What is Core & Satellite strategy?

There has been increased acceptance of digital payments pushed by the government and driven by the Covid-19 pandemic, but the convenience of making payments online needs to be tempered with caution owing to the increased threat of cyber fraud.

Cyber threats

The value of online frauds in India more than doubled from Rs 71 crore in 2018-19 to Rs 195 crore in 2019-20, per the Reserve Bank of India. These were a fraction of total bank frauds, but for individual consumers an average hit of Rs 73,000 is not a trivial issue, especially because it is very difficult to retrieve lost money.

The velocity and increasing volume of digital transactions makes fraud a lurking and lingering risk. The many methods of making digital payments over different devices and at various websites make cyber security a multi-party concern. Breaches can happen anywhere in the chain.

In November, the cyber security intelligence firm, Cyble Inc, reported on its blog that customer data of BigBasket, an online grocery store, had been breached and was being sold on the Dark Web. In a statement to a news agency, BigBasket said it had filed a complaint with the Bengaluru police about the breach, but was “confident” that financial data of its customers, including credit card numbers was secure as it does not store that information.

In May, Cyble reported that Unacademy, a learning platform, had been breached by professional hackers.

Mitigating the risk requires collaboration and intelligence sharing with banks, card issuers, financial technology companies and the government making concerted efforts to migrate businesses, especially micro, small and medium enterprises (MSME) to digital payments. The MSME ministry has launched an initiative beginning this month with the Confederation of Indian Industry and a card issuer to raise digital finance literacy. The Confederation of All India Traders (CAIT) has been persuading its members to go online as it helps them in invoicing, inventory management, online cataloguing and in attracting customers from beyond their neighbourhoods.

They can get loans easily if banks have access to their online transaction data. Devices have also been tailored to make the migration easier. Small businesses do not need to invest in point of sale terminals. If smartphones have near-field communication (NFC) capability, they can double up as point of sale devices, where payments can be made with the mere tap of a card.

For all these reasons, Accenture, a consultancy, expects 66.6 billion transactions worth $270 billion to shift from cash to cards and digital payments by 2023 in India and further to $856.6 billion by 2030. The report called, ‘Playing the Long Game in Payments Modernisation,” makes a case for banks to upgrade their payment systems. It was based on a survey of 120 payments executives at banks globally.

There was a bump up in digital transactions after the lockdown was eased last year. The number of small value transactions using scanned codes on what is known as United Payment Interface (UPI) touched a “record” 1.34 billion in June, the Reserve Bank of India said in a report. The National Payments Council of India which manages UPI said the number of transactions had risen to 2.1 billion in October and their value was 3.8 trillion (lakh crore).

Card acceptance rising fast

There same is the case with cards. Card acceptance was fast increasing even before the onset of the Coronavirus infection. There were 805 million cards as of December 2019, up from 554 million at the beginning of April 2015. By October 2020, their number had risen to 993 million, 88 percent of which were debit cards. The value of internet payments rose from 29 trillion in February 2020 to 34 trillion in October. And the value of mobile phone payments went up from Rs 5.20 trillion to nearly eight trillion during this period.

Bank, card issuers and regulators are quite aware of the menace and have taken steps to check it. The Reserve Bank required all magnetic strip cards to be converted to chip cards by end of December 2018. Online payments need to be authenticated with two sets of passwords. Payments without this two-factor authentication were limited to Rs 2,000 each. Their limit has been raised to Rs 5,000 from January.

Card issuers have also deployed a security measure called tokenisation where card numbers and expiry details are replaced with a unique and encrypted digital token each time payment details are transmitted via the internet so that they cannot be intercepted or stolen. The token is unique to the customer and the merchant. They are also using artificial intelligence and data analytics science to authenticate customers with insights derived from contextual data and behavioural biometrics

Banks have made a habit of warning customers about phishing, skimming and disclosure of card details and passwords. They are mandatorily required to send SMS alerts every time a card is used or a digital payment is made.

But we as customers need also to be on the guard all the time. Fraudsters have become more sophisticated. They worm into our confidence posing as ‘helpful’ bank executives, insurance agents or investment advisors to obtain confidential personal information like card numbers, card expiry dates, Aadhaar and PAN details and one-time passwords. More than breaches of payments data, transaction validation credentials are being compromised. One needs to be vigilant, almost paranoid because any slip up can be very costly.

(The writer is a journalist with 35 years of practice as a reporter and editor with newspapers and magazines. Views are personal)