Fortifying the Digital Realm

In an exclusive interview with Dataquest, Suresh Sharma, Chief Information Security Officer (CISO) at PayU, shares his invaluable insights into the world of cybersecurity and the measures PayU employs to ensure the safety of digital payments.

Suresh Sharma, Chief Information Security Officer (CISO) at PayU, a distinguished figure in the field of cybersecurity, has had the privilege of working in both established organizations and fast-growing startups. Today, he spearheads security measures at PayU, one of the world’s leading digital payment platforms. Suresh provides insights into how his diverse career experiences have shaped his approach to securing digital payments, the role of advanced cryptography, threat intelligence, and more. As the festive season approaches, he also offers valuable recommendations for consumers and businesses to stay safe from cyber threats during their digital payment activities. In tête-à-tête with Minu Sirsalewala – Executive Editor, Special Projects.

Our approach encompasses stringent data handling practices, continuous staff training, and regular assessments, all of which collectively attest to our adherence to evolving regulations and the safeguarding of customer data privacy.

As someone who has worked in both established organizations like GE and in fast-growing startups like Ola Electric, can you share the contrasting cybersecurity challenges you’ve encountered in different phases of your career and how those experiences have shaped your approach to securing digital payments at PayU?

Working in established organizations like GE and fast-growing startups like Ola Electric has offered me a comprehensive perspective on contemporary security challenges. At GE, I imbibed the significance of stringent compliance, standards, and deep-rooted cybersecurity practices. In startups like Ola Electric, I discovered the necessity for agility to swiftly adapt to emerging threats. These experiences have significantly influenced my approach at PayU. We harmonize the best of both worlds by upholding high standards and regulatory compliance while retaining the flexibility to respond promptly to emerging cyber threats. This equilibrium empowers us to secure digital payments effectively on a grand scale.

Cryptographic technologies play a crucial role in securing digital payments. Could you elucidate how PayU is harnessing advanced cryptography methods, such as tokenization and end-to-end encryption, to protect sensitive financial information during transactions?

PayU places paramount importance on employing advanced cryptographic techniques like tokenization and end-to-end encryption to fortify the security of financial information. Tokenization supplants sensitive data with unique tokens, rendering intercepted information useless to potential attackers. End-to-end encryption secures data throughout the transaction process, spanning from the customer’s device to the recipient. These methods serve as an additional layer of security, ensuring the confidentiality and integrity of all financial information processed by PayU during transactions.

Mobile payments are on the rise. How does PayU ensure the security of mobile payment applications and, specifically, the integrity of mobile device security? Are there any mobile security standards or practices that PayU follows?

The ascendancy of mobile payments indeed presents novel challenges. At PayU, we ensure mobile payment security through rigorous app security practices, encompassing secure coding, app hardening, and systematic security testing. We strictly adhere to mobile security standards, such as the OWASP Mobile Top Ten, to address common vulnerabilities. Ensuring the integrity of mobile devices is of utmost importance. PayU collaborates with mobile device manufacturers to guarantee the security of devices employed within our ecosystem. Our focus includes app sandboxing and secure app-to-server communication, thereby enhancing overall mobile payment security.

With the increasing complexity of cyber threats, threat intelligence is vital. Can you provide insights into how PayU collects and utilizes threat intelligence to proactively defend against cyberattacks, especially those targeted at the digital payment ecosystem?

At PayU, we actively amass and analyze threat intelligence from a multitude of sources, encompassing cybersecurity agencies, industry partners, and internal monitoring. This intelligence empowers us to proactively discern emerging threats and vulnerabilities. It forms the bedrock of our security strategy, enhancing our defensive capabilities. We continually adapt our cybersecurity measures to shield against evolving cyberattacks, particularly those aimed at the digital payment ecosystem.

Regulatory compliance is essential in the payments industry. How does PayU navigate the evolving landscape of data protection regulations and maintain compliance, particularly in regions with stringent data privacy laws?

PayU accords topmost priority to regulatory compliance and meticulously monitors the evolution of data protection regulations across the globe. We maintain a dedicated compliance team entrusted with ensuring our compliance with data protection laws, including those in regions with rigorous data privacy standards like GDPR and CCPA. Our approach encompasses stringent data handling practices, continuous staff training, and regular assessments, all of which collectively attest to our adherence to evolving regulations and the safeguarding of customer data privacy.

Blockchain’s potential lies in providing a tamper-resistant, decentralized ledger, which could significantly bolster transaction integrity and user identity verification. We maintain an open stance towards exploring blockchain applications that could fortify security in the realm of digital payments.

Phishing and social engineering attacks continue to be a threat. Could you elaborate on the security awareness and training programs in place at PayU to educate employees and users about these risks?

PayU conducts comprehensive security awareness and engaging training programs for employees and partners. These programs serve to educate them about the latest phishing and social engineering techniques. Our staff undergo regular security training to adeptly recognize and respond to potential threats. For users, we provide educational resources to foster awareness regarding common online threats. By empowering both employees and users with knowledge, we effectively mitigate the risks associated with phishing and social engineering attacks.

Blockchain technology is often hailed for its security benefits. Does PayU use blockchain or distributed ledger technology in its payment infrastructure, and if so, how does it enhance the security of transactions and user identities?

PayU acknowledges the security potential of blockchain technology. While we presently do not integrate blockchain into our payment infrastructure, we closely monitor its progress and developments. Blockchain’s potential lies in providing a tamper-resistant, decentralized ledger, which could significantly bolster transaction integrity and user identity verification. We maintain an open stance towards exploring blockchain applications that could fortify security in the realm of digital payments.

For businesses, making a robust investment in advanced cybersecurity tools is critical for safeguarding customer data. Smaller enterprises, at the very least, should equip their employees with regular training to raise awareness about security best practices.

Authentication is a pivotal part of payment security. Can you provide insights into MFA methods employed by PayU to ensure that only authorized individuals can initiate and authorize payments?

PayU employs multi-factor authentication (MFA) as a critical layer of payment security. Our MFA methods encompass something you know (e.g., a password or PIN), something you have (such as a mobile device), and something you are (biometric authentication, such as fingerprint or facial recognition). This layered approach ensures that only authorized individuals can initiate and authorize payments. By amalgamating these factors, we bolster the security of payment transactions, thus diminishing the risk of unauthorized access.

AI-ML is harnessed to uncover and thwart fraud. Could you unveil how PayU employs AI-ML to elevate the art of fraud detection and prevention in the digital payments arena?

Certainly. PayU harnesses the dynamic duo of Artificial Intelligence (AI) and Machine Learning (ML) to fortify our fraud detection and prevention measures. These algorithms dissect expansive datasets in real-time, honing in on intricate patterns and anomalies. This arsenal empowers us to swiftly identify transactions with a whiff of potential fraud and promptly take action to thwart any ill-intentioned endeavors. What’s truly remarkable is that these technologies are perpetual learners; they constantly evolve by absorbing new data, adapting to the ever-shifting landscape of fraud tactics. By embracing AI-ML, PayU not only sharpens the accuracy of our fraud detection but also accelerates our response time, culminating in a digital payments sphere that’s safer and more secure.

Third-party integrations are ubiquitous in the payments industry. How does PayU ensure that third-party services or applications adhere to the stringent security standards, thus fortifying the defences against potential vulnerabilities and data breaches?

Maintaining the sanctity of our digital fortress is of paramount importance at PayU, and that extends to our interactions with third-party entities. Irrespective of the stature of the firms we join hands with, we impose a rigorous evaluation process that demands conformity to our high-security standards. We embark on an exhaustive assessment of their cybersecurity measures, scrutinize their data handling protocols, and insist on compliance with industry regulations. But our vigilance doesn’t stop there. Once integrated, our watchful eye remains unwavering as third-party services undergo a continual monitoring process. Our security teams actively engage with these partners to sustain a harmonized and secure environment. By subjecting third-party integrations to the same exacting security standards as we apply internally, we fortify ourselves against potential vulnerabilities and data breaches, collectively crafting an ecosystem that’s resilient and secure for digital payments.

With the festive season on the horizon, what sage advice do you have for consumers and businesses looking to navigate the digital payment landscape safely amidst the lurking cyber threats?

The approach to cybersecurity takes center stage as we approach the festive season, characterized by a surge in online activity.

For consumers, I’d recommend embracing trusted payment applications and platforms. Stick to the tried-and tested digital payment providers, with PayU being a good example. Keep your devices in tip-top shape by updating their firmware and apps regularly; this patches up potential security vulnerabilities. Enable MFA wherever feasible; it adds an additional layer of security that’s invaluable. Given the increased online traffic and a propensity for spending during this period, scammers may try to take advantage. So, exercise caution when confronted with phishing attempts – avoid clicking on suspicious links or sharing sensitive personal information. Remember, if an offer seems too good to be true, it probably is. Lastly, a vigilant eye on your bank and card transaction history for unauthorized activities is a prudent practice.

For businesses, making a robust investment in advanced cybersecurity tools is critical for safeguarding customer data. Smaller enterprises, at the very least, should equip their employees with regular training to raise awareness about security best practices. Utilize secure payment gateways like PayU, engage exclusively with trusted vendors, and employ real-time monitoring to swiftly detect and respond to potential threats. By adhering to these measures, businesses can ensure that their operations remain unscathed during the festive season, while consumers navigate the digital payments landscape with confidence.

Suresh Sharma

Chief Information Security Officer (CISO), PayU

minus@cybermedia.co.in