Global Digital Payments Archives - Page 2 of 2 - Digital Payments, Payment Security and Lending

Cross Border Payments in India

Krishnan KN / June 10, 2024

What are cross-border payments? Payments or transactions done across borders are part and parcel of international trade. So, playing the role of medium between the vendor and customer, cross-border payment is one of the crucial entities that enables cross-border trade. Any export or import is dependent on cross-border payment, and its growth is crucially dependent on smooth and seamless transactions. Why are cross-border payments significant? The significance of cross-border payments is proportional to the significance of cross-border trade. The size of cross-border payments is significant, with export merchandise alone contributing to about 15% of the total GDP. This alone is enough to look into the cross-border payment facilities that we are enabling our traders with to boost our country’s economic growth. India is looking at becoming a $5 trillion economy, and one of the major contributors can be cross-border trade. However, the fact on the ground is that of the 17 states that share their borders with other countries, only nine of them can actively engage in safe trade. Digital India has thrown the doors to cross-border trade wide open to not just the conglomerates but also MSME in India. Talking of MSME contribution, Livemint.com reports that “In FY 2022–23, MSME products accounted for 43.6% of India’s exports.” What are the major challenges to cross-border payments in India? Charges: With different countries come different rules and different financial charges. Many of the charges are informed only at the time of transactions, which either the vendor has to absorb or charge to the customer, irritating them in the least. Cumbersome process: With most local banks dealing with only a few currency options, time is taken for the standard international payouts, and both time and transparency are lost. SWIFT and international wire transfers come with their own set of challenges with regards to cost and time. Risk of fraud: Digitalization has thrown the door open to not just traders but also to cyber criminals. Cybersecurity has been constant and updated with the ability to come up with new solutions for the threats emerging daily. And yet be cost-effective. Compliance changes: Different borders dictate different laws at different points in time. The law of the land is often tweaked to combat raising threats or cementing the loopholes of existing laws. Currency volatility: With VUCA, is it a surprise that every country has a relatively fluid economy when compared to the currency woes that have been an age-old story? Only the present digitization has removed the buffer that the lag of communication offered earlier. How do we provide a solution to one of the pillars of our economy? Fintech India needs its fintech industry to find a one-stop solution for not just an easy and transparent transaction but also a safe one. A solution that authenticates easily but with foolproof scrutiny. Though many start-ups are working on solving individual issues discussed, most of them are working on their expertise, which is limited to one area. The need of the hour is an aggregator who would collect all this expertise on one platform and provide a holistic solution. The future looks bright with a possible blend or amalgamation of both seamless and secure transactions across borders.

