With the adoption of technology, there has been a significant rise in digital payments in India. At the same time, the threat landscape has mushroomed too. Addressing the rising concerns, Data Security Council of India along with PayPal has conducted a joint study highlighting the sophisticated online payment frauds and threats in the payment ecosystem.
As the e-commerce transaction process entails multiple entities at different stages, such as marketplace, merchants, payment gateways, financial institutes, apart from the consumers, each of them can act as a vulnerability or attack point for malicious actors. The study categorises e-commerce frauds broadly in three categories - buyer side, merchant side and cyber-security. The buyer side fraud includes fraudulent claims, chargebacks, fake buyer accounts, promotion/coupon abuse, whereas the merchant side frauds include selling counterfeit and non-fulfilment. The cyber-security frauds include account takeover, identity theft, card detail theft and triangulation fraud, etc.
The government has taken actions to counter the risks and frauds in the digital payment space. The RBI has issued guidelines on Regulation of Payment Aggregators and Payment Gateways which attempt to regulate in entirety the activities of payment aggregators and provide baseline technology-related recommendations to payment gateways. The RBI has also directed banks to introduce additional measures to secure electronic mode of payments like RTGS, NEFT and IMPS. Turn Around Time (TAT) and customer compensation for failed transactions using authorised payment systems have been prescribed. Even banks have been advised to provide online alerts for all card transactions -- Card Present (CP) and Card Not Present (CNP). It also directed them to mandatorily put in place an Additional Factor of Authentication (MFA) for all CNP transactions. The RBI has issued directions limiting the liability of customers in unauthorised electronic banking transactions.
The fraud prevention measures and upcoming technologies to the rescue suggestions include IP Geolocation to verify consumer's data to determine the location at the time of purchase, rules engines to allow merchants to create rules that will be evaluated on orders as they come such as 'decisioning software', 'order management', proxy IP address detection for instant detection of anonymous IP addresses, machine Learning for real-time insights to detect the fraudulent behaviour instantly, automated Workflow to speed up payment fraud checks, blocking suspicious devices, fulfilment and cancellation of fraudulent orders, etc., insights dashboards such as reports on suspicious activities in a single interface facilitating the entire fraud screening process immediately, device finger-printing to stop frauds at its root, based on device fingerprints from the browser and operating system to language and location.
In line with the Digital India vision, digital payments are on an accelerated growth path. As much as 925 million and 47 million debit and credit cards have been issued respectively, as of March 31, 2019. And UPI alone has clocked 1.49 billion in volume and $41 billion in transaction value, in July 2020. The study highlights that the internet userbase in India is expected to grow to 835 million by 2023 from 560 million in 2018. MSMEs adopting digital channels and transformation have grown twice as compared to their peers using traditional approaches. The retail sector is increasingly leveraging advanced AI technologies like machine learning, computer vision, conversational AI, Data Science and NLP to bring out the better user experience. E-commerce is gaining traction; the market is expected to grow to $200 billion by 2026 from the $50 billion in 2018. The growth of online shoppers is 73 per cent for tier-I and a staggering 400 per cent for tier-II and tier-III cities.