In an era where digital interactions permeate every aspect of our lives, Jagdish Kumar, Chief Technology Officer for Worldline in India, sheds light on critical facets shaping the digital landscape. Addressing the significance of the DPDP Act, cybersecurity measures in online transactions, the imperative for system upgrades to combat fraud, and the government’s initiatives, Kumar provides valuable insights into ensuring the security and trustworthiness of digital transactions. Join us as we explore the evolving dynamics of the digital age with a seasoned expert at the forefront of technology in the payment industry.
Why is the DPDP Act important for people and businesses in the digital age?
Thanks to the digital age, today information and services are available at our fingertips 24/7. Smartphones and smart wearable devices are now an extension of our own self. People have now opened their life and choices to the world to be catered to by the wide variety of options at their disposal. While these exchanges are intended towards greater engagement with customers and driving the ‘delight’ factor, it also unfortunately creates avenues for certain elements to manipulate and misuse the constant data that is being collected.
A regulation like the DPDP Act puts a framework around collection, usage, storage and transfer of personal data thereby giving everyone the freedom to have a say and control over their respective personal information. For businesses, this will drive accountability in how such sensitive data is handled and force them to build similar barriers around their supplier ecosystem.
How are payment companies making online transactions safer by adapting to cybersecurity?
Online payments involve multiple platforms that collect and transmit data for fulfilment. This consists of sensitive payment data as well which is core to completion of the said transaction. For handling this, there are encryption algorithms, cryptographic standards and channel encryption used by payment companies, such as SSL (Secure Sockets Layer), TLS (Transport Layer Security) that helps protect and transport sensitive payment data and ensures that the communication between the customer/merchant’s browser and the payment gateway is completely secure. In addition, it also helps to maintain the sanctity of the data by preventing interception and tampering.
Next is the implementation of Tokenisation as a feature to arrest the threat of instrument data getting compromised and misused. Tokenisation results in hashing of sensitive payment data thereby rendering it useless even when compromised. All payment companies need to adhere to the PCI DSS compliance standards and certification to ensure they have the capability to ensure payment instrument and Personally Identifiable Information (PII) are fully secured while at rest. Having secured the data, the next step is to have the latest authentication framework to cut down the risks of unauthorised transactions. This includes implementation of protocols like 3DS 2.0 and investments in advanced tools for risk-based scoring and fraud identification for transactions. Lastly, just like any tech enabled platform, payment companies also need to constantly ensure their systems are monitored and updated as per compliance and industry standards regularly.
Do digital payment providers need to upgrade their systems to prevent fraud, and what steps should they take?
Any system requires to be upgraded at periodic intervals to maintain the desired levels of compliance and efficiency and payment providers can be no different. Today from a regulatory framework, payment companies should have a fraud monitoring mechanism in place which can ensure that unauthorised/fraudulent transactions can be monitored, flagged of, and reported. This is an investment that can reap rewards for payment companies as it limits their exposure towards losses and penalties that can wipe off years of hard-earned profits. Having done the investments and taken the due efforts, it becomes important that all applications are periodically monitored for efficiency, vulnerability, redundancy measures, optimisation etc.
This will give them sufficient indicators and lead time to proactively fix the gaps and implement upgrades wherever required. Another way to achieve this is by conducting load/stress tests for weakness like Vulnerability Assessment and Penetration Testing at regular intervals and ensure the findings are addressed and closed without fail. Needless to say, payment companies are also audited for specific certifications by regulatory authorities and it is critical for them to stay abreast of the latest compliance standards that need to be maintained as per industry requirements.
What do you think about the government’s ideas to prevent digital payment frauds, like delaying the first UPI transfer and using alerts for larger transactions?
Our government has played a significant role in the growth and adoption of digital payments by constantly trying to eliminate the barriers in between. And with increase in digital transactions, we also saw an increase in frauds in 2022-23 as per RBI Annual Report. It called for quick measures to be brought in to curb this menace and ensure that the trust factor is not lost as far as digital payments are concerned.
Looking at some of the early indicators like delay in first UPI/IMPS/RTGS transfer exceeding INR 2000 and alerts for larger transactions, it looks like steps in the right direction. Historically across payment instruments, an alert for a high value transaction was always the norm. This definition of high value is derived basis the transaction history of the account under scrutiny. The same if replicated at a payment mode level, will give a clear picture of any out of pattern scenarios occurring and give the user an opportunity to confirm before final payment.
Regarding the delay in fund transfer, I believe this must be entirely data driven as there would have been clear evidence of majority of the frauds getting reported where the recipient is a first-time payee on record of the account holder. These are positive steps to give the people the confidence to go ahead and adopt digital payments in all walks of life.
What simple tips can you share for individuals and businesses to stay secure in digital transactions?
– Know your compliance standards and certifications and get them addressed on priority.
– Have a regime of periodically monitoring, identifying, fixing and upgrading your systems, applications.
– Invest in advanced tools for data analytics and ML to foster a culture of data driven innovation.
– For individuals, be aware and spread awareness in your respective circle of influence to drive a conscious and intentional adoption of digital payments.