Moving beyond SMS OTP Authentication

Sujit Kumar Mahato / November 10, 2022

If you have ever transacted or purchased online, you must have come across the OTP Authentication. The system-generated code delivered through SMS on your device serves as a verification of the claim that you are the actual owner of the device as well as the account/card/wallet through which the transaction is initiated. The authentication or verification of our identity as who we claim ourselves to be is a part of our day-to-day lives. Be it checking in at the airport or going past the security desk of an office, though we identify ourselves with our name, we authenticate ourselves with some other form of ID card. With growing security concerns, both in the physical and digital worlds, authentication methods have evolved not only to protect but also to provide a seamless experience to users. The ways in which one can be authenticated fall into three categories: · Knowledge: Something the user knows (eg. Password) · Ownership: Something the user has (eg. ID card) · Inherence: Something the user is (eg. Fingerprint) The above categories are referred as the Authentication Factors and the use of the number of factors in an authentication process derives its name. · Single-factor Authentication: Requires providing only one piece of verifiable information such as a password · Two-factor Authentication(2FA): Requires providing two pieces of verifiable information such as a password and then proof of possession of their smartphone (through an SMS OTP delivered on that device) · Multi-factor Authentication: Required to provide two or more pieces of verifiable information. As in the case of 2FA, where two categories (factors) of information are required, it is also considered an MFA. The idea of an OTP was first suggested in the 1980s by Leslie Lamport. With growing attacks and increasing authentication requirements, many patented OTP algorithms were developed. Today, OTPs are synonymous with two-factor authentication and are thought to augment existing passwords with an extra layer of security. Yet, fraudsters manage to circumvent it every day. SIM SWAP: In this scenario, a fraudster uses the stolen identity (name, email, government ID, etc.) to trick a mobile service provider into issuing a new SIM card for an existing phone number. Once the new SIM card is active, the original SIM card will be shut down, and the fraudster will try to gain access to the user’s financial application. Once the fraudster has gained access, the last line of defense—2FA or SMS OTP, is compromised. JAILBREAK or ROOT: Removing software restrictions put in place by manufacturers, to gain full access to the device’s operating system is called “jailbreaking” for iOS and “rooting” for the Android operating system. Generally, it is aimed at customizing the user experience or gaining access to a greater variety of unofficial apps. Jailbroken and rooted devices are susceptible to malware and viruses due to the weakened built-in security features of the devices. This eliminates security controls made by the manufacturer, which enables hackers to steal personal information, attack the network, or introduce malware, spyware, or viruses to circumvent the authentication measures in place. Investigating the feasibility of implementing a code by financial institutions that checks if the device is rooted or jailbroken prior to the installation of the mobile application and disallows the mobile application to install or function if the phone is rooted or jailbroken, can save its customers from possible fraud. Increasing layers of security is not a feasible solution for financial institutions when consumers prefer speed and convenience, even when it comes to accessing financial services online. User experience has become one of the determining factors when it comes to user adoption in any industry globally. Not receiving an SMS OTP, is one of the most painful experiences one can have as a user. Latency, in addition to the SMS cost, is a challenge for financial institutions in the exponentially growing digital era. Maintaining a balance between fighting fraud and improving the consumer experience is a challenge. Leveraging inherence-based authentication, such as biometrics, or ownership-based authentication, such as push notifications on the registered device, are some of the authentication measures that cater to both security and the consumer experience. Technological solutions with multiple authentication measures other than SMS OTPs and device binding are the way forward for providing a delightful customer experience without compromising security. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Authentication, Fraud Prevention, Global Digital Payments, Payments

Industry Insights, Product, Reading List

Why is Biometric Authentication becoming the headline in the world of Digital Payments?

Shatrughan Sharma / March 24, 2022

The last decade has witnessed a progressive adoption of technology in almost all the industry. Few industries like banking and fintech have embraced the technology to grow in leaps and bounds. The revolutionizing spread of internet has ushered in an incredible increase in the number of the users and in turn the addressable market. The hitherto latent yet humongous body of rural population is today enabled with fintech services like online payment and transaction and even Ecom. The one word which has propelled the whole population into the digital payment however is rather old fashioned -TRUST Let’s dive deeper with an example. When a small business owner from a village in Bihar pays a vendor residing in another state, he needs be assured that the payment would indeed be done. Similarly, a migrant labourer, slogging in the southern state need to believe that his hard earned money is indeed going to reach his family in a matter of minutes if not seconds. However both the people also need assurances that it would be paid only to the intended parties and not to anyone else! Authentication: The foundation of trust in the digital payment space Authentication is used most commonly to assure the consumers of reliability. However, the question remains if the authentication mechanisms used currently produce the highest levels of trustworthiness. Let’s delve into the circumstances where multifactor authentication is the best option. The following two out of the three ways have proved to be a strong medium for payment authentications: · Possession: for example, a documented identify or device, etc. · Knowledge: for example, a password or secret, etc. · Inherence: for example, their fingerprint, hand, face, etc. History of Biometrics — An evolved tool used in payment securities Although biometrics go way back into human history, the contemporary commercial usage of biometric authentication began in the mid-nineteenth century using fingerprints by William James Herschel, a British administrator in India. Biometric authentication gained popularity among consumers and service providers with the rising usage of feature-rich smartphones and other devices enabled with high-resolution cameras. The instant gratification was stoked with the biometric authentication as it is based on the biological traits which are unique to every individual and cannot be faked. One of the most widely used examples of biometric usage is that of Aadhaar card in the Indian Market: All Indian residents are given an Aadhaar number, which is a 12-digit unique identification number. This figure is derived from their biographic and biometric data (a photograph, ten fingerprints, two iris scans). The concept was originally related to government subsidies and unemployment benefits, but as its authenticity is proved, it now includes a payment scheme. The growth of biometric payments in a post-pandemic world According to global surveys, the pandemic has heightened awareness and acceptance of biometric payments. This popularity doesn’t show any signs of abating as we step into the post-pandemic era, thanks to a focus on sanitation and contactless payments. Biometric authentication is popular due to the simple and uncomplicated process that it entails. Unlike the conventional authentication techniques, which suffer from glitches like not getting an OTP or issues with the strength of the internet network. Biometric payments are becoming more popular in large and densely populated countries such as Russia, South Africa, Kenya, Nigeria, Ukraine, India, and others. Consumers sense the simple and foolproof option of biometric authentication is safer, quicker, and simpler. Biometric authentication provides several advantages over knowledge-based and possession-based authentications: 1. It’s universal, as these metrics can be found in every human. 2. It is unique. 3. It is permanent, as metrics like fingerprint or dental don’t change. 4. It can be easily recorded if the consumer wants it to be so. 5. Finally, it can be measured for comparison and cannot be falsified. Conclusion: Though there have been cases where Biometric authentication based on statistical algorithms may occasionally provide false positives, resulting in erroneous results, the benefits of using biometric authentication for digital payments outweigh the drawbacks. This is causing a significant shift towards its adoption, and it seems to be continuously growing. In a diverse socioeconomic environment like India which has a population that is both cost-sensitive and aspirational, there is no other solution that can beat biometric authentication. Author: Shatrughan Sharma, Global Head- Payment Security Wibmo A PayU/Naspers FinTech Company Authentication, Biometric Authentication, Global Digital Payments, Payments, Secure Payment

