial transactions but also plays a significant role in saving forests, reducing paper usage, and mitigating environmental degradation. Embracing Mobile Payments Mobile payment solutions are rapidly gaining popularity worldwide, with an estimated 2.1 billion people expected to use mobile wallets by 2025, according to Statista. By encouraging the use of mobile payments, fintech companies are reducing reliance on physical cards and cash, leading to fewer resources being used in the production and distribution of these materials. The Rise of UPI and QR Payments The emergence of UPI and QR payments has transformed the way individuals and businesses conduct transactions. With the convenience of mobile phones, users can transfer money, pay bills, and make purchases seamlessly, eliminating the need for physical cash and paper receipts. This transition to digital transactions has been accelerated by government initiatives and technological innovations, making financial inclusion a reality for millions. Saving Trees, Reducing Paper Usage One of the most significant environmental benefits of UPI and QR payments is the drastic reduction in paper usage. Traditional payment methods, such as cash and checks, rely heavily on paper-based documentation, including currency notes, receipts, and invoices. According to the World Bank, the global paper consumption for currency notes alone amounts to billions of tons annually. By shifting towards digital payments, we can significantly decrease the demand for paper currency and receipts. A study by the United Nations Environment Programme (UNEP) estimates that transitioning to digital payments could save millions of trees each year, mitigating deforestation and preserving vital ecosystems. Mitigating Carbon Footprint In addition to saving trees, the widespread adoption of UPI and QR payments contributes to reducing carbon emissions associated with traditional banking and payment processes. Printing, transporting, and disposing of paper currency and receipts require significant energy resources and emit greenhouse gases throughout their lifecycle. A report by the Global e-Sustainability Initiative (GeSI) suggests that digital payments have the potential to reduce carbon emissions by millions of metric tons annually. By minimizing the need for physical infrastructure and transportation, digital transactions offer a more environmentally friendly alternative to traditional banking methods. Encouraging Green Investments The global investment in renewable energy surged to $378.9 billion in 2023, as reported by the International Renewable Energy Agency (IRENA). Fintech platforms have increasingly become pivotal in driving these investments, offering sophisticated financial instruments and seamless integration with sustainable investment portfolios. These platforms empower both individuals and institutions to efficiently allocate capital towards a diverse array of renewable energy projects, sustainable infrastructure developments, and innovative environmental initiatives. Advancing Blockchain Technology Blockchain technology offers a decentralized and transparent platform for conducting financial transactions and verifying information. According to a report by Deloitte, blockchain technology has the potential to reduce the carbon footprint of financial transactions by eliminating intermediaries and streamlining processes. Moreover, blockchain can be used to create digital identities and track supply chains, ensuring the authenticity and sustainability of products. Promoting Sustainability and Financial Inclusion The shift towards digital payments aligns with broader sustainability goals, promoting financial inclusion and economic empowerment. By enabling individuals and businesses to access banking services through their smartphones, UPI and QR payments bridge the gap between the unbanked population and formal financial systems. According to the World Bank, expanding access to digital financial services can enhance economic opportunities for underserved communities while reducing their reliance on cash-based transactions. By empowering individuals to participate in the digital economy, we foster inclusive growth and sustainable development. As we commemorate Earth Day, let us recognize the transformative potential of UPI and QR payments in fostering a greener and more sustainable planet. By embracing digital financial technologies, we can conserve natural resources, mitigate climate change, and promote economic empowerment for all. As individuals and communities, let’s continue to harness the power of innovation to build a brighter future for generations to come. BaaS, Digital Payment, Earth Day, Fintech, Mobile Payments, Sustainability

