How are IT consultancies helping digital payment providers to safeguard their infrastructure from cyberattacks?

The banking system in India has seen a meteoric rise in the adoption and usage of digital payment systems in the last few years. The government, too, has been urging and motivating people to go digital; its schemes like Pradhan Mantri Jan Dhan Yojna and the added pandemic effect have increased digital payment adoptions manifold in the country.

Online banking facilities like inter-bank ATM transactions through National Finance Switch (NFS), Immediate Payment Service (IMPS), even online account opening and completing KYC facilities have made banking so much easier. But where technology can be a great facilitator, it can also cause havoc in the wrong hands.

It is estimated that even at this nascent stage, almost half of all bank frauds in India involve digital payments. Year on year, the reported number of frauds involving ATM/Debit card, credit card, and internet banking transactions of more than ₹1 lakh is steadily increasing.

Technology Integration and the rise of Cyberattacks

Higher technology integrations have increased the risk of cyberattacks almost ten-fold for digital payment providers who do not have impeccable safeguards. A mobile wallet company endured a loss of Rs 19 crore due to faults in its own online payment system. Such flaws in the system have put pressure on the investors and the stakeholders to apply new safeguards that can prevent similar situations in the future.

Steps integrated by financial service providers and banks to safeguard the public interest

In less than five years since the launch of UPI, online transactions have grown at a rapid pace with the increased use of UPI-based apps. As per an NPCI tweet, June 2021 saw the highest number of UPI transactions at 2.8 billion transactions worth Rs 5,47,373 crore.

High volumes attract miscreants to devise cyberattacks for frauds targeting small to medium to large amounts. To safeguard their own and their customers’ interests, bankers and digital platforms have taken up various preventive steps, including actively seeking the help of IT consultancies, safety experts, and various regulatory bodies to make the transaction more safe, secure, and transparent.

The experts help devise best-fit systems to prevent data leakage during a transaction. One of the effective changes to have been made is that now the payment gateways make the customer enter their card details only on the payment gateway page instead of the merchant’s page. This helps in preventing the leakage of the card number and other sensitive information during the transaction.

Inner workings of financial systems to counter cyberattacks

Most service providers are now sensitized to the importance of regular system audits and investing in certifications to maintain the integrity of the system. The experts help companies devise their own tests, which are run to break the system to ensure that holes in the system are found out at the earliest, preventing cyberattack attempts. Professional white hat hackers are invited to attack the system, and if flaws are found, they are to be reported at the earliest. This further enhances the integrity of the system and also fortifies the system from external attacks.

Role of AI and its importance in countering cyber attacks

AI is playing an integral role in protecting the banking systems, and its integration will only improve in the future. Currently, the system asks the customer to enter their card number followed by its expiry date and then the CVV number, but a hacker goes through a script, and his response is usually too quick, which the AI detects and warns the customer and the system of a potential cyberattack.

Additional steps employed by Banking systems to ensure additional safety

In India, OTP is an essential step in completing a digital payment as usually auto payments are not allowed until the customer permits their bank every time. A two-step verification program is generally employed in India; the first verification includes the CVV number and other card details. The second step is an OTP sent to the customer on his registered mobile no and mail id. This safeguard ensures that the customer is not being swindled and that the right person is authorizing the transaction.

Further Safeguards

Sometimes, even large software giant servers face a cyberattack; such a breach on global companies is a massive blow to its reputation and the cyber world in general. Therefore, cybersafety and security should be a top priority for all stakeholders in the digital payment ecosystem.

Adoption of global best practices must be a norm rather than an exception. Any resource spent in cybersecurity is an investment rather than an expense. This needs a change of mindset.

The Indian government plans to reach a USD1 trillion digital economy by 2025. This target will need a matching scale-up in legal, regulatory, and institutional frameworks.

Although the IT Act lists many parameters, it does not prescribe strict guidelines for payment companies. The law needs to change with the needs of the time to ensure that these companies are held to higher standards to safeguard against cyberattacks proactively.

Author: Sandeep Sekhar, Global CEO, C Ahead Digital