Digitisation has taken the world by storm. To stay relevant in today’s ever-evolving market, it has become necessary for all sectors to assimilate the usage of various digital channels in their day-to-day activities. This article delves deeper into how combining security and authentication with innovation can impact the payments sector.
Digitisation translates into seamless transactions in the banking world. As India marches steadily towards digitization of every transaction, from paying the street vendor to multimillion-dollar transfers across the country, digital channels are plumping on with ever-increasing transactions.
With the government initiating and nurturing “Digital India” since 2015, it is no surprise that more than a billion Indian citizens have a digital identity. They ensure these identities are used for financial transactions. It is no longer a secret that remote regions are now being integrated into the mainstream through electronic banking using various digital channels. As rosy as the picture might look, the real-time data also shows that many digital channels are underused due to a lack of awareness or training.
The onus to equip the customers with knowledge about the different digital channels is upon us, the bankers. We must find the reasons why some digital channels are widely used and some are not.
Digital channels enable banking to represent much more than another new technological tool. It is more than a smoother customer experience or a convincing marketing strategy. Digital channels are arms that have empowered the government through transparency and the public through access to funds anytime and anywhere. Though we have taken great strides, the adoption rates leave much to be desired. We are still at “promises to keep and miles to go.”
We know that innovation in cyber security and authentication can be matched by only one—fraudsters and hackers!
Any digital transaction is possible only due to the security provided and the means to identify the legitimate user. This is precisely what security and authentication are all about.
A volley of cybersecurity solutions provides online security. All the different digital channels come with unique issues and solutions. Cybersecurity has the dual role of protecting financial transactions and data from unauthorised access and use. It uses a blend of technologies, systems, and protocols to guard against attacks, malware, hacking, viruses, or any other damage or unauthorised access to data, networks, devices, or programmes.
On the other hand, authentication is the process through which the end-user proves his authenticity and accesses the bank’s services through various digital channels. It is provided through various means, from simple passwords to biometric systems.
Bank authentication is done in two basic steps: identification, where the user tells the system who he or she is, and verification, where the user proves who he claims to be.
While technological advancement empowers us, it also enables darker forces to improve their activities. As the banking system spreads with the valiant arms of digital channels, so do hackers and fraudsters. With every innovation comes its own set of problems and misusers. It is a factor that has to be reckoned with. Therefore, if banking has to grow its digital channel users and give a seamless experience, so must its security and authentication.
As explained earlier, the security of the banking system deals with external threats to the bankers, while authentication deals with identity verification and theft.
Since fraudsters and attackers must be contained and firewalled, cyber security is forever evolving with newer solutions. Some trending ones are data encryption, which enables banks to protect sensitive information. The heavy ciphers deter the hackers. Simple login protection helps with added features like session timeouts, blocking multiple logins, layered login procedures, etc. Certifications help customers discern the original site from the fraudulent ones. Upgraded Extended Validation Secure Sockets Layer (EV SSL) certificates further enable the customers.
Artificial intelligence is one of the most advanced backend tools to detect anomalies or suspicious patterns. Any abnormalities can be red-flagged with the repository information and double-checked. Apart from these constant upgrades of firewalls and antimalware systems, cyber security also protects digital channels.
UPI, or the Unified Payment Interface, is the most popular cashless digital channel. The end user can receive or send money by linking to his or her bank account with an app that records details like the IFSC code, account number, etc. UPI can be used for transactions by anyone with a smartphone, a bank account, a mobile number linked to a bank account, and an internet connection. UPI is slowly becoming the most preferred form of digital payment. The UPI interface is compatible with most banks, and many digital wallets and payment applications are now embracing UPI.
Internet banking, or banking online, is a transaction system through a financial organisation’s website. Some of them are National Electronic Fund Transfer (NEFT), through which money can be sent to any other bank account in the country. Real-time gross settlement (RTGS) is a more immediate transfer and is usually used for large transactions. The Electronic Clearing System (ECS) is another alternative for paying utility bills, EMIs, etc. Immediate Payment Service (IMPS) can be used to transfer money through mobile phones and ATMs.
Mobile banking is an app provided by the bank to carry out transactions seamlessly. Banking cards are the credit and debit cards used by the end user to pay for the purchase through the bank. The point of sale is at the merchant outlet, where the financial transaction occurs.
The mobile number of the end-user doubles up as a security feature, as the initial login and registration itself verifies the end-user as the owner of the mobile. Any suspicious or non-conforming action will again elicit an OTP number for the registered mobile number, which again needs the mobile owner’s access.
Two-factor authentication is ensured through the MPIN, which, like the ATM pin, is possessed only by the authenticated end user.
The quick response code, or QR, and signed intent option protect the merchant and establish his authenticity.
The email id is also used as a security measure by sending the invoices to the registered email id so that the end user is notified immediately about every transaction.
Security in internet banking is done through multi-factor authentication. In this case, the bank requires more than one way to prove your identity while logging in to secure messaging or the masking or protection of communication between the customers and the bank. With only system-generated messages, the leakage of information is almost nil. Data encryption is the transmission of sensitive data that is masked or coded. Also, automatic logout ensures that no one except you can access your details, even if the customer leaves the page unattended. With AI monitoring the account, even a small, untoward transaction is picked out and analysed.
(The article is written by Shatrughan Sharma, global head, payment security, at Wibmo.)