Industry Insights, Product, Reading List

Wibmo Protect — Adaptive Multi-Factor Authentication Solution

Anand K Khanna / February 28, 2024

The Reserve Bank of India (RBI) has embarked on a transformative journey by proposing a Principle-Based Framework for the authentication of digital transactions. This pioneering initiative underscores the RBI’s commitment to fostering a secure, seamless, and customer-centric digital payments ecosystem. The primary objective of this framework is to propel the adoption of alternative authentication mechanisms, transcending the traditional SMS OTP paradigm. By embracing innovative authentication solutions, the RBI seeks to elevate the customer experience while fortifying the security infrastructure of digital payments. Furthermore, this strategic move is poised to empower businesses to embark on a journey of innovation, enabling them to explore cutting-edge solutions while upholding the highest standards of security and integrity. In essence, the Principle-Based Authentication Framework heralds a new era of digital transactions, characterized by enhanced security, heightened user experience, and unparalleled innovation. Challenges with OTP Authentication: Traditional SMS OTPs, while prevalent, present significant limitations and risks. They heavily rely on mobile service providers, are susceptible to interception, and contribute to transaction delays and failures, leading to user frustration and financial losses. Limitations of Traditional SMS-Based OTP Authentication: – Reliance on Mobile Service Providers: SMS OTPs are entirely dependent on mobile service providers, making them susceptible to network coverage issues and unable to support offline mode. – Inadequate Support for Cross-Border Transactions: Due to network dependencies, SMS OTPs face challenges in facilitating cross-border transactions and international access. – High Transaction Authentication Failure Rate: In the current scenario, the authentication failure rate for card transactions using SMS OTPs averages between 5% to 8%, primarily due to network dependencies. – Vulnerability to Cyber Threats: SMS OTPs are prone to interception, phishing, MITM attacks, and sim swapping, lacking robust protection for authorized access. – Rising Instances of Fraud: Cybercrimes, including fraud cases involving SMS OTPs, have surged, with approximately 1.1 million fraud cases registered in 2023, amounting to Rs 7,488.6 crore. Additionally, UPI fraud cases reached over 95,000 in the 2022–23 fiscal year. – User Experience Disruptions: Delays or delivery failures in SMS OTPs disrupt the user experience, leading to frustration and contributing to merchant conversion losses. – Increased Operational Costs: Constant intervention is required to manage authentication experiences across various channels, leading to additional costs. The average SMS cost per transaction is 12 paise, which escalates based on the chosen channels. Wibmo Protect: A Revolutionary Solution: Wibmo Protect, a cutting-edge platform, aligns seamlessly with the RBI’s framework. Utilizing a risk-based contextual authentication approach, it leverages machine learning and deep data analytics to detect and prevent fraudulent transactions in real-time. Contextual authentication further enhances security, enabling swift and secure payments without OTPs. Key Benefits of Wibmo Protect: Wibmo Protect offers a multitude of benefits, including: – Fraud Detection & Prevention – Dynamic Risk-based Authentication – Preference-based authentication with multiple modes – Multi-channel support for various transaction types – Reduced chargebacks and increased revenue growth – Merchant opt-out feature – Enhanced consumer authentication experience Wibmo Protect combines three powerful modules: 1. Access Control Server (Accosa ACS): A holistic payment authentication platform integrated with an intelligent risk engine. 2. Enterprise Trident FRM: A comprehensive cross-channel, self-learning risk assessment engine. 3. Tridentity: A multifactor out-of-band authentication solution offering secure, password less authentication. Wibmo Protect emerges as a game-changer in digital transaction security. By embracing innovative technologies and adaptive authentication methods, it sets new standards for security, efficiency, and customer satisfaction. With its comprehensive suite of modules, Wibmo Protect stands as a beacon of trust and reliability in the evolving landscape of digital transactions. Through continuous innovation and commitment to security, Wibmo paves the way for a secure and seamless digital future. Author: Anand K Khanna, Product Manager — Fraud & Risk Management Wibmo A PayU/Naspers FinTech Company Digital Payment, Fraud Detection, Multi-Factor Authentication, Payment Security, RBI

Reading List, Stories

Empowering the Unbanked: Offline Digital Payments and Financial Inclusion in India

