/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2021/07/online-4668930_640.jpg)
Adoption of Digital Payment and growth was seen even before pandemic (COVID), but the additional thrust provided by the pandemic have accelerated the shift, leading to a dramatic increase in contactless and online payments. Data shows an increase of more than 500% in merchants accepting digital modes of payments during the half-year ended September 2021 as compared to half-year ended March 2019; Total digital payments have increased by 216% and 10% in terms of volume and value, respectively, for the month of March 2022 when compared to March 2019 as per RBI data.
This brings an important question to answer for safety and security of digital transactions and to contain losses. How do Banking system ensure that payment is initiated by the person who holds the payment instrument such as Credit or Debit Card etc.?
At present, online transaction are authenticated using OTP (One time password) which are delivered to consumer registered mobile phone or email or both. This is also known as 2FA (Two factor of authentication) or AFA (Additional Factor of Authentication).
Though OTP mechanism has been able to help so far but consumers have also experienced inconvenience due to wrong entry of OTP or delayed delivery of SMS OTP to consumer Mobile phone. This is not just an inconvenience for consumer but also results in reduced GMV (Gross Mercantile Value) for merchants, as consumer chooses to abandon payments or avoid returning due to experience.
On one hand, payment transaction experience is important at the same time, increase in Fraud is also observed. As per RBI data, Card and internet related frauds increased to Rs 155 crore involving 3,596 cases during the year ended March 2022 as against frauds worth Rs 119 crore in 2,545 cases in the previous year.
Based on data point, seeing increasing concerns with OTP-based authentication, in the form of phishing, vishing, smishing modes, new mechanism is the need of the hour to be deployed and practice by the industry. To explore and promote the same RBI in its Payments Vision Document 2025 has mentioned alternate risk-based authentication mechanisms leveraging behavioural biometrics, location / historical payments, digital tokens, in-app notifications, etc.
In Payment Vision 2025 document, RBI has not only considered alternate risk based authentication mechanism for domestic transaction but has also recommended to explore AFA for international transactions done using cards issued in India, This will ensure the safeguard of payments made by Indian consumers holding Indian Cards for international e-commerce transactions on merchants website.
New authentication solutions as proposed by central bank are expected to be adopted by Issuers to make online digital payments more secure and safeguard consumers. Let us now understand various options possible or available under the alternate and emerging authentication options:
a) On-device OTP This authentication is similar to SMS or email OTP of today except the wait time of OTP delivery which is a concern either due to poor coverage of telecom network in parts of locality or building. 6 digit code or OTP to approve the transaction is generated on your registered device.
b) In-App notification This authentication method allows a customer to approve or decline the transaction on her Mobile app by clicking or sliding the approve or decline option.
c) Device based Biometric authentication This authentication mechanism utilizes the on device biometric (either fingerprint or facial recognition) to complete the payment successfully.
d) Behavioural Biometric authentication This authentication mechanism works by analysing the key strokes, mouse movement, touchscreen behaviour and device movement to detect the authenticity of consumer and alert the system of suspicious activities.
e) Location / Historical Payment based authentication This authentication mechanism works on historical data available in the system to analyse and detect the payment mode of authentication. For example, if a person has been doing a Card transaction of max INR 5000 from a specific location and suddenly a large payment amount of INR 1 lakh is detected from a location which is not previously known on this card profile, this necessitates additional factor of authentication.
As we notice that authentication mechanism and methods are evolving due to increase in fraud cases as well as to bring the customer delight by reducing the friction or inconvenience into the authentication world. These authentication methods works on 3 principles –
1) Something you know This has been in use traditionally and still prevails which is username-password or Analog combinations
2) Something you have This is presently in play max in India and outside as well in the form of 2FA for example OTP, Hardware tokens etc.
3) Something you are This is where the digital world and payment systems are exploring and evolving for example Biometrics – Fingerprints, Key Strokes dynamics, Voice, instantaneous current location etc.
With the push from RBI to explore and adopt alternate and emerging authentication options, the future digital payments world is expected to be more secure and a customer delight for online transactions.
The article has been written by Gopal Sharma- VP Business Solutions Fraud and Risk Management and Digital On-boarding, Wibmo