A rapidly digitising business landscape, amid a cash-heavy economy such as ours, needs continual efforts to make digital payments easier. Investing in automated tools, advanced analytical capabilities, and a risk-assessment framework will be crucial for the risk management function to boost the growth of digital enterprises in these transformative times.
The past year has witnessed an unprecedented rise in tech innovations, so the world could keep running despite severe limitations imposed by the COVID-19 pandemic. The payments ecosystem was no different, what with consumers and businesses progressively leaning on digital means to make contactless payments across the past year.
While this paradigm shift in ‘how we buy’ continues to promise convenience and ease, it has also laid bare a burgeoning risk of cybersecurity attacks and digital frauds. In 2021, India topped the list of countries with the most ransomware attacks, reflecting an 845% percent surge in mobile attacks since October 2020.
Ergo, the imminent need is for companies to take proactive measures that can enhance cybersecurity and educate customers on the best practices to safeguard themselves. Raising awareness about potential security vulnerabilities, maintaining digital hygiene, making online platforms safer; and bolstering risk management measures, will prove critical milestones in building an obstacle-free journey to the future of contactless payments.
Security: A non-negotiable facet of digital transformation
India has always maintained a balance between digital innovation and security. Admittedly, contactless technology today offers unique possibilities with regard to security that are nearly impossible to replicate in cash payments. Compared to cash payments that have friction – when one fumbles for the right change or loses money if a wallet is lost – contactless payments come with the inherent features of security and traceability.
For instance, contactless-enabled cards and mobile devices need to be in a range of less than 4 cm to make for a successful transaction. The embedded chip in a contactless payment card uses advanced cryptographic security, which transmits a different dynamic value for each transaction. This protects all sensitive information of the cardholder, while also making it impossible to create a counterfeit card, unlike earlier forms like the magnetic stripe card. Currently, even traditional payment card transactions are being replaced with novel interventions such as tokenization. Instead of a card account number, such contactless payments rely on a ‘unique digital token’, which can be restricted for transactions with a specific mobile device, merchant, or transaction type – both for online and mobile transactions.
Besides these procedural checks embedded in the transaction process, vigilance and awareness on the part of consumers can also help mitigate risks. Regularly checking bank account statements, updating contact details given to banks, keeping bank SMS alerts active, notifying banks immediately on unauthorized/suspicious transactions or loss/theft of cards can immensely reduce the risk of fraud and theft.
EVOLVING THE RISK FUNCTION IN THE AGE OF CHANGE
Effectively managing risks, from a business perspective, is particularly important. One bad experience or poor risk management could result in data breaches and loss of customers, inflicting irreparable business damage in the long run. While risk management associated with digital transformation is difficult, the need of the hour is to pivot to a digital-first mindset, embracing technology and process orientation. This can help businesses stay relevant, improve profitability, and build customer loyalty.
Several new strategies and risk management functions include tools such as security analytics platforms, governance risk and supplier risk platforms, performance management platforms, and external risk intelligence. One key aspect that the financial industry should consider incorporating is the importance of real-time transaction monitoring and behaviour analysis. Visa, for instance, uses the AI-based Visa Advanced Authorization (VAA) to help issuers prevent transaction frauds across the world.
Using VAA, Visa has prevented an estimated $25 billion in annual fraud, making the global payment ecosystem safer for financial institutions, retailers and consumers. The Visa Risk Manager (VRM) enables banks to turn VAA’s insights into immediate action by creating custom responses to decline or track suspicious transactions in real-time – an effective demonstration of how tech innovation and human expertise can come together to devise reliable risk management strategies.
With the increase in potential threats and breaches, maintaining security hygiene should be non-negotiable for businesses and their risk infrastructure whether it implies patching severs, upgrading firewalls, routers and other IT systems, training people and third party processes, running routine security health checks or utilising the latest authentication standards. To minimize ecosystem risk, this should be implemented by the enterprise as well as partners and vendors, so any latent weak links are safeguarded.
DEPLOYING REGULATORY SUPPORT TO BECKON THE FUTURE OF CYBERSECURITY
Some regulatory interventions issued by governing authorities showcase strong potential to cement our quest for a cyber-secure future. As of today, more than 12 countries and territories have 90% contactless penetration; and in 50+ countries and territories, at least 50% of face-to-face transactions are contactless. India has also seen a significant surge in contactless payments across the consumer landscape. Given this mammoth shift towards payment methods and corresponding solutions, national and global authorities will play an important role in securing the future of transactions.
The Reserve Bank of India (RBI) for instance, has an existing set of guidelines for the storage of payment system data, so it can monitor payments and narrow in on those payment system operators who do not employ adequate security measures. These guidelines also include a directive that outlines cybersecurity requirements for banks; and regulates other entities such as payment aggregators and gateways to ensure proper fulfilment of data security standards. The legal framework in this area in India would likely evolve further with the passage of the forthcoming Personal Data Protection Bill.
Ultimately, investing in automated tools, advanced analytical capabilities, and a risk-assessment framework will be crucial for the risk management function to boost the growth of digital enterprises in these transformative times. A rapidly digitising business landscape, amid a cash-heavy economy such as ours, needs continual efforts to make digital payments easier. Such efforts can causally motivate stakeholders to innovate and build a cost-effective payment issuance and acceptance infrastructure – one that not only boosts widespread adoption of new payment methods, but also fosters a seamless and secure future of money.
https://cio.economictimes.indiatimes.com/news/digital-security/indias-bid-to-secure-digital-transactions-in-the-future-of-money/86358789