Wibmo / November 30, 2023

India, with its vast and diverse population, has made significant strides in the realm of digital payments in recent years. However, a considerable segment of the population still remains unbanked or underbanked, primarily due to limited access to financial services. Offline digital payments have emerged as a promising solution to bridge this gap, fostering financial inclusion and empowering individuals who have been on the fringes of the formal financial system. Understanding Financial Inclusion Financial inclusion is a multifaceted concept that goes beyond merely having a bank account. It encompasses access to a range of financial services, including savings, credit, insurance, and payment services. The goal is to provide individuals and businesses, particularly those in underserved and remote areas, with the tools and resources needed to participate fully in the economy. Challenges to Financial Inclusion in India Several challenges have historically hindered financial inclusion in India: 1. Limited Access to Banking Infrastructure: Many rural areas lack physical banking infrastructure, making it challenging for individuals to access basic financial services. The cost and effort required to establish brick-and-mortar branches in these areas have been significant barriers. 2. Low Financial Literacy: A significant portion of the population, particularly in rural and remote areas, lacks financial literacy. Understanding the nuances of traditional banking services can be a barrier to entry into the formal financial system. 3. Documentation Requirements: The documentation required to open a bank account can be a hurdle, especially for those who may not have the necessary identification papers. This often excludes a substantial portion of the population from mainstream financial services. 4. Technological Barriers: While the penetration of smartphones has increased, a considerable number of individuals still use feature phones or have limited access to the internet. This poses a challenge to the adoption of traditional digital payment solutions. Offline Digital Payments: A Catalyst for Inclusion Offline digital payments have emerged as a transformative force, overcoming many of the barriers to financial inclusion in India. These solutions leverage technology to enable transactions without the need for a continuous internet connection, making them particularly relevant in areas with intermittent connectivity. Let’s delve into the ways in which offline digital payments are contributing to financial inclusion. 1. Access Anytime, Anywhere: Offline digital payment solutions empower users to conduct transactions regardless of their location or the availability of internet connectivity. This is especially crucial in remote and rural areas where traditional banking infrastructure is limited. 2. Reduced Reliance on Physical Infrastructure: By eliminating the need for physical branches or ATMs, offline digital payments reduce the cost and logistical challenges associated with building and maintaining banking infrastructure. This is a game-changer for reaching unbanked populations in geographically dispersed regions. 3. Simplified User Experience: Offline payment methods are designed to be user-friendly, requiring minimal technical know-how. This simplicity is key in overcoming the barrier of low financial literacy, enabling individuals with varying levels of education to participate in the formal financial system. 4. Biometric Authentication: Leveraging biometric authentication methods, such as fingerprints or iris scans, offline digital payment solutions offer a secure and convenient way for individuals to access their financial accounts. This is particularly beneficial in areas where traditional identification documents may be scarce. 5. Financial Inclusion for Merchants: Offline digital payments extend beyond individual users, providing opportunities for small businesses and merchants. By accepting offline digital transactions, even in areas with intermittent internet connectivity, merchants can expand their customer base and participate more actively in the digital economy. 6. Government Initiatives: Recognizing the potential of digital payments to drive financial inclusion, the Indian government has launched initiatives like Aadhaar Pay and UPI (Unified Payments Interface). These initiatives leverage biometrics and mobile numbers to facilitate secure offline digital transactions. 7. Financial Products and Services: Offline digital payments pave the way for the delivery of a range of financial products and services to previously underserved populations. This includes access to credit, insurance, and savings products tailored to the unique needs of different segments of the population. Challenges and Considerations While offline digital payments hold immense promise for financial inclusion, certain challenges and considerations need to be addressed: 1. Security Concerns: Ensuring the security of offline transactions, especially in areas with limited connectivity, is paramount. Robust security measures, including encryption and biometric authentication, are essential to protect users from potential risks. 2. Infrastructure Development: While offline digital payments reduce the reliance on physical banking infrastructure, there is still a need for ongoing efforts to enhance digital infrastructure, including the development of reliable networks and the availability of affordable smartphones. 3. Regulatory Framework: A conducive regulatory framework is crucial for the widespread adoption of offline digital payments. Clear guidelines and policies that foster innovation while ensuring consumer protection will play a pivotal role in shaping the future of these solutions. 4. Collaboration Among Stakeholders: Successful implementation of offline digital payment solutions requires collaboration among various stakeholders, including government agencies, financial institutions, technology providers, and local communities. A coordinated effort is essential to address the multifaceted challenges of financial inclusion. Bottom line: Offline digital payments represent a transformative force in the journey towards financial inclusion in India. By addressing the challenges of limited access to banking infrastructure, low financial literacy, and intermittent connectivity, these solutions empower individuals and businesses to participate fully in the formal financial system. As we move forward, it is imperative to continue innovating, address security concerns, and foster a collaborative environment that embraces the diverse needs of the population. The vision of a financially inclusive India can be realized through the thoughtful integration of offline digital payment solutions, ensuring that no one is left behind in the digital era. BaaS

Industry Insights, Product, Reading List

UPI Fraud Trends and Their Possible Mitigation

Sujit Kumar Mahato / March 16, 2023

With over 2 billion transactions worth over INR 4.5 trillion processed every month, India’s United Payment Interface (UPI) has revolutionized the digital payment ecosystem. UPI has been emerging as the most preferred payment method among Indians. However, at the same time, we are witnessing a rise in fraudulent transactions in recent times. A total of 1,46,495 unified payments interface (UPI) fraudulent activities were reported on the National Cybercrime Reporting Portal (NCRP) during the first and second quarters of 2022, as per the Ministry of Home Affairs (MHA). Up until now, banks and financial institutions have predominantly relied on educating consumers against fraud. But, in cases of fraud, the consumer is at the mercy of the grievance process, which adversely affects the consumer experience and dents customer loyalty. Fraud Trends and Their Possible Mitigation Impersonating Sellers and Customer Care It is more of a habit to google customer care contacts when facing issues with our online purchases. Fraudsters are flooding the internet with fake customer care details to lure in consumers. After gaining the trust of gullible customers over the phone, refund collect requests are shared via QR codes, SMS links, and so on. Financial institutions can integrate with technological solutions that detect and alert the customer in the event that a payment is made over the phone. Spoofed VPA IDs In the name of disaster relief or support, fraudsters created multiple spoofed VPA IDs that are remarkably similar to the original ones. In recent times, we witnessed an unprecedented rise in VPA IDs, similar to the PM Cares Fund. Maintaining a list of suspicious keywords such as support, relief, care, disaster, army, minister,” etc. and running risk rules over transactions being made to VPA IDs containing high-risk keywords have the potential to curb fraudulent transactions. Screen mirroring apps and malware Through malicious links, fraudsters get consumers to download screen-sharing or remote-access apps or malware. Once installed, the fraudster gains access to confidential UPI details, which are then used in combination with other modus operandi, such as SIM-swapping. Payment apps should have the capability to detect potential malicious apps already downloaded on the device and restrict payments from going through. Collect Request Through classified ads, fraudsters initiate conversation with sellers they are impersonating as potential buyers. Creating a sense of urgency, the fraudster intends to make a quick payment without much negotiation and sends a collect request, sometimes in the form of a QR code. The VPA IDs used by fraudsters are generally gibberish and at times have numbers or alphabets in sequence. Banks or financial institutions’ apps should have the capability to detect such patterns on beneficiary VPA handles. UPI has made digital payments more accessible and convenient for millions of people in India, and it is expected to continue to play a significant role in India’s digital payments ecosystem in the coming years. With continued efforts of educating consumers against frauds, banks and financial institutions should leverage the technological advancements against the mushrooming UPI frauds. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company BaaS

Reading List, Stories

True Cost of Combating Payment Frauds

Sujit Kumar Mahato / September 14, 2022

A quick recap of major players involved in payment transactions : 1. Customer 2. Issuer Bank — holding the customer’s bank account 3. Payment Networks — Visa, Mastercard, NPCI, etc 4. Merchant 5. Acquirer Bank — holding the merchant’s bank account In simple terms, Payments Fraud is the one where someone made unauthorized payments/purchases. Though the liability of fraud differs(customer/merchant/banks etc) on a case-to-case basis, someone in the payment system has to finally bare the brunt and mark the money as lost in their respective books. Fraud is a global issue that affects not only individuals but also organizations — merchants, banks, insurance companies, and who so ever is dealing with payments. Payments frauds have been crippling every country across the globe and according to recent studies, the epidemic of payment fraud has been growing over the recent years. When it comes to payments, there are 2 major elements – 1. FALSE NEGATIVE — when an act of fraud goes undetected and through the payment system 2. FALSE POSITIVE — when a faulty fraud detection system blocks a legitimate transaction. Anti-fraud solutions and fraudsters are caught in a cat-and-mouse game. Both have been leveraging technological innovations to meet their underlying need and eventually adding to the cost of combating fraud. Whenever we come across the term COST, our first thought is that it’s a mere cumulation of expenses incurred in producing or building a product or service. However, in financial terms, the cost is segregated into — Direct Cost and Indirect Cost. The majority of the time, indirect costs are neglected when it comes to deriving the actual cost of a project due to the difficulty associated with deriving a cost-effective methodology for the assignment of indirect costs. When it comes to defining the cost associated with fraud, organizations generally tend to consider the amount lost in the fraud process. These numbers are a significant percentage of the topline revenue. Moreover, it’s a concerning fact that even less than 20% of businesses are able to fully recover the amount from unauthorized transactions and other fraudulent activities. Apart from the obvious Direct Cost — fraud amount value — associated with the transaction, the Indirect Cost often goes unnoticed. Cost of Combating Fraud: Huge infrastructure and resources — manual as well as technological are deployed by organizations in payment authentication and authorization. The cumulative loss arising from both False Positive and False negative scenarios burn a larger hole in terms of operational efficiency. Cost to Reputation: Businesses incurs huge cost when it comes to building a reputation of trust through the marketing function which employs varied techniques to increase the perceived value of a product or service over time. Undetected frauds and consequent delays in grievance redressal often leave the customer/merchant with a bad experience with their respective banks and also with the payment entities involved in the process. Cost of declining Genuine transactions: High False positive rates can leave the customers/merchants frustrated. Organizations leave no stone unturned through sales and marketing and customer support to acquire and retain a customer. In the era of fierce competition, if one thinks Customer acquisition is hard, think about the retention of a frustrated customer. It is somewhat now possible to measure fraud and error losses but one needs to surely factor in the Indirect Costs in order to make a proper judgment about a proportionate level of investment to be made in reducing them through the deployment of anti-fraud tools. Direct costs associated with fraud are just the tip of the iceberg and give even less than half a picture of the menace lying underneath. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Anti Fraud Management, Digital Payment, Fraud Detection, Fraud Prevention, Online Payments

Industry Insights, Reading List

Things you must know about Tokenization — talk of the town

Ravi Battula / July 6, 2022

After the industry requested more time to comply with the latest data security rules, the Reserve Bank of India mandated the implementation of tokenization of card transactions, with a deadline of June 30, 2022, which is further extended to September 30, 2022. So, what exactly is tokenization? And how would it aid in the security of online transactions? Tokenization is a process of replacing sensitive information with non—sensitive information [token]either completely or partially, rendering the token useless for the unintended users. Tokens are irreversible, original data cannot be derived back using a key, unlike the cryptographic process. It follows the principle of ‘pseudonymization’ [Pseudo Anonymization or simply put alias or surrogate] for sensitive data like Aadhar, SSN, Credit Card, Bank ac/c, phone, or DOB. A tokenization system links the original data to a token but does not provide any way to decipher the token and reveal the original data. For e.g. in the case of a card/PAN, Token PAN is generated using the Format Preserving Hash which is irreversible PAN, and Lunch’s check is passed on the same so all the card validations on the token are also successful and follow card network rules. Original PAN: 7654 1111 1111 1111 Token PAN: 6667 2397 1422 2655 [Identical to PAN but of no value for a bad actor as it cannot be used without the valid Token Requestor and Merchant Id combination.] Any token generated for a card will inherit the key attributes of the original card e.g. expiry date, product code, card art, etc. Tokenization is a secure method of storing payment information. In essence, a token (an alias or a Pseudo number) is generated for the stored payment card. As a result, simply possessing the token does not grant you access to the card information without first passing through the tokenization system. When we apply this to the real world, we can see the benefits. Consider a website that sells specific products but also offers recurring deliveries. When a client purchases from the website for the first time, they will enter their credit card information themselves; however, for recurring transactions (such as the delivery of specific cosmetics on the first day of each month, for example), the information must be stored by the website in order for a monthly payment to be made. If card information is not stored securely, unauthorized personnel or even bad actors can gain access, causing a nuisance for the consumer and a serious problem for the merchant resulting in chargebacks. To solve this problem in the simplest way possible, we turn to tokenization. When a client first enters his card details, the payment platform collects the information and sends it to the tokenization system, which returns the token to the website and processes the payment. The token will be stored on the website in conjunction with the information entered during the registration process. For a Standing Instruction when the merchant website needs to charge the client on a recurring basis, it will simply send the amount and the token to the payment platform. The payments platform will then send the token to the tokenization system, which will map the card number against the token and complete the transaction on behalf of the customer. The website does not need to store the actual card details to process recurring payments using this method, and the payment process is limited to the dialogue between the tokenization system and the payment platform, both of which have high levels of security. Tokenization inherently uses a pseudonymization process to replace sensitive data with random data. Card tokens are intent-based which is unique per merchant. Card tokens generated at one merchant cannot be used at other merchants. In case of any data compromise at a particular merchant/entity, it cannot be used for any other purpose. Even if the bad actor wants to use the stolen token at the same merchant, they will also need the cryptographic keys to initiate any transactions which are almost impossible to get access to organization cryptographic keys. Hence tokenization makes the data storage, data transmission, and data usage very secure without worrying about misuse. In this case, the user would simply delete/cancel the token for a particular merchant only as opposed to canceling the card and managing storage at all other locations Because online shopping is becoming more popular by the day, cybercrime has skyrocketed so as data proliferation, both businesses and their customers must now rely on secure online solutions for all types of transactions. This means that more credit card information is being stored and processed, providing more opportunities for cybercriminals. Security solutions such as tokenization are arguably more important than ever before, as they can assure clients that their sensitive data is much more secure, thereby fostering trust and loyalty between businesses and consumers. Benefits of tokenization on your cards : · With rising subscriptions and recurring economy, intent-based unique tokens enable users to manage multiple subscriptions (COF or SI) very securely · Can be used for an online card on file and device-based tap n pay contactless payment on mobile devices · Greater protection against data theft due to higher storage security · Higher customer control to view and manage tokens and set controls · Bring standardization for card storage across the ecosystem rather than every entity implementing their own standards The Wibmo Areion ‘Token Hub,’ built in accordance with EMVCo standards, is the only unified tokenization solution for merchants, acquirers, Issuers, and Fintechs. It ensures that you are in compliance with the latest RBI guidelines while also providing a frictionless payment experience. To find out more, write to: [email protected] Author: Ravi Battula, Vice President, Merchant Acquiring Business Wibmo A PayU/Naspers FinTech Company Card Payment, Card Token, Digital Payment, Online Payments, Tokenization

Industry Insights, Stories

Identification, Authentication, Authorisation — Know the Difference

Sujit Kumar Mahato / February 21, 2022

We undergo the process of Identification, Authentication, and Authorization every day in both physical and digital worlds. Let’s first start with the physical world. You have been planning for a weekend vacation for a long time but have been stalling because of the busy work schedule. After months of long hours of work, you finally find a weekend for a getaway. After work hours you meticulously plan the vacation — the place to visit, the hotel to stay, the to-do activities, and whatnot. Finally, the getaway weekend has arrived and the first thing that you do after reaching your destination: is Check-in into the hotel 1. Identification — You walk to the hotel reception and mention that you have a prior booking at the hotel. The first thing the receptionist asks is for your name. The receptionist then checks through the register to confirm of your booking. By providing your name, you claimed your identity. Your name, more or less, is unique and used for identification. 2. Authentication — Once the receptionist has got your name in the booking register, you are asked to present an ID card. The ID card verifies that you are the person whose name is on the reservation Here, the ID card facilitates the process of authentication and verifies your identity. 3. Authorisation — After the receptionist has done the necessary authentication process/paperwork, you receive a guest keycard. The guest’s keycard grants you access to your room, the guest elevators, and the pool — but not other guests’ rooms or the service elevator. Hotel employees have a service keycard, authorized to access more areas of the hotel than guests are. You enjoy the next few days to the fullest and finally be well-rested and rejuvenated. It’s time to go back to your work and give your best. It’s time to check out and walk to the reception desk. You hand over your card to the receptionist to pay the bill. At this moment you have jumped into the digital world of identification, authentication, and authorization. 1. Identification — The receptionist puts your card through a POS terminal. The information stored on your magnetic strip/EMV chip enables the banking systems to identify your valid account details — a bank that has your account, your account details, etc. Here the information on your card’s magnetic strip/EMV chip is analogous to your name which you used during check-in. 2. Authentication — You are then requested to enter your card PIN. Your card PIN is confidential to you — only you know it (an ideal case). By providing the PIN, you establish the validity of you being the owner of the card, associated with the bank account. The PIN authenticates that you are the owner of the bank account, from which money would be transferred to the hotel for its services. 3. Authorisation — There are multiple stakeholders involved when you are making transactions through your card. The bank in which you have your account, the card networks — Visa/Mastercard/Amex/Diners, the bank which has the hotel account, the software provider for the POS terminal, etc. Each stakeholder has a specific role to play. For example, the bank — which has your account- confirms that your account has enough balance amount. It then authorizes the deduction of the bill amount from your bank account. It may seem that all three steps — identification, authentication, and authorization are inseparable. But that’s not true. Remember the last time you uploaded a file on your Google Drive/One Drive and shared a public link. Here, you have authorized anyone with the link to access that file without any prior identification or authentication. Probably, the value of the file is far less than the value of the money in your bank account. Hence, the banking world uses cutting-edge solutions to predict, prevent and detect fraudulent transaction attempts on your card. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Authorization, Digital Payment, Identity Management, Security

Product, Reading List, Stories

Faster and Convenient Authentication

Sujit Kumar Mahato / October 29, 2021

Before the invention of the steam-driven railways in the 1800s, mankind was dependent on animal pulled wagons to transfer goods. The Tanfield Wagonway in England, the first large-scale railway, used horses to haul coal-filled wagons from the mining village of Tanfield. On the lookout for faster and more convenient forms of transportation, evolved from horses driven wagons to steam engines, from steam to diesel, and from diesel-driven to engines driven on electricity. Fast forward to the 21st century, the world is experimenting with hydrogen-powered trains. Consider the banking industry. Though there is no trace of the word ‘banking’ before the 1600s, the practice of safekeeping, saving, and transacting money can be traced back to the temples of Babylon. The Arthsashthra, written by Chanakya around 300 BC, has mentions of ‘hundis’ or letter of transfer. Had the banking industry failed to ride the technological horse, money transfer initiated through hundis would have taken days or at least hours, to reach the designated payee through the fastest railroad. Thankfully, the banking industry learned to ride the technological horse and today with the help of electronic transfer can facilitate the process of money transfer. Electronic transfer not only made money transactions faster but also convenient for the people, who were saved from the age-old hassle of going to a nearby branch and waiting for their turn in the long queues at the bank teller. Can money transactions be made faster and more convenient for the customers? The movement of the electrons, involved in the electronic transfer, cannot be made faster with current feasible resources nor the customers can have a more convenient experience in making transactions from the comfort of their homes. The only way to provide a better — faster and convenient- banking service could be through optimization of steps involved in internet transactions. A large part of the processes involved in electronic money transfer is dominated by Authentication or security — ensuring the money transfer takes place from the genuine customer. The introduction of OTP has been a major advancement in the banking industry. However, it is the one step that may be loved by the banks but hated by customers, especially when the OTP fails to arrive on time or when the user makes a mistake. Removing OTP altogether poses a serious threat to security and thus banks still rely on OTP services for user authentication. This brings us to the question — How authentication can be made faster and more convenient? Is it possible to have convenient security? The answer lies in DATA. Let’s consider a simple case of house-rent transfer. A genuine user would be transferring the same house-rent amount month after month to the same account, using mostly the same wifi connection (ISP), the same laptop/mobile, and may be even on the same day of the month. A fraudster, for sure, wouldn’t be so generous to take the pain of paying rent on the user’s behalf. All the parameters above can be easily tracked and monitored with data. The answer to a “Faster & More Convenient Authentication/Security” lies in identifying the right set of data and formulating them into risk assessment. Higher risk should demand stricter authentication whereas lower risk should lead to faster and convenient -frictionless transactions, paving way for customer delight. The pandemic has accelerated the adoption of cashless transactions across the globe and is forcing the bank, more than ever, to evolve in order to meet the demands of smartphone-led online shopping culture, with cards and digital wallets rising in prominence. Banks need to leverage data and segregate high and low-risk transactions in order to provide ‘faster and convenient authentication to their customers. The demand for a fast, reliable, secure, and frictionless payment experience by customers requires banks to adopt fraud detection systems, which leverage the power of data through advanced machine learning technologies. When it comes to detecting subtle patterns which help in the identification of fraud transactions, machines are more effective than humans. Today, irrespective of the field, the power to leverage data, to provide ‘faster and convenient service, is one of the biggest assets for any organization. The faster and higher the convenience, the greater is the customer delight. The greater the customer delight, the higher is the customer loyalty. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Digital Payment, Fraud Detection, Payments, Paytech

Industry Insights

What are Pre-Paid Cards and how do they work?

Nsele P. Bokuma / October 2, 2021

By referring to Prepaid Cards, we first need to agree on what do we understand by Prepaid Card, and how do we see it? Do we see it as a closed card program or an open card program? Many get confused in the definition of what exactly is a Prepaid card? A Prepaid Card can be defined as a secured card (a plastic) that enables users to process transactions in order to make purchases of goods and/or services. We can then say that we do have two types of Prepaid Cards: Closed Card Programs. Open Card Programs. A Closed Card Program is usually referred to as a closed-loop, mostly in the form of Gift Cards, used by many stores. On the other hand, an Open Card Program is usually referred to as a debit card, which is linked to a bank account. Both solutions could be referred to as Prepaid Card solutions; however, one does not require the need of having a bank account but for the other, having a bank account is a must. To some extent, some countries around the world are now initiating closed-loop programs, as a debit card, for domestic card transactions. For instance, a country may opt to have a closed-loop domestic card program that can only be utilized in the country, in form of a domestic prepaid card scheme. In today’s world, Financial Institutions (FI) are working hard to promoting Financial Inclusion by providing financial services and/or products to customers at a very affordable cost. However, despite, the efforts and times put together by Financial Institutions, the results for getting everyone inclusive into the Financial Ecosystem is still low. Therefore, FI is constantly improving their products/solutions in order to meet customers satisfaction by positioning solutions such as Prepaid Cards in order to make inclusion attractive. That is why, to meet customer’s satisfaction, Financial Institutions have opened up to the closed/open loop payment program to reach out to all markets and/or segments. These programs have been put in place to solving problems for Consumers, Retailers, Corporates, and Governments. The benefit of those cards is that consumers can make use of the solution to make a purchase, pay bills, transfer funds, and/or withdraw cash from an ATM, Merchant/Retailer stores, or an Agent (Agency Banking), in a very convenient and secure way. Prepaid Cards used by the bank (“the debit card”), can also be offered to customers who do not qualify for credit facilities. By these means, the bank is offering a product to customers which will enable them to transact by using their own funds. On the other hand, Retailers or Merchants are also offering similar solutions to customers in form of Gift Cards, for instance, as previously mentioned. Once a Prepaid Card has been offered to a customer, the Service Provider will immediately issue a card to the customer in order to enable the customer to start transacting from day one. Nevertheless, to make this mechanism fully functional: A plastic card will have to be issued to the customer. Customer will have to load own funds onto the cards. The card will have an Expiring Date, Card Number, and a PIN. Customers can now start transacting. Yet, for Prepaid Card such as Gift Cards, cards can only be used within a network of retailers, and most of the time, the card does not have a PIN number for acceptance of transactions. However, transactions are authorized on a signature basis. So, Prepaid cards could be considered as a fast-growing segment for Retail Banking and Merchant Services Industry despite entries of new innovative payment technologies. Author: Nsele P. Bokuma, Director-Sales, South Africa Wibmo A PayU/Naspers FinTech Company Card Payment, Digital Payment, Online Payments, Prepaid Card