The 5-step plan for better Fraud and Risk management in the payments industry

Digital payments have revolutionised ecommerce and trade. The payment processes have become faster and simpler. In a country like India, there was significant scepticism surrounding the security and acceptance of digital payments, but such factors have been addressed through robust security mechanisms. However, despite the high cybersecurity standards, the overall cases of payments frauds have increased drastically in India. The total number of payments frauds amounted to $1.55 billion in the previous year. Interestingly, a large number of issues remain unreported.

While the penetration of digital payments across India increased through UPI, other digital payments such as net banking, cards, etc too gained the trust of the population. Simultaneously, fraudsters also have evolved in their modus operandi and have started leveraging screen-sharing apps, QR codes along with time tested methods such as phishing, and smishing. Hence, fraud and risk management in the payments industry should be given utmost priority as the quantum of such cases is expected to increase, along with the value of digital payments. Sophisticated payment fraud methods and techniques leave merchants with no choice but to assess possible threats in advance and plan mitigation measures to minimise risk impact on their companies. Here is a 5-step plan that can help in better fraud and risk management in the payments industry:

1. Implementation of 3D Secure
   
   3D Secure is one of the most popular and reliable protocols that help in enhancing payment processing security. It provides an additional layer of protection that ensures the merchants that the verified account holder has done a transaction. There can be numerous ways to verify the user's identity, including passive, biometric, and two-factor authentication approaches.
2. Fraud Monitoring and Adaptive Authentication
   
   The overall complexity and size of the digital payments industry make it extremely difficult to detect fraud. In this context, merchants and payment companies can introduce fraud monitoring and anti-fraud mechanisms that verify every transaction in real-time. The AI-based systems can take into account different aspects such as suspicious transactions, for example, amount, unique bank card token, user's digital fingerprint, the IP address of the payer, etc., to evaluate the authenticity.
   
   Today, OTPs are synonymous with two-factor authentication and are thought to augment existing passwords with an extra layer of security. Yet, fraudsters manage to circumvent it every day. With Out-of-Band Authentication solutions in combination with real-time Fraud Risk management solutions, the service provider can choose one of many multi-factor authentication options available during adaptive authentication, depending on their preference and risk profile
3. PCI DSS compliance
   
   Just like 3D Secure, this is another internationally-accepted compliance mechanism that ensures that all the intermediaries involved in the payments system (accepting, processing, transmission and storage of payment information) must take special care of the sensitive client information. This compliance means that the digital transactions are at par with the standards introduced by the Payment Card Industry Security Standards Council.
4. Training and Educating Stakeholders
   
   Traditional banks and new age fintech corporations should make a unique attempt to ensure that the stakeholders, including merchants, customers, and other intermediaries, are provided proper training and education to mark out attackers. It is critical to acknowledge the attempts made by fraudsters through phishing emails and calls and not to divulge any sensitive information to imposters. This could be done through continuous learning and education through case studies.
5. Relying on trusted partners only
   
   Regardless of nature and size, most businesses rely on third-party partners to process digital transactions. Hence, the role of digital payment partners becomes exceptionally critical. There are several factors that a decision-maker should take into account whilst planning for a secure payment infrastructure. First, the partner should have a proper PCI-compliant infrastructure and an intrusion prevention system. The security management should be designed to monitor all traffic in real-time. Furthermore, the data protection measures introduced by the partners should be up-to-date.

Summing up

All stakeholders need to acknowledge and work towards the existing and potential threats the digital payments industry has faced. With the 5-step plan described here, the overall probability of external threats can be reduced to a great extent. As discussed here, all three common challenges, including data breaches, identity theft, and payment fraud can be addressed through a comprehensive plan.

Author: Animesh Jha, Vice President, Engineering – Fraud & Risk Management, Wibmo, A payU company