The pandemic has opened up new avenues for fraudsters trying to hoodwink unsuspecting customers. One of the channels seeing a rise in frauds is the Unified Payment Interface (UPI) and various type of frauds take place on these platforms. It is important now more than ever to deploy authentication solutions to prevent these frauds. In Payments, both account takeover and scams are the fraud vectors. Rajnish Gupta, Regional Director, India and SAARC, RSA Security shares how RSA Adaptive Authentication helping Payer Banks mitigate fraud in transactions that take place over India’s Unified Payments Interface
The data provided by the National Payments Corporation of India (NPCI) shows that in September, transactions based on Unified Payments Interface (UPI) hit a volume of over 180 crores — nearly doubling the 99.9 crores volume recorded in April. Total transactions have additionally reached Rs. 3,29,027 crores. What are RSA’s views on this and how is RSA addressing this growing incidents of online frauds in India.
The global pandemic forced us all to reinvent overnight, the way we work, learn, help, engage and socialize. Digital Transformation and emerging technologies have played a crucial role in enabling businesses and governments to quickly apply solutions to respond to the crisis and maintain business continuity. As a security and risk management company, RSA Security advocates focusing on visibility to provide insights and action. We are witnessing in rise in cyber-attacks, especially in the online banking sector.
India’s unified payments interface (UPI) is serving hundreds of millions of consumers. While it is helping India boost its economy, the effort is leading to unprecedented business risks too, resulting to increasing potential vulnerabilities that fraudsters and cyber criminals can exploit. People who are making online transactions are more susceptible to fraud today.
RSA Security has a comprehensive portfolio that can help enable our customers like big banks, credit card companies, ecommerce vendors, who are dealing with consumers directly. We support their back-end security capabilities, where they can identify fraudulent scenarios in transactions and essentially, if needed, block a transaction in real time. But, more importantly, help the customers protect their own data, e-wallets and their consumer’s hard-earned trust.
How is RSA Adaptive Authentication helping UPI Payer Banks and UPI Payer Payment Service Providers protect UPI transactions and collection events launched from their mobile applications?
Today, along with keeping oneself safe from the pandemic, one has to be mindful of cybercriminals as well. These criminals are especially targeting users taking the digital route to conduct financial transactions where more and more customers have moved to digital payments. The pandemic has opened up new avenues for fraudsters trying to hoodwink unsuspecting customers. According to NPCI, about 155 banks were live on UPI with total transactions volume reaching up to 1336 million, in the month of June 2020. On an average, absence of UPI frauds prevention is costing about 10 crore loss per month to every bank.
RSA Adaptive Authentication is an omni-channel fraud detection hub that provides risk-based, multi-factor authentication for organizations seeking to protect against fraud across multiple digital channels including UPI. Powered by the RSA Risk Engine, this solution measures the risks associated with a user’s login and post-login activities by evaluating the risks indicators. This methodology provides transparent authentication for most users, ensuring a frictionless end-user experience and high fraud detection rates. RSA Adaptive Authentication offers proven fraud detection rates from 90-95 percent with low intervention.
Companies are also rolling out new and innovative payment methods while mitigating the risks of fraud and maintaining a frictionless consumer experience. What has been your customers experience and what are the challenges so far?
Enterprises are thinking about their future in the new normal to be able to continue serving their customers seamlessly. To achieve this, it is essential for information security, risk management and fraud prevention teams to work together. Long-term fraud prevention strategy is key for every organization to address the risks of an omni-channel world.
We are living is digitally transformed world and the number of digital channels available today to consumers is increasing at an unprecedented rate. The key here for the organizations is to adapt to the changing environment and prepare for a more digital future. Fraud prevention strategies have to be kept at the core and every enterprise needs to evolve and adapt for what the future holds.
With rapid digitalization, customers across India are looking at avenues to prevent real time frauds on digital channels. Few customers who did understand the trend and implemented solutions faced products limitation of handling only static rules. These solutions did not prevent frauds based on dynamic nature of user’s device and/or user behavior on digital channels.
Digital payment platforms as well as the Reserve Bank of India are using their social media channels to make people aware of financial attacks that are termed as mishing, phishing, and smishing in the lexicon of cybersecurity. Do you think the measures taken by the government in this direction are strong enough? How closely is RSA working with the govt. sector as a security provider to address this?
The online channel has never experienced such an active, and globally integrated crime network as the one it faces today. Currently, bad actors have most advanced technologies at their disposal and operate a separate sophisticated underground economy to attacks government and enterprise via:
- Phishing sites attacks
- Deploying Trojans
- Developing rogue mobile apps and installing on public app stores
- Creation of fake business pages on social media
- Leaking govt enterprise assets and employee credentials on dark web
- Modification of helpline numbers
- Creation of fake UPI ID’s and circulating on social media forums
The need to have protection against these different types of attacks is critical because they are becoming more and more interrelated—Trojans often have a mobile app component. Social media has become a new haven for fake business pages, created by cybercriminals to mislead consumers.
Organizations are currently challenged with deploying complete fraud protection solutions. They have to choose between managing multiple vendors—multiple service metrics, budget requirements and different business relationships, as services for different threat vectors are provided by different vendors. They have to be selective and prioritize one or handful of threat vectors over others, taking the risk of becoming vulnerable to other attack.
RBI has been burning midnight oil to prevent occurrence of these attacks and has notified banks (including co-operative banks) to procure anti-phishing and anti-rogue app services. However, there is still a lot of work which needs to be done as post covid-19, fraudsters have been modulating new avenues to expand their fraud methodologies
What are the future technology and cybersecurity trends foreseen by RSA?
The shortage of cyber security skills is a big struggle even with the best tools, processes and budgets available. Technologies are helping businesses close the skills gap, as they will look to reduce dependency on talent via security orchestration and automation software, risk-based prioritization, and comprehensive threat analytics.
A few cybersecurity trends that we observe are:
o Integrated security as against layered defense: With BFSI as highly regulated sector, banks will invest more time, money and effort in deploying best-in- breed technology to prevent and mitigate transaction frauds
o Artificial intelligence and machine learning will provide extra security against cybercrimes: By incorporating security into agile processes businesses can effectively manage risk and maintain the quality of development. Advancements in AI/ML will help organizations across sectors to protect themselves from cyberattacks, as well as detect, predict and respond at the same time
o OT-IoT security will gain priority: More information creates more possibilities to create value. With generating more data, it opens doors for higher risk and cyberattacks