Steps to improve the security of card and online transactions

It is open knowledge that digital payments transactions in India have been on a growth spree. According to CLSA, the value of digital payments in India will grow three-fold to touch $1 trillion by FY 2026 compared to $300 billion in the financial year 2021. Though multiple factors have contributed, the key to this big leap has been the integration of the no-frill bank accounts, the Aadhaar card, and a mobile connection. 

However, this rosy picture of almost idealistic financial access is marred by security and threat issues rearing their ugly heads. It implies that the payment infrastructure must ensure that the trust between the payer and the payee is of the highest order, yet it has to be simple and instant! Failing this, it would shake the very adoption of digital payments. However, this is easier said than done as online transactions eliminate one major source of authenticity- the physical presence. For example, when you go to a store to buy something and make a payment, trust is established automatically through the in-person presence of the payer and payee. There is no settlement required as cash is a legal tender, thereby cutting back on any paperwork; the transaction happens smoothly. 

However, when paying through credit cards, payers and payees are more cautious. There is no in-person interaction leading to reduced trust. For this reason, there are elaborate settlement and chargeback procedures to ensure that neither the payer nor the payee experience any challenges and that trust is established.

The question of risk in card and in online transactions begs the bigger question of how safe is cash?

While card receives most of the flak for being risky, wouldn't someone simply snatch your cash and flee? – that's a transaction too, right? Albeit a fraudulent one. So, despite the fact that you are not holding a credit card, a fraudulent transaction can happen in the real world too. This brings us back to the crux of the problem- How do we build trust?

Mimic the real-world trust factor in the digital payment space

The fundamental concept of trust is missing in digital payments due to a lack of know-how. How do you explore the unknown territory with your hard-earned money as a pawn without a guide? It is, therefore, necessary to build trust in the digital channel and the parties involved through something which everyone is comfortable with in day-to-day life. There are three factors for establishing this trust between the parties transacting online:

Possession: Something they have, for example, a documented identity or device, etc.

Knowledge: Something that they know, for example, a password or secret code, etc.

Inherence: Something they are, for instance, their fingerprint, hand, face, etc.

Each of the procedures or steps involved in ensuring payment security, whether in the physical world or digital ecosystem, must contain at least these two factors to build trust.

Ways for improving the security of card and internet transactions

One-time password 

The OTP adds an extra layer of security to your online transactions. Choosing the OTP (one-time-password) option is usually recommended when completing an online transaction using a credit or debit card or making any payment online via virtual payment gateways. The advantage of OTP checkout is that you do not need to remember any passwords. Furthermore, OTPs are only effective for a short period after the payment processing begins. This protects your credit or debit card information and your online purchase.

Use of tokenization

Credit card tokenization converts sensitive payment data into a string of randomly generated codes known as a "token." This token number is generated using a database that maintains the actual values associated with the token number. This is hard to crack because the original number mapped to the pseudo number only exists with the tokenization provider. Hence, tokenization ensures faster, simpler, and safer transactions.

Biometric authentication 

If the authentication mechanism is based on convenience, it is likely to be convenient for fraudsters, too, for example, not requiring a pin for credit card transactions. When compared to passwords, which are frequently misused, biometric methods are associated with extremely high security, making it impossible for a person to steal them. When possible, use a biometric authentication method, which involves fingerprints, voice recognition, and facial recognition, all of which are unique to each person and limit the likelihood of online transaction frauds.

Upgrading the 3D Secure Protocols

3D Secure authentication provides an added layer of protection for card-not-present transactions. The security layer establishes a data connection for authentication between businesses, payment networks, and financial institutions, allowing them to share more transactional intelligence. But there were a few flaws with the 3DS1.

So, upgrading to a new version that is 3DS2 is useful. With the 3DS2's frictionless flow, cardholders can authenticate themselves without being challenged. According to Visa, cardholders will benefit from the speedy and pleasant checkout procedure, while retailers may expect up to 66% lower cart abandonment rates. Apart from that, issuers can better estimate the risk of a transaction with 10x more data collected. As a result, according to Visa's case study, 95% of transactions are accepted immediately, and cardholders will see a 40% reduction in fraud.

Furthermore, it uses token-based and biometric authentication, eliminating the need for static passwords and ensuring a faster, more secure online transaction.

Risk-Based Authentication (RBA)

Risk-based authentication is a mechanism in which the provider analyses information about the device the customer is using and the type of network they are accessing to determine the appropriate level of authentication security based on the current risk profile of the actions. RBA goes beyond a set of rules and adapts to each user session, asking for the forms of verification that are most appropriate.

In the digital world, one of the most important things is trust. And it can be easily established by being vigilant and using technology solutions to stay one step ahead of the fraudsters.

The article has been written by Shatrughan Sharma, Global Head - Payment Security, Wibmo (A PayU Company)