Risk 360

Risk Management in Online Transactions Considering the Threat to Cybersecurity

India has witnessed an exponential growth of digital payments over the past few years. With nearly 90% of consumers expected to use digital payments in the near future, the volume of online transactions is likely to surpass a whopping $500 billion between 2019 and 2023. This is, in large part, due to the country’s booming digital economy that has been spurred by rapid technological advancements, increased internet penetration and mobile phone users, widespread adoption of online payments by consumers due to innovative solutions such as the United Payments Interface (UPI), Immediate Payment Service (IMPS) and wallet integration.

The Covid-19 pandemic also played a significant role in the rise in digital payments, when concerns about person-to-person contact caused many online stores and aggregators to stop accepting cash. According to a recent report by MeitY, the quantum of digital payments increased by 33% in 2021-22 to 7,422 crore transactions, as compared to the previous year which recorded 5,554 crore transactions.

However, this growth is not without risk. The risk landscape surrounding digital payments has grown significantly with the enhanced adoption of digital channels and the multiple entities that are involved in a single online transaction. But since digital payments are a ubiquitous part of our lives now and are here to remain, we need to understand how to mitigate risks while making digital payments.

Steps and Security Measures To Take While Paying Digitally

Digital payments and newer fintech players have added a layer of complexity to traditional financial services, further complicating an already tricky risk terrain. Earlier, conventional modes of payment included cheques or simple cash transfers with a minimal scope of risk as the main players involved were dominant large banks who had robust risk practices set in place for decades.

However, with digital payments, there are many actors involved, and newer participants such as neo banks that are constantly entering the market. This increases the number of fronts that threats can emanate from and consumers have to be aware of this.

Below are a few steps that can be taken to minimise risk when making digital payments.

1) Do not make advance payments

Making advance payments, even for small amounts, should be avoided at all costs. This is especially important if you are making first-time payments to unknown beneficiaries such as local e-commerce and social commerce merchants or vendors.

When payments are made online, it is very hard to identify the counterparties, especially if they are unknown to you personally. This should be followed as a thumb rule even if you think the payee is a notable grocery store chain or a well-known brand, because it is extremely easy for fraudsters to assume the identity of any individual or business and pretend to be on the other side of the transaction.

Once an advance payment has been made to a fraudulent party, it is almost impossible to get the funds back or trace exactly who they went to. Hence, making advance payments should be avoided as much as possible.

2) Watch out for fake URLs

When making an online payment, pay attention to the URL as it could be spoofed to resemble a reputed website. Fake websites will have URLs that can look eerily similar to the authentic/original company and will be a near match in look and feel.

However, minor observations such as differences in spelling will help you distinguish the fake URLs from the real ones. Paying close attention to this can help you to steer clear of your money going into the hands of scamsters.

3) Be vigilant about phishing calls

Traditionally known as telephone scams, fraudulent phone calls or phishing calls are used to trick people and are a hallmark practice of scamsters. Most take to impersonating bank officials or representatives of a trusted financial institution/company/government agency and fraudulently convincing unsuspecting people into transferring money and revealing personal financial information.

In order to not fall prey to such calls, it is advisable to use caller identification apps that help to flag suspicious phone numbers. Furthermore, upon receiving such phone calls, it is prudent to ask the caller to identify themselves, ask pointed questions and try to discern whether or not they are who they claim to be.

Remember no banks or payment apps or financial institutions ask for details or demand a transfer of money over a phone call, hence, it is best to be wary of such phone calls and disengage as soon as a threat is sensed.

4) Check and recheck QR codes

In essence, QR codes are scannable barcodes that store data and are a popular method of quick digital payments today. From high-end malls to trees near roadside stalls, QR codes can be seen everywhere. However, with QR codes being so easily printable and available in crowded public places, it is very easy to paste a different code over it without anyone noticing.

Hackers can and do replace authentic QR codes with malicious ones in public spaces such as parking lots, roadside eateries, and other points of sale (POS).

Scanning such a QR code could mean exposing your personal bank information to fraudulent actors and your money being routed to unintended beneficiaries. Hence, it is important to examine a QR code carefully, especially in public spaces, and don’t hesitate to clarify with a vendor whether it is the right one.

5) Do not use public WiFi/computers

This is an especially important issue during international travel because you might not have access to a personal internet connection or your own device.

While this shouldn’t be a problem for regular internet surfing, making digital payments via public computers or using public WiFi connections is not recommended at all. Public networks are highly susceptible to cyber-attacks and fraudulent activities, and transactions made through them are highly risky. Data theft is one of the biggest threats when using a public WiFi network at places such as train stations and airports.

Hence, it is advisable to use a trusted WiFi source or avoid making online payments at all if you don’t have access to a personal system or a secure network.

6) Use biometric authentication

Although not many people use biometric authentication for digital payments, it is an extremely secure way to make payments. Biometric information is unique to each person and cannot be replicated. Hence this reduces the chances of stolen credit cards or phones being misused for fraudulent payments.

7) Avoid saving card details and using similar passwords

Both of these are extremely common practices that a lot of people don’t think twice about despite knowing the risks. They stem from the need for convenience, however, you can pay a heavy price for these as saving card details leads to the risk of those details being stolen.

And using similar passwords leaves your account vulnerable to cyber-attacks because once a criminal has access to stolen data, they can easily hack into your other accounts that have similar passwords.

8) Beware of fake apps

There are scores of apps available on app stores across the board. However, you need to be aware about which app is verified and legitimate, and which fake app is masquerading as a real one. This is true for streaming and e-commerce apps that involve payments and subscriptions, as well as banking and mobile wallet apps.

Before downloading an app, check for the verified badge, negative reviews and low download numbers on the app store. Also, carefully check and assess all the permissions (camera, microphone, SMS, phone contacts) that an app is asking for.

Bottom Line

With demonetisation and the government’s Digital India push, millions of Indians have taken to digital payments. And while this is a positive move, as it leads to healthy competition and disruption in a traditional industry, users have to assume responsibility for their own digital safety because, out of all stakeholders involved in the payments ecosystem, people are unfortunately the weakest and most vulnerable link.

A few simple, yet vital, steps can be of great help in securing oneself and mitigating the risk of frauds, scams, and cyber criminals looking to exploit people’s vulnerabilities.

Blog Written By: Hersh Shah & Aashika Jain, Originally published in Forbes Advisor


You may also like

Leave a reply

Your email address will not be published. Required fields are marked *

More in Risk 360