Tech Bytes

Prediction, Prevention, and Detection of Fraud Attempts, the key to faster payment processing

Sujit Kumar Mahato / December 29, 2021

The global digital payment market size is expected to grow from USD 89.1 billion in 2021 to USD 180.4 billion by 2026. The promotion of digital payments worldwide and the increasing penetration of smartphones are major contributors. Besides, the pandemic has accelerated the adoption of contactless and wallet payments. India, too, saw exponential growth. Thanks to 1 Billion cards and more than 2 Billion prepaid payment instruments like wallets and other digital payment modes. But, cyberattacks are a major roadblock in the growth of digital payment solutions. These global attacks are the most critical challenges that the payment industry has been facing. New and evolving cyberattacks affect businesses by breaking into payment systems to get cardholders’ data. The evolving frauds include : a) Friendly fraud — Fraudsters make the purchase on a credit card, receive the product or service. Then demand a refund for a lost or short-shipped order, or file a chargeback through their credit card issuing bank. With the intention of receiving a full refund of the purchase amount. b) Affiliate fraud — Refers to any unscrupulous activity conducted to generate commissions from an affiliate marketing program. Newer types of affiliate fraud include using stolen data for lead generation or stolen credit cards to generate sales. c) Botnets- Submit large numbers of transactions to test the viability of stolen payment card credentials. d) Phishing — Fraudulent communications, through email, text, or call, that appear to come from a reputed source. e) Velocity attacks — Multiple monetary authorizations seeking to detect an active account and decipher CVV/Expiry Date values of a set of cards within a BIN range. f) Triangulation — Fraudster is the middleman between a customer and an unsuspecting merchant. The customer places the order through the fraudster (impersonating as a merchant). Then the fraudster uses stolen credit card information to buy those goods from a legitimate merchant. It is estimated that 9 million identities are stolen each year in the US alone, with a new victim of identity theft every two seconds. Since many people do not report identity theft, no true number of victims exists. According to the Central Statistics Office (CSO), by 2021, loss from cyberattacks would rise to US$ 6 trillion from US$ 3 trillion in 2015. The growing number of cyberattacks is a hindrance to the adoption of digital payment services. In a recent study by YouGov and ACI worldwide, consumers are increasingly concerned about digital payments fraud. As a result, exercise greater caution when using digital payments compared to a year ago. 71% of consumers are more concerned about scams and fraud because of Covid-19, compared to 47 percent of consumers last year at the onset of the pandemic. The study also indicates that banks continue to be the preferred first point of contact in event of fraud. Around 60% of respondents would first call their bank to block their account or visit the bank branch to file a written complaint. Though worldwide initiatives towards customer awareness are on the rise, the banks will need to continue to lead the way not only by increasing customer awareness but also by deploying modern and robust enterprise-level fraud management solutions. For a delightful customer experience, banks need to predict, prevent and detect fraud attempts even before the payment processing to pave way for frictionless digital transactions. Author: Sujit Kumar Mahato, Product Manager Wibmo A PayU/Naspers FinTech Company Fraud, Fraud Detection, Fraud Prevention, Global Digital Payments, Online